Skip to main content

Assess AWS Security Compliance with cnspec

cnspec assesses your full AWS environment for misconfigurations that put your organization at risk. You can scan your AWS account for compliance with security policies created by Mondoo or the community, or create your own policies. You also can write individual tests to run on the fly or include in automated tasks.

cnspec can test any aspect of your AWS configuration. For a list of AWS resources you can test, read Mondoo Amazon Web Services (AWS) Resource Pack Reference and Mondoo Core Resource Pack Reference.

Connect cnspec with your AWS environment

Requirements

To analyze and explore your AWS environment with cnspec, you must have:

Verify with a quick AWS check

To quickly confirm that cnspec has access to your AWS environment, run this test from your terminal:

cnspec run aws -c 'aws.account.id!="foo"'

It asserts that your AWS account ID value is not foo.

cnspec returns [ok] to indicate that the test passed, and includes the actual value of the AWS account ID:

[ok] value: "123456789000"

Next step

You've successfully used cnspec to run your first check against your AWS account. Now you're ready to assess your AWS environment.