Cloud Security Rules

Find out if you have vulnerabilities that put you at risk

RULE	SERVICE GROUP
H EC2 metadata has hardcoded secrets	EC2
M Address source/destination check is disabled on the instance	EC2
M AMI snapshot copy is not encrypted	EC2
M Auto Scaling group does not span two or more Availability Zones	EC2
M EBS snapshot is not encrypted	EC2
M EC2 API termination protection is not enabled	EC2
M EC2 instance accepts IMDSv1	EC2
M EC2 instance has public IP assigned	EC2
M EC2 instance is missing SSM agent association	EC2
M EC2 is unable to replace unhealthy instances	EC2
M Root block device is not encrypted	EC2
M Traffic mirroring is session enabled	EC2
L EC2 instance is not associated with IAM role and instance profile	EC2
L IAM role attached to instance profile allows broad list actions on S3 buckets	EC2