Cloud Security Rules

RULE	SERVICE GROUP
C CloudFront distribution does not enforce HTTPS	CloudFront
C ELBv1 listener protocol is set to http	ELB
C Load balancer endpoint does not enforce HTTPS	ELB
C S3 Bucket should not be publicly readable and writable	S3
C S3 policy grants all permissions to any principal	S3
H Amazon Elasticsearch domain logging is not enabled	ElasticSearch
H API Gateway allows anonymous access	API Gateway (REST APIs)
H API Gateway cached responses are not encrypted	API Gateway (REST APIs)
H API Gateway must be protected by AWS WAF	WAF
H CloudFront distribution origin is not set to S3 or origin protocol policy is not set to https-only	CloudFront
H CloudTrail trail has logging disabled	CloudTrail
H Data in the Elasticache Replication Group is not securely encrypted in transit	ElastiCache
H DocumentDB parameter group TLS configuration not enabled	DocumentDB
H EC2 metadata has hardcoded secrets	EC2
H ECR policy allows public access	ECR
H ECR repository policy allows broad permissions	ECR
H ECS Container Insights is disabled	ECS
H EKS cluster allows public access	EKS
H IAM access key generated for `root` user	IAM
H IAM policy allows privilege escalation	IAM
H IAM policy grants full administrative rights	IAM
H IAM policy has a statement block with a wildcard action	IAM
H IAM role can be assumed by anyone in the account or anyone in any account	IAM
H KMS master key is publicly accessible	KMS
H Lambda permission has wildcard action	Lambda
H Obsolete EC2-classic resource in use	VPC
H Potentially sensitive variable in Lambda environment	Lambda
H Public ALB Must Be Protected by AWS WAF	WAF
H RDS database instance is publicly accessible	RDS
H Redshift cluster does not require SSL connections	Redshift

AWS

Azure

Google

Kubernetes