Skip to main content
ClaudeWave
Skill323 repo starsupdated today

cis-aws-compute-5.1

This skill provides manual procedures for auditing and updating applications running on Amazon Lightsail instances. Use it when verifying that applications like WordPress, Drupal, Nginx, or Node.js deployed on Lightsail are current with the latest security patches and stable versions, then applying necessary updates after creating instance snapshots for backup protection.

View sourceRepository: CyberStrike
Install in Claude Code
Copy
git clone --depth 1 https://github.com/CyberStrikeus/CyberStrike /tmp/cis-aws-compute-5.1 && cp -r /tmp/cis-aws-compute-5.1/.cyberstrike/skill/CIS_benchmarks/Cloud_Providers/AWS/CIS_AWS_Compute_Services_Benchmark_v1.1.0/cis-aws-compute-5.1 ~/.claude/skills/cis-aws-compute-5.1
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# 5.1 Apply updates to any apps running in Lightsail (Manual)

## Description

Amazon Lightsail is a virtual private server (VPS) provider and is the easiest way to get started with AWS for developers, small businesses, students, and other users who need a solution to build and host their applications on cloud.

## Rationale

Lightsail offers a range of operating system and application templates that are automatically installed when you create a new Lightsail instance. Application templates include WordPress, Drupal, Joomla!, Ghost, Magento, Redmine, LAMP, Nginx (LEMP), MEAN, Node.js, Django, and more. You can install additional software on your instances by using the in-browser SSH or your own SSH client.

## Impact

N/A

## Audit Procedure

### Using AWS Console

To confirm that you are running the latest version of the application you are using is a manual process. Often dependent on the application itself and the operating system you are utilizing for the Lightsail instance.

1. Login to AWS Console using https://console.aws.amazon.com
2. Click `All services`, click `Lightsail` under Compute.
3. This will open up the Lightsail console.
4. Select the `Instance` you want to review.
5. Make sure the instance status is `running`.
6. Connect to the `instance`.
7. Depending on the instance OS and the application you are running determine what version it is and if there are any updates.
8. If there are updates refer to the remediation below.
9. Repeat steps no. 4 - 8 to verify if any Lightsail instances require application updates.

### Using AWS CLI

N/A - This is a manual process dependent on the application and OS.

## Expected Result

All applications running on Lightsail instances should be running the latest stable version with all security patches applied.

## Remediation

### Using AWS Console

1. Login to AWS Console using https://console.aws.amazon.com
2. Click `All services`, click `Lightsail` under Compute.
3. This will open up the Lightsail console.
4. Select the `Instance` you want to update.
5. Make sure the instance status is `running`.
6. Click on `Snapshots`
7. Under `Manual snapshots` click on `+ Create snapshot`
8. Give it a name you will recognize
9. Click on `create`

While in process it will show 'Snapshotting...'

10. Once the date and time and snapshot name appears it is completed.
11. Click on `Connect`
12. Run the updates for the application discovered above in the Audit.
13. Repeat steps no. 4 - 12 to apply any application updates required on the Lightsail instances that you are running.

### Using AWS CLI

N/A - This is a manual process dependent on the application and OS.

## Default Value

Applications are installed with the version available at instance creation time. Updates are not applied automatically.

## References

1. https://lightsail.aws.amazon.com/ls/docs/en_us/overview
2. https://aws.amazon.com/lightsail/features/?opdp2=features/?pg=ln&sec=hs

## CIS Controls

| Controls Version | Control                                                                                                                                                                                                                                | IG 1 | IG 2 | IG 3 |
| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | ---- | ---- |
| v8               | 7.4 Perform Automated Application Patch Management - Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.                                                        | x    | x    | x    |
| v7               | 3.5 Deploy Automated Software Patch Management Tools - Deploy automated software update tools in order to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor. | x    | x    | x    |

## Profile

Level 1 | Manual
More from this repository
cis-aws-compute-10.1Skill

Ensure Managed Platform updates is configured

cis-aws-compute-10.2Skill

Ensure Persistent logs is setup and configured to S3

cis-aws-compute-10.3Skill

Ensure access logs are enabled

cis-aws-compute-10.4Skill

Ensure that HTTPS is enabled on load balancer

cis-aws-compute-11.1Skill

Ensure customer-managed keys are used to encrypt AWS Fargate ephemeral storage data for Amazon ECS

cis-aws-compute-12.1Skill

Ensure AWS Config is Enabled for Lambda and Serverless

cis-aws-compute-12.10Skill

Ensure Lambda functions do not allow unknown cross account access via permission policies

cis-aws-compute-12.11Skill

Ensure that the runtime environment versions used for your Lambda functions do not have end of support dates