CIS Compliance Features
These are additional features for CIS Compliance that are included in the setUpOCI Menu but are not listed in the CD3 Excel sheet.
1. Run CIS compliance checker script
The Automation Toolkit allows for running the CIS compliance checker script against your tenancy. It also facilitates downloading the latest script if necessary. A folder named <customer_name>_cis_report is created under /cd3user/tenancies/<customer_name>/, containing all the reports generated by the script.
As a best practice, the script should be executed after every deployment in the tenancy. The output report should be analyzed to minimize the reported anomalies according to the design requirements.
2. Create Key/Vault:
Below tf file is created
| File name | Description |
|---|---|
| cis-keyvault.auto.tfvars | TF variables file for creating the key/vault in the specified compartment and region. This is created under the specified region directory. |
3. Create Default Budget:
This option will ask for monthly budget (in US$) and Threshold percentage of Budget and bellow tf files are created:
| File name | Description |
|---|---|
| cis-budget.auto.tfvars | TF variables file for crating budget. |
4. Enable Cloud guard
This will enable Cloud Guard for the tenancy from specified reporting region, clones the Oracle Managed detector and responder recipes. Creates a target for root compartment with the cloned recipes.
Below TF file is created:
| File name | Description |
|---|---|
| cis-cloudguard.auto.tf | vars TF variables file for enabling cloud guard and creating target for root compartment. |
Click here to view sample auto.tfvars for Security components