Achieve Compliance for the CIS AWS Foundations Benchmark in one day

At Gruntwork, security is job zero. Our code is used in production environments by some of the most sensitive organizations in the world. Hundreds of customers depend on our ability to deliver reliable, secure, well documented infrastructure solutions so that they can sleep well at night and focus on delivering their vision. We take this responsibility seriously, and today we’re doubling down on our commitment by announcing Gruntwork Compliance for the CIS AWS Foundations Benchmark.

The AWS Foundations Benchmark is an objective, consensus-driven guideline for establishing secure infrastructure on AWS from the Center for Internet Security. Organizations of any size looking to strengthen their security posture can turn to the Benchmark for guidance on best practice configurations for the AWS cloud. As stated by AWS:

[The Benchmark’s] industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures

The Benchmark has a slew of recommendations for improving the security of an AWS account, covering everything from IAM to VPCs and CloudTrail to AWS Config, for a total of 49 individual configurations.

Although it’s certainly possible to meet the Benchmark recommendations by using the web console to configure everything by hand, we don’t recommend it. At Gruntwork, we prefer to define infrastructure as code. Our Infrastructure as Code Library has dozens of Terraform modules, Bash scripts, Python apps, and Go programs to make cloud infrastructure easier to build and operate.

We’ve extended our library to include compliance with the AWS Foundations Benchmark as a first class citizen. Our compliance modules make it straightforward to implement the recommendations in the AWS Foundations Benchmark using infrastructure as code techniques for a repeatable compliance experience. No surprises, and no yaks to shave, so you can achieve compliance in days, not months.

But that’s not all. We’ve also written a detailed production deployment guide: How to achieve compliance with the CIS AWS Foundations Benchmark. It’s available publicly today. Read the guide to understand the core concepts of the Benchmark, design guidelines for implementing the recommendations as code, and a detailed deployment walkthrough using our compliance modules. At Gruntwork, we don’t do fluff; unlike a lot of the superficial compliance marketing speak you’ll find online, this guide is a detailed, technical treatment that shows you how to write code and deploy infrastructure that meets the Benchmark recommendations.

By following the guide and by using the Gruntwork Compliance modules, you can configure an AWS account for compliance with the AWS Foundations Benchmark in about a day. When CIS updates the Benchmark, we’ll update our code to include the changes, and you’ll have access to the updates the moment we release them. Who says compliance has to be hard?

If you’re interested in becoming a Gruntwork Compliance customer, check out our compliance product page or contact us to start a conversation.

And if you are interested in using infrastructure as code to achieve compliance with another standard or regulation, such as PCI DSS, HIPAA, or NIST, let us know — we’re planning to expand our compliance product line, and your project could be next!