Skill323 repo starsupdated today

cis-aws-compute-10.3

This skill verifies that AWS Elastic Load Balancers associated with Elastic Beanstalk environments have access logging enabled for security audit trails. Use this manual control when implementing CyberStrike's AWS compliance framework to ensure load balancer traffic is being recorded to an S3 bucket for security monitoring and compliance purposes.

View source Repository: CyberStrike

Install in Claude Code

Copy

git clone --depth 1 https://github.com/CyberStrikeus/CyberStrike /tmp/cis-aws-compute-10.3 && cp -r /tmp/cis-aws-compute-10.3/.cyberstrike/skill/CIS_benchmarks/Cloud_Providers/AWS/CIS_AWS_Compute_Services_Benchmark_v1.1.0/cis-aws-compute-10.3 ~/.claude/skills/cis-aws-compute-10.3

Then start a new Claude Code session; the skill loads automatically.

Definition

SKILL.md

# 10.3 Ensure access logs are enabled (Manual)

## Description

When you enable load balancing, your AWS Elastic Beanstalk environment is equipped with an Elastic Load Balancing load balancer to distribute traffic among the instances in your environment.

## Rationale

For security reasons it is important to have a record of all the access logs and this is enabled within the Load Balancer assigned to the Elastic Beanstalk environments.

## Impact

N/A

## Audit Procedure

### Using AWS Console

1. Login to AWS Console using https://console.aws.amazon.com/ec2
2. On the left hand scroll down to Load Balancing and click on `Load Balancers`
3. Click on the Load balancer associated with the Elastic Beanstalk Environment

```
Typically they have AWSEB in the name.
If you utilized Elastic Beanstalk to create the Load balancer the Source
Security Group listed in the Description will reference `Elastic Beanstalk`
```

4. Under the `Description` tab scroll down to the `Attributes` section
5. Confirm `Access logs` is set to Enabled.
6. If status options reads `Disabled` refer to the remediation below.
7. Repeat steps 3-8 for each environment within the current region.
8. Then repeat the Audit process for all other regions.

### Using AWS CLI

N/A - This control is manual and console-based.

## Expected Result

`Access logs` is set to Enabled under the Attributes section on the Load Balancer Description tab.

## Remediation

### Using AWS Console

```
Typically they have AWSEB in the name.
If you utilized Elastic Beanstalk to create the Load balancer the Source
Security Group listed in the Description will reference `Elastic Beanstalk~`
```

4. Under the `Description` tab scroll down to the `Attributes` section
5. Under Access logs - Disabled click on Configure access logs.
6. Click the check box next to `Enable access logs`.
7. Enter the S3 bucket name you have setup for the Elastic Beanstalk access logs.
\*\*Note - if you don't have a S3 bucket already created enter an organization name in accordance with policy and have it identify with Elastic Beanstalk. Then click the check box next to `Create this location for me`
8. Click `Save`
9. Scroll down under the description tab and confirm that the Access logs are set as described above.
10. Repeat steps 3-11 for each Load balancer created and used with Elastic Beanstalk environment within the current region.
11. Then repeat the remediation process for all other regions identified in the Audit.

### Using AWS CLI

N/A - This control is manual and console-based.

## Default Value

Access logs are disabled by default on Load Balancers.

## References

1. https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.elb.html

## CIS Controls

| Controls Version | Control | IG 1 | IG 2 | IG 3 |
| ---------------- | -------------------------- | ---- | ---- | ---- |
| v8 | 8.2 Collect Audit Logs | X | X | X |
| v7 | 6.2 Activate audit logging | X | X | X |

## Profile

Level 1 | Manual