Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
All AWS service groups
Account Management
ACM
Amplify
API Gateway (REST APIs)
AppStream
AppSync
Athena
Batch
CloudFront
CloudTrail
CloudWatch
CodeBuild
Cognito
Config
DocumentDB
DynamoDB
EBS
EC2
ECR
ECS
EFS
EKS
ELB
EMR
ElastiCache
ElasticSearch
FSx
Glacier
Global Accelerator
Glue
IAM
Kinesis
KMS
Lambda
MQ
MSK
Neptune
QLDB
RDS
Redshift
S3
Sagemaker
Secrets Manager
SNS
SQS
SSM
Transfer
VPC
WAF
WorkSpaces
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
IAM user does not have MFA (virtual or hardware) enabled
IAM
M
IAM user has privileged roles at project level
IAM
M
IAM user is not a member of at least one group
IAM
M
IAM user login profile does not enforce resetting the generated password
IAM
M
IAM users should not have both KMS admin and any of the KMS encrypter/decrypter roles.
IAM
M
Infrastructure Encryption is not enabled
Storage
M
IP forwarding enabled on the instance template
Compute
M
IP forwarding is enabled
Compute Engine
M
IP forwarding is enabled on the instance
Compute Engine
M
Job bookmarks generated by Glue are not encrypted
Glue
M
Key Vault accidental purge prevention is disabled
Key Vault
M
Key Vault is not protected by firewall
Key Vault
M
Key Vault logging is not enabled
Monitor
M
Key Vault purge protection is disabled
Key Vault
M
Key Vault soft deletion is not set to 90 days
Key Vault
M
KMS key does not have key rotation enabled
KMS
M
KMS keys are not automatically rotated
Cloud KMS
M
Kubernetes API Server allows public access
Container
M
Kubernetes Cluster is not VPC-Native.
Kubernetes (Container) Engine
M
Lambda Functions are not deployed within a VPC
Lambda
M
Lambda functions missing provisioned concurrency configuration
Lambda
M
Lambda permission has wildcard principal
Lambda
M
Legacy ABAC is enabled
Kubernetes (Container) Engine
M
Linux virtual machine has password authentication enabled
Compute
M
Linux VM scale set encryption at host is disabled
Compute
M
Load balancer access logging is not enabled
ELB
M
Load balancer is internet facing
ELB
M
Logging is not enabled on storage bucket
Cloud Storage
M
Logging metric filter and alert for audit configuration changes are not configured
Monitor
M
Logging metric filter and alert for custom role changes are not configured
IAM
Previous
Next