While you could read the CIS AWS Foundations and other recommendations and manually verify if you’re aligned to best practices, that would be an enormous effort. Automated Security Posture evaluations are strongly recommended and there are multiple Cloud Security Posture Managers that can provide that.
AWS Security Hub provides that capability as well, with the feature called Security Standards.
As this detective control (aligned to NIST Identify phase) is crucial that you act on critical/high severity findings. Assign someone on the security team to analyze the most critical non-compliances and remediate them.
This QuickWin around AWS Security Hub are the security standards, enabling the service with the security standards will identify your gaps with the best practices, and will provide you the remediation instructions. It only costs $0.001 per check, it can be enabled in a few clicks and it has a 30 days free trial that shows the usage that would incur if no trial existed, so you can estimate the cost of the next month.
If you want to perform individual (point-in-time) checks instead of continuous compliance with a managed service such as the AWS Security Hub. You can use the Self-Service Security Assessment Tool that integrates controls from Open Source tools such as Prowler , and Scout Suite .
You can also use Cloud Custodian , an open source tool with multi-vendor support, to send findings natively to the AWS Security Hub.
There are third-party tools for continuous compliance checks such as Prowler Pro , Palo Alto Prisma , Trend Micro Cloud Compliance , Checkpoint Dome9 , and CloudCheckr that can also accomplish similar end result, frequently used in multi-cloud environments.
You can complement the security posture view with the Free Service AWS Trusted Advisor , to identify misconfigurations and critical security alerts on your account.
Customers with Business or Enterprise Support have access to the full set of checks from AWS Trusted Advisor
https://www.xmind.net/m/9MwPms
https://aws.amazon.com/security-hub/pricing
The service has a 30-day trial period (free trial)
The service has a site to verify current usage and estimate future usage.