cnspec assesses your full AWS environment for misconfigurations that put your organization at risk. You can scan your AWS account for compliance with security policies created by Mondoo or the community, or create your own policies. You also can write individual tests to run on the fly or include in automated tasks.
cnspec can test any aspect of your AWS configuration. For a list of AWS resources you can test, read Mondoo Amazon Web Services (AWS) Resource Pack Reference and Mondoo Core Resource Pack Reference.
Connect cnspec with your AWS environment
To analyze and explore your AWS environment with cnspec, you must have:
- cnspec installed on your workstation.
- An AWS account.
- Your AWS credentials. To learn about creating a new access key pair, read Creating new access keys for an IAM user in the AWS documentation.
AWS_REGIONconfigured. To learn how to set your region, read How to set environment variables in the AWS documentation.
Verify with a quick AWS check
To quickly confirm that cnspec has access to your AWS environment, run this test from your terminal:
cnspec run aws -c 'aws.account.id!="foo"'
It asserts that your AWS account ID value is not
[ok] to indicate that the test passed, and includes the actual value of the AWS account ID:
[ok] value: "123456789000"
You've successfully used cnspec to run your first check against your AWS account. Now you're ready to assess your AWS environment.