For validating the secure configuration of Amazon Web Services against CIS Amazon Web Services Foundations Benchmark Version 1.2.0 we run the Inspec profile.
Once the scan is done it will list the misconfigurations present in the AWS account and the check is from Amazon CIS benchmark.
Scan with aws-foundations-cis-baseline takes time depending upon the number of services enabled in your AWS account. Once the scan is complete you can see the CIS benchmarks which are being followed and which are not. This can be then reviewed to prioritize as critical, high, medium, and low.
aws-foundations-cis-baseline produces results as list of CIS checks which are successful, failed or skipped. The checks when ran on the AWS account are categorized as below:
The check which are following the AWS CIS benchmark are in green and the once which are not following the CIS benchmark are in Red color.
In the end it will list the Profile summary and the Test Summary. The Profile lists the Controls successful, failed and skipped. The Test Summary lists the tests successful, failed and skipped.
