원클릭으로 Manus에서 모든 스킬 실행

시작하기

cis-aws-storage-4-4

스타617

포크102

업데이트2026년 4월 13일 04:22

Ensure the creation of Elastic File Cache

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

CyberStrikeus

CyberStrikeus/CyberStrike

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

4.4 Ensure the creation of Elastic File Cache (Manual)

Profile Applicability

Level 2

Description

With the prerequisites completed, we can now proceed to create our Elastic File Cache.

Rationale

By implementing an Elastic File Cache, frequently accessed data is stored closer to the application, reducing latency and speeding up access times. This approach optimizes resource utilization, improves user experience, and ensures that the system can handle high-demand workloads effectively.

Impact

Without implementing Elastic File Cache, applications may experience higher latency, slower data access times, and reduced performance, particularly for frequently accessed data. This can negatively impact user experience and system efficiency.

Audit Procedure

AWS Console

Navigate to the AWS Elastic File Cache console: https://console.aws.amazon.com/fsx/
Click the hamburger menu on the left side of the screen and select "caches"
Review existing File Cache configurations
Verify the following for each cache:
- Cache name is descriptive and follows naming conventions
- Storage capacity is appropriately sized (should be in increments of 1.2 TiB)
- Throughput capacity is calculated correctly based on storage (multiply cache storage capacity by throughput tier)
- VPC configuration is correct and uses the appropriate VPC
- Security groups are properly configured
- Subnet selection is appropriate
- Encryption is enabled using aws/fsx KMS encryption keys
- Data repository associations (DRAs) are properly configured
- Cache is linked to the correct S3 bucket path

AWS CLI

# List all File Caches
aws fsx describe-file-caches --query 'FileCaches[].[FileCacheId,FileCachePath,Lifecycle,StorageCapacity]' --output table

# Describe a specific File Cache
aws fsx describe-file-caches --file-cache-ids <cache-id>

# Check Data Repository Associations
aws fsx describe-data-repository-associations --filters Name=file-cache-id,Values=<cache-id>

Expected Result

Elastic File Cache should be properly created and configured with:

Appropriate storage capacity (in 1.2 TiB increments)
Correctly calculated throughput capacity
Proper VPC and security group configuration
KMS encryption enabled
Valid Data Repository Association linking to S3 bucket

Remediation

AWS Console

Navigate to the AWS Elastic File Cache console: https://console.aws.amazon.com/fsx/
Click the hamburger menu on the left side of the screen and select "caches"
Select "Create Cache"
Give your Cache a name. Choose a name that you will remember
Select the amount of storage capacity you need for your cache. We'll select 1.2 TiB for this tutorial. You can select storage capacity in increments of 1.2 TiB
Select the amount of throughput capacity. The amount of Throughput capacity is calculated by multiplying the cache storage capacity by the throughput tier. For example:
- For a 1.2 TiB cache, it's 1200 MB/s
- For a 9.6 TiB cache, it's 9600 MB/s
- Throughput capacity is the sustained speed at which the file server that hosts your cache can serve data
In the Network & Security section, provide networking and security group information:
- For Virtual Private Cloud (VPC) choose the correct amazon VPC that you want to associate with your cache. We're going to use the default VPC
- For VPC Security Groups, the ID for the default security group for your VPC should already be added
- For Subnet, you can choose any of the available subnets
In the Encryption section, choose the Default aws/fsx KMS encryption keys to protect your data by encrypting your data at rest
You have the option to create tags; this is an optional step
Select "next"
In the Data repository associations (DRAs) section, there are no DRAs linking your cache to S3 or NFS repositories. We need to link the cache that we're creating to the Amazon S3 bucket that we created earlier:
- For Data repository type, choose S3
- For Data repository path, type the path of the S3 bucket that you want to associate with this cache. For example: s3://(example-bucket)/(example-prefix)
- Note: To access this URL, go back to the S3 bucket that was just created and navigate to the directory of the folder that you created. Select "copy AWS URI"
- For cache path, enter the name of a high-level directory such as /ns1 or subdirectory such as /ns1/subdir within Amazon File Cache to associate with the S3 data repository. The first forward slash in the path is required
Select "Next" this will take you to the summary page
Choose "Create Cache." You will see your cache in the FSx dashboard

AWS CLI

# Create File Cache
aws fsx create-file-cache \
  --file-cache-type LUSTRE \
  --file-cache-type-version 2.12 \
  --storage-capacity 1200 \
  --subnet-ids <subnet-id> \
  --security-group-ids <security-group-id> \
  --data-repository-associations '[
    {
      "FileCachePath": "/ns1",
      "DataRepositoryPath": "s3://<bucket-name>/<prefix>",
      "DataRepositorySubdirectories": []
    }
  ]' \
  --kms-key-id "alias/aws/fsx"

# Verify cache creation
aws fsx describe-file-caches --file-cache-ids <cache-id>

Default Value

By default, no Elastic File Cache exists. It must be explicitly created and configured.

References

https://aws.amazon.com/filecache/

CIS Controls

This control does not map to specific CIS Controls but follows general AWS security best practices for encryption, network isolation, and access control.

Profile

Level 2

이 저장소의 다른 Skills

같은 저장소

ebpf-attacks

CyberStrikeus/CyberStrike

eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux

2026-06-23617

aws-postexploit

CyberStrikeus/CyberStrike

AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3

2026-06-22617

azure-postexploit

CyberStrikeus/CyberStrike

Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation

2026-06-22617

cicd-attacks

CyberStrikeus/CyberStrike

CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab

2026-06-22617

k8s-postexploit

CyberStrikeus/CyberStrike

Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence

2026-06-22617

macos-postexploit

CyberStrikeus/CyberStrike

macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools

2026-06-22617

name	cis-aws-storage-4.4
description	Ensure the creation of Elastic File Cache
category	cis-storage-services
version	1.0.0
author	cyberstrike-official
tags	["cis","aws","storage","fsx","file-cache","cache-creation","vpc","kms","level-2"]
cis_id	4.4
cis_benchmark	CIS AWS Storage Services Benchmark v1.0.0
tech_stack	["aws"]
cwe_ids	[]
chains_with	["cis-aws-storage-4.1","cis-aws-storage-4.2","cis-aws-storage-4.3","cis-aws-storage-4.5"]
prerequisites	["cis-aws-storage-4.2","cis-aws-storage-4.3"]
severity_boost	{}

4.4 Ensure the creation of Elastic File Cache (Manual)

Profile Applicability

Level 2

Description

With the prerequisites completed, we can now proceed to create our Elastic File Cache.

Rationale

Impact

Audit Procedure

AWS Console

Navigate to the AWS Elastic File Cache console: https://console.aws.amazon.com/fsx/
Click the hamburger menu on the left side of the screen and select "caches"
Review existing File Cache configurations
Verify the following for each cache:
- Cache name is descriptive and follows naming conventions
- Storage capacity is appropriately sized (should be in increments of 1.2 TiB)
- Throughput capacity is calculated correctly based on storage (multiply cache storage capacity by throughput tier)
- VPC configuration is correct and uses the appropriate VPC
- Security groups are properly configured
- Subnet selection is appropriate
- Encryption is enabled using aws/fsx KMS encryption keys
- Data repository associations (DRAs) are properly configured
- Cache is linked to the correct S3 bucket path

AWS CLI

# List all File Caches
aws fsx describe-file-caches --query 'FileCaches[].[FileCacheId,FileCachePath,Lifecycle,StorageCapacity]' --output table

# Describe a specific File Cache
aws fsx describe-file-caches --file-cache-ids <cache-id>

# Check Data Repository Associations
aws fsx describe-data-repository-associations --filters Name=file-cache-id,Values=<cache-id>

Expected Result

Elastic File Cache should be properly created and configured with:

Appropriate storage capacity (in 1.2 TiB increments)
Correctly calculated throughput capacity
Proper VPC and security group configuration
KMS encryption enabled
Valid Data Repository Association linking to S3 bucket

Remediation

AWS Console

Navigate to the AWS Elastic File Cache console: https://console.aws.amazon.com/fsx/
Click the hamburger menu on the left side of the screen and select "caches"
Select "Create Cache"
Give your Cache a name. Choose a name that you will remember
Select the amount of storage capacity you need for your cache. We'll select 1.2 TiB for this tutorial. You can select storage capacity in increments of 1.2 TiB
Select the amount of throughput capacity. The amount of Throughput capacity is calculated by multiplying the cache storage capacity by the throughput tier. For example:
- For a 1.2 TiB cache, it's 1200 MB/s
- For a 9.6 TiB cache, it's 9600 MB/s
- Throughput capacity is the sustained speed at which the file server that hosts your cache can serve data
In the Network & Security section, provide networking and security group information:
- For Virtual Private Cloud (VPC) choose the correct amazon VPC that you want to associate with your cache. We're going to use the default VPC
- For VPC Security Groups, the ID for the default security group for your VPC should already be added
- For Subnet, you can choose any of the available subnets
In the Encryption section, choose the Default aws/fsx KMS encryption keys to protect your data by encrypting your data at rest
You have the option to create tags; this is an optional step
Select "next"
In the Data repository associations (DRAs) section, there are no DRAs linking your cache to S3 or NFS repositories. We need to link the cache that we're creating to the Amazon S3 bucket that we created earlier:
- For Data repository type, choose S3
- For Data repository path, type the path of the S3 bucket that you want to associate with this cache. For example: s3://(example-bucket)/(example-prefix)
- Note: To access this URL, go back to the S3 bucket that was just created and navigate to the directory of the folder that you created. Select "copy AWS URI"
- For cache path, enter the name of a high-level directory such as /ns1 or subdirectory such as /ns1/subdir within Amazon File Cache to associate with the S3 data repository. The first forward slash in the path is required
Select "Next" this will take you to the summary page
Choose "Create Cache." You will see your cache in the FSx dashboard

AWS CLI

# Create File Cache
aws fsx create-file-cache \
  --file-cache-type LUSTRE \
  --file-cache-type-version 2.12 \
  --storage-capacity 1200 \
  --subnet-ids <subnet-id> \
  --security-group-ids <security-group-id> \
  --data-repository-associations '[
    {
      "FileCachePath": "/ns1",
      "DataRepositoryPath": "s3://<bucket-name>/<prefix>",
      "DataRepositorySubdirectories": []
    }
  ]' \
  --kms-key-id "alias/aws/fsx"

# Verify cache creation
aws fsx describe-file-caches --file-cache-ids <cache-id>

Default Value

By default, no Elastic File Cache exists. It must be explicitly created and configured.

References

https://aws.amazon.com/filecache/

CIS Controls

This control does not map to specific CIS Controls but follows general AWS security best practices for encryption, network isolation, and access control.

Profile

Level 2