How to conduct assessment with aws-foundations-cis-baseline tool

Riyaz Walikar
Feature image


For validating the secure configuration of Amazon Web Services against CIS Amazon Web Services Foundations Benchmark Version 1.2.0 we run the Inspec profile.

Once the scan is done it will list the misconfigurations present in the AWS account and the check is from Amazon CIS benchmark.

aws-foundations-cis-baseline assessment

Scan with aws-foundations-cis-baseline takes time depending upon the number of services enabled in your AWS account. Once the scan is complete you can see the CIS benchmarks which are being followed and which are not. This can be then reviewed to prioritize as critical, high, medium, and low.

Audit results

aws-foundations-cis-baseline produces results as list of CIS checks which are successful, failed or skipped. The checks when ran on the AWS account are categorized as below:

  1. Successful in green color
  2. Failed in Red color
  3. Skipped in White color

The check which are following the AWS CIS benchmark are in green and the once which are not following the CIS benchmark are in Red color.

In the end it will list the Profile summary and the Test Summary. The Profile lists the Controls successful, failed and skipped. The Test Summary lists the tests successful, failed and skipped.


← Back to Academy