Cloud Security Rules

RULE	SERVICE GROUP
C App Service web app allows HTTP traffic	App Service (Web Apps)
C CDN endpoint does not enforce HTTPS	CDN
C CloudFront distribution does not enforce HTTPS	CloudFront
C ELBv1 listener protocol is set to http	ELB
C Load balancer endpoint does not enforce HTTPS	ELB
C MySQL database instance has a passwordless default root user	Cloud SQL
C S3 Bucket should not be publicly readable and writable	S3
C S3 policy grants all permissions to any principal	S3
H Amazon Elasticsearch domain logging is not enabled	ElasticSearch
H API Gateway allows anonymous access	API Gateway (REST APIs)
H API Gateway cached responses are not encrypted	API Gateway (REST APIs)
H API Gateway must be protected by AWS WAF	WAF
H App Engine application does not enforce HTTPS	App Engine
H App Service allows FTP deployments	App Service (Web Apps)
H Azure App Service allows HTTP traffic	App Service (Web Apps)
H Azure Container Registry admin user is enabled	Container
H Backend service is not enforcing HTTPS	Compute Engine
H BigQuery dataset is publicly accessible	BigQuery
H Cloud Functions Egress Is not Restricted to Private IP Ranges	Cloud Functions
H Cloud Storage bucket is publicly accessible	Cloud Storage
H Cloud Storage Buckets allow AllUsers and AllAuthenticatedUsers	Cloud Storage
H CloudFront distribution origin is not set to S3 or origin protocol policy is not set to https-only	CloudFront
H CloudTrail trail has logging disabled	CloudTrail
H Compute instance uses the default service account	Compute Engine
H Container is running in privileged mode	Deployment
H Container is running with Docker socket mount	Deployment
H Data in the Elasticache Replication Group is not securely encrypted in transit	ElastiCache
H DocumentDB parameter group TLS configuration not enabled	DocumentDB
H EC2 metadata has hardcoded secrets	EC2
H ECR policy allows public access	ECR

AWS

Azure

Google

Kubernetes