Cloud Security Rules

RULE	SERVICE GROUP
M Redis firewall rule allows public access	Redis
M Redshift cluster logging is disabled	Redshift
M Redshift DB is not encrypted	Redshift
M Restrict API keys authentication in AWS AppSync GraphQL	AppSync
M Role grants permissions to system reserved namespace	RoleBinding
M Role with dangerous permissions	Role
M Role with too wide permissions	Deployment
M Role-Based Access Control on Azure Key Vault is not enabled	Key Vault
M RoleBinding or ClusterRoleBinding is using a pre-defined role	RoleBinding
M Roles and cluster roles should not grant 'create' permissions for pods	Role
M Roles and cluster roles should not grant 'get', 'list', or 'watch' permissions for secrets	Service
M Root block device is not encrypted	EC2
M Root volume in WorkSpace is not encrypted	WorkSpaces
M S3 bucket access logging is not enabled on S3 buckets that store CloudTrail log files	S3
M S3 bucket does not have all block public access options enabled	S3
M S3 bucket has `block_public_acls` disabled	S3
M S3 bucket has `block_public_policy` disabled	S3
M S3 bucket is not encrypted	S3
M S3 bucket MFA delete control is disabled	S3
M S3 bucket object-level logging for read events is disabled	S3
M S3 bucket object-level logging for write events is disabled	S3
M S3 bucket policy allows list actions for all IAM principals and public users	S3
M S3 bucket policy does not deny requests that use HTTP	S3
M S3 bucket replication (cross-region or same-region) is not enabled	S3
M S3 bucket versioning is disabled	S3
M S3 object is not encrypted	S3
M S3 server access logging is disabled	S3
M Sagemaker data capture location is not encrypted with customer managed key	Sagemaker
M Sagemaker endpoint is not encrypted with customer managed key	Sagemaker
M SageMaker Notebook instance accepts IMDSv1	Sagemaker

Previous Next

AWS

Azure

Google

Kubernetes