Developer Tools
Snyk Learn
Snyk Advisor
Code Checker
About Snyk
Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
Expand this section
AWS
All AWS service groups
Account Management
API Gateway (REST APIs)
Athena
Batch
CloudFront
CloudTrail
CloudWatch
CodeBuild
Cognito
Config
DocumentDB
DynamoDB
EBS
EC2
ECR
ECS
EFS
EKS
Elastic Load Balancing
Elastic Map Reduce (EMR)
ElastiCache
ElasticSearch
Glue
IAM
Kinesis
KMS
Lambda
Managed Streaming for Kafka (MSK)
MQ
Neptune
Quantum Ledger Database
RDS
Redshift
S3
Sagemaker
Secrets Manager
SNS
SQS
SSM
Transfer
VPC
WAF
WorkSpace
Expand this section
Azure
Expand this section
Google
Expand this section
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
C
S3 bucket ACL allows public access to S3 bucket storing CloudTrail log files
S3
H
API Gateway allows anonymous access
API Gateway (REST APIs)
H
Batch job runs with privileged flag set to true
Batch
H
Broad IAM permissions in IAM policy
IAM
H
CloudTrail trail has logging disabled
CloudTrail
H
EC2 metadata has hardcoded secrets
EC2
H
ECR policy allows public access
ECR
H
IAM access key generated for `root` user
IAM
H
IAM policy has a statement block with a wildcard action
IAM
H
IAM role can be assumed by anyone in the account or anyone in any account
IAM
H
KMS master key is publicly accessible
KMS
H
Obsolete EC2-classic resource in use
VPC
H
Potentially sensitive variable in Lambda environment
Lambda
H
RDS database instance is publicly accessible
RDS
H
Redshift cluster is publicly accessible
Redshift
H
S3 bucket does not have `ignore_public_acls` enabled
S3
H
S3 bucket does not have all block public access options enabled
S3
H
S3 bucket has `block_public_acls` disabled
S3
H
S3 bucket has `block_public_policy` disabled
S3
H
S3 bucket has `restrict_public_buckets` disabled
S3
H
S3 bucket is publicly readable
S3
H
S3 Bucket should not be publicly readable and writable
S3
H
S3 policy grants all permissions to any principal
S3
H
SQS queue policy allows all actions on the resource
SQS
H
The IAM role can be assumed by any service or principal
IAM
H
WAFv2 web ACL does not include the 'AWSManagedRulesKnownBadInputsRuleSet' managed rule group
WAF
M
AMI snapshot copy is not encrypted
EC2
M
API Gateway cached responses are not encrypted
API Gateway (REST APIs)
M
Athena workgroup result encryption is not enforced
Athena
M
Athena workgroup settings can be overridden by client
Athena
Next