Strondex
95 controls · 10 categories

AWS Security Hardening Checklist

AWS gives you the controls — it does not turn them on. This checklist covers 95 CIS Level 1 and Level 2 controls across IAM, logging, monitoring, networking, storage, compute, and key management, so you can close the gaps that pentesters and auditors find first.

Get the checklist — $147Free 1-page preview (PDF)

One-time purchase · instant download · 95 controls with verification & remediation steps

What's inside

95 controls across 10 categories

Every control is plain-language, prioritized by severity, and paired with how to verify it and how to fix it. Organized into 10 sections.

Monitoring17
IAM16
Logging11
Networking9
S39
EC28
RDS8
Security Services7
Account6
KMS4

Real sample controls

A look at the highest-severity controls

These are taken directly from the checklist — no paraphrasing.

  • AWS-IAM-01-L1CRITICALIAM

    Enable MFA on the root account.

  • AWS-IAM-02-L1CRITICALIAM

    Ensure no access keys exist on the root account.

  • AWS-IAM-03-L1CRITICALIAM

    Do not use the root account for day-to-day work.

  • AWS-IAM-11-L1CRITICALIAM

    Attach no IAM policies directly to users — use groups or roles.

AWS Hardening Checklist

$147one-time
  • 95 prioritized controls
  • Verify & fix steps for each control
  • 10 categories across 10 sections
  • Instant download · lifetime access
Get the checklist ›

By purchasing you agree to our Terms. Digital products are non-refundable once accessed.

Free

Not ready to buy?

Download a free one-page preview of this checklist — the highest-impact controls, no email gate. Want the curated top-10 by email instead? Use the form on the homepage.

Download free 1-pager (PDF)Email me the top-10 controls ›

Why teams use Strondex

Built by security professionals

Controls drawn from CIS benchmarks, framework requirements, and real-world assessment findings.

Self-serve, no consultant

Plain-language steps you can action yourself — without the $300/hr engagement.

Honest scope

Exactly 95 controls. No inflated counts, no fabricated reviews — see the samples above.

Frequently asked questions

Which CIS levels does this AWS checklist cover?

It covers both CIS AWS Foundations Level 1 and Level 2 controls, with each control labelled so you can decide how far to harden based on your risk tolerance.

Does it cover multi-account AWS Organizations setups?

Yes. Account and organization hygiene is one of the ten domains, alongside IAM, logging, monitoring, networking, S3, EC2, RDS, KMS, and security services.

Is this useful if I already run Security Hub or GuardDuty?

Yes. The Security Services domain helps you confirm those tools are configured correctly, and the rest of the checklist covers controls those services do not enforce on their own.

Explore the rest of the library

47 controls

Cyber Insurance Prep Checklist

47 controls underwriters actually check — know exactly where you stand before renewal.

View $47 ›
80 controls

M365 Security Hardening Checklist

80 CIS-based controls for Microsoft 365 — close the gaps before attackers find them.

View $97 ›
88 controls

Azure Hardening Checklist

88 CIS-based controls for Microsoft Azure — identity to networking to Defender.

View $147 ›
85 controls

SOC 2 Readiness Workbook

85 controls mapped to AICPA Trust Services Criteria — know your audit readiness score.

View $197 ›
78 controls

PCI DSS Compliance Checklist

78 PCI DSS v4.0 controls with SAQ-A and SAQ-D annotations.

View $147 ›

‹ Back to Strondex home