Alert Logic® has released additional updates to the CIS Amazon Web Services Foundations Benchmark report.
In April, support for the latest version of the benchmark report (1.2.0) was added for all product levels included with SIEMless Threat Management™ and new features were introduced that allow you to assess your Amazon Web Services (AWS) account against the benchmark report.
Previously, Alert Logic's implementation of check 1.22 - "Ensure IAM policies that allow full'*:*' administrative privileges are not created" - also considered the use of unlimited permissions for the following specific services: S3, IAM, DDB, and RDS. For example, granting "s3:*" to a user caused this check to fail. Check 1.22 now only considers the exact condition described by CIS. The existing checks for specific least-privilege problems for specific services are still available in the Remediations page of the Alert Logic console. You may notice a change in the output of this report if the service-specific administrative privileges are in use in your deployments.
Previously, the report included a check - "Enable detailed billing" - that has been deprecated by CIS in the most recent version of the benchmark (1.2.0). This check is no longer included in the report and is no longer assessed by Alert Logic.
More information on IAM policies can be found at the AWS Access Management Policies and Permissions documentation.
More information on the CIS AWS Foundations Benchmark can be found at the CIS website.