Cloud Security Rules

RULE	SERVICE GROUP
H Redshift cluster is publicly accessible	Redshift
H S3 bucket ACL allows public access to S3 bucket storing CloudTrail log files	S3
H S3 bucket does not have `ignore_public_acls` enabled	S3
H S3 bucket has `restrict_public_buckets` disabled	S3
H S3 bucket is publicly readable	S3
H S3 Bucket is publicly readable	S3
H SageMaker Notebook root access is enabled	Sagemaker
H SQS queue policy allows all actions on the resource	SQS
H SQS Queues are not encrypted at rest	SQS
H The client traffic will not be encrypted in transit	MSK
H The ElasticSearch cluster does not enforce HTTPS	ElasticSearch
H The FSx for Windows File Server does not have retention backup period configured	FSx
H The IAM role can be assumed by any service or principal	IAM
H TLS is disabled on DocumentDB	DocumentDB
H WAFv2 web ACL does not include the 'AWSManagedRulesKnownBadInputsRuleSet' managed rule group	WAF
H Wildcard action specified in API Gateway access policy	API Gateway (REST APIs)
H Wildcard principal in Glacier Vault access policy	Glacier
M A support role has not been created to manage incidents with AWS Support	IAM
M Account alternate contact is not configured	Account Management
M Account security alternate contact is not configured	Account Management
M Address source/destination check is disabled on the instance	EC2
M Alarm is not set for denied connections in CloudFront logs	CloudFront
M Amazon DocDB logging is not enabled	DocumentDB
M Amazon FSx for Windows file systems are not encrypted using a customer-managed KMS key	FSx
M Amazon MQ Broker logging is disabled	MQ
M Amazon MSK Cluster logs are not enabled	MSK
M AMI snapshot copy is not encrypted	EC2
M Amplify app basic authentication is not enabled	Amplify
M API Gateway access logging is disabled	API Gateway (REST APIs)
M API Gateway authorizer caching TTL is not configured	API Gateway (REST APIs)

Previous Next

AWS

Azure

Google

Kubernetes