Resource scans (auto generated)

  Id Type Entity Policy
0 CKV_AWS_11 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one lowercase letter
1 CKV_AWS_13 resource aws_iam_account_password_policy Ensure IAM password policy prevents password reuse
2 CKV_AWS_9 resource aws_iam_account_password_policy Ensure IAM password policy expires passwords within 90 days or less
3 CKV_AWS_15 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one uppercase letter
4 CKV_AWS_14 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one symbol
5 CKV_AWS_10 resource aws_iam_account_password_policy Ensure IAM password policy requires minimum length of 14 or greater
6 CKV_AWS_12 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one number
7 CKV_AWS_40 resource aws_iam_user_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)
8 CKV_AWS_40 resource aws_iam_user_policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)
9 CKV_AWS_40 resource aws_iam_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)
10 CKV_AWS_21 resource aws_s3_bucket Ensure all data stored in the S3 bucket have versioning enabled
11 CKV_AWS_18 resource aws_s3_bucket Ensure the S3 bucket has access logging enabled
12 CKV_AWS_20 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public access.
13 CKV_AWS_19 resource aws_s3_bucket Ensure all data stored in the S3 bucket is securely encrypted at rest
14 CKV_AWS_36 resource aws_cloudtrail Ensure CloudTrail log file validation is enabled
15 CKV_AWS_35 resource aws_cloudtrail Ensure CloudTrail logs are encrypted at rest using KMS CMKs
16 CKV_AWS_17 resource aws_db_instance Ensure all data stored in the RDS bucket is not public accessible
17 CKV_AWS_16 resource aws_db_instance Ensure all data stored in the RDS is securely encrypted at rest
18 CKV_AWS_17 resource aws_rds_cluster_instance Ensure all data stored in the RDS bucket is not public accessible
19 CKV_AWS_26 resource aws_sns_topic Ensure all data stored in the SNS topic is encrypted
20 CKV_AWS_32 resource aws_ecr_repository_policy Ensure ECR policy is not set to public
21 CKV_AWS_5 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest
22 CKV_AWS_6 resource aws_elasticsearch_domain Ensure all Elasticsearch has node-to-node encryption enabled
23 CKV_AWS_3 resource aws_ebs_volume Ensure all data stored in the EBS is securely encrypted
24 CKV_AWS_30 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit
25 CKV_AWS_29 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest
26 CKV_AWS_31 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token
27 CKV_AWS_39 resource aws_eks_cluster Ensure Amazon EKS public endpoint disabled
28 CKV_AWS_38 resource aws_eks_cluster Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0
29 CKV_AWS_37 resource aws_eks_cluster Ensure Amazon EKS control plane logging enabled for all log types
30 CKV_AWS_27 resource aws_sqs_queue Ensure all data stored in the SQS queue is encrypted
31 CKV_AWS_4 resource aws_ebs_snapshot Ensure all data stored in the EBS Snapshot is securely encrypted
32 CKV_AWS_24 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 22
33 CKV_AWS_25 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389
34 CKV_AWS_23 resource aws_security_group Ensure every security groups rule has a description
35 CKV_AWS_8 resource aws_launch_configuration Ensure all data stored in the Launch configuration EBS is securely encrypted
36 CKV_AWS_8 resource aws_instance Ensure all data stored in the Launch configuration EBS is securely encrypted
37 CKV_AWS_28 resource aws_dynamodb_table Ensure Dynamodb point in time recovery (backup) is enabled
38 CKV_AWS_34 resource aws_cloudfront_distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS
39 CKV_AWS_22 resource aws_sagemaker_notebook_instance Ensure all data stored in the Sagemaker is securely encrypted at rest
40 CKV_AWS_7 resource aws_kms_key Ensure rotation for customer created CMKs is enabled
41 CKV_AWS_2 resource aws_alb_listener Ensure ALB protocol is HTTPS
42 CKV_AWS_2 resource aws_lb_listener Ensure ALB protocol is HTTPS
43 CKV_AWS_33 resource aws_ecr_repository Ensure ECR image scanning on push is enabled
44 CKV_AWS_23 resource aws_security_group_rule Ensure every security groups rule has a description
45 CKV_AWS_23 resource aws_db_security_group Ensure every security groups rule has a description
46 CKV_AWS_23 resource aws_elasticache_security_group Ensure every security groups rule has a description
47 CKV_AWS_23 resource aws_redshift_security_group Ensure every security groups rule has a description
48 CKV_GCP_5 resource google_storage_bucket Ensure Google storage bucket have encryption enabled
49 CKV_GCP_10 resource google_container_node_pool Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters
50 CKV_GCP_9 resource google_container_node_pool Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters
51 CKV_GCP_2 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted ssh access
52 CKV_GCP_3 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted rdp access
53 CKV_GCP_14 resource google_sql_database_instance Ensure all Cloud SQL database instance have backup configuration enabled
54 CKV_GCP_11 resource google_sql_database_instance Ensure that Cloud SQL database Instances are not open to the world
55 CKV_GCP_6 resource google_sql_database_instance Ensure all Cloud SQL database instance requires all incoming connections to use SSL
56 CKV_GCP_4 resource google_compute_ssl_policy Ensure Google SSL policy minimal TLS version is TLS_1_2
57 CKV_GCP_13 resource google_container_cluster Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters
58 CKV_GCP_8 resource google_container_cluster Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters
59 CKV_GCP_1 resource google_container_cluster Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters
60 CKV_GCP_12 resource google_container_cluster Ensure Network Policy is enabled on Kubernetes Engine Clusters
61 CKV_GCP_7 resource google_container_cluster Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
62 CKV_AZURE_2 resource azurerm_managed_disk Ensure Azure managed disk have encryption enabled
63 CKV_AZURE_1 resource azurerm_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)
64 CKV_AZURE_3 resource azurerm_storage_account Ensure that ‘Secure transfer required’ is set to ‘Enabled’
65 CKV_AWS_1 data aws_iam_policy_document Ensure IAM policies that allow full “-” administrative privileges are not created