CisScanConfiguration

The CisScanConfiguration resource allows you to create and manage AWS InspectorV2 CisScanConfigurations for assessing the security of your infrastructure against CIS benchmarks.

Minimal Example

Create a basic CIS scan configuration with required properties and one optional tag.

import AWS from "alchemy/aws/control";

const cisScanConfig = await AWS.InspectorV2.CisScanConfiguration("myCisScanConfig", {
  SecurityLevel: "High",
  Schedule: {
    Interval: "Daily"
  },
  Targets: {
    ResourceGroupArn: "arn:aws:inspector:us-west-2:123456789012:resourcegroup/my-resource-group"
  },
  ScanName: "DailyCISScan",
  Tags: {
    Environment: "Production"
  }
});

Advanced Configuration

Configure a CIS scan with additional settings including a customized schedule and multiple targets.

const advancedCisScanConfig = await AWS.InspectorV2.CisScanConfiguration("advancedCisScanConfig", {
  SecurityLevel: "Medium",
  Schedule: {
    Interval: "Weekly",
    StartTime: "2023-10-01T00:00:00Z"
  },
  Targets: {
    ResourceGroupArn: "arn:aws:inspector:us-west-2:123456789012:resourcegroup/my-resource-group",
    AdditionalTargets: [
      {
        ResourceArn: "arn:aws:ec2:us-west-2:123456789012:instance/i-0123456789abcdef0"
      }
    ]
  },
  ScanName: "WeeklyCISScan"
});

Custom Security Level

Set up a scan configuration with a specific security level and multiple tags for better organization.

const customSecurityLevelScanConfig = await AWS.InspectorV2.CisScanConfiguration("customSecurityLevelScanConfig", {
  SecurityLevel: "Critical",
  Schedule: {
    Interval: "Monthly"
  },
  Targets: {
    ResourceGroupArn: "arn:aws:inspector:us-west-2:123456789012:resourcegroup/my-resource-group"
  },
  ScanName: "MonthlyCriticalCISScan",
  Tags: {
    Project: "SecurityAudit",
    Owner: "SecurityTeam"
  }
});