What cloud services are supported for AWS?

Holm Security Cloud Scanner can verify security best practices and security misconfigurations that contribute to the most common causes of security breaches within a vast list of Azure services.

There is also a set of plugins highlighting unused or misused services that could help save monthly AWS costs. Read more about these plugins in this article:

 

AWS supported services

Here's the list of AWS cloud services that we currently support:
  • API Gateway
  • App Mesh
  • App Runner
  • App Flow
  • Athena
  • Audit Manager
  • Auto Scaling
  • AWS Glue
  • Backup
  • Cloud Formation
  • CloudFront
  • CloudTrail
  • CloudWatch
  • CloudWatchLogs
  • CodeArtifact
  • CodeBuild
  • CodePipeline
  • CodeStar
  • Cognito
  • Comprehend
  • Compute Optimizer
  • ConfigService
  • Connect
  • DevOpsGuru
  • DMS
  • DocumentDB
  • DynamoDB
  • EC2
  • ECR
  • ECS
  • EFS
  • EKS
  • Elastic Transcoder
  • ElastiCache
  • Elastic Beanstalk
  • ELB
  • ELBv2
  • EMR
  • ES
  • Event Bridge
  • FinSpace
  • Firehose
  • Forecast
  • Fraud Detector
  • FSx
  • Glacier
  • Glue
  • Glue DataBrew
  • GuardDuty
  • HealthLake
  • IAM
  • Image Builder
  • IoT SiteWise
  • Kendra
  • Kinesis
  • Kinesis Video Streams
  • KMS
  • Lambda
  • Lex
  • Location
  • Lookout
  • LookoutEquipment
  • LookoutMetrics
  • Managed Blockchain
  • MemoryDB
  • MQ
  • MSK
  • MWAA
  • Neptune
  • Organizations
  • Proton
  • QLDB
  • RDS
  • Redshift
  • Route53
  • S3
  • SageMaker
  • Secrets Manager
  • SES
  • Shield
  • SNS
  • SQS
  • SSM
  • Timestream
  • Transfer
  • Translate
  • WAF
  • Workspaces
  • WorkSpaces
  • XRay

AWS supported service policies

Across the services, the following policies are scanned for: 

  • ACM - ACM Certificate Expiry
  • ACM - ACM Certificate Has Tags
  • ACM - ACM Certificate Validation
  • ACM - ACM Single Domain Name Certificates
  • API Gateway - API Gateway Certificate Rotation
  • API Gateway - API Gateway Client Certificate
  • API Gateway - API Gateway CloudWatch Logs
  • API Gateway - API Gateway Content Encoding
  • API Gateway - API Gateway Default Endpoint Disabled
  • API Gateway - API Gateway Detailed CloudWatch Metrics
  • API Gateway - API Gateway Private Endpoints
  • API Gateway - API Gateway Response Caching
  • API Gateway - API Gateway Tracing Enabled
  • API Gateway - API Gateway WAF Enabled
  • API Gateway - API Stage-Level Cache Encryption
  • API Gateway - Custom Domain TLS Version
  • App Mesh - App Mesh Restrict External Traffic
  • App Mesh - App Mesh TLS Required
  • App Mesh - App Mesh VG Access Logging
  • App Runner - Service Encrypted
  • AppFlow - AppFlow Flow Encrypted
  • Athena - Workgroup Encrypted
  • Athena - Workgroup Enforce Configuration
  • Audit Manager - Audit Manager Data Encrypted
  • AutoScaling - App-Tier ASG Launch Configurations Approved AMIs
  • AutoScaling - App-Tier Auto Scaling Group CloudWatch Logs Enabled
  • AutoScaling - App-Tier Launch Configurations IAM Roles
  • AutoScaling - ASG Multiple AZ
  • AutoScaling - Auto Scaling Group Cooldown Period
  • AutoScaling - Auto Scaling Group Missing ELB
  • AutoScaling - Auto Scaling Notifications Active
  • AutoScaling - Auto Scaling Unused Launch Configuration
  • AutoScaling - AutoScaling ELB Same Availability Zone
  • AutoScaling - ELB Health Check Active
  • AutoScaling - Empty AutoScaling Group
  • AutoScaling - Launch Configuration Referencing Missing Security Groups
  • AutoScaling - Suspended AutoScaling Groups
  • AutoScaling - Web-Tier ASG Launch Configurations Approved AMIs
  • AutoScaling - Web-Tier Auto Scaling Group Associated ELB
  • AutoScaling - Web-Tier Auto Scaling Group CloudWatch Logs Enabled
  • AutoScaling - Web-Tier Launch Configurations IAM Roles
  • AWS Glue - AWS Glue CloudWatch Encrypted Logs
  • Backup - AWS Backup Compliant Lifecycle Configured
  • Backup - Backup Deletion Protection Enabled
  • Backup - Backup Failure Notification Enabled
  • Backup - Backup In Use For RDS Snapshots
  • Backup - Backup Resource Protection
  • Backup - Backup Vault Encrypted
  • CloudFormation - AWS CloudFormation In Use
  • CloudFormation - CloudFormation Admin Priviliges
  • CloudFormation - CloudFormation Drift Detection
  • CloudFormation - CloudFormation Plaintext Parameters
  • CloudFormation - CloudFormation Stack Failed Status
  • CloudFormation - CloudFormation Stack SNS Notifications
  • CloudFormation - CloudFormation Stack Termination Protection Enabled
  • CloudFront - CloudFront Compress Objects Automatically
  • CloudFront - CloudFront Custom Origin HTTPS Only
  • CloudFront - CloudFront Distribution Field-Level Encryption
  • CloudFront - CloudFront Distribution Origins TLS Version
  • CloudFront - CloudFront Enable Origin Failover
  • CloudFront - CloudFront Enabled
  • CloudFront - CloudFront Geo Restriction
  • CloudFront - CloudFront HTTPS Only
  • CloudFront - CloudFront Logging Enabled
  • CloudFront - CloudFront TLS Deprecated Protocols
  • CloudFront - CloudFront TLS Insecure Cipher
  • CloudFront - CloudFront WAF Enabled
  • CloudFront - Insecure CloudFront Protocols
  • CloudFront - Public S3 CloudFront Origin
  • CloudFront - Secure CloudFront Origin
  • CloudTrail - CloudTrail Data Events
  • CloudTrail - CloudTrail Delivery Failing
  • CloudTrail - CloudTrail Enabled
  • CloudTrail - CloudTrail Encryption
  • CloudTrail - CloudTrail File Validation
  • CloudTrail - CloudTrail Global Services Logging Duplicated
  • CloudTrail - CloudTrail Has Tags
  • CloudTrail - CloudTrail Management Events
  • CloudTrail - CloudTrail Notifications Enabled
  • CloudTrail - CloudTrail S3 Bucket
  • CloudTrail - CloudTrail To CloudWatch
  • CloudTrail - Object Lock Enabled
  • CloudWatch - VPC Flow Logs Metric Alarm
  • CloudWatchLogs - CloudWatch Log Groups Encrypted
  • CloudWatchLogs - CloudWatch Log Retention Period
  • CloudWatchLogs - CloudWatch Monitoring Metrics
  • CodeArtifact - CodeArtifact Domain Encrypted
  • CodeBuild - CodeBuild Valid Source Providers
  • CodeBuild - Project Artifacts Encrypted
  • CodePipeline - Pipeline Artifacts Encrypted
  • CodeStar - CodeStar Valid Repository Providers
  • Cognito - Cognito User Pool MFA enabled
  • Cognito - Cognito User Pool WAF Enabled
  • Comprehend - Amazon Comprehend Output Result Encryption
  • Comprehend - Amazon Comprehend Volume Encryption
  • Compute Optimizer - Auto Scaling Group Optimized
  • Compute Optimizer - Compute Optimizer Recommendations Enabled
  • Compute Optimizer - EBS Volumes Optimized
  • Compute Optimizer - EC2 Instances Optimized
  • Compute Optimizer - Lambda Function Optimized
  • ConfigService - AWS Config Complaint Rules
  • ConfigService - AWS Services In Use
  • ConfigService - Config Delivery Failing
  • ConfigService - Config Service Enabled
  • ConfigService - Config Service Missing Bucket
  • Connect - Connect Customer Profiles Domain Encrypted
  • Connect - Connect Instance Attachments Encrypted
  • Connect - Connect Instance Call Recording Encrypted
  • Connect - Connect Instance Chat Transcripts Encrypted
  • Connect - Connect Instance Exported Reports Encrypted
  • Connect - Connect Instance Media Streams Encrypted
  • Connect - Connect Voice ID Domain Encrypted
  • Connect - Connect Wisdom Domain Encrypted
  • DevOpsGuru - DevOps Guru Notifications Enabled
  • DMS - DMS Auto Minor Version Upgrade
  • DMS - DMS Encryption Enabled
  • DMS - DMS Multi-AZ Feature Enabled
  • DMS - DMS Publicly Accessible Instances
  • DocumentDB - DocumentDB Cluster Backup Retention
  • DocumentDB - DocumentDB Cluster Encrypted
  • DynamoDB - DynamoDB Accelerator Cluster Encryption
  • DynamoDB - DynamoDB Continuous Backups
  • DynamoDB - DynamoDB KMS Encryption
  • DynamoDB - DynamoDB Table Backup Exists
  • DynamoDB - DynamoDB Table Has Tags
  • EC2 - Allowed Custom Ports
  • EC2 - Amazon EBS Public Snapshots
  • EC2 - AMI Has Tags
  • EC2 - App-Tier EC2 Instance IAM Role
  • EC2 - Automate EBS Snapshot Lifecycle
  • EC2 - Cross Organization VPC Peering Connections
  • EC2 - Cross VPC Public Private Communication
  • EC2 - Default Security Group
  • EC2 - Default VPC Exists
  • EC2 - Default VPC In Use
  • EC2 - Detect EC2 Classic Instances
  • EC2 - EBS Backup Enabled
  • EC2 - EBS Encrypted Snapshots
  • EC2 - EBS Encryption Enabled
  • EC2 - EBS Encryption Enabled By Default
  • EC2 - EBS Snapshot Has Tags
  • EC2 - EBS Volume has tags
  • EC2 - EBS Volume Snapshot Public
  • EC2 - EBS Volumes Too Old Snapshots
  • EC2 - EC2 has Tags
  • EC2 - EC2 Instance Key Based Login
  • EC2 - EC2 LaunchWizard Security Groups
  • EC2 - EC2 Max Instances
  • EC2 - Elastic IP Limit
  • EC2 - Encrypted AMI
  • EC2 - Excessive Security Groups
  • EC2 - Insecure EC2 Metadata Options
  • EC2 - Instance Detailed Monitoring
  • EC2 - Instance IAM Role
  • EC2 - Instance Limit
  • EC2 - Instance vCPU On-Demand Based Limits
  • EC2 - Internet Gateways In VPC
  • EC2 - Managed NAT Gateway In Use
  • EC2 - NAT Multiple AZ
  • EC2 - Network ACL has Tags
  • EC2 - Open All Ports Protocols
  • EC2 - Open Cassandra Client
  • EC2 - Open Cassandra Internode
  • EC2 - Open Cassandra Monitoring
  • EC2 - Open Cassandra Thrift
  • EC2 - Open CIFS
  • EC2 - Open Custom Ports
  • EC2 - Open DNS
  • EC2 - Open Docker
  • EC2 - Open Elasticsearch
  • EC2 - Open FTP
  • EC2 - Open Hadoop HDFS NameNode Metadata Service
  • EC2 - Open Hadoop HDFS NameNode WebUI
  • EC2 - Open Internal Web
  • EC2 - Open Kibana
  • EC2 - Open LDAP
  • EC2 - Open LDAPS
  • EC2 - Open Memcached
  • EC2 - Open MongoDB
  • EC2 - Open MySQL
  • EC2 - Open NetBIOS
  • EC2 - Open Oracle
  • EC2 - Open Oracle Auto Data Warehouse
  • EC2 - Open PostgreSQL
  • EC2 - Open RDP
  • EC2 - Open Redis
  • EC2 - Open RFC 1918
  • EC2 - Open RPC
  • EC2 - Open Salt
  • EC2 - Open SMBoTCP
  • EC2 - Open SMTP
  • EC2 - Open SNMP
  • EC2 - Open SQL Server
  • EC2 - Open SSH
  • EC2 - Open Telnet
  • EC2 - Open VNC Client
  • EC2 - Open VNC Server
  • EC2 - Outdated Amazon Machine Images
  • EC2 - Overlapping Security Groups
  • EC2 - Public AMI
  • EC2 - Public IP Address EC2 Instances
  • EC2 - Security Group Has Tags
  • EC2 - SSM Agent Active All Instances
  • EC2 - SSM Agent Auto Update Enabled
  • EC2 - SSM Agent Latest Version
  • EC2 - SSM Managed Instances
  • EC2 - SSM Session Duration
  • EC2 - Subnet IP Availability
  • EC2 - Unassociated Elastic IP Addresses
  • EC2 - Unrestricted Network ACL Outbound Traffic
  • EC2 - Unused Amazon Machine Images
  • EC2 - Unused EBS Volumes
  • EC2 - Unused Elastic Network Interfaces
  • EC2 - Unused Security Groups
  • EC2 - Unused Virtual Private Gateway
  • EC2 - Unused VPC Internet Gateways
  • EC2 - Virtual Private Gateway In VPC
  • EC2 - VPC Elastic IP Limit
  • EC2 - VPC Endpoint Cross Account Access
  • EC2 - VPC Endpoint Exposed
  • EC2 - VPC Flow Logs Enabled
  • EC2 - VPC Has Tags
  • EC2 - VPC Multiple Subnets
  • EC2 - VPC PrivateLink Endpoint Acceptance Required
  • EC2 - VPC Subnet Instances Present
  • EC2 - VPN Tunnel State
  • EC2 - Web-Tier EC2 Instance IAM Role
  • ECR - ECR Repository Encrypted
  • ECR - ECR Repository Policy
  • ECR - ECR Repository Tag Immutability
  • ECS - Container Insights Enabled
  • ECS - ECS Cluster Has Tags
  • EFS - EFS CMK Encrypted
  • EFS - EFS Encryption Enabled
  • EFS - EFS Has Tags
  • EKS - EKS Cluster Has Tags
  • EKS - EKS Kubernetes Version
  • EKS - EKS Latest Platform Version
  • EKS - EKS Logging Enabled
  • EKS - EKS Private Endpoint
  • EKS - EKS Secrets Encrypted
  • EKS - EKS Security Groups
  • Elastic Transcoder - Elastic Transcoder Job Outputs Encrypted
  • Elastic Transcoder - Elastic Transcoder Pipeline Data Encrypted
  • ElastiCache - ElastiCache Cluster Has Tags
  • ElastiCache - ElastiCache Cluster In VPC
  • ElastiCache - ElastiCache Default Ports
  • ElastiCache - ElastiCache Desired Node Type
  • ElastiCache - ElastiCache Engine Versions for Redis
  • ElastiCache - ElastiCache idle Cluster Status
  • ElastiCache - ElastiCache Instance Generation
  • ElastiCache - ElastiCache Nodes Count
  • ElastiCache - ElastiCache Redis Cluster Encryption At-Rest
  • ElastiCache - ElastiCache Redis Cluster Encryption In-Transit
  • ElastiCache - ElastiCache Redis Cluster Have Multi-AZ
  • ElastiCache - ElastiCache Reserved Cache Node Lease Expiration
  • ElastiCache - ElastiCache Reserved Cache Node Payment Failed
  • ElastiCache - ElastiCache Reserved Cache Node Payment Pending
  • ElastiCache - Unused ElastiCache Reserved Cache Nodes
  • ElasticBeanstalk - ElasticBeanstalk Managed Platform Updates
  • ElasticBeanstalk - Enhanced Health Reporting
  • ElasticBeanstalk - Environment Access Logs
  • ElasticBeanstalk - Environment Persistent Logs
  • ELB - App-Tier ELB Security Policy
  • ELB - Classic Load Balancers In Use
  • ELB - ELB Connection Draining Enabled
  • ELB - ELB Cross-Zone Load Balancing
  • ELB - ELB Has Tags
  • ELB - ELB HTTPS Only
  • ELB - ELB Logging Enabled
  • ELB - ELB No Instances
  • ELB - Insecure Ciphers
  • ELBv2 - ELB SSL Termination
  • ELBv2 - ELBv2 Deletion Protection
  • ELBv2 - ELBv2 Deprecated SSL Policies
  • ELBv2 - ELBv2 Deregistration Delay
  • ELBv2 - ELBv2 Has Tags
  • ELBv2 - ELBv2 HTTPS Only
  • ELBv2 - ELBv2 Insecure Ciphers
  • ELBv2 - ELBv2 Logging Enabled
  • ELBv2 - ELBv2 Minimum Number of EC2 Target Instances
  • ELBv2 - ELBv2 NLB Listener Security
  • ELBv2 - ELBv2 No Instances
  • ELBv2 - ELBv2 WAF Enabled
  • EMR - EMR Cluster Desired Instance Type
  • EMR - EMR Cluster In VPC
  • EMR - EMR Cluster Logging
  • EMR - EMR Encryption At Rest
  • EMR - EMR Encryption In Transit
  • EMR - EMR Instances Counts
  • ES - ElasticSearch Access From IP Addresses
  • ES - ElasticSearch Cluster Status
  • ES - ElasticSearch Dedicated Master Enabled
  • ES - ElasticSearch Desired Instance Type
  • ES - ElasticSearch Domain Cross Account access
  • ES - ElasticSearch Encrypted Domain
  • ES - ElasticSearch Encryption Enabled
  • ES - ElasticSearch Exposed Domain
  • ES - ElasticSearch HTTPS Only
  • ES - ElasticSearch IAM Authentication
  • ES - ElasticSearch Logging Enabled
  • ES - ElasticSearch Node To Node Encryption
  • ES - ElasticSearch Public Service Domain
  • ES - ElasticSearch TLS Version
  • ES - ElasticSearch Upgrade Available
  • EventBridge - Event Bus Cross Account Access
  • EventBridge - Event Bus Public Access
  • EventBridge - EventBridge Event Rules In Use
  • FinSpace - FinSpace Environment Encrypted
  • Firehose - Firehose Delivery Streams CMK Encrypted
  • Firehose - Firehose Delivery Streams Encrypted
  • Forecast - Forecast Dataset Encrypted
  • Forecast - Forecast Dataset Export Encrypted
  • Fraud Detector - Fraud Detector Data Encrypted
  • FSx - FSx File System Encrypted
  • Glacier - S3 Glacier Vault Public Access
  • Glue - AWS Glue Data Catalog CMK Encrypted
  • Glue - AWS Glue Data Catalog Encryption Enabled
  • Glue - AWS Glue Job Bookmark Encryption Enabled
  • Glue - AWS Glue S3 Encryption Enabled
  • Glue DataBrew - AWS Glue DataBrew Job Output Encrypted
  • GuardDuty - Exported Findings Encrypted
  • GuardDuty - GuardDuty is Enabled
  • GuardDuty - GuardDuty Master Account
  • GuardDuty - GuardDuty No Active Findings
  • HealthLake - HealthLake Data Store Encrypted
  • IAM - Access Analyzer Active Findings
  • IAM - Access Analyzer Enabled
  • IAM - Access Keys Extra
  • IAM - Access Keys Last Used
  • IAM - Access Keys Rotated
  • IAM - Canary Keys Used
  • IAM - Certificate Expiry
  • IAM - Cross-Account Access External ID and MFA
  • IAM - Empty Groups
  • IAM - Group Inline Policies
  • IAM - IAM Master and IAM Manager Roles
  • IAM - IAM Policies Present
  • IAM - IAM Role Has Tags
  • IAM - IAM Role Last Used
  • IAM - IAM Role Policies
  • IAM - IAM Role Policy Unused Services
  • IAM - IAM Support Policy
  • IAM - IAM User Account In Use
  • IAM - IAM User Admins
  • IAM - IAM User Has Tags
  • IAM - IAM User Present
  • IAM - IAM User Unauthorized to Edit
  • IAM - IAM Username Matches Regex
  • IAM - Maximum Password Age
  • IAM - Minimum Password Length
  • IAM - No User IAM Policies
  • IAM - Password Expiration
  • IAM - Password Policy Allows To Change Password
  • IAM - Password Requires Lowercase
  • IAM - Password Requires Numbers
  • IAM - Password Requires Symbols
  • IAM - Password Requires Uppercase
  • IAM - Password Reuse Prevention
  • IAM - Root Access Keys
  • IAM - Root Account Active Signing Certificates
  • IAM - Root Account In Use
  • IAM - Root Hardware MFA
  • IAM - Root MFA Enabled
  • IAM - SSH Keys Rotated
  • IAM - Trusted Cross Account Roles
  • IAM - Users MFA Enabled
  • IAM - Users Password And Keys
  • IAM - Users Password Last Used
  • Image Builder - Dockerfile Template Encrypted
  • Image Builder - Enhanced Metadata Collection Enabled
  • Image Builder - Image Builder Components Encrypted
  • Image Builder - Image Recipe Storage Volumes Encrypted
  • Image Builder - Infrastructure Configuration Notification Enabled
  • IoT SiteWise - IoT SiteWise Data Encrypted
  • Kendra - Kendra Index Encrypted
  • Kinesis - Kinesis Data Streams Encrypted
  • Kinesis - Kinesis Streams Encrypted
  • Kinesis Video Streams - Video Stream Data Encrypted
  • KMS - App-Tier KMS Customer Master Key (CMK)
  • KMS - KMS Default Key Usage
  • KMS - KMS Duplicate Grants
  • KMS - KMS Grant Least Privilege
  • KMS - KMS Key Policy
  • KMS - KMS Key Rotation
  • KMS - KMS Scheduled Deletion
  • Lambda - Lambda Admin Privileges
  • Lambda - Lambda Environment Variables Client Side Encryption
  • Lambda - Lambda Has Tags
  • Lambda - Lambda Log Groups
  • Lambda - Lambda Old Runtimes
  • Lambda - Lambda Public Access
  • Lambda - Lambda Tracing Enabled
  • Lambda - Lambda VPC Config
  • Lex - Audio Logs Encrypted
  • Location - Geoference Collection Data Encrypted
  • Location - Tracker Data Encrypted
  • Lookout - Model Data Encrypted
  • LookoutEquipment - LookoutEquipment Dataset Encrypted
  • LookoutMetrics - LookoutMetrics Anomaly Detector Encrypted
  • Managed Blockchain - Managed Blockchain Network Member Data Encrypted
  • MemoryDB - MemoryDB Cluster Encrypted
  • MQ - MQ Auto Minor Version Upgrade
  • MQ - MQ Broker Encrypted
  • MQ - MQ Deployment Mode
  • MQ - MQ Desired Broker Instance Type
  • MQ - MQ Log Exports Enabled
  • MSK - MSK Cluster Client Broker Encryption
  • MSK - MSK Cluster Encryption At-Rest
  • MSK - MSK Cluster Encryption In-Transit
  • MSK - MSK Cluster Public Access
  • MSK - MSK Cluster Unauthenticated Access
  • MWAA - Environment Admin Privileges
  • MWAA - Environment Data Encrypted
  • MWAA - Web Server Public Access
  • Neptune - Neptune Database Instance Encrypted
  • Organizations - Enable All Organization Features
  • Organizations - Organization Invite
  • Proton - Environment Template Encrypted
  • QLDB - Ledger Encrypted
  • RDS - RDS Automated Backups
  • RDS - RDS CMK Encryption
  • RDS - RDS Deletion Protection Enabled
  • RDS - RDS DocumentDB Minor Version Upgrade
  • RDS - RDS Encryption Enabled
  • RDS - RDS IAM Database Authentication Enabled
  • RDS - RDS Instance Has Tags
  • RDS - RDS Logging Enabled
  • RDS - RDS Multiple AZ
  • RDS - RDS Publicly Accessible
  • RDS - RDS Restorable
  • RDS - RDS Snapshot Encryption
  • RDS - RDS Snapshot Publicly Accessible
  • RDS - RDS Transport Encryption Enabled
  • RDS - SQL Server TLS Version
  • Redshift - Redshift Automated Snapshot Retention Period
  • Redshift - Redshift Cluster Allow Version Upgrade
  • Redshift - Redshift Cluster Audit Logging Enabled
  • Redshift - Redshift Cluster CMK Encryption
  • Redshift - Redshift Cluster Default Master Username
  • Redshift - Redshift Cluster Default Port
  • Redshift - Redshift Cluster In VPC
  • Redshift - Redshift Desired Node Type
  • Redshift - Redshift Encryption Enabled
  • Redshift - Redshift Nodes Count
  • Redshift - Redshift Parameter Group SSL Required
  • Redshift - Redshift Publicly Accessible
  • Redshift - Redshift Unused Reserved Nodes
  • Redshift - Redshift User Activity Logging Enabled
  • Route53 - Domain Auto Renew
  • Route53 - Domain Expiry
  • Route53 - Domain Privacy Protection
  • Route53 - Domain Transfer Lock
  • Route53 - Route53 Dangling DNS Records
  • Route53 - Sender Policy Framework In Use
  • Route53 - Sender Privacy Framework Record Present
  • S3 - CloudTrail Bucket Access Logging
  • S3 - CloudTrail Bucket Delete Policy
  • S3 - CloudTrail Bucket Private
  • S3 - S3 Bucket All Users ACL
  • S3 - S3 Bucket All Users Policy
  • S3 - S3 Bucket Encryption
  • S3 - S3 Bucket Encryption Enforcement
  • S3 - S3 Bucket Encryption In Transit
  • S3 - S3 Bucket Enforce Object Encryption
  • S3 - S3 Bucket Has Tags
  • S3 - S3 Bucket Lifecycle Configuration
  • S3 - S3 Bucket Logging
  • S3 - S3 Bucket Policy CloudFront OAI
  • S3 - S3 Bucket Public Access Block
  • S3 - S3 Bucket Versioning
  • S3 - S3 Bucket Website Enabled
  • S3 - S3 DNS Compliant Bucket Names
  • S3 - S3 Secure Transport Enabled
  • S3 - S3 Transfer Acceleration Enabled
  • S3 - S3 Versioned Buckets Lifecycle Configuration
  • SageMaker - Notebook Data Encrypted
  • SageMaker - Notebook Direct Internet Access
  • SageMaker - Notebook instance in VPC
  • Secrets Manager - Secrets Manager Encrypted Secrets
  • Secrets Manager - Secrets Manager In Use
  • Secrets Manager - Secrets Manager Secret Rotation Enabled
  • SES - Email DKIM Enabled
  • SES - SES Email Messages Encrypted
  • Shield - Shield Advanced Enabled
  • Shield - Shield Emergency Contacts Shield
  • Shield Protections
  • SNS - SNS Cross Account Access
  • SNS - SNS Topic CMK Encryption
  • SNS - SNS Topic Encrypted
  • SNS - SNS Topic Policies
  • SNS - SNS Valid Subscribers
  • SQS - SQS Cross Account Access
  • SQS - SQS Dead Letter Queue
  • SQS - SQS Encrypted
  • SQS - SQS Encryption Enabled
  • SQS - SQS Public Access
  • SQS - SQS Queue Unprocessed Messages
  • SSM - SSM Documents Public Access
  • SSM - SSM Encrypted Parameters
  • Timestream - Timestream Database Encrypted
  • Transfer - PrivateLink in Use for Transfer for SFTP Server Endpoints
  • Transfer - Transfer Logging Enabled
  • Translate - Translate Job Output Encrypted
  • WAF - AWS WAF In Use
  • WAF - AWS WAFV2 In Use
  • WorkSpaces - Unused WorkSpaces
  • WorkSpaces - WorkSpaces Desired Bundle Type
  • WorkSpaces - WorkSpaces Instance Count
  • Workspaces - Workspaces IP Access Control
  • WorkSpaces - WorkSpaces Volume Encryption
  • XRay - XRay Encryption Enabled 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.