PyPI - aws-cis-controls-assessment - Versions diffs - 1.0.3__py3-none-any.whl - Mend

aws-cis-controls-assessment 1.0.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

aws_cis_assessment/__init__.py +11 -0
aws_cis_assessment/cli/__init__.py +3 -0
aws_cis_assessment/cli/examples.py +274 -0
aws_cis_assessment/cli/main.py +1259 -0
aws_cis_assessment/cli/utils.py +356 -0
aws_cis_assessment/config/__init__.py +1 -0
aws_cis_assessment/config/config_loader.py +328 -0
aws_cis_assessment/config/rules/cis_controls_ig1.yaml +590 -0
aws_cis_assessment/config/rules/cis_controls_ig2.yaml +412 -0
aws_cis_assessment/config/rules/cis_controls_ig3.yaml +100 -0
aws_cis_assessment/controls/__init__.py +1 -0
aws_cis_assessment/controls/base_control.py +400 -0
aws_cis_assessment/controls/ig1/__init__.py +239 -0
aws_cis_assessment/controls/ig1/control_1_1.py +586 -0
aws_cis_assessment/controls/ig1/control_2_2.py +231 -0
aws_cis_assessment/controls/ig1/control_3_3.py +718 -0
aws_cis_assessment/controls/ig1/control_3_4.py +235 -0
aws_cis_assessment/controls/ig1/control_4_1.py +461 -0
aws_cis_assessment/controls/ig1/control_access_keys.py +310 -0
aws_cis_assessment/controls/ig1/control_advanced_security.py +512 -0
aws_cis_assessment/controls/ig1/control_backup_recovery.py +510 -0
aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py +197 -0
aws_cis_assessment/controls/ig1/control_critical_security.py +422 -0
aws_cis_assessment/controls/ig1/control_data_protection.py +898 -0
aws_cis_assessment/controls/ig1/control_iam_advanced.py +573 -0
aws_cis_assessment/controls/ig1/control_iam_governance.py +493 -0
aws_cis_assessment/controls/ig1/control_iam_policies.py +383 -0
aws_cis_assessment/controls/ig1/control_instance_optimization.py +100 -0
aws_cis_assessment/controls/ig1/control_network_enhancements.py +203 -0
aws_cis_assessment/controls/ig1/control_network_security.py +672 -0
aws_cis_assessment/controls/ig1/control_s3_enhancements.py +173 -0
aws_cis_assessment/controls/ig1/control_s3_security.py +422 -0
aws_cis_assessment/controls/ig1/control_vpc_security.py +235 -0
aws_cis_assessment/controls/ig2/__init__.py +172 -0
aws_cis_assessment/controls/ig2/control_3_10.py +698 -0
aws_cis_assessment/controls/ig2/control_3_11.py +1330 -0
aws_cis_assessment/controls/ig2/control_5_2.py +393 -0
aws_cis_assessment/controls/ig2/control_advanced_encryption.py +355 -0
aws_cis_assessment/controls/ig2/control_codebuild_security.py +263 -0
aws_cis_assessment/controls/ig2/control_encryption_rest.py +382 -0
aws_cis_assessment/controls/ig2/control_encryption_transit.py +382 -0
aws_cis_assessment/controls/ig2/control_network_ha.py +467 -0
aws_cis_assessment/controls/ig2/control_remaining_encryption.py +426 -0
aws_cis_assessment/controls/ig2/control_remaining_rules.py +363 -0
aws_cis_assessment/controls/ig2/control_service_logging.py +402 -0
aws_cis_assessment/controls/ig3/__init__.py +49 -0
aws_cis_assessment/controls/ig3/control_12_8.py +395 -0
aws_cis_assessment/controls/ig3/control_13_1.py +467 -0
aws_cis_assessment/controls/ig3/control_3_14.py +523 -0
aws_cis_assessment/controls/ig3/control_7_1.py +359 -0
aws_cis_assessment/core/__init__.py +1 -0
aws_cis_assessment/core/accuracy_validator.py +425 -0
aws_cis_assessment/core/assessment_engine.py +1266 -0
aws_cis_assessment/core/audit_trail.py +491 -0
aws_cis_assessment/core/aws_client_factory.py +313 -0
aws_cis_assessment/core/error_handler.py +607 -0
aws_cis_assessment/core/models.py +166 -0
aws_cis_assessment/core/scoring_engine.py +459 -0
aws_cis_assessment/reporters/__init__.py +8 -0
aws_cis_assessment/reporters/base_reporter.py +454 -0
aws_cis_assessment/reporters/csv_reporter.py +835 -0
aws_cis_assessment/reporters/html_reporter.py +2162 -0
aws_cis_assessment/reporters/json_reporter.py +561 -0
aws_cis_controls_assessment-1.0.3.dist-info/METADATA +248 -0
aws_cis_controls_assessment-1.0.3.dist-info/RECORD +77 -0
aws_cis_controls_assessment-1.0.3.dist-info/WHEEL +5 -0
aws_cis_controls_assessment-1.0.3.dist-info/entry_points.txt +2 -0
aws_cis_controls_assessment-1.0.3.dist-info/licenses/LICENSE +21 -0
aws_cis_controls_assessment-1.0.3.dist-info/top_level.txt +2 -0
docs/README.md +94 -0
docs/assessment-logic.md +766 -0
docs/cli-reference.md +698 -0
docs/config-rule-mappings.md +393 -0
docs/developer-guide.md +858 -0
docs/installation.md +299 -0
docs/troubleshooting.md +634 -0
docs/user-guide.md +487 -0

docs/installation.md ADDED Viewed

@@ -0,0 +1,299 @@
+# Installation Guide
+This guide covers the installation and initial setup of the AWS CIS Controls Compliance Assessment Framework - a production-ready, enterprise-grade solution for AWS security compliance assessment.
+## Production Status
+**✅ Ready for Enterprise Deployment**
+- Complete implementation with 136 AWS Config rules (131 CIS Controls + 5 bonus)
+- 100% CIS Controls coverage across all Implementation Groups
+- Production-tested architecture with comprehensive error handling
+- Enterprise-grade performance and scalability
+## System Requirements
+### Python Requirements
+- **Python 3.8 or higher** (Python 3.9+ recommended)
+- **pip** package manager
+- **Virtual environment** (recommended)
+### AWS Requirements
+- **AWS Account** with appropriate permissions
+- **AWS CLI** configured (optional but recommended)
+- **Read-only access** to AWS services being assessed
+### Operating System Support
+- **Linux** (Ubuntu 18.04+, CentOS 7+, Amazon Linux 2)
+- **macOS** (10.14+)
+- **Windows** (Windows 10, Windows Server 2016+)
+## Installation Methods
+### Method 1: Install from PyPI (Recommended)
+```bash
+# Install the latest production version
+pip install aws-cis-assessment
+# Verify installation
+aws-cis-assess --version
+```
+### Method 2: Install from Source
+```bash
+# Clone the repository
+git clone https://github.com/your-org/aws-cis-assessment.git
+cd aws-cis-assessment
+# Create virtual environment (recommended)
+python -m venv venv
+source venv/bin/activate  # On Windows: venv\Scripts\activate
+# Install dependencies
+pip install -r requirements.txt
+# Install in development mode
+pip install -e .
+# Verify installation
+aws-cis-assess --version
+```
+## AWS Credentials Setup
+The tool supports multiple methods for AWS credential configuration:
+### Method 1: AWS CLI Configuration (Recommended)
+```bash
+# Install AWS CLI if not already installed
+pip install awscli
+# Configure credentials
+aws configure
+```
+This creates `~/.aws/credentials` and `~/.aws/config` files.
+### Method 2: Environment Variables
+```bash
+export AWS_ACCESS_KEY_ID=your_access_key
+export AWS_SECRET_ACCESS_KEY=your_secret_key
+export AWS_DEFAULT_REGION=us-east-1
+```
+### Method 3: IAM Roles (EC2/ECS/Lambda)
+When running on AWS services, the tool automatically uses IAM roles attached to the service.
+### Method 4: AWS SSO
+```bash
+# Configure AWS SSO
+aws configure sso
+# Use SSO profile
+aws-cis-assess assess --aws-profile my-sso-profile
+```
+## Required IAM Permissions
+The tool requires read-only permissions for various AWS services. Here's a comprehensive IAM policy:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:Describe*",
+                "iam:Get*",
+                "iam:List*",
+                "s3:GetBucket*",
+                "s3:GetObject*",
+                "s3:ListBucket*",
+                "rds:Describe*",
+                "cloudtrail:Describe*",
+                "cloudtrail:GetTrailStatus",
+                "cloudtrail:LookupEvents",
+                "cloudwatch:Describe*",
+                "cloudwatch:Get*",
+                "cloudwatch:List*",
+                "logs:Describe*",
+                "guardduty:Get*",
+                "guardduty:List*",
+                "config:Describe*",
+                "config:Get*",
+                "config:List*",
+                "kms:Describe*",
+                "kms:Get*",
+                "kms:List*",
+                "secretsmanager:Describe*",
+                "secretsmanager:List*",
+                "ssm:Describe*",
+                "ssm:Get*",
+                "ssm:List*",
+                "organizations:Describe*",
+                "organizations:List*",
+                "backup:Describe*",
+                "backup:Get*",
+                "backup:List*",
+                "dynamodb:Describe*",
+                "dynamodb:List*",
+                "elasticloadbalancing:Describe*",
+                "apigateway:GET",
+                "redshift:Describe*",
+                "ecr:Describe*",
+                "ecr:Get*",
+                "ecr:List*",
+                "wafv2:Get*",
+                "wafv2:List*",
+                "waf:Get*",
+                "waf:List*"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+### Minimal Permissions for Testing
+For initial testing, you can use the AWS managed `ReadOnlyAccess` policy:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ReadOnlyAccess"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+## Verification
+### Test Installation
+```bash
+# Check version
+aws-cis-assess --version
+# List available commands
+aws-cis-assess --help
+# Test AWS credentials
+aws-cis-assess validate-credentials
+# List available regions
+aws-cis-assess list-regions
+# Show assessment statistics
+aws-cis-assess show-stats
+```
+### Run Sample Assessment
+```bash
+# Run a quick IG1 assessment
+aws-cis-assess assess --implementation-groups IG1 --regions us-east-1
+# Run dry run to validate configuration
+aws-cis-assess assess --dry-run
+```
+## Troubleshooting Installation
+### Common Issues
+#### Python Version Issues
+```bash
+# Check Python version
+python --version
+# Use specific Python version
+python3.9 -m pip install aws-cis-assessment
+```
+#### Permission Issues
+```bash
+# Install for current user only
+pip install --user aws-cis-assessment
+# Use virtual environment
+python -m venv aws-cis-env
+source aws-cis-env/bin/activate
+pip install aws-cis-assessment
+```
+#### AWS Credential Issues
+```bash
+# Test AWS credentials
+aws sts get-caller-identity
+# Validate with the tool
+aws-cis-assess validate-credentials --verbose
+```
+#### Network/Proxy Issues
+```bash
+# Install with proxy
+pip install --proxy http://proxy.company.com:8080 aws-cis-assessment
+# Configure AWS CLI with proxy
+aws configure set proxy.http http://proxy.company.com:8080
+aws configure set proxy.https https://proxy.company.com:8080
+```
+### Getting Help
+If you encounter issues during installation:
+1. **Check the troubleshooting guide**: `docs/troubleshooting.md`
+2. **Enable verbose logging**: Add `--verbose` to commands
+3. **Check system requirements**: Ensure Python 3.8+ and proper AWS access
+4. **Review AWS permissions**: Verify IAM permissions are sufficient
+5. **Report issues**: Create an issue on GitHub with detailed error information
+## Next Steps
+After successful installation:
+1. **Read the User Guide**: `docs/user-guide.md`
+2. **Review Configuration Options**: `docs/configuration.md`
+3. **Run Your First Assessment**: Follow the quick start in the user guide
+4. **Explore CLI Commands**: `docs/cli-reference.md`
+## Upgrading
+### Upgrade from PyPI
+```bash
+pip install --upgrade aws-cis-assessment
+```
+### Upgrade from Source
+```bash
+cd aws-cis-assessment
+git pull origin main
+pip install -e .
+```
+### Check for Updates
+```bash
+# Check current version
+aws-cis-assess --version
+# Check for available updates
+pip list --outdated | grep aws-cis-assessment
+```