🦊
aws-cliでパラシを作ろう # Security Hub
- AWS 基礎セキュリティのベストプラクティス v1.0.0
aws securityhub describe-standards-controls \
--standards-subscription-arn "arn:aws:securityhub:ap-northeast-1:{AWSアカウントID}:subscription/aws-foundational-security-best-practices/v/1.0.0" \
--query "Controls[].{ControlStatus:ControlStatus, ControlId:ControlId, Title:Title}" \
| jq -r ".[] | [.ControlStatus, .ControlId, .Title] | @csv"
- CIS AWS Foundations Benchmark v1.2.0
aws securityhub describe-standards-controls \
--standards-subscription-arn "arn:aws:securityhub:ap-northeast-1:{AWSアカウントID}:subscription/cis-aws-foundations-benchmark/v/1.2.0" \
--query "Controls[].{ControlStatus:ControlStatus, ControlId:ControlId, Title:Title}" \
| jq -r ".[] | [.ControlStatus, .ControlId, .Title] | @csv"
- PCI DSS v3.2.1
aws securityhub describe-standards-controls \
--standards-subscription-arn "arn:aws:securityhub:ap-northeast-1:{AWSアカウントID}:subscription/pci-dss/v/3.2.1" \
--query "Controls[].{ControlStatus:ControlStatus, ControlId:ControlId, Title:Title}" \
| jq -r ".[] | [.ControlStatus, .ControlId, .Title] | @csv"
※「ステータス...不合格のチェック」は、[ダウンロード]ボタン押下で取得できます。
Discussion