Cloud
Guardrails

AWS Security Starter Pack

Get Started with Easy Instructions
Cloud Guardrails

If you're interested in contributing guidance, please start with these instructions.

Filters
Filters
Categories
Clear
Maturity Level
Clear
Functions
Clear
Cloud Provider
Clear
Clear all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Name
Categories
Maturity Level
Functions
CSPS
Author
Cloudfront OAI usage
Low
AWS
Houston Hopkins
Github Link
Summary
Utilize Cloudfront OAI with origin type of s3/ Allow ONLY action s3:GetObject to the specific OAI in the bucket policy.
Applicable to
Anyone using Cloudfront with S3 as an origin.
When to use/avoid
Read More
Uniform bucket-level access
Low
AWS
Travis McPeak
Github Link
Summary
Individual object permissions can create surprising ACL issues and should be avoided in favor of explicit policies on buckets.
Applicable to
Always
When to use/avoid
Read More
Approval for sensitive network access
Low
AWS, GCP, Azure
Travis McPeak
Github Link
Summary
Require approval for adding new access to trusted/privileged resources.
Applicable to
As early as possible
When to use/avoid
Read More
Enable MFA on the Root Account
Low
AWS
Mark Andersen
Github Link
Summary
Enable multi-factor authentication on the root account with alerting.
Applicable to
All AWS accounts
When to use/avoid
Read More
Public access block
Low
AWS, GCP
Travis McPeak
Github Link
Summary
Prevent public bucket exposure by enabling public access block.
Applicable to
Always applies
When to use/avoid
Read More
Cloud Guardrails

If you're interested in contributing guidance, please start with these instructions.

Filters
Filters
Categories
Clear
Maturity Level
Clear
Functions
Clear
Cloud Provider
Clear
Clear all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Name
Cloudfront OAI usage
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Houston Hopkins
Read More
Uniform bucket-level access
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Travis McPeak
Read More
Approval for sensitive network access
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Travis McPeak
Read More
Enable MFA on the Root Account
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Mark Andersen
Read More
Public access block
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Travis McPeak
Read More
Process
Data
Architecture
Configuration
Change Management
Compliance
Identity
Cost Management
Reliability
Security
Standards