Skip to main content
ClaudeWave
Skill323 estrellas del repoactualizado today

cis-aws-compute-2.14

This Claude Code skill audits and remediates AWS EC2 Auto Scaling Groups to ensure they propagate tags to launched instances. Use this when verifying compliance with tagging policies, managing resource organization and security controls, or investigating why Auto Scaling Group instances lack expected tags.

Ver fuenteRepositorio: CyberStrike
Instalar en Claude Code
Copiar
git clone --depth 1 https://github.com/CyberStrikeus/CyberStrike /tmp/cis-aws-compute-2.14 && cp -r /tmp/cis-aws-compute-2.14/.cyberstrike/skill/CIS_benchmarks/Cloud_Providers/AWS/CIS_AWS_Compute_Services_Benchmark_v1.1.0/cis-aws-compute-2.14 ~/.claude/skills/cis-aws-compute-2.14
Después abre una sesión nueva de Claude Code; el skill carga automáticamente.
Definición

SKILL.md

# Ensure EC2 Auto Scaling Groups Propagate Tags to EC2 Instances that it launches

## Description

Tags can help with managing, identifying, organizing, searching for, and filtering resources. Additionally, tags can help with security and compliance. Tags can be propagated from an Auto Scaling group to the EC2 instances that it launches.

## Rationale

Without tags, EC2 instances created via Auto Scaling can be without tags and could be out of compliance with security policy.

## Impact

No negative impact. Enabling tag propagation ensures all instances launched by Auto Scaling groups inherit the group's tags automatically.

## Audit Procedure

### Using AWS CLI

1. Run `aws autoscaling describe-auto-scaling-groups`:

```bash
aws autoscaling describe-auto-scaling-groups
```

2. Ensure `PropagateAtLaunch` is `true` under `Tags` for each Tag for the Auto Scaling Group.
3. Repeat Steps 1-2 for each AWS Region used.

### Using AWS Console

1. Login to AWS Console using https://console.aws.amazon.com
2. Click All services and click EC2 under Compute.
3. Select Auto Scaling Groups.
4. For each Auto Scaling Group's Details, ensure that all tags have `Tag new instances` set to `Yes`.
5. Repeat Steps 1-4 for each AWS Region used.

## Expected Result

All tags in every Auto Scaling Group should have `PropagateAtLaunch` set to `true`. In the console, all tags should show `Tag new instances` set to `Yes`.

## Remediation

### Using AWS CLI

No specific CLI remediation command is provided for this control. Use the console method below.

### Using AWS Console

1. Login to AWS Console using https://console.aws.amazon.com
2. Click All services and click EC2 under Compute.
3. Select Auto Scaling Groups.
4. Click `Edit` for each Auto Scaling Group.
5. Check the `Tag new instances` Box for the Auto Scaling Group.
6. Click `Update`.
7. Repeat Steps 1-6 for each AWS Region used.

## Default Value

By default, Auto Scaling group tags are not automatically propagated to launched instances unless `PropagateAtLaunch` is set to `true`.

## References

No specific references provided in the benchmark for this control.

## CIS Controls

| Controls Version | Control                    | IG 1 | IG 2 | IG 3 |
| ---------------- | -------------------------- | ---- | ---- | ---- |
| v7               | 5.2 Maintain Secure Images |      | x    | x    |

## Profile

Level 1 | Automated
Del mismo repositorio
cis-aws-compute-10.1Skill

Ensure Managed Platform updates is configured

cis-aws-compute-10.2Skill

Ensure Persistent logs is setup and configured to S3

cis-aws-compute-10.3Skill

Ensure access logs are enabled

cis-aws-compute-10.4Skill

Ensure that HTTPS is enabled on load balancer

cis-aws-compute-11.1Skill

Ensure customer-managed keys are used to encrypt AWS Fargate ephemeral storage data for Amazon ECS

cis-aws-compute-12.1Skill

Ensure AWS Config is Enabled for Lambda and Serverless

cis-aws-compute-12.10Skill

Ensure Lambda functions do not allow unknown cross account access via permission policies

cis-aws-compute-12.11Skill

Ensure that the runtime environment versions used for your Lambda functions do not have end of support dates