AWS Security Posture Review

Overview

This skill performs a structured security assessment of AWS environments against the CIS Amazon Web Services Foundations Benchmark v3.0.0. The benchmark is organized into five sections covering identity management, storage, logging, monitoring, and networking. Each recommendation is evaluated by inspecting infrastructure-as-code definitions (Terraform, CloudFormation, CDK), AWS CLI output, or configuration files available in the repository.

The CIS AWS Foundations Benchmark v3.0.0 contains 62 recommendations across five domains. This skill evaluates each applicable control against the codebase and produces a findings report with CIS recommendation IDs, severity ratings, and actionable remediation steps.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Reviewing AWS infrastructure-as-code before deployment
• Assessing an existing AWS environment's security posture against CIS benchmarks
• Preparing for a CIS benchmark audit or compliance assessment
• Evaluating IAM policies, S3 bucket configurations, CloudTrail settings, VPC security groups, or RDS encryption configurations
• Onboarding a new AWS account into a security program