Walkthrough: Identifying CIS violations for AWS

In the previous walkthrough, you used BMC Helix Cloud Security to download, configure, and run the AWS Cloud connector. This walkthrough enables you to explore the results and identify specific resources that are not compliant with the out-of-the-box CIS policies for AWS.


A company is using Amazon Simple Storage Service (S3) to store and retrieve data. The company wants to be able to identify violations to ensure that all of the data associated with the buckets is properly secured. Depending on the bucket, and the data objects stored in it, providing access to any information about the buckets to all users might be a security risk. 

Buckets that are not compliant with the CIS policy will be flagged by the connector, and should be reviewed immediately to ensure that company information has not been unintentionally exposed.

StepExample screen

Log on to Cloud Security with your registered credentials.

Onboard and run the connector, as described in Walkthrough: Onboarding the AWS Cloud connector.

Click Violations.
Click the Policy Filter and select CIS Amazon Web Services Foundations Benchmark

View the two S3 Buckets rules, and note the number of non-compliant resources for each rule.

Note that the Ensure the S3 bucket CloudTrail logs is not publicly accessible rule has a severity of Critical, and would typically be investigated solely by this severity. But because there is 100% compliance, there is no further action necessary for this rule in this scenario.

Click the Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket rule, to view the list of non-compliant S3 buckets.

The resulting list makes it easy to identify the S3 resources that are non-compliant.

Expand the resource and click the Resource Results button to view the conditions of the rule.

The icons to the left of the rule make it easy to see which ones failed the compliance scan. In this case, the rule that checks to see if permissions are wide open for a resource is the one that failed.

To dig a little deeper, you can view the Variable Details.

Here you can see the values that are associated with each variable.

To see the format of the rule, click the Expression button to see the full expression.

In this scenario, you have quickly identified a security vulnerability in your AWS environment.

Cloud Security makes it easy to continually review your AWS deployment to make sure that it is properly configured.

Where to go from here 

To walk through a scenario where you must remediate identified violations, see Remediating an AWS compliance violation.

Was this page helpful? Yes No Submitting... Thank you