Guided Walkthroughs

Configuration Packages

Custom Packages

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

Configuration Packages

Pre-built configuration packages for common deployments of AWS settings and services such as enabling security & logging services, networking services, auto-remediation rules, compliance monitoring and more. 

Service Control Policies

A configuration package to deploy common Service Control Policies (SCPs) in the master account of an AWS Organization. The package includes common SCPs to protect security and logging services (CloudTrail, GuardDuty, Config, CloudWatch, VPC Flow Logs), network connectivity settings, S3 and EC2 security measures, and more.

CloudFormationTerraform
Auto Remediation

A configuration package to enable AWS Config Rule Automatic Remediation for non-compliant environment changes. Remediation is carried out using SSM Documents, and an IAM Role with the required permissions is included in the template. Resources protected include S3 and EC2.

CloudFormationAWS CLI
Networking

A configuration package to deploy an Amazon VPC with predefined presets to select: Subnet Tiers (Public and Private), Availability Zones, and Internet Connectivity. Configuration includes Subnets, Routing Tables, Internet Gateway, Nat Gateways, and Security Groups.

CloudFormationTerraform

A configuration package to deploy an Amazon VPC with no Internet Connectivty. Connectivity to AWS services can be enabled using VPC Endpoints. Configuration items includes number of Subnets, Routing Tables, Security Groups, and VPC Flow Logs.

CloudFormationTerraform
Vulnerability Mgmt & Patching

A configuration guide for setting up the necessary configuration for AWS Systems Manager Patch Manager to automatically scan and/or apply patches to EC2 instances in an AWS environment.

CloudFormationAWS CLI
Security & Logging Services

A configuration package to enable AWS security logging and activity monitoring services: AWS CloudTrail, AWS Config, and Amazon GuardDuty. The package also includes an S3 bucket to store CloudTrail and Config history logs, as well as an optional CloudWatch log group to receive CloudTrail logs.

CloudFormationTerraform

A configuration package to enable Amazon GuardDuty in an AWS account as well as email notifications for GuardDuty findings (using a CloudWatch Event Rule), and an AWS Config Rule to verify that GuardDuty is continuously enabled.

CloudFormationTerraform

A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default.

CloudFormation

A configuration package to enable compliance monitoring for a subset of the PCI DSS 3.2.1 controls using AWS Security Hub in an AWS account. The configuration package also includes enabling service prerequisites and configuring notifications for Security Hub findings. AWS Security Hub also turns on CIS AWS Foundations Compliance Standards by default.

CloudFormationTerraform
Infrastructure-as-Code Security

A configuration package to create a custom CloudFormation Guard rules template. The package includes 150+ rules across most AWS services including EC2, S3, IAM, and many more.

A configuration package to automatically monitor CloudFormation stack drift (When resources deployed through CloudFormation are manaully changed after), and optionally alert on these events.

CloudFormation
Monitoring & Compliance

A configuration package which implements a monitoring framework for the CIS AWS Foundations Benchmark, which is a set of security configuration best practices for hardening AWS accounts, and provides continuous monitoring capabilities for these security configurations

CloudFormationTerraform

A configuration package to deploy AWS config rules to validate compliance with the Government of Canada’s Enterprise Guardrails for AWS.

CloudFormationTerraform

A configuration package to monitor Root Account activity as well as configuration compliance rules to ensure the Root Account's security configuration. The package includes Config Rules for compliance and CloudWatch Alarms to track activity, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor IAM related API activity as well as configuration compliance rules to ensure the security of AWS IAM configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor EC2 related API activity as well as configuration compliance rules to ensure the security of AWS EC2 configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor VPC related API activity as well as configuration compliance rules to ensure the security of VPC configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor S3 related API activity as well as configuration compliance rules to ensure the security of Amazon S3 configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor KMS related API activity as well as configuration compliance rules to ensure the security of AWS KMS configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups

CloudFormationTerraform

A configuration package to monitor Amazon Machine Images (AMIs) creation and modifications as well as ensure the compliance and security of AMIs available in the account

CloudFormationTerraform
Filter by source
 
Service Control Policies
Auto Remediation
Networking
Vulnerability Mgmt & Patching
Security & Logging Services
Infrastructure-as-Code Security
Monitoring & Compliance