Skip to main content

Examples

A Generic Example

This is a generic example of a rule that checks if the password policy requires at least one uppercase letter.

This rule contains the following parts:

  • First line is a comment that describes the rule.
  • It then gets the object to be checked.
  • It then iterates over the object
    • It finds the field to be checked.
    • It determines if the field is set to a desired value.
    • Depending on the result, it sets the severity and the affected resource, and specifies the action to be taken.
// AWS_CIS_1.1: Ensure IAM password policy requires at least one uppercase letter (Scored)
var PasswordPolicy = Utils.getIAMListAdditionalRaw(aws, "PasswordPolicy");

PasswordPolicy.forEach((pp, i) => {
  var affectedResource = Utils.toAWSIamListAffectedResourceFormat("AWSPasswordPolicy", i, pp, "RequireUppercaseCharacters");
  var action = "The password policy should require at least one uppercase letter";

  if (pp == null) {
    var remark = "Password policy has not been set";
    result("High", [affectedResource], action, remark);
  }
  else if (!pp.RequireUppercaseCharacters) {
    result("High", [affectedResource], action);
  }
});

A more complex example

This is a more complex example of a rule that checks if there is any unused key pair in the system.

// Non-CIS_3.1: Scan unused pair
var KeyPairs = Utils.getElements(generic, "keypairs");

// write a for loop to check every key pair in the system
for (KeyPair of KeyPairs) {
    var isFound = false; // an indicator for returning result
    var Instances = Utils.getElements(Generic, "Instances");

    for (Instance of Instances) {
        if (isFound) break; // if it is found, exit this loop
        var InstanceKeyPairs = Utils.getElements(Instance, "KeyPair");

        // every key used in this instance and found is it the one we are looking for
        for (InstanceKeyPair of InstanceKeyPairs) {
            if (InstanceKeyPair.KeyFingerprint == KeyPair.KeyFingerprint) {
                isFound = true; // if we found it, mark it down
                break; // exit this loop, as we have already found it
            }
        }
    }

    if (!isFound) {
        // this key cannot be found in any instances, that mean it is not in-use
        // tell the audit system you found a unused key
        var action = "Remove [" + KeyPair.KeyName + " (" + KeyPair.KeyFingerprint + ")] if you won't use it again";
        result("Information", [KeyPair], action);
    }
    else {
        // this key can be found in instance, that mean it is in-use
        // you don't need to call result for passed condition
    }
}