DEV Community

丁久
丁久

Posted on • Originally published at dingjiu1989-hue.github.io

Compliance Automation

#devops #security #cloud

This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

Compliance Automation

Compliance Automation

Compliance Automation

Compliance Automation

Compliance Automation

Compliance Automation

Compliance Automation

Compliance Automation

Compliance Automation

Why Automate Compliance?

Manual compliance is slow, error-prone, and unsustainable. Automation provides continuous verification, instant reporting, and faster audit cycles.

CIS Benchmark Scanning

Automate CIS benchmark checks across infrastructure:

cis-benchmark-config.yaml

benchmarks:

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\- name: "CIS AWS Foundations Benchmark v3.0"

scope: "account"

checks:

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\- id: "1.1"

title: "Avoid using root account"

command: "aws iam get-account-summary | jq '.SummaryMap.AccountAccessKeysPresent'"

expected: "0"

severity: "critical"

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\- id: "1.3"

title: "Ensure MFA for root account"

command: "aws iam get-account-summary | jq '.SummaryMap.AccountMFAEnabled'"

expected: "1"

severity: "critical"

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\- id: "2.1"

title: "Enable CloudTrail in all regions"

command: "aws cloudtrail describe-trails --query 'trailList[*].IsMultiRegionTrail'"

expected: "[true]"

severity: "high"

CIS compliance checker

import subprocess

import json

class CISChecker:

def init(self, config):

self.checks = config["checks"]

self.results = []

def run_checks(self):

for check in self.checks:

result = self.run_single_check(check)

self.results.append(result)

return self.generate_report()

def run_single_check(self, check):

try:

output = subprocess.check_output(

check["command"], shell=True, text=True

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.

Top comments (0)