Zeus is a capable instrument for AWS EC2/S3 best solidifying hones. It checks security settings as per the profiles the client makes and changes them to suggested settings in light of the CIS AWS Benchmark source at demand of the client.

Identity and Access Management
  • Avoid the use of the “root” account
  • Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • Ensure credentials unused for 90 days or greater are disabled
Logging
  • Ensure CloudTrail is enabled in all regions
  • Ensure CloudTrail log file validation is enabled
  • Ensure the S3 bucket CloudTrail logs to is not publicly accessible
  • Ensure CloudTrail trails are integrated with CloudWatch Logs
  • Ensure AWS Config is enabled in all regions
  • Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • Ensure rotation for customer created CMKs is enabled
Requirements
Zeus has been written in bash script using AWS-CLI and it works in Linux/UNIX and OSX.
Update:
pip & aws-cli checking functions are added that based on operating system.
Screenshots