Clarification About the create-benchmark-rules.yaml file

[ananthu99]

Hi All,

Does the create-benchmark-rules.yaml file have Lambda functions to delete any AWS resources/users/secrets if they are found to be incompatible with either the Level 1 or Level 2 CIS Security Benchmark rules? Please let me know about this when you get a chance.

We want to make sure that they won't be deleted and if there is an option to just report on what's not compatible with the mapped rules per the CIS framework.

thanks,
Anand.

[barnesrobert]

Hi, Anand.

The CloudFormation template does not remove any resources that it itself did not provision; it is largely a monitoring mechanism.

Please let me know if you have any other questions.

Regards,
Rob