v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
← Changelog

AWS Compliance mod v1.1.0 - Added CIS v4.0.0 and fixed VPC security group rule query bugs

October 25, 2024mod

What's new?

  • Added CIS v4.0.0 benchmark (steampipe check benchmark.cis_v400). (#836)
  • Added ebs_encryption_by_default_enabled and vpc_security_group_restrict_ingress_cifs_port_all controls to the All Controls benchmark. (#835)

Enhancements

  • Added the ebs_encryption_by_default_enabled control to the rbi_cyber_security_annex_i_1_3 benchmark. (#835)
  • Set python3.8 as deprecated Lambda runtime in lambda_function_use_latest_runtime control. (#833) (Thanks to @sbldevnet for the contribution!)
  • Updated iam_access_analyzer_enabled_without_findings and ssm_document_prohibit_public_access controls to use latest columns and tables from the AWS plugin. (#835)

Bug fixes

  • VPC security group rule controls that check for restricted port access now correctly detect rules with ports in a port range instead of only exact port matches. (#835)
  • Fixed the 2.2.1 control in CIS v1.5.0, v2.0.0, v3.0.0 benchmarks to check if EBS encryption by default is enabled instead of individual volume encryption settings. (#835)
  • Fixed the fedramp_moderate_rev_4_sc_28 benchmark to check if EBS encryption by default is enabled instead of individual volume encryption settings. (#835)

Deprecated

  • Deprecated the ec2_ebs_default_encryption_enabled control and query. Please use the ebs_encryption_by_default control and query instead.