← Back to all products

Cloud Security Baseline

$49

Security configurations for AWS/Azure/GCP: IAM policies, encryption, network security, compliance controls.

📁 22 files
JSONPythonTerraformYAMLMarkdownAWSAzureGCP

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 22 files

cloud-security-baseline/ ├── LICENSE ├── README.md ├── cloudformation/ │ ├── guardduty-org-setup.yaml │ └── security-hub-baseline.yaml ├── docs/ │ ├── architecture.md │ ├── cis_benchmark_guide.md │ └── incident_response_runbook.md ├── examples/ │ ├── compliance_config.yaml │ └── security_policies.json ├── free-sample.zip ├── guide/ │ ├── 01_what-s-included.md │ ├── 02_quick-start.md │ └── 03_product-files.md ├── index.html ├── scripts/ │ ├── compliance_checker.py │ ├── iam_audit.py │ └── security_score_calculator.py └── terraform/ ├── encryption_baseline.tf ├── iam_baseline.tf ├── logging_monitoring.tf ├── network_security.tf └── variables.tf

📖 Documentation Preview README excerpt

Cloud Security Baseline

Production-ready security foundations for AWS: IAM hardening, encryption-at-rest enforcement, network segmentation, centralized logging, and CIS benchmark compliance -- all codified in Terraform and CloudFormation.

Stop building on a shaky security foundation. This baseline gives you a hardened, auditable, compliance-ready AWS account posture from day one. Every control maps to CIS AWS Foundations Benchmark v3.0, every resource is tagged for audit trails, and every decision is documented with the why -- not just the what.

Built for cloud security engineers, platform teams, and architects who need to pass SOC 2, ISO 27001, or PCI audits without scrambling.


What's Included

CategoryFilesDescription
Terraformiam_baseline.tf, encryption_baseline.tf, network_security.tf, logging_monitoring.tf, variables.tfComplete IaC for IAM, encryption, networking, and observability
CloudFormationsecurity-hub-baseline.yaml, guardduty-org-setup.yamlSecurityHub conformance packs + GuardDuty organization rollout
Scriptscompliance_checker.py, iam_audit.py, security_score_calculator.pyAutomated compliance checking, IAM auditing, and posture scoring
Docsarchitecture.md, cis_benchmark_guide.md, incident_response_runbook.mdSecurity architecture diagrams, CIS mapping, and IR procedures
Examplessecurity_policies.json, compliance_config.yamlReady-to-use IAM policy documents and compliance checker config

CIS Benchmark Coverage

This baseline implements 42 of the 58 CIS AWS Foundations Benchmark v3.0 controls out of the box:


Section 1 - Identity and Access Management:  14/16 controls  ████████████████████░░  87%
Section 2 - Storage:                          6/6  controls  ██████████████████████  100%
Section 3 - Logging:                          8/8  controls  ██████████████████████  100%
Section 4 - Monitoring:                       8/12 controls  ██████████████████░░░░  67%
Section 5 - Networking:                       6/6  controls  ██████████████████████  100%
                                             ─────
                                             42/48 automated  (87% coverage)

The remaining controls require manual/organizational processes (MFA hardware tokens, root account procedures, etc.) and are documented in docs/cis_benchmark_guide.md.

Prerequisites

  • AWS Account (or AWS Organizations for multi-account setup)
  • Terraform >= 1.5.0
  • Python >= 3.10 (stdlib only -- no pip packages needed)
  • AWS CLI v2 configured with admin credentials
  • Permissions: IAM, KMS, VPC, CloudTrail, Config, GuardDuty, SecurityHub admin access

Quick Start

1. Deploy the Security Baseline (Terraform)


# Clone/unzip this product into your infrastructure repo
cp -r terraform/ /path/to/your/infra/security-baseline/

# Review and customize variables
cd /path/to/your/infra/security-baseline/
cp ../examples/compliance_config.yaml ./config.yaml  # optional: review config

# Initialize and plan
terraform init
terraform plan -var="environment=production" \
               -var="organization_name=acme-corp" \

*... continues with setup instructions, usage examples, and more.*

📄 Code Sample .py preview

scripts/compliance_checker.py #!/usr/bin/env python3 """ CIS AWS Foundations Benchmark v3.0 — Compliance Checker ======================================================= Automated compliance checking against CIS AWS Foundations Benchmark v3.0. Evaluates your AWS account configuration against 42 automated controls across 5 sections: IAM, Storage, Logging, Monitoring, and Networking. This script uses only Python stdlib + the AWS CLI (via subprocess). No boto3 or other pip packages required. This makes it portable and easy to run in any environment with Python 3.10+ and AWS CLI configured. Usage: # Full compliance check with report output python compliance_checker.py --profile production --format report # JSON output for CI/CD integration python compliance_checker.py --profile default --format json # Check specific sections only python compliance_checker.py --sections iam,storage --format report # Use a config file for thresholds and options python compliance_checker.py --config ../examples/compliance_config.yaml Author: Cloud Architecture Pro License: MIT """ from __future__ import annotations import argparse import json import logging import subprocess import sys from dataclasses import dataclass, field from datetime import datetime, timezone from enum import Enum from pathlib import Path from typing import Any # ============================================================================= # Constants # ============================================================================= # CIS Benchmark version this checker validates against CIS_VERSION = "3.0.0" # ... 968 more lines ...
Buy Now — $49 Back to Products