What cloud services are supported?

 

AWS supported services

Here's the list of AWS cloud services that we currently support (2022-10-12):
  • Autoscaling
  • CloudFront
  • DynamoDB
  • EC2
  • ELB
  • IAM
  • RDS
  • S3
  • SNS
  • Workspaces

AWS supported service policies

Across the services, the following policies are scanned for: 

  • AUTOSCALING - App-Tier ASG Launch Configurations Approved AMIs
  • AUTOSCALING - App-Tier Auto Scaling Group CloudWatch Logs Enabled
  • AUTOSCALING - App-Tier Launch Configurations IAM Roles
  • AUTOSCALING - Auto Scaling Notifications Active
  • AUTOSCALING - Auto Scaling Group Cooldown Period
  • AUTOSCALING - Auto Scaling Group Missing ELB
  • AUTOSCALING - Launch Configuration Referencing Missing Security Groups
  • AUTOSCALING - ASG Multiple AZ
  • AUTOSCALING - Suspended AutoScaling Groups
  • AUTOSCALING - Auto Scaling Unused Launch Configuration
  • AUTOSCALING - ELB Health Check Active
  • AUTOSCALING - Empty AutoScaling Group
  • AUTOSCALING - AutoScaling ELB Same Availability Zone
  • AUTOSCALING - Web-Tier ASG Launch Configurations Approved AMIs
  • AUTOSCALING - Web-Tier Auto Scaling Group Associated ELB
  • AUTOSCALING - Web-Tier Auto Scaling Group CloudWatch Logs Enabled
  • AUTOSCALING - Web-Tier Launch Configurations IAM Roles
  • CLOUDFRONT - CloudFront Geo Restriction
  • CLOUDFRONT - CloudFront HTTPS Only
  • CLOUDFRONT - CloudFront Enabled
  • CLOUDFRONT - CloudFront Logging Enabled
  • CLOUDFRONT - CloudFront WAF Enabled
  • CLOUDFRONT - CloudFront Compress Objects Automatically
  • CLOUDFRONT - CloudFront Enable Origin Failover
  • CLOUDFRONT - Insecure CloudFront Protocols
  • CLOUDFRONT - Public S3 CloudFront Origin
  • CLOUDFRONT - Secure CloudFront Origin
  • CLOUDWATCH - VPC Flow Logs Metric Alarm
  • DYNAMODB - DynamoDB Accelerator Cluster Encryption
  • DYNAMODB - DynamoDB Continuous Backups
  • DYNAMODB - DynamoDB KMS Encryption
  • DYNAMODB - DynamoDB Table Backup Exists
  • EC2 - Allowed Custom Ports
  • EC2 - App-Tier EC2 Instance IAM Role
  • EC2 - Detect EC2 Classic Instances
  • EC2 - Cross VPC Public Private Communication
  • EC2 - Default Security Group
  • EC2 - Default VPC Exists
  • EC2 - Default VPC In Use
  • EC2 - EBS Backup Enabled
  • EC2 - EBS Encryption Enabled By Default
  • EC2 - EBS Encrypted Snapshots
  • EC2 -EBS Encryption Enabled
  • EC2 - EBS Volumes Too Old Snapshots
  • EC2 - Automate EBS Snapshot Lifecycle
  • EC2 - Amazon EBS Public Snapshots
  • EC2 - Unused EBS Volumes
  • EC2 - Insecure EC2 Metadata Options
  • EC2 - Elastic IP Limit
  • EC2 - Encrypted AMI
  • EC2 - Excessive Security Groups
  • EC2 - VPC Flow Logs Enabled
  • EC2 - Instance IAM Role
  • EC2 - EC2 Instance Key Based Login
  • EC2 - Instance Limit
  • EC2 - EC2 Max Instances
  • EC2 - Instance vCPU On-Demand Based Limits
  • EC2 - EC2 LaunchWizard Security Groups
  • EC2 - Managed NAT Gateway In Use
  • EC2 - VPC Multiple Subnets
  • EC2 - NAT Multiple AZ
  • EC2 - Unrestricted Network ACL Outbound Traffic
  • EC2 - Open All Ports Protocols
  • EC2 - Open CIFS
  • EC2 - Open Custom Ports
  • EC2 - Open DNS
  • EC2 - Open Docker
  • EC2 - Open Elasticsearch
  • EC2 - Open FTP
  • EC2 - Open Hadoop HDFS NameNode Metadata Service
  • EC2 - Open Hadoop HDFS NameNode WebUI
  • EC2 - Open Kibana
  • EC2 - Open MySQL
  • EC2 - Open NetBIOS
  • EC2 - Open Oracle
  • EC2 - Open Oracle Auto Data Warehouse
  • EC2 - Open PostgreSQL
  • EC2 - Open RDP
  • EC2 - Open RPC
  • EC2 - Open Salt
  • EC2 - Open SMBoTCP
  • EC2 - Open SMTP
  • EC2 - Open SQL Server
  • EC2 - Open SSH
  • EC2 - Open Telnet
  • EC2 - Open VNC Client
  • EC2 - Open VNC Server
  • EC2 - Outdated Amazon Machine Images
  • EC2 - Overlapping Security Groups
  • EC2 - Public AMI
  • EC2 - Public IP Address EC2 Instances
  • EC2 - Open RFC 1918
  • EC2 - Subnet IP Availability
  • EC2 - Unassociated Elastic IP Addresses
  • EC2 - Unused Amazon Machine Images
  • EC2 - Unused Elastic Network Interfaces
  • EC2 - Unused Security Groups
  • EC2 - Unused Virtual Private Gateway
  • EC2 - Unused VPC Internet Gateways
  • EC2 - VPC Elastic IP Limit
  • EC2 - VPC PrivateLink Endpoint Acceptance Required
  • EC2 - VPC Endpoint Cross Account Access
  • EC2 - VPC Endpoint Exposed
  • EC2 - Cross Organization VPC Peering Connections
  • EC2 - VPC Subnet Instances Present
  • EC2 - VPN Tunnel State
  • EC2 - Web-Tier EC2 Instance IAM Role
  • EKS - EKS Kubernetes Version
  • EKS - EKS Latest Platform Version
  • EKS - EKS Logging Enabled
  • EKS - EKS Private Endpoint
  • EKS - EKS Secrets Encrypted
  • EKS - EKS Security Groups
  • ELB - App-Tier ELB Security Policy
  • ELB - Classic Load Balancers In Use
  • ELB - ELB Connection Draining Enabled
  • ELB - ELB Cross-Zone Load Balancing
  • ELB - ELB HTTPS Only
  • ELB - ELB Logging Enabled
  • ELB - ELB No Instances
  • ELB - Insecure Ciphers
  • IAM - Access Keys Extra
  • IAM - Access Keys Last Used
  • IAM - Access Keys Rotated
  • IAM - Canary Keys Used
  • IAM - Certificate Expiry
  • IAM - Cross-Account Access External ID and MFA
  • IAM - Empty Groups
  • IAM - Group Inline Policies
  • IAM - IAM Master and IAM Manager Roles
  • IAM - IAM Role Last Used
  • IAM - IAM Role Policies
  • IAM - IAM Support Policy
  • IAM - IAM User Admins
  • IAM - IAM User Account In Use
  • IAM - IAM Username Matches Regex
  • IAM - IAM User Present
  • IAM - IAM User Unauthorized to Edit
  • IAM - Maximum Password Age
  • IAM - Minimum Password Length
  • IAM - No User IAM Policies
  • IAM - Password Expiration
  • IAM - Password Requires Lowercase
  • IAM - Password Requires Numbers
  • IAM - Password Requires Symbols
  • IAM - Password Requires Uppercase
  • IAM - Password Reuse Prevention
  • IAM - IAM Role Policy Unused Services
  • IAM - Root Access Keys
  • IAM - Root Account In Use
  • IAM - Root Hardware MFA
  • IAM - Root MFA Enabled
  • IAM - Root Account Active Signing Certificates
  • IAM - SSH Keys Rotated
  • IAM - Trusted Cross Account Roles
  • IAM - Users MFA Enabled
  • IAM - Users Password And Keys
  • IAM - Users Password Last Used
  • LAMBDA - Lambda Environment Variables Client Side Encryption
  • LAMBDA - Lambda Admin Privileges
  • LAMBDA - Lambda Log Groups
  • LAMBDA - Lambda Old Runtimes
  • LAMBDA - Lambda Public Access
  • LAMBDA - Lambda Tracing Enabled
  • LAMBDA - Lambda VPC Config
  • RDS - RDS IAM Database Authentication Enabled
  • RDS - RDS Automated Backups
  • RDS - RDS CMK Encryption
  • RDS - RDS Deletion Protection Enabled
  • RDS - RDS Encryption Enabled
  • RDS - RDS Logging Enabled
  • RDS - RDS DocumentDB Minor Version Upgrade
  • RDS - RDS Multiple AZ
  • RDS - RDS Publicly Accessible
  • RDS - RDS Restorable
  • RDS - RDS Snapshot Encryption
  • RDS - RDS Transport Encryption Enabled
  • RDS - SQL Server TLS Version
  • S3 - S3 Bucket All Users ACL
  • S3 - S3 Bucket All Users Policy
  • S3 - S3 DNS Compliant Bucket Names
  • S3 - S3 Bucket Encryption
  • S3 -S3 Bucket Encryption In Transit
  • S3 - S3 Bucket Enforce Object Encryption
  • S3 - S3 Bucket Lifecycle Configuration
  • S3 - S3 Bucket Logging
  • S3 - S3 Bucket Policy CloudFront OAI
  • S3 - S3 Bucket Public Access Block
  • S3 - S3 Secure Transport Enabled
  • S3 - S3 Transfer Acceleration Enabled
  • S3 - S3 Bucket Versioning
  • S3 - S3 Bucket Website Enabled
  • S3 - S3 Bucket Encryption Enforcement
  • S3 - S3 Versioned Buckets Lifecycle Configuration
  • S3GLACIER - S3 Glacier Vault Public Access
  • SNS - SNS Cross Account Access
  • SNS - SNS Topic CMK Encryption
  • SNS - SNS Topic Encrypted
  • SNS - SNS Topic Policies
  • WORKSPACES - Unused WorkSpaces
  • WORKSPACES - WorkSpaces Desired Bundle Type
  • WORKSPACES - WorkSpaces Instance Count
  • WORKSPACES - Workspaces IP Access Control
  • WORKSPACES - WorkSpaces Volume Encryption
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.