# Enhanced Automation for CIS AWS/Google Cloud Foundations Benchmark Checks
We have expanded the explanations and audit rules provided for the CIS AWS/Google Cloud Foundations Benchmark on [Shisho Cloud](https://shisho.dev/ja).
This allows you to evaluate the security posture of a wider range of resources on AWS/Google Cloud from a broader perspective on Shisho Cloud.
## Overview
With this update, all Shisho Cloud customers can use **managed Rego rules & explanations by Flatt Security for all automatable items** in the following benchmarks:
- **CIS AWS Foundations Benchmark v1.5.0**
- **CIS Google Cloud Foundations Benchmark v1.3.0**
:::info
The latest version of these benchmarks are as follows:
- CIS AWS Foundations Benchmark v2.0.0
- CIS Google Cloud Foundations Benchmark v2.0.0
For items that have remained unchanged between versions, we have already applied some changes in this update to adapt to the changes in categorization to _Manual_ and _Audomated_, and changes in _Profile Applicability_. We are also progressively delivering managed audit rules and explanations on Shisho Cloud for a few additional items.
:::
## Getting Started
### Try it with Shisho Cloud for free
Thank you for your interest! Please contact us through the [Shisho Cloud official page](https://shisho.dev). We will promptly guide you on how to start with the Shisho Cloud free trial.
### Try it with an existing Shisho Cloud organization
**All Shisho Cloud customers** can start scanning with updated policies by the following steps:
1. Update integrations between Shisho Cloud and your cloud accounts
2. Add new workflows in Shisho Cloud
3. Add workflows to a GitHub repository (optional)
#### (1) Updating integrations
Please refer to the guide below and update integrations between Shisho Cloud and AWS/Google Cloud:
If you have already created a service account for integrating Shisho Cloud with your Google Cloud projects/folders/organizations, there are basically no settings to be changed on the Shisho Cloud side for Google Cloud.
You also don't need to recreate the service account.
However, you need to enable some Google Cloud APIs in the project where the service account for the integration exists.
You can enable all the necessary APIs using the command below, or the Terraform code snippet provided in the [Google Cloud integration tutorial](/g/getting-started/integrate-apps/googlecloud):
```bash
gcloud services enable \
bigquery.googleapis.com \
cloudasset.googleapis.com \
cloudkms.googleapis.com \
cloudresourcemanager.googleapis.com \
compute.googleapis.com \
container.googleapis.com \
dns.googleapis.com \
essentialcontacts.googleapis.com \
logging.googleapis.com \
iamcredentials.googleapis.com \
iam.googleapis.com \
pubsub.googleapis.com \
serviceusage.googleapis.com \
storage-component.googleapis.com \
sqladmin.googleapis.com \
--project "$PROJECT_ID"
```
If you have already created an IAM role for the integration, there are basically no settings to be changed on the Shisho Cloud side for AWS.
You also don't need to recreate the IAM role.
However, you need to update the inline policy in the IAM role created in each account.
**Please make sure** to update the IAM role created in each account, referring to the [AWS integration tutorial](/g/getting-started/integrate-apps/aws).
#### (2) Applying the Updated Workflow
You can apply the latest workflow by following the steps below:
:::danger
The procedure below overwrites the workflow registered on Shisho Cloud.
If you have set parameters on Shisho Cloud, or have made changes to the Rego policy, please **be sure** to back up your existing Shisho Cloud manifest using the following command:
```bash
SHISHO_ORG_ID="Your Shisho Cloud Organization ID"
shishoctl workflow export --structured --org "$SHISHO_ORG_ID" --path .
```
We are also considering providing a versioning feature for workflows on Shisho Cloud. If you accidentally overwrite a workflow and lose parameter settings for the workflow, please contact Flatt Security Support.
:::
:::info
If you have never used the `shishoctl` command, please refer to the [tutorial](/c/accessing-via-shishoctl-cli) to set it up.
:::
```bash
SHISHO_ORG_ID="Your Shisho Cloud Organization ID"
# Gather the latest workflow
git clone https://github.com/flatt-security/shisho-cloud-managed-workflows
cd ./shisho-cloud-managed-workflows
# Apply the policy corresponding to CIS AWS Foundations Benchmark v1.5.0 to the $SHISHO_ORG organization
shishoctl workflow apply --org "$SHISHO_ORG_ID" -f ./workflows/cis-benchmark/aws-v1.5.0
# Apply the policy corresponding to CIS Google Cloud Foundations Benchmark v1.3.0 to $SHISHO_ORG organization
shishoctl workflow apply --org "$SHISHO_ORG_ID" -f ./workflows/cis-benchmark/googlecloud-v1.3.0
```
#### (3) Applying to your own GitHub Repository
If you have created a repository to store policy codes with the procedure described in the [GitHub Actions tutorial](/g/getting-started/deploy-policies-with-git-repositories/github), perform the following steps after updating the workflow on Shisho Cloud with the above steps:
```bash
SHISHO_ORG_ID="Your Shisho Cloud Organization ID"
# Get your organization's GitHub repository
git clone ./repo
cd ./repo
# Export the updated workflow from Shisho Cloud again
shishoctl workflow export --structured --org "$SHISHO_ORG_ID" --path .
# Review the differences
git diff
# ... decide to incorporate changes, commit, and push
```
If you have created a fork from [flatt-security/shisho-cloud-managed-workflows](https://github.com/flatt-security/shisho-cloud-managed-workflows), please merge the latest branch of the same repository and incorporate the differences.