What cloud services are supported for AWS?

Avatar
Amil Sefo
Follow

Holm Security Cloud Scanner can verify security best practices and security misconfigurations that contribute to the most common causes of security breaches within a vast list of Azure services.

There is also a set of plugins highlighting unused or misused services that could help save monthly AWS costs. Read more about these plugins in this article:

https://support.holmsecurity.com/hc/en-us/articles/7261159521436
 

AWS supported services

Here's the list of AWS cloud services that we currently support:
  • API Gateway
  • App Mesh
  • App Runner
  • App Flow
  • Athena
  • Audit Manager
  • Auto Scaling
  • AWS Glue
  • Backup
  • Cloud Formation
  • CloudFront
  • CloudTrail
  • CloudWatch
  • CloudWatchLogs
  • CodeArtifact
  • CodeBuild
  • CodePipeline
  • CodeStar
  • Cognito
  • Comprehend
  • Compute Optimizer
  • ConfigService
  • Connect
  • DevOpsGuru
  • DMS
  • DocumentDB
  • DynamoDB
  • EC2
  • ECR
  • ECS
  • EFS
  • EKS
  • Elastic Transcoder
  • ElastiCache
  • Elastic Beanstalk
  • ELB
  • ELBv2
  • EMR
  • ES
  • Event Bridge
  • FinSpace
  • Firehose
  • Forecast
  • Fraud Detector
  • FSx
  • Glacier
  • Glue
  • Glue DataBrew
  • GuardDuty
  • HealthLake
  • IAM
  • Image Builder
  • IoT SiteWise
  • Kendra
  • Kinesis
  • Kinesis Video Streams
  • KMS
  • Lambda
  • Lex
  • Location
  • Lookout
  • LookoutEquipment
  • LookoutMetrics
  • Managed Blockchain
  • MemoryDB
  • MQ
  • MSK
  • MWAA
  • Neptune
  • Organizations
  • Proton
  • QLDB
  • RDS
  • Redshift
  • Route53
  • S3
  • SageMaker
  • Secrets Manager
  • SES
  • Shield
  • SNS
  • SQS
  • SSM
  • Timestream
  • Transfer
  • Translate
  • WAF
  • Workspaces
  • WorkSpaces
  • XRay

AWS supported service policies

Across the services, the following policies are scanned for: 

  • ACM - ACM Certificate Expiry
  • ACM - ACM Certificate Has Tags
  • ACM - ACM Certificate Validation
  • ACM - ACM Single Domain Name Certificates
  • API Gateway - API Gateway Certificate Rotation
  • API Gateway - API Gateway Client Certificate
  • API Gateway - API Gateway CloudWatch Logs
  • API Gateway - API Gateway Content Encoding
  • API Gateway - API Gateway Default Endpoint Disabled
  • API Gateway - API Gateway Detailed CloudWatch Metrics
  • API Gateway - API Gateway Private Endpoints
  • API Gateway - API Gateway Response Caching
  • API Gateway - API Gateway Tracing Enabled
  • API Gateway - API Gateway WAF Enabled
  • API Gateway - API Stage-Level Cache Encryption
  • API Gateway - Custom Domain TLS Version
  • App Mesh - App Mesh Restrict External Traffic
  • App Mesh - App Mesh TLS Required
  • App Mesh - App Mesh VG Access Logging
  • App Runner - Service Encrypted
  • AppFlow - AppFlow Flow Encrypted
  • Athena - Workgroup Encrypted
  • Athena - Workgroup Enforce Configuration
  • Audit Manager - Audit Manager Data Encrypted
  • AutoScaling - App-Tier ASG Launch Configurations Approved AMIs
  • AutoScaling - App-Tier Auto Scaling Group CloudWatch Logs Enabled
  • AutoScaling - App-Tier Launch Configurations IAM Roles
  • AutoScaling - ASG Multiple AZ
  • AutoScaling - Auto Scaling Group Cooldown Period
  • AutoScaling - Auto Scaling Group Missing ELB
  • AutoScaling - Auto Scaling Notifications Active
  • AutoScaling - Auto Scaling Unused Launch Configuration
  • AutoScaling - AutoScaling ELB Same Availability Zone
  • AutoScaling - ELB Health Check Active
  • AutoScaling - Empty AutoScaling Group
  • AutoScaling - Launch Configuration Referencing Missing Security Groups
  • AutoScaling - Suspended AutoScaling Groups
  • AutoScaling - Web-Tier ASG Launch Configurations Approved AMIs
  • AutoScaling - Web-Tier Auto Scaling Group Associated ELB
  • AutoScaling - Web-Tier Auto Scaling Group CloudWatch Logs Enabled
  • AutoScaling - Web-Tier Launch Configurations IAM Roles
  • AWS Glue - AWS Glue CloudWatch Encrypted Logs
  • Backup - AWS Backup Compliant Lifecycle Configured
  • Backup - Backup Deletion Protection Enabled
  • Backup - Backup Failure Notification Enabled
  • Backup - Backup In Use For RDS Snapshots
  • Backup - Backup Resource Protection
  • Backup - Backup Vault Encrypted
  • CloudFormation - AWS CloudFormation In Use
  • CloudFormation - CloudFormation Admin Priviliges
  • CloudFormation - CloudFormation Drift Detection
  • CloudFormation - CloudFormation Plaintext Parameters
  • CloudFormation - CloudFormation Stack Failed Status
  • CloudFormation - CloudFormation Stack SNS Notifications
  • CloudFormation - CloudFormation Stack Termination Protection Enabled
  • CloudFront - CloudFront Compress Objects Automatically
  • CloudFront - CloudFront Custom Origin HTTPS Only
  • CloudFront - CloudFront Distribution Field-Level Encryption
  • CloudFront - CloudFront Distribution Origins TLS Version
  • CloudFront - CloudFront Enable Origin Failover
  • CloudFront - CloudFront Enabled
  • CloudFront - CloudFront Geo Restriction
  • CloudFront - CloudFront HTTPS Only
  • CloudFront - CloudFront Logging Enabled
  • CloudFront - CloudFront TLS Deprecated Protocols
  • CloudFront - CloudFront TLS Insecure Cipher
  • CloudFront - CloudFront WAF Enabled
  • CloudFront - Insecure CloudFront Protocols
  • CloudFront - Public S3 CloudFront Origin
  • CloudFront - Secure CloudFront Origin
  • CloudTrail - CloudTrail Data Events
  • CloudTrail - CloudTrail Delivery Failing
  • CloudTrail - CloudTrail Enabled
  • CloudTrail - CloudTrail Encryption
  • CloudTrail - CloudTrail File Validation
  • CloudTrail - CloudTrail Global Services Logging Duplicated
  • CloudTrail - CloudTrail Has Tags
  • CloudTrail - CloudTrail Management Events
  • CloudTrail - CloudTrail Notifications Enabled
  • CloudTrail - CloudTrail S3 Bucket
  • CloudTrail - CloudTrail To CloudWatch
  • CloudTrail - Object Lock Enabled
  • CloudWatch - VPC Flow Logs Metric Alarm
  • CloudWatchLogs - CloudWatch Log Groups Encrypted
  • CloudWatchLogs - CloudWatch Log Retention Period
  • CloudWatchLogs - CloudWatch Monitoring Metrics
  • CodeArtifact - CodeArtifact Domain Encrypted
  • CodeBuild - CodeBuild Valid Source Providers
  • CodeBuild - Project Artifacts Encrypted
  • CodePipeline - Pipeline Artifacts Encrypted
  • CodeStar - CodeStar Valid Repository Providers
  • Cognito - Cognito User Pool MFA enabled
  • Cognito - Cognito User Pool WAF Enabled
  • Comprehend - Amazon Comprehend Output Result Encryption
  • Comprehend - Amazon Comprehend Volume Encryption
  • Compute Optimizer - Auto Scaling Group Optimized
  • Compute Optimizer - Compute Optimizer Recommendations Enabled
  • Compute Optimizer - EBS Volumes Optimized
  • Compute Optimizer - EC2 Instances Optimized
  • Compute Optimizer - Lambda Function Optimized
  • ConfigService - AWS Config Complaint Rules
  • ConfigService - AWS Services In Use
  • ConfigService - Config Delivery Failing
  • ConfigService - Config Service Enabled
  • ConfigService - Config Service Missing Bucket
  • Connect - Connect Customer Profiles Domain Encrypted
  • Connect - Connect Instance Attachments Encrypted
  • Connect - Connect Instance Call Recording Encrypted
  • Connect - Connect Instance Chat Transcripts Encrypted
  • Connect - Connect Instance Exported Reports Encrypted
  • Connect - Connect Instance Media Streams Encrypted
  • Connect - Connect Voice ID Domain Encrypted
  • Connect - Connect Wisdom Domain Encrypted
  • DevOpsGuru - DevOps Guru Notifications Enabled
  • DMS - DMS Auto Minor Version Upgrade
  • DMS - DMS Encryption Enabled
  • DMS - DMS Multi-AZ Feature Enabled
  • DMS - DMS Publicly Accessible Instances
  • DocumentDB - DocumentDB Cluster Backup Retention
  • DocumentDB - DocumentDB Cluster Encrypted
  • DynamoDB - DynamoDB Accelerator Cluster Encryption
  • DynamoDB - DynamoDB Continuous Backups
  • DynamoDB - DynamoDB KMS Encryption
  • DynamoDB - DynamoDB Table Backup Exists
  • DynamoDB - DynamoDB Table Has Tags
  • EC2 - Allowed Custom Ports
  • EC2 - Amazon EBS Public Snapshots
  • EC2 - AMI Has Tags
  • EC2 - App-Tier EC2 Instance IAM Role
  • EC2 - Automate EBS Snapshot Lifecycle
  • EC2 - Cross Organization VPC Peering Connections
  • EC2 - Cross VPC Public Private Communication
  • EC2 - Default Security Group
  • EC2 - Default VPC Exists
  • EC2 - Default VPC In Use
  • EC2 - Detect EC2 Classic Instances
  • EC2 - EBS Backup Enabled
  • EC2 - EBS Encrypted Snapshots
  • EC2 - EBS Encryption Enabled
  • EC2 - EBS Encryption Enabled By Default
  • EC2 - EBS Snapshot Has Tags
  • EC2 - EBS Volume has tags
  • EC2 - EBS Volume Snapshot Public
  • EC2 - EBS Volumes Too Old Snapshots
  • EC2 - EC2 has Tags
  • EC2 - EC2 Instance Key Based Login
  • EC2 - EC2 LaunchWizard Security Groups
  • EC2 - EC2 Max Instances
  • EC2 - Elastic IP Limit
  • EC2 - Encrypted AMI
  • EC2 - Excessive Security Groups
  • EC2 - Insecure EC2 Metadata Options
  • EC2 - Instance Detailed Monitoring
  • EC2 - Instance IAM Role
  • EC2 - Instance Limit
  • EC2 - Instance vCPU On-Demand Based Limits
  • EC2 - Internet Gateways In VPC
  • EC2 - Managed NAT Gateway In Use
  • EC2 - NAT Multiple AZ
  • EC2 - Network ACL has Tags
  • EC2 - Open All Ports Protocols
  • EC2 - Open Cassandra Client
  • EC2 - Open Cassandra Internode
  • EC2 - Open Cassandra Monitoring
  • EC2 - Open Cassandra Thrift
  • EC2 - Open CIFS
  • EC2 - Open Custom Ports
  • EC2 - Open DNS
  • EC2 - Open Docker
  • EC2 - Open Elasticsearch
  • EC2 - Open FTP
  • EC2 - Open Hadoop HDFS NameNode Metadata Service
  • EC2 - Open Hadoop HDFS NameNode WebUI
  • EC2 - Open Internal Web
  • EC2 - Open Kibana
  • EC2 - Open LDAP
  • EC2 - Open LDAPS
  • EC2 - Open Memcached
  • EC2 - Open MongoDB
  • EC2 - Open MySQL
  • EC2 - Open NetBIOS
  • EC2 - Open Oracle
  • EC2 - Open Oracle Auto Data Warehouse
  • EC2 - Open PostgreSQL
  • EC2 - Open RDP
  • EC2 - Open Redis
  • EC2 - Open RFC 1918
  • EC2 - Open RPC
  • EC2 - Open Salt
  • EC2 - Open SMBoTCP
  • EC2 - Open SMTP
  • EC2 - Open SNMP
  • EC2 - Open SQL Server
  • EC2 - Open SSH
  • EC2 - Open Telnet
  • EC2 - Open VNC Client
  • EC2 - Open VNC Server
  • EC2 - Outdated Amazon Machine Images
  • EC2 - Overlapping Security Groups
  • EC2 - Public AMI
  • EC2 - Public IP Address EC2 Instances
  • EC2 - Security Group Has Tags
  • EC2 - SSM Agent Active All Instances
  • EC2 - SSM Agent Auto Update Enabled
  • EC2 - SSM Agent Latest Version
  • EC2 - SSM Managed Instances
  • EC2 - SSM Session Duration
  • EC2 - Subnet IP Availability
  • EC2 - Unassociated Elastic IP Addresses
  • EC2 - Unrestricted Network ACL Outbound Traffic
  • EC2 - Unused Amazon Machine Images
  • EC2 - Unused EBS Volumes
  • EC2 - Unused Elastic Network Interfaces
  • EC2 - Unused Security Groups
  • EC2 - Unused Virtual Private Gateway
  • EC2 - Unused VPC Internet Gateways
  • EC2 - Virtual Private Gateway In VPC
  • EC2 - VPC Elastic IP Limit
  • EC2 - VPC Endpoint Cross Account Access
  • EC2 - VPC Endpoint Exposed
  • EC2 - VPC Flow Logs Enabled
  • EC2 - VPC Has Tags
  • EC2 - VPC Multiple Subnets
  • EC2 - VPC PrivateLink Endpoint Acceptance Required
  • EC2 - VPC Subnet Instances Present
  • EC2 - VPN Tunnel State
  • EC2 - Web-Tier EC2 Instance IAM Role
  • ECR - ECR Repository Encrypted
  • ECR - ECR Repository Policy
  • ECR - ECR Repository Tag Immutability
  • ECS - Container Insights Enabled
  • ECS - ECS Cluster Has Tags
  • EFS - EFS CMK Encrypted
  • EFS - EFS Encryption Enabled
  • EFS - EFS Has Tags
  • EKS - EKS Cluster Has Tags
  • EKS - EKS Kubernetes Version
  • EKS - EKS Latest Platform Version
  • EKS - EKS Logging Enabled
  • EKS - EKS Private Endpoint
  • EKS - EKS Secrets Encrypted
  • EKS - EKS Security Groups
  • Elastic Transcoder - Elastic Transcoder Job Outputs Encrypted
  • Elastic Transcoder - Elastic Transcoder Pipeline Data Encrypted
  • ElastiCache - ElastiCache Cluster Has Tags
  • ElastiCache - ElastiCache Cluster In VPC
  • ElastiCache - ElastiCache Default Ports
  • ElastiCache - ElastiCache Desired Node Type
  • ElastiCache - ElastiCache Engine Versions for Redis
  • ElastiCache - ElastiCache idle Cluster Status
  • ElastiCache - ElastiCache Instance Generation
  • ElastiCache - ElastiCache Nodes Count
  • ElastiCache - ElastiCache Redis Cluster Encryption At-Rest
  • ElastiCache - ElastiCache Redis Cluster Encryption In-Transit
  • ElastiCache - ElastiCache Redis Cluster Have Multi-AZ
  • ElastiCache - ElastiCache Reserved Cache Node Lease Expiration
  • ElastiCache - ElastiCache Reserved Cache Node Payment Failed
  • ElastiCache - ElastiCache Reserved Cache Node Payment Pending
  • ElastiCache - Unused ElastiCache Reserved Cache Nodes
  • ElasticBeanstalk - ElasticBeanstalk Managed Platform Updates
  • ElasticBeanstalk - Enhanced Health Reporting
  • ElasticBeanstalk - Environment Access Logs
  • ElasticBeanstalk - Environment Persistent Logs
  • ELB - App-Tier ELB Security Policy
  • ELB - Classic Load Balancers In Use
  • ELB - ELB Connection Draining Enabled
  • ELB - ELB Cross-Zone Load Balancing
  • ELB - ELB Has Tags
  • ELB - ELB HTTPS Only
  • ELB - ELB Logging Enabled
  • ELB - ELB No Instances
  • ELB - Insecure Ciphers
  • ELBv2 - ELB SSL Termination
  • ELBv2 - ELBv2 Deletion Protection
  • ELBv2 - ELBv2 Deprecated SSL Policies
  • ELBv2 - ELBv2 Deregistration Delay
  • ELBv2 - ELBv2 Has Tags
  • ELBv2 - ELBv2 HTTPS Only
  • ELBv2 - ELBv2 Insecure Ciphers
  • ELBv2 - ELBv2 Logging Enabled
  • ELBv2 - ELBv2 Minimum Number of EC2 Target Instances
  • ELBv2 - ELBv2 NLB Listener Security
  • ELBv2 - ELBv2 No Instances
  • ELBv2 - ELBv2 WAF Enabled
  • EMR - EMR Cluster Desired Instance Type
  • EMR - EMR Cluster In VPC
  • EMR - EMR Cluster Logging
  • EMR - EMR Encryption At Rest
  • EMR - EMR Encryption In Transit
  • EMR - EMR Instances Counts
  • ES - ElasticSearch Access From IP Addresses
  • ES - ElasticSearch Cluster Status
  • ES - ElasticSearch Dedicated Master Enabled
  • ES - ElasticSearch Desired Instance Type
  • ES - ElasticSearch Domain Cross Account access
  • ES - ElasticSearch Encrypted Domain
  • ES - ElasticSearch Encryption Enabled
  • ES - ElasticSearch Exposed Domain
  • ES - ElasticSearch HTTPS Only
  • ES - ElasticSearch IAM Authentication
  • ES - ElasticSearch Logging Enabled
  • ES - ElasticSearch Node To Node Encryption
  • ES - ElasticSearch Public Service Domain
  • ES - ElasticSearch TLS Version
  • ES - ElasticSearch Upgrade Available
  • EventBridge - Event Bus Cross Account Access
  • EventBridge - Event Bus Public Access
  • EventBridge - EventBridge Event Rules In Use
  • FinSpace - FinSpace Environment Encrypted
  • Firehose - Firehose Delivery Streams CMK Encrypted
  • Firehose - Firehose Delivery Streams Encrypted
  • Forecast - Forecast Dataset Encrypted
  • Forecast - Forecast Dataset Export Encrypted
  • Fraud Detector - Fraud Detector Data Encrypted
  • FSx - FSx File System Encrypted
  • Glacier - S3 Glacier Vault Public Access
  • Glue - AWS Glue Data Catalog CMK Encrypted
  • Glue - AWS Glue Data Catalog Encryption Enabled
  • Glue - AWS Glue Job Bookmark Encryption Enabled
  • Glue - AWS Glue S3 Encryption Enabled
  • Glue DataBrew - AWS Glue DataBrew Job Output Encrypted
  • GuardDuty - Exported Findings Encrypted
  • GuardDuty - GuardDuty is Enabled
  • GuardDuty - GuardDuty Master Account
  • GuardDuty - GuardDuty No Active Findings
  • HealthLake - HealthLake Data Store Encrypted
  • IAM - Access Analyzer Active Findings
  • IAM - Access Analyzer Enabled
  • IAM - Access Keys Extra
  • IAM - Access Keys Last Used
  • IAM - Access Keys Rotated
  • IAM - Canary Keys Used
  • IAM - Certificate Expiry
  • IAM - Cross-Account Access External ID and MFA
  • IAM - Empty Groups
  • IAM - Group Inline Policies
  • IAM - IAM Master and IAM Manager Roles
  • IAM - IAM Policies Present
  • IAM - IAM Role Has Tags
  • IAM - IAM Role Last Used
  • IAM - IAM Role Policies
  • IAM - IAM Role Policy Unused Services
  • IAM - IAM Support Policy
  • IAM - IAM User Account In Use
  • IAM - IAM User Admins
  • IAM - IAM User Has Tags
  • IAM - IAM User Present
  • IAM - IAM User Unauthorized to Edit
  • IAM - IAM Username Matches Regex
  • IAM - Maximum Password Age
  • IAM - Minimum Password Length
  • IAM - No User IAM Policies
  • IAM - Password Expiration
  • IAM - Password Policy Allows To Change Password
  • IAM - Password Requires Lowercase
  • IAM - Password Requires Numbers
  • IAM - Password Requires Symbols
  • IAM - Password Requires Uppercase
  • IAM - Password Reuse Prevention
  • IAM - Root Access Keys
  • IAM - Root Account Active Signing Certificates
  • IAM - Root Account In Use
  • IAM - Root Hardware MFA
  • IAM - Root MFA Enabled
  • IAM - SSH Keys Rotated
  • IAM - Trusted Cross Account Roles
  • IAM - Users MFA Enabled
  • IAM - Users Password And Keys
  • IAM - Users Password Last Used
  • Image Builder - Dockerfile Template Encrypted
  • Image Builder - Enhanced Metadata Collection Enabled
  • Image Builder - Image Builder Components Encrypted
  • Image Builder - Image Recipe Storage Volumes Encrypted
  • Image Builder - Infrastructure Configuration Notification Enabled
  • IoT SiteWise - IoT SiteWise Data Encrypted
  • Kendra - Kendra Index Encrypted
  • Kinesis - Kinesis Data Streams Encrypted
  • Kinesis - Kinesis Streams Encrypted
  • Kinesis Video Streams - Video Stream Data Encrypted
  • KMS - App-Tier KMS Customer Master Key (CMK)
  • KMS - KMS Default Key Usage
  • KMS - KMS Duplicate Grants
  • KMS - KMS Grant Least Privilege
  • KMS - KMS Key Policy
  • KMS - KMS Key Rotation
  • KMS - KMS Scheduled Deletion
  • Lambda - Lambda Admin Privileges
  • Lambda - Lambda Environment Variables Client Side Encryption
  • Lambda - Lambda Has Tags
  • Lambda - Lambda Log Groups
  • Lambda - Lambda Old Runtimes
  • Lambda - Lambda Public Access
  • Lambda - Lambda Tracing Enabled
  • Lambda - Lambda VPC Config
  • Lex - Audio Logs Encrypted
  • Location - Geoference Collection Data Encrypted
  • Location - Tracker Data Encrypted
  • Lookout - Model Data Encrypted
  • LookoutEquipment - LookoutEquipment Dataset Encrypted
  • LookoutMetrics - LookoutMetrics Anomaly Detector Encrypted
  • Managed Blockchain - Managed Blockchain Network Member Data Encrypted
  • MemoryDB - MemoryDB Cluster Encrypted
  • MQ - MQ Auto Minor Version Upgrade
  • MQ - MQ Broker Encrypted
  • MQ - MQ Deployment Mode
  • MQ - MQ Desired Broker Instance Type
  • MQ - MQ Log Exports Enabled
  • MSK - MSK Cluster Client Broker Encryption
  • MSK - MSK Cluster Encryption At-Rest
  • MSK - MSK Cluster Encryption In-Transit
  • MSK - MSK Cluster Public Access
  • MSK - MSK Cluster Unauthenticated Access
  • MWAA - Environment Admin Privileges
  • MWAA - Environment Data Encrypted
  • MWAA - Web Server Public Access
  • Neptune - Neptune Database Instance Encrypted
  • Organizations - Enable All Organization Features
  • Organizations - Organization Invite
  • Proton - Environment Template Encrypted
  • QLDB - Ledger Encrypted
  • RDS - RDS Automated Backups
  • RDS - RDS CMK Encryption
  • RDS - RDS Deletion Protection Enabled
  • RDS - RDS DocumentDB Minor Version Upgrade
  • RDS - RDS Encryption Enabled
  • RDS - RDS IAM Database Authentication Enabled
  • RDS - RDS Instance Has Tags
  • RDS - RDS Logging Enabled
  • RDS - RDS Multiple AZ
  • RDS - RDS Publicly Accessible
  • RDS - RDS Restorable
  • RDS - RDS Snapshot Encryption
  • RDS - RDS Snapshot Publicly Accessible
  • RDS - RDS Transport Encryption Enabled
  • RDS - SQL Server TLS Version
  • Redshift - Redshift Automated Snapshot Retention Period
  • Redshift - Redshift Cluster Allow Version Upgrade
  • Redshift - Redshift Cluster Audit Logging Enabled
  • Redshift - Redshift Cluster CMK Encryption
  • Redshift - Redshift Cluster Default Master Username
  • Redshift - Redshift Cluster Default Port
  • Redshift - Redshift Cluster In VPC
  • Redshift - Redshift Desired Node Type
  • Redshift - Redshift Encryption Enabled
  • Redshift - Redshift Nodes Count
  • Redshift - Redshift Parameter Group SSL Required
  • Redshift - Redshift Publicly Accessible
  • Redshift - Redshift Unused Reserved Nodes
  • Redshift - Redshift User Activity Logging Enabled
  • Route53 - Domain Auto Renew
  • Route53 - Domain Expiry
  • Route53 - Domain Privacy Protection
  • Route53 - Domain Transfer Lock
  • Route53 - Route53 Dangling DNS Records
  • Route53 - Sender Policy Framework In Use
  • Route53 - Sender Privacy Framework Record Present
  • S3 - CloudTrail Bucket Access Logging
  • S3 - CloudTrail Bucket Delete Policy
  • S3 - CloudTrail Bucket Private
  • S3 - S3 Bucket All Users ACL
  • S3 - S3 Bucket All Users Policy
  • S3 - S3 Bucket Encryption
  • S3 - S3 Bucket Encryption Enforcement
  • S3 - S3 Bucket Encryption In Transit
  • S3 - S3 Bucket Enforce Object Encryption
  • S3 - S3 Bucket Has Tags
  • S3 - S3 Bucket Lifecycle Configuration
  • S3 - S3 Bucket Logging
  • S3 - S3 Bucket Policy CloudFront OAI
  • S3 - S3 Bucket Public Access Block
  • S3 - S3 Bucket Versioning
  • S3 - S3 Bucket Website Enabled
  • S3 - S3 DNS Compliant Bucket Names
  • S3 - S3 Secure Transport Enabled
  • S3 - S3 Transfer Acceleration Enabled
  • S3 - S3 Versioned Buckets Lifecycle Configuration
  • SageMaker - Notebook Data Encrypted
  • SageMaker - Notebook Direct Internet Access
  • SageMaker - Notebook instance in VPC
  • Secrets Manager - Secrets Manager Encrypted Secrets
  • Secrets Manager - Secrets Manager In Use
  • Secrets Manager - Secrets Manager Secret Rotation Enabled
  • SES - Email DKIM Enabled
  • SES - SES Email Messages Encrypted
  • Shield - Shield Advanced Enabled
  • Shield - Shield Emergency Contacts Shield
  • Shield Protections
  • SNS - SNS Cross Account Access
  • SNS - SNS Topic CMK Encryption
  • SNS - SNS Topic Encrypted
  • SNS - SNS Topic Policies
  • SNS - SNS Valid Subscribers
  • SQS - SQS Cross Account Access
  • SQS - SQS Dead Letter Queue
  • SQS - SQS Encrypted
  • SQS - SQS Encryption Enabled
  • SQS - SQS Public Access
  • SQS - SQS Queue Unprocessed Messages
  • SSM - SSM Documents Public Access
  • SSM - SSM Encrypted Parameters
  • Timestream - Timestream Database Encrypted
  • Transfer - PrivateLink in Use for Transfer for SFTP Server Endpoints
  • Transfer - Transfer Logging Enabled
  • Translate - Translate Job Output Encrypted
  • WAF - AWS WAF In Use
  • WAF - AWS WAFV2 In Use
  • WorkSpaces - Unused WorkSpaces
  • WorkSpaces - WorkSpaces Desired Bundle Type
  • WorkSpaces - WorkSpaces Instance Count
  • Workspaces - Workspaces IP Access Control
  • WorkSpaces - WorkSpaces Volume Encryption
  • XRay - XRay Encryption Enabled 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.