CloudYali Launches AWS Security Compliance Checks

CloudYali Team
February 10, 2024
5 min read

ntroducing's latest feature: Security Compliance Checks for CIS AWS Foundations Benchmark 1.4.0 and AWS Foundational Security Best Practices framework.

We are thrilled to announce that our cloud visibility platform is now offering security compliance checks for CIS AWS Foundations Benchmark 1.4.0 and AWS Foundational Security Best Practices framework. This new feature is designed to help you in various roles, including DevOps, Cloud Security Engineers, and CIOs, gain better visibility into your AWS resource inventory and security compliance.

One of the key benefits of this new feature is that it allows you to easily identify and address any security vulnerabilities in your AWS environment. These security rules are evaluated continuously and violations are detected and reported. These conformance checks are evaluated across multiple AWS accounts and all AWS regions. By automating security compliance checks, you can quickly identify areas that need attention and take action to remediate any issues. This can help to reduce the risk of security breaches and protect sensitive data.

The new security compliance checks for CIS AWS Foundations Benchmark 1.4.0 controls and AWS Foundational Security Best Practices framework are based on industry best practices and guidelines. CIS AWS Foundations Benchmark 1.4.0 controls are a set of security best practices developed by the Center for Internet Security (CIS) to help organizations protect their AWS environments. AWS Foundational Best Practices framework is a set of guidelines developed by AWS to help customers secure their environments. By aligning with these industry best practices and guidelines, you can be confident that your AWS environment is secure and compliant.

In addition, our new feature also includes a dashboard for inventory and security controls. This provides a clear and easy-to-use interface for you to view and manage AWS resources and security compliance. The dashboard allows you to quickly view the status of resources, including any security vulnerabilities and compliance issues. It also allows them to drill down into specific resources to see more detailed information and take action as needed.

Additionally, the dashboard provides filters for violation results based on various criteria such as AWS Account ID, AWS Region, AWS Resource type, Security rule, and Severity.

Security Compliance Dashboard

Scenario: Identifying Security Violations Across Multiple AWS accounts and regions

The AWS Security Compliance feature can be used to monitor security violations across multiple AWS accounts and regions. In this scenario, we will demonstrate how the feature helps identify security violations across multiple AWS accounts and regions.

Step 1: Log in to the CloudYali platform and navigate to the AWS Security Compliance dashboard.

Step 2: In the dashboard, filter the results by AWS region and select the regions that need to be monitored for security violations. Additionally, select any specific AWS resource types. In this example we have selected AWS::EC2::NetworkAcl (NACL) and AWS::KMS::Key resource type in AWS Region us-east-1 (N. Virginia).


Step 3: Review the security violations detected in the selected regions. In this scenario, we have detected a few security violation related to the rotation of KMS Keys and Network ACL (NACLs) ingress that do not meet the requirements of the AWS CIS Benchmark.

Step 4: Click on the security violation to view the details of the violation. The details will provide information about the rule that has been violated, the resource that was affected, and the severity of the violation.

Failed Resources List

Step 5: View a specific resource details in Resource Inventory tab. In this case, customer KMS key is not enabled for rotation.

Resource Details

At CloudYali, we are committed to providing our users with the latest and most effective security solutions. Our new AWS Security Compliance feature is just one example of our dedication to this goal, and we are confident that it will be a valuable addition to our users' toolkits.

If you have any questions about our new feature, or if you would like to learn more about CloudYali's security solutions, please don't hesitate to contact us at

CloudYali Team

Stay Informed

Get the latest updates, news, and exclusive offers delivered to your inbox.

By clicking Sign Up, you agree to our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong. Please try again.

Discover Our Featured Blogs

Stay up to date with our informative blog posts.


[Part 1] The Least Privilege Principle and IAM in AWS

The principle of least privilege (PoLP) is easier to understand until you put it into practice. In this series, we will discuss PoLP, how to set up accounts and guardrails, what tools to use, what process to follow, what technical and managerial challenges you may encounter, how to tackle them, and so on.
Nishant Thorat
April 16, 2024
5 min read
User Access Management

Streamlining AWS Access for Growing Startups

As your startup scales on AWS, managing access control becomes crucial. This blog post provides a roadmap for securing your cloud environment. You'll learn about the limitations of basic IAM users, the benefits of centralized identity management, and the capabilities of AWS IAM Identity Center with Just-In-Time access. By the end, you'll have a clear strategy to secure your AWS environment while maintaining agility.
Nishant Thorat
April 15, 2024
5 min read
AWS Cloud

Understanding Instance MetaData Service (IMDS)

Instance metadata service (IMDS) provides sensitive information. Understand IMDSv1 weakness and how IMDSv2 improves security. Identify IMDSv1 enabled instances across your cloud.
Nishant Thorat
February 11, 2024
5 min read