all resource scans (auto generated)

	Id	Type	Entity	Policy	IaC	Resource Link
0	CKV2_ADO_1	resource	azuredevops_branch_policy_min_reviewers	Ensure at least two approving reviews for PRs	Terraform	ADORepositoryHasMinTwoReviewers.yaml
1	CKV2_ADO_1	resource	azuredevops_git_repository	Ensure at least two approving reviews for PRs	Terraform	ADORepositoryHasMinTwoReviewers.yaml
2	CKV_ALI_1	resource	alicloud_oss_bucket	Alibaba Cloud OSS bucket accessible to public	Terraform	OSSBucketPublic.py
3	CKV_ALI_2	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
4	CKV_ALI_3	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
5	CKV_ALI_4	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all regions	Terraform	ActionTrailLogAllRegions.py
6	CKV_ALI_5	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all events	Terraform	ActionTrailLogAllEvents.py
7	CKV_ALI_6	resource	alicloud_oss_bucket	Ensure OSS bucket is encrypted with Customer Master Key	Terraform	OSSBucketEncryptedWithCMK.py
8	CKV_ALI_7	resource	alicloud_disk	Ensure disk is encrypted	Terraform	DiskIsEncrypted.py
9	CKV_ALI_8	resource	alicloud_disk	Ensure Disk is encrypted with Customer Master Key	Terraform	DiskEncryptedWithCMK.py
10	CKV_ALI_9	resource	alicloud_db_instance	Ensure database instance is not public	Terraform	RDSIsPublic.py
11	CKV_ALI_10	resource	alicloud_oss_bucket	Ensure OSS bucket has versioning enabled	Terraform	OSSBucketVersioning.py
12	CKV_ALI_11	resource	alicloud_oss_bucket	Ensure OSS bucket has transfer Acceleration enabled	Terraform	OSSBucketTransferAcceleration.py
13	CKV_ALI_12	resource	alicloud_oss_bucket	Ensure the OSS bucket has access logging enabled	Terraform	OSSBucketAccessLogs.py
14	CKV_ALI_13	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires minimum length of 14 or greater	Terraform	RAMPasswordPolicyLength.py
15	CKV_ALI_14	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one number	Terraform	RAMPasswordPolicyNumber.py
16	CKV_ALI_15	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one symbol	Terraform	RAMPasswordPolicySymbol.py
17	CKV_ALI_16	resource	alicloud_ram_account_password_policy	Ensure RAM password policy expires passwords within 90 days or less	Terraform	RAMPasswordPolicyExpiration.py
18	CKV_ALI_17	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one lowercase letter	Terraform	RAMPasswordPolicyLowercaseLetter.py
19	CKV_ALI_18	resource	alicloud_ram_account_password_policy	Ensure RAM password policy prevents password reuse	Terraform	RAMPasswordPolicyReuse.py
20	CKV_ALI_19	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one uppercase letter	Terraform	RAMPasswordPolicyUppcaseLetter.py
21	CKV_ALI_20	resource	alicloud_db_instance	Ensure RDS instance uses SSL	Terraform	RDSInstanceSSL.py
22	CKV_ALI_21	resource	alicloud_api_gateway_api	Ensure API Gateway API Protocol HTTPS	Terraform	APIGatewayProtocolHTTPS.py
23	CKV_ALI_22	resource	alicloud_db_instance	Ensure Transparent Data Encryption is Enabled on instance	Terraform	RDSTransparentDataEncryptionEnabled.py
24	CKV_ALI_23	resource	alicloud_ram_account_password_policy	Ensure Ram Account Password Policy Max Login Attempts not > 5	Terraform	RAMPasswordPolicyMaxLogin.py
25	CKV_ALI_24	resource	alicloud_ram_security_preference	Ensure RAM enforces MFA	Terraform	RAMSecurityEnforceMFA.py
26	CKV_ALI_25	resource	alicloud_db_instance	Ensure RDS Instance SQL Collector Retention Period should be greater than 180	Terraform	RDSRetention.py
27	CKV_ALI_26	resource	alicloud_cs_kubernetes	Ensure Kubernetes installs plugin Terway or Flannel to support standard policies	Terraform	K8sEnableNetworkPolicies.py
28	CKV_ALI_27	resource	alicloud_kms_key	Ensure KMS Key Rotation is enabled	Terraform	KMSKeyRotationIsEnabled.py
29	CKV_ALI_28	resource	alicloud_kms_key	Ensure KMS Keys are enabled	Terraform	KMSKeyIsEnabled.py
30	CKV_ALI_29	resource	alicloud_alb_acl_entry_attachment	Alibaba ALB ACL does not restrict Access	Terraform	ALBACLIsUnrestricted.py
31	CKV_ALI_30	resource	alicloud_db_instance	Ensure RDS instance auto upgrades for minor versions	Terraform	RDSInstanceAutoUpgrade.py
32	CKV_ALI_31	resource	alicloud_cs_kubernetes_node_pool	Ensure K8s nodepools are set to auto repair	Terraform	K8sNodePoolAutoRepair.py
33	CKV_ALI_32	resource	alicloud_ecs_launch_template	Ensure launch template data disks are encrypted	Terraform	LaunchTemplateDisksAreEncrypted.py
34	CKV_ALI_33	resource	alicloud_slb_tls_cipher_policy	Alibaba Cloud Cypher Policy are secure	Terraform	TLSPoliciesAreSecure.py
35	CKV_ALI_35	resource	alicloud_db_instance	Ensure RDS instance has log_duration enabled	Terraform	RDSInstanceLogsEnabled.py
36	CKV_ALI_36	resource	alicloud_db_instance	Ensure RDS instance has log_disconnections enabled	Terraform	RDSInstanceLogDisconnections.py
37	CKV_ALI_37	resource	alicloud_db_instance	Ensure RDS instance has log_connections enabled	Terraform	RDSInstanceLogConnections.py
38	CKV_ALI_38	resource	alicloud_log_audit	Ensure log audit is enabled for RDS	Terraform	LogAuditRDSEnabled.py
39	CKV_ALI_41	resource	alicloud_mongodb_instance	Ensure MongoDB is deployed inside a VPC	Terraform	MongoDBInsideVPC.py
40	CKV_ALI_42	resource	alicloud_mongodb_instance	Ensure Mongodb instance uses SSL	Terraform	MongoDBInstanceSSL.py
41	CKV_ALI_43	resource	alicloud_mongodb_instance	Ensure MongoDB instance is not public	Terraform	MongoDBIsPublic.py
42	CKV_ALI_44	resource	alicloud_mongodb_instance	Ensure MongoDB has Transparent Data Encryption Enabled	Terraform	MongoDBTransparentDataEncryptionEnabled.py
43	CKV_ANSIBLE_1	resource	[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
44	CKV_ANSIBLE_1	resource	[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
45	CKV_ANSIBLE_1	resource	[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
46	CKV_ANSIBLE_1	resource	[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
47	CKV_ANSIBLE_1	resource	[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
48	CKV_ANSIBLE_1	resource	[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
49	CKV_ANSIBLE_1	resource	[].block[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
50	CKV_ANSIBLE_1	resource	[].block[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
51	CKV_ANSIBLE_1	resource	[].tasks[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
52	CKV_ANSIBLE_1	resource	[].tasks[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
53	CKV_ANSIBLE_1	resource	[].tasks[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
54	CKV_ANSIBLE_1	resource	[].tasks[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
55	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
56	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
57	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
58	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
59	CKV_ANSIBLE_2	resource	[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
60	CKV_ANSIBLE_2	resource	[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
61	CKV_ANSIBLE_2	resource	[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
62	CKV_ANSIBLE_2	resource	[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
63	CKV_ANSIBLE_2	resource	[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
64	CKV_ANSIBLE_2	resource	[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
65	CKV_ANSIBLE_2	resource	[].block[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
66	CKV_ANSIBLE_2	resource	[].block[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
67	CKV_ANSIBLE_2	resource	[].tasks[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
68	CKV_ANSIBLE_2	resource	[].tasks[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
69	CKV_ANSIBLE_2	resource	[].tasks[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
70	CKV_ANSIBLE_2	resource	[].tasks[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
71	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
72	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
73	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
74	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
75	CKV_ANSIBLE_3	resource	[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
76	CKV_ANSIBLE_3	resource	[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
77	CKV_ANSIBLE_3	resource	[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
78	CKV_ANSIBLE_3	resource	[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
79	CKV_ANSIBLE_3	resource	[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
80	CKV_ANSIBLE_3	resource	[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
81	CKV_ANSIBLE_3	resource	[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
82	CKV_ANSIBLE_3	resource	[].block[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
83	CKV_ANSIBLE_3	resource	[].tasks[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
84	CKV_ANSIBLE_3	resource	[].tasks[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
85	CKV_ANSIBLE_3	resource	[].tasks[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
86	CKV_ANSIBLE_3	resource	[].tasks[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
87	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
88	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
89	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
90	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
91	CKV_ANSIBLE_4	resource	[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
92	CKV_ANSIBLE_4	resource	[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
93	CKV_ANSIBLE_4	resource	[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
94	CKV_ANSIBLE_4	resource	[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
95	CKV_ANSIBLE_4	resource	[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
96	CKV_ANSIBLE_4	resource	[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
97	CKV_ANSIBLE_4	resource	[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
98	CKV_ANSIBLE_4	resource	[].block[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
99	CKV_ANSIBLE_4	resource	[].tasks[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
100	CKV_ANSIBLE_4	resource	[].tasks[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
101	CKV_ANSIBLE_4	resource	[].tasks[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
102	CKV_ANSIBLE_4	resource	[].tasks[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
103	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
104	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
105	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
106	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
107	CKV_ANSIBLE_5	resource	[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
108	CKV_ANSIBLE_5	resource	[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
109	CKV_ANSIBLE_5	resource	[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
110	CKV_ANSIBLE_5	resource	[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
111	CKV_ANSIBLE_5	resource	[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
112	CKV_ANSIBLE_5	resource	[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
113	CKV_ANSIBLE_5	resource	[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
114	CKV_ANSIBLE_5	resource	[].block[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
115	CKV_ANSIBLE_5	resource	[].tasks[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
116	CKV_ANSIBLE_5	resource	[].tasks[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
117	CKV_ANSIBLE_5	resource	[].tasks[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
118	CKV_ANSIBLE_5	resource	[].tasks[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
119	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
120	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
121	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
122	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
123	CKV_ANSIBLE_6	resource	[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
124	CKV_ANSIBLE_6	resource	[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
125	CKV_ANSIBLE_6	resource	[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
126	CKV_ANSIBLE_6	resource	[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
127	CKV_ANSIBLE_6	resource	[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
128	CKV_ANSIBLE_6	resource	[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
129	CKV_ANSIBLE_6	resource	[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
130	CKV_ANSIBLE_6	resource	[].block[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
131	CKV_ANSIBLE_6	resource	[].tasks[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
132	CKV_ANSIBLE_6	resource	[].tasks[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
133	CKV_ANSIBLE_6	resource	[].tasks[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
134	CKV_ANSIBLE_6	resource	[].tasks[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
135	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
136	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
137	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
138	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
139	CKV2_ANSIBLE_1	resource	tasks.ansible.builtin.uri	Ensure that HTTPS url is used with uri	Ansible	UriHttpsOnly.yaml
140	CKV2_ANSIBLE_1	resource	tasks.uri	Ensure that HTTPS url is used with uri	Ansible	UriHttpsOnly.yaml
141	CKV2_ANSIBLE_2	resource	tasks.ansible.builtin.get_url	Ensure that HTTPS url is used with get_url	Ansible	GetUrlHttpsOnly.yaml
142	CKV2_ANSIBLE_2	resource	tasks.get_url	Ensure that HTTPS url is used with get_url	Ansible	GetUrlHttpsOnly.yaml
143	CKV2_ANSIBLE_3	resource	block	Ensure block is handling task errors properly	Ansible	BlockErrorHandling.yaml
144	CKV2_ANSIBLE_4	resource	tasks.ansible.builtin.dnf	Ensure that packages with untrusted or missing GPG signatures are not used by dnf	Ansible	DnfDisableGpgCheck.yaml
145	CKV2_ANSIBLE_4	resource	tasks.dnf	Ensure that packages with untrusted or missing GPG signatures are not used by dnf	Ansible	DnfDisableGpgCheck.yaml
146	CKV2_ANSIBLE_5	resource	tasks.ansible.builtin.dnf	Ensure that SSL validation isn’t disabled with dnf	Ansible	DnfSslVerify.yaml
147	CKV2_ANSIBLE_5	resource	tasks.dnf	Ensure that SSL validation isn’t disabled with dnf	Ansible	DnfSslVerify.yaml
148	CKV2_ANSIBLE_6	resource	tasks.ansible.builtin.dnf	Ensure that certificate validation isn’t disabled with dnf	Ansible	DnfValidateCerts.yaml
149	CKV2_ANSIBLE_6	resource	tasks.dnf	Ensure that certificate validation isn’t disabled with dnf	Ansible	DnfValidateCerts.yaml
150	CKV_ARGO_1	argo_workflows	spec	Ensure Workflow pods are not using the default ServiceAccount	Argo Workflows	DefaultServiceAccount.py
151	CKV_ARGO_2	argo_workflows	spec	Ensure Workflow pods are running as non-root user	Argo Workflows	RunAsNonRoot.py
152	CKV_AWS_1	data	aws_iam_policy_document	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	AdminPolicyDocument.py
153	CKV_AWS_1	resource	serverless_aws	Ensure IAM policies that allow full “-” administrative privileges are not created	serverless	AdminPolicyDocument.py
154	CKV_AWS_2	resource	AWS::ElasticLoadBalancingV2::Listener	Ensure ALB protocol is HTTPS	Cloudformation	ALBListenerHTTPS.py
155	CKV_AWS_2	resource	aws_alb_listener	Ensure ALB protocol is HTTPS	Terraform	ALBListenerHTTPS.py
156	CKV_AWS_2	resource	aws_lb_listener	Ensure ALB protocol is HTTPS	Terraform	ALBListenerHTTPS.py
157	CKV_AWS_3	resource	AWS::EC2::Volume	Ensure all data stored in the EBS is securely encrypted	Cloudformation	EBSEncryption.py
158	CKV_AWS_3	resource	aws_ebs_volume	Ensure all data stored in the EBS is securely encrypted	Terraform	EBSEncryption.py
159	CKV_AWS_5	resource	AWS::Elasticsearch::Domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Cloudformation	ElasticsearchEncryption.py
160	CKV_AWS_5	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	ElasticsearchEncryption.py
161	CKV_AWS_5	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	ElasticsearchEncryption.py
162	CKV_AWS_6	resource	AWS::Elasticsearch::Domain	Ensure all Elasticsearch has node-to-node encryption enabled	Cloudformation	ElasticsearchNodeToNodeEncryption.py
163	CKV_AWS_6	resource	aws_elasticsearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	ElasticsearchNodeToNodeEncryption.py
164	CKV_AWS_6	resource	aws_opensearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	ElasticsearchNodeToNodeEncryption.py
165	CKV_AWS_7	resource	AWS::KMS::Key	Ensure rotation for customer created CMKs is enabled	Cloudformation	KMSRotation.py
166	CKV_AWS_7	resource	aws_kms_key	Ensure rotation for customer created CMKs is enabled	Terraform	KMSRotation.py
167	CKV_AWS_8	resource	AWS::AutoScaling::LaunchConfiguration	Ensure all data stored in the Launch configuration EBS is securely encrypted	Cloudformation	LaunchConfigurationEBSEncryption.py
168	CKV_AWS_8	resource	aws_instance	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	LaunchConfigurationEBSEncryption.py
169	CKV_AWS_8	resource	aws_launch_configuration	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	LaunchConfigurationEBSEncryption.py
170	CKV_AWS_9	resource	aws_iam_account_password_policy	Ensure IAM password policy expires passwords within 90 days or less	Terraform	PasswordPolicyExpiration.py
171	CKV_AWS_10	resource	aws_iam_account_password_policy	Ensure IAM password policy requires minimum length of 14 or greater	Terraform	PasswordPolicyLength.py
172	CKV_AWS_11	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one lowercase letter	Terraform	PasswordPolicyLowercaseLetter.py
173	CKV_AWS_12	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one number	Terraform	PasswordPolicyNumber.py
174	CKV_AWS_13	resource	aws_iam_account_password_policy	Ensure IAM password policy prevents password reuse	Terraform	PasswordPolicyReuse.py
175	CKV_AWS_14	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one symbol	Terraform	PasswordPolicySymbol.py
176	CKV_AWS_15	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one uppercase letter	Terraform	PasswordPolicyUppercaseLetter.py
177	CKV_AWS_16	resource	AWS::RDS::DBInstance	Ensure all data stored in the RDS is securely encrypted at rest	Cloudformation	RDSEncryption.py
178	CKV_AWS_16	resource	aws_db_instance	Ensure all data stored in the RDS is securely encrypted at rest	Terraform	RDSEncryption.py
179	CKV_AWS_17	resource	AWS::RDS::DBInstance	Ensure all data stored in RDS is not publicly accessible	Cloudformation	RDSPubliclyAccessible.py
180	CKV_AWS_17	resource	aws_db_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	RDSPubliclyAccessible.py
181	CKV_AWS_17	resource	aws_rds_cluster_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	RDSPubliclyAccessible.py
182	CKV_AWS_18	resource	AWS::S3::Bucket	Ensure the S3 bucket has access logging enabled	Cloudformation	S3AccessLogs.py
183	CKV_AWS_18	resource	aws_s3_bucket	Ensure the S3 bucket has access logging enabled	Terraform	S3BucketLogging.yaml
184	CKV_AWS_19	resource	AWS::S3::Bucket	Ensure the S3 bucket has server-side-encryption enabled	Cloudformation	S3Encryption.py
185	CKV_AWS_19	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	S3BucketEncryption.yaml
186	CKV_AWS_19	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	S3BucketEncryption.yaml
187	CKV_AWS_20	resource	AWS::S3::Bucket	Ensure the S3 bucket does not allow READ permissions to everyone	Cloudformation	S3PublicACLRead.py
188	CKV_AWS_20	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public READ access.	Terraform	S3PublicACLRead.yaml
189	CKV_AWS_20	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public READ access.	Terraform	S3PublicACLRead.yaml
190	CKV_AWS_21	resource	AWS::S3::Bucket	Ensure the S3 bucket has versioning enabled	Cloudformation	S3Versioning.py
191	CKV_AWS_21	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	S3BucketVersioning.yaml
192	CKV_AWS_21	resource	aws_s3_bucket_versioning	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	S3BucketVersioning.yaml
193	CKV_AWS_22	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Notebook is encrypted at rest using KMS CMK	Terraform	SagemakerNotebookEncryption.py
194	CKV_AWS_23	resource	AWS::EC2::SecurityGroup	Ensure every security groups rule has a description	Cloudformation	SecurityGroupRuleDescription.py
195	CKV_AWS_23	resource	AWS::EC2::SecurityGroupEgress	Ensure every security groups rule has a description	Cloudformation	SecurityGroupRuleDescription.py
196	CKV_AWS_23	resource	AWS::EC2::SecurityGroupIngress	Ensure every security groups rule has a description	Cloudformation	SecurityGroupRuleDescription.py
197	CKV_AWS_23	resource	aws_db_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
198	CKV_AWS_23	resource	aws_elasticache_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
199	CKV_AWS_23	resource	aws_redshift_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
200	CKV_AWS_23	resource	aws_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
201	CKV_AWS_23	resource	aws_security_group_rule	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
202	CKV_AWS_23	resource	aws_vpc_security_group_egress_rule	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
203	CKV_AWS_23	resource	aws_vpc_security_group_ingress_rule	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
204	CKV_AWS_24	resource	AWS::EC2::SecurityGroup	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Cloudformation	SecurityGroupUnrestrictedIngress22.py
205	CKV_AWS_24	resource	AWS::EC2::SecurityGroupIngress	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Cloudformation	SecurityGroupUnrestrictedIngress22.py
206	CKV_AWS_24	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
207	CKV_AWS_24	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
208	CKV_AWS_24	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
209	CKV_AWS_25	resource	AWS::EC2::SecurityGroup	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Cloudformation	SecurityGroupUnrestrictedIngress3389.py
210	CKV_AWS_25	resource	AWS::EC2::SecurityGroupIngress	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Cloudformation	SecurityGroupUnrestrictedIngress3389.py
211	CKV_AWS_25	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
212	CKV_AWS_25	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
213	CKV_AWS_25	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
214	CKV_AWS_26	resource	AWS::SNS::Topic	Ensure all data stored in the SNS topic is encrypted	Cloudformation	SNSTopicEncryption.py
215	CKV_AWS_26	resource	aws_sns_topic	Ensure all data stored in the SNS topic is encrypted	Terraform	SNSTopicEncryption.py
216	CKV_AWS_27	resource	AWS::SQS::Queue	Ensure all data stored in the SQS queue is encrypted	Cloudformation	SQSQueueEncryption.py
217	CKV_AWS_27	resource	aws_sqs_queue	Ensure all data stored in the SQS queue is encrypted	Terraform	SQSQueueEncryption.py
218	CKV_AWS_28	resource	AWS::DynamoDB::Table	Ensure Dynamodb point in time recovery (backup) is enabled	Cloudformation	DynamodbRecovery.py
219	CKV_AWS_28	resource	aws_dynamodb_table	Ensure Dynamodb point in time recovery (backup) is enabled	Terraform	DynamodbRecovery.py
220	CKV_AWS_29	resource	AWS::ElastiCache::ReplicationGroup	Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest	Cloudformation	ElasticacheReplicationGroupEncryptionAtRest.py
221	CKV_AWS_29	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest	Terraform	ElasticacheReplicationGroupEncryptionAtRest.py
222	CKV_AWS_30	resource	AWS::ElastiCache::ReplicationGroup	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit	Cloudformation	ElasticacheReplicationGroupEncryptionAtTransit.py
223	CKV_AWS_30	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit	Terraform	ElasticacheReplicationGroupEncryptionAtTransit.py
224	CKV_AWS_31	resource	AWS::ElastiCache::ReplicationGroup	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token	Cloudformation	ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
225	CKV_AWS_31	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token	Terraform	ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
226	CKV_AWS_32	resource	AWS::ECR::Repository	Ensure ECR policy is not set to public	Cloudformation	ECRPolicy.py
227	CKV_AWS_32	resource	aws_ecr_repository_policy	Ensure ECR policy is not set to public	Terraform	ECRPolicy.py
228	CKV_AWS_33	resource	AWS::KMS::Key	Ensure KMS key policy does not contain wildcard (*) principal	Cloudformation	KMSKeyWildCardPrincipal.py
229	CKV_AWS_33	resource	aws_kms_key	Ensure KMS key policy does not contain wildcard (*) principal	Terraform	KMSKeyWildcardPrincipal.py
230	CKV_AWS_34	resource	AWS::CloudFront::Distribution	Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS	Cloudformation	CloudfrontDistributionEncryption.py
231	CKV_AWS_34	resource	aws_cloudfront_distribution	Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS	Terraform	CloudfrontDistributionEncryption.py
232	CKV_AWS_35	resource	AWS::CloudTrail::Trail	Ensure CloudTrail logs are encrypted at rest using KMS CMKs	Cloudformation	CloudtrailEncryption.py
233	CKV_AWS_35	resource	aws_cloudtrail	Ensure CloudTrail logs are encrypted at rest using KMS CMKs	Terraform	CloudtrailEncryptionWithCMK.py
234	CKV_AWS_36	resource	AWS::CloudTrail::Trail	Ensure CloudTrail log file validation is enabled	Cloudformation	CloudtrailLogValidation.py
235	CKV_AWS_36	resource	aws_cloudtrail	Ensure CloudTrail log file validation is enabled	Terraform	CloudtrailLogValidation.py
236	CKV_AWS_37	resource	aws_eks_cluster	Ensure Amazon EKS control plane logging enabled for all log types	Terraform	EKSControlPlaneLogging.py
237	CKV_AWS_38	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0	Terraform	EKSPublicAccessCIDR.py
238	CKV_AWS_39	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint disabled	Terraform	EKSPublicAccess.py
239	CKV_AWS_40	resource	AWS::IAM::Policy	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Cloudformation	IAMPolicyAttachedToGroupOrRoles.py
240	CKV_AWS_40	resource	aws_iam_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
241	CKV_AWS_40	resource	aws_iam_user_policy	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
242	CKV_AWS_40	resource	aws_iam_user_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
243	CKV_AWS_41	provider	aws	Ensure no hard coded AWS access key and secret key exists in provider	Terraform	credentials.py
244	CKV_AWS_41	resource	serverless_aws	Ensure no hard coded AWS access key and secret key exists in provider	serverless	AWSCredentials.py
245	CKV_AWS_42	resource	AWS::EFS::FileSystem	Ensure EFS is securely encrypted	Cloudformation	EFSEncryptionEnabled.py
246	CKV_AWS_42	resource	aws_efs_file_system	Ensure EFS is securely encrypted	Terraform	EFSEncryptionEnabled.py
247	CKV_AWS_43	resource	AWS::Kinesis::Stream	Ensure Kinesis Stream is securely encrypted	Cloudformation	KinesisStreamEncryptionType.py
248	CKV_AWS_43	resource	aws_kinesis_stream	Ensure Kinesis Stream is securely encrypted	Terraform	KinesisStreamEncryptionType.py
249	CKV_AWS_44	resource	AWS::Neptune::DBCluster	Ensure Neptune storage is securely encrypted	Cloudformation	NeptuneClusterStorageEncrypted.py
250	CKV_AWS_44	resource	aws_neptune_cluster	Ensure Neptune storage is securely encrypted	Terraform	NeptuneClusterStorageEncrypted.py
251	CKV_AWS_45	resource	AWS::Lambda::Function	Ensure no hard-coded secrets exist in lambda environment	Cloudformation	LambdaEnvironmentCredentials.py
252	CKV_AWS_45	resource	AWS::Serverless::Function	Ensure no hard-coded secrets exist in lambda environment	Cloudformation	LambdaEnvironmentCredentials.py
253	CKV_AWS_45	resource	aws_lambda_function	Ensure no hard-coded secrets exist in lambda environment	Terraform	LambdaEnvironmentCredentials.py
254	CKV_AWS_46	resource	AWS::EC2::Instance	Ensure no hard-coded secrets exist in EC2 user data	Cloudformation	EC2Credentials.py
255	CKV_AWS_46	resource	aws_instance	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
256	CKV_AWS_46	resource	aws_launch_configuration	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
257	CKV_AWS_46	resource	aws_launch_template	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
258	CKV_AWS_47	resource	AWS::DAX::Cluster	Ensure DAX is encrypted at rest (default is unencrypted)	Cloudformation	DAXEncryption.py
259	CKV_AWS_47	resource	aws_dax_cluster	Ensure DAX is encrypted at rest (default is unencrypted)	Terraform	DAXEncryption.py
260	CKV_AWS_48	resource	aws_mq_broker	Ensure MQ Broker logging is enabled	Terraform	MQBrokerLogging.py
261	CKV_AWS_49	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	StarActionPolicyDocument.py
262	CKV_AWS_49	resource	serverless_aws	Ensure no IAM policies documents allow “*” as a statement’s actions	serverless	StarActionPolicyDocument.py
263	CKV_AWS_50	resource	aws_lambda_function	X-ray tracing is enabled for Lambda	Terraform	LambdaXrayEnabled.py
264	CKV_AWS_51	resource	AWS::ECR::Repository	Ensure ECR Image Tags are immutable	Cloudformation	ECRImmutableTags.py
265	CKV_AWS_51	resource	aws_ecr_repository	Ensure ECR Image Tags are immutable	Terraform	ECRImmutableTags.py
266	CKV_AWS_53	resource	AWS::S3::Bucket	Ensure S3 bucket has block public ACLS enabled	Cloudformation	S3BlockPublicACLs.py
267	CKV_AWS_53	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public ACLS enabled	Terraform	S3BlockPublicACLs.py
268	CKV_AWS_54	resource	AWS::S3::Bucket	Ensure S3 bucket has block public policy enabled	Cloudformation	S3BlockPublicPolicy.py
269	CKV_AWS_54	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public policy enabled	Terraform	S3BlockPublicPolicy.py
270	CKV_AWS_55	resource	AWS::S3::Bucket	Ensure S3 bucket has ignore public ACLs enabled	Cloudformation	S3IgnorePublicACLs.py
271	CKV_AWS_55	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ignore public ACLs enabled	Terraform	S3IgnorePublicACLs.py
272	CKV_AWS_56	resource	AWS::S3::Bucket	Ensure S3 bucket has ‘restrict_public_bucket’ enabled	Cloudformation	S3RestrictPublicBuckets.py
273	CKV_AWS_56	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ‘restrict_public_bucket’ enabled	Terraform	S3RestrictPublicBuckets.py
274	CKV_AWS_57	resource	AWS::S3::Bucket	Ensure the S3 bucket does not allow WRITE permissions to everyone	Cloudformation	S3PublicACLWrite.py
275	CKV_AWS_57	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	S3PublicACLWrite.yaml
276	CKV_AWS_57	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	S3PublicACLWrite.yaml
277	CKV_AWS_58	resource	AWS::EKS::Cluster	Ensure EKS Cluster has Secrets Encryption Enabled	Cloudformation	EKSSecretsEncryption.py
278	CKV_AWS_58	resource	aws_eks_cluster	Ensure EKS Cluster has Secrets Encryption Enabled	Terraform	EKSSecretsEncryption.py
279	CKV_AWS_59	resource	AWS::ApiGateway::Method	Ensure there is no open access to back-end resources through API	Cloudformation	APIGatewayAuthorization.py
280	CKV_AWS_59	resource	aws_api_gateway_method	Ensure there is no open access to back-end resources through API	Terraform	APIGatewayAuthorization.py
281	CKV_AWS_60	resource	AWS::IAM::Role	Ensure IAM role allows only specific services or principals to assume it	Cloudformation	IAMRoleAllowsPublicAssume.py
282	CKV_AWS_60	resource	aws_iam_role	Ensure IAM role allows only specific services or principals to assume it	Terraform	IAMRoleAllowsPublicAssume.py
283	CKV_AWS_61	resource	AWS::IAM::Role	Ensure AWS IAM policy does not allow assume role permission across all services	Cloudformation	IAMRoleAllowAssumeFromAccount.py
284	CKV_AWS_61	resource	aws_iam_role	Ensure AWS IAM policy does not allow assume role permission across all services	Terraform	IAMRoleAllowAssumeFromAccount.py
285	CKV_AWS_62	resource	AWS::IAM::Group	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
286	CKV_AWS_62	resource	AWS::IAM::Policy	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
287	CKV_AWS_62	resource	AWS::IAM::Role	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
288	CKV_AWS_62	resource	AWS::IAM::User	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
289	CKV_AWS_62	resource	aws_iam_group_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
290	CKV_AWS_62	resource	aws_iam_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
291	CKV_AWS_62	resource	aws_iam_role_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
292	CKV_AWS_62	resource	aws_iam_user_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
293	CKV_AWS_62	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
294	CKV_AWS_63	resource	AWS::IAM::Group	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
295	CKV_AWS_63	resource	AWS::IAM::Policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
296	CKV_AWS_63	resource	AWS::IAM::Role	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
297	CKV_AWS_63	resource	AWS::IAM::User	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
298	CKV_AWS_63	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
299	CKV_AWS_63	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
300	CKV_AWS_63	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
301	CKV_AWS_63	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
302	CKV_AWS_63	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
303	CKV_AWS_64	resource	AWS::Redshift::Cluster	Ensure all data stored in the Redshift cluster is securely encrypted at rest	Cloudformation	RedshiftClusterEncryption.py
304	CKV_AWS_64	resource	aws_redshift_cluster	Ensure all data stored in the Redshift cluster is securely encrypted at rest	Terraform	RedshiftClusterEncryption.py
305	CKV_AWS_65	resource	AWS::ECS::Cluster	Ensure container insights are enabled on ECS cluster	Cloudformation	ECSClusterContainerInsights.py
306	CKV_AWS_65	resource	aws_ecs_cluster	Ensure container insights are enabled on ECS cluster	Terraform	ECSClusterContainerInsights.py
307	CKV_AWS_66	resource	AWS::Logs::LogGroup	Ensure that CloudWatch Log Group specifies retention days	Cloudformation	CloudWatchLogGroupRetention.py
308	CKV_AWS_66	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group specifies retention days	Terraform	CloudWatchLogGroupRetention.py
309	CKV_AWS_67	resource	AWS::CloudTrail::Trail	Ensure CloudTrail is enabled in all Regions	Cloudformation	CloudtrailMultiRegion.py
310	CKV_AWS_67	resource	aws_cloudtrail	Ensure CloudTrail is enabled in all Regions	Terraform	CloudtrailMultiRegion.py
311	CKV_AWS_68	resource	AWS::CloudFront::Distribution	CloudFront Distribution should have WAF enabled	Cloudformation	WAFEnabled.py
312	CKV_AWS_68	resource	aws_cloudfront_distribution	CloudFront Distribution should have WAF enabled	Terraform	WAFEnabled.py
313	CKV_AWS_69	resource	AWS::AmazonMQ::Broker	Ensure Amazon MQ Broker should not have public access	Cloudformation	AmazonMQBrokerPublicAccess.py
314	CKV_AWS_69	resource	aws_mq_broker	Ensure MQ Broker is not publicly exposed	Terraform	MQBrokerNotPubliclyExposed.py
315	CKV_AWS_70	resource	aws_s3_bucket	Ensure S3 bucket does not allow an action with any Principal	Terraform	S3AllowsAnyPrincipal.py
316	CKV_AWS_70	resource	aws_s3_bucket_policy	Ensure S3 bucket does not allow an action with any Principal	Terraform	S3AllowsAnyPrincipal.py
317	CKV_AWS_71	resource	AWS::Redshift::Cluster	Ensure Redshift Cluster logging is enabled	Cloudformation	RedshiftClusterLogging.py
318	CKV_AWS_71	resource	aws_redshift_cluster	Ensure Redshift Cluster logging is enabled	Terraform	RedshiftClusterLogging.py
319	CKV_AWS_72	resource	aws_sqs_queue_policy	Ensure SQS policy does not allow ALL (*) actions.	Terraform	SQSPolicy.py
320	CKV_AWS_73	resource	AWS::ApiGateway::Stage	Ensure API Gateway has X-Ray Tracing enabled	Cloudformation	APIGatewayXray.py
321	CKV_AWS_73	resource	AWS::Serverless::Api	Ensure API Gateway has X-Ray Tracing enabled	Cloudformation	APIGatewayXray.py
322	CKV_AWS_73	resource	aws_api_gateway_stage	Ensure API Gateway has X-Ray Tracing enabled	Terraform	APIGatewayXray.py
323	CKV_AWS_74	resource	AWS::DocDB::DBCluster	Ensure DocDB is encrypted at rest (default is unencrypted)	Cloudformation	DocDBEncryption.py
324	CKV_AWS_74	resource	aws_docdb_cluster	Ensure DocDB is encrypted at rest (default is unencrypted)	Terraform	DocDBEncryption.py
325	CKV_AWS_75	resource	aws_globalaccelerator_accelerator	Ensure Global Accelerator accelerator has flow logs enabled	Terraform	GlobalAcceleratorAcceleratorFlowLogs.py
326	CKV_AWS_76	resource	AWS::ApiGateway::Stage	Ensure API Gateway has Access Logging enabled	Cloudformation	APIGatewayAccessLogging.py
327	CKV_AWS_76	resource	AWS::Serverless::Api	Ensure API Gateway has Access Logging enabled	Cloudformation	APIGatewayAccessLogging.py
328	CKV_AWS_76	resource	aws_api_gateway_stage	Ensure API Gateway has Access Logging enabled	Terraform	APIGatewayAccessLogging.py
329	CKV_AWS_76	resource	aws_apigatewayv2_stage	Ensure API Gateway has Access Logging enabled	Terraform	APIGatewayAccessLogging.py
330	CKV_AWS_77	resource	aws_athena_database	Ensure Athena Database is encrypted at rest (default is unencrypted)	Terraform	AthenaDatabaseEncryption.py
331	CKV_AWS_78	resource	AWS::CodeBuild::Project	Ensure that CodeBuild Project encryption is not disabled	Cloudformation	CodeBuildProjectEncryption.py
332	CKV_AWS_78	resource	aws_codebuild_project	Ensure that CodeBuild Project encryption is not disabled	Terraform	CodeBuildProjectEncryption.py
333	CKV_AWS_79	resource	AWS::EC2::LaunchTemplate	Ensure Instance Metadata Service Version 1 is not enabled	Cloudformation	IMDSv1Disabled.py
334	CKV_AWS_79	resource	aws_instance	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
335	CKV_AWS_79	resource	aws_launch_configuration	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
336	CKV_AWS_79	resource	aws_launch_template	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
337	CKV_AWS_80	resource	aws_msk_cluster	Ensure MSK Cluster logging is enabled	Terraform	MSKClusterLogging.py
338	CKV_AWS_81	resource	aws_msk_cluster	Ensure MSK Cluster encryption in rest and transit is enabled	Terraform	MSKClusterEncryption.py
339	CKV_AWS_82	resource	AWS::Athena::WorkGroup	Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption	Cloudformation	AthenaWorkgroupConfiguration.py
340	CKV_AWS_82	resource	aws_athena_workgroup	Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption	Terraform	AthenaWorkgroupConfiguration.py
341	CKV_AWS_83	resource	AWS::Elasticsearch::Domain	Ensure Elasticsearch Domain enforces HTTPS	Cloudformation	ElasticsearchDomainEnforceHTTPS.py
342	CKV_AWS_83	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	ElasticsearchDomainEnforceHTTPS.py
343	CKV_AWS_83	resource	aws_opensearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	ElasticsearchDomainEnforceHTTPS.py
344	CKV_AWS_84	resource	AWS::Elasticsearch::Domain	Ensure Elasticsearch Domain Logging is enabled	Cloudformation	ElasticsearchDomainLogging.py
345	CKV_AWS_84	resource	AWS::OpenSearchService::Domain	Ensure Elasticsearch Domain Logging is enabled	Cloudformation	ElasticsearchDomainLogging.py
346	CKV_AWS_84	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	ElasticsearchDomainLogging.py
347	CKV_AWS_84	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	ElasticsearchDomainLogging.py
348	CKV_AWS_85	resource	AWS::DocDB::DBCluster	Ensure DocDB Logging is enabled	Cloudformation	DocDBLogging.py
349	CKV_AWS_85	resource	aws_docdb_cluster	Ensure DocDB Logging is enabled	Terraform	DocDBLogging.py
350	CKV_AWS_86	resource	AWS::CloudFront::Distribution	Ensure Cloudfront distribution has Access Logging enabled	Cloudformation	CloudfrontDistributionLogging.py
351	CKV_AWS_86	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution has Access Logging enabled	Terraform	CloudfrontDistributionLogging.py
352	CKV_AWS_87	resource	AWS::Redshift::Cluster	Redshift cluster should not be publicly accessible	Cloudformation	RedshiftClusterPubliclyAccessible.py
353	CKV_AWS_87	resource	aws_redshift_cluster	Redshift cluster should not be publicly accessible	Terraform	RedshitClusterPubliclyAvailable.py
354	CKV_AWS_88	resource	AWS::EC2::Instance	EC2 instance should not have public IP.	Cloudformation	EC2PublicIP.py
355	CKV_AWS_88	resource	AWS::EC2::LaunchTemplate	EC2 instance should not have public IP.	Cloudformation	EC2PublicIP.py
356	CKV_AWS_88	resource	[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
357	CKV_AWS_88	resource	[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
358	CKV_AWS_88	resource	[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
359	CKV_AWS_88	resource	[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
360	CKV_AWS_88	resource	[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
361	CKV_AWS_88	resource	[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
362	CKV_AWS_88	resource	[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
363	CKV_AWS_88	resource	[].block[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
364	CKV_AWS_88	resource	[].tasks[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
365	CKV_AWS_88	resource	[].tasks[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
366	CKV_AWS_88	resource	[].tasks[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
367	CKV_AWS_88	resource	[].tasks[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
368	CKV_AWS_88	resource	[].tasks[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
369	CKV_AWS_88	resource	[].tasks[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
370	CKV_AWS_88	resource	[].tasks[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
371	CKV_AWS_88	resource	[].tasks[].block[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
372	CKV_AWS_88	resource	aws_instance	EC2 instance should not have public IP.	Terraform	EC2PublicIP.py
373	CKV_AWS_88	resource	aws_launch_template	EC2 instance should not have public IP.	Terraform	EC2PublicIP.py
374	CKV_AWS_89	resource	AWS::DMS::ReplicationInstance	DMS replication instance should not be publicly accessible	Cloudformation	DMSReplicationInstancePubliclyAccessible.py
375	CKV_AWS_89	resource	aws_dms_replication_instance	DMS replication instance should not be publicly accessible	Terraform	DMSReplicationInstancePubliclyAccessible.py
376	CKV_AWS_90	resource	AWS::DocDB::DBClusterParameterGroup	Ensure DocDB TLS is not disabled	Cloudformation	DocDBTLS.py
377	CKV_AWS_90	resource	aws_docdb_cluster_parameter_group	Ensure DocDB TLS is not disabled	Terraform	DocDBTLS.py
378	CKV_AWS_91	resource	AWS::ElasticLoadBalancingV2::LoadBalancer	Ensure the ELBv2 (Application/Network) has access logging enabled	Cloudformation	ELBv2AccessLogs.py
379	CKV_AWS_91	resource	aws_alb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	ELBv2AccessLogs.py
380	CKV_AWS_91	resource	aws_lb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	ELBv2AccessLogs.py
381	CKV_AWS_92	resource	AWS::ElasticLoadBalancing::LoadBalancer	Ensure the ELB has access logging enabled	Cloudformation	ELBAccessLogs.py
382	CKV_AWS_92	resource	aws_elb	Ensure the ELB has access logging enabled	Terraform	ELBAccessLogs.py
383	CKV_AWS_93	resource	aws_s3_bucket	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	S3ProtectAgainstPolicyLockout.py
384	CKV_AWS_93	resource	aws_s3_bucket_policy	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	S3ProtectAgainstPolicyLockout.py
385	CKV_AWS_94	resource	AWS::Glue::DataCatalogEncryptionSettings	Ensure Glue Data Catalog Encryption is enabled	Cloudformation	GlueDataCatalogEncryption.py
386	CKV_AWS_94	resource	aws_glue_data_catalog_encryption_settings	Ensure Glue Data Catalog Encryption is enabled	Terraform	GlueDataCatalogEncryption.py
387	CKV_AWS_95	resource	AWS::ApiGatewayV2::Stage	Ensure API Gateway V2 has Access Logging enabled	Cloudformation	APIGatewayV2AccessLogging.py
388	CKV_AWS_95	resource	AWS::Serverless::HttpApi	Ensure API Gateway V2 has Access Logging enabled	Cloudformation	APIGatewayV2AccessLogging.py
389	CKV_AWS_96	resource	AWS::RDS::DBCluster	Ensure all data stored in Aurora is securely encrypted at rest	Cloudformation	AuroraEncryption.py
390	CKV_AWS_96	resource	aws_rds_cluster	Ensure all data stored in Aurora is securely encrypted at rest	Terraform	AuroraEncryption.py
391	CKV_AWS_97	resource	AWS::ECS::TaskDefinition	Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions	Cloudformation	ECSTaskDefinitionEFSVolumeEncryption.py
392	CKV_AWS_97	resource	aws_ecs_task_definition	Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions	Terraform	ECSTaskDefinitionEFSVolumeEncryption.py
393	CKV_AWS_98	resource	aws_sagemaker_endpoint_configuration	Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest	Terraform	SagemakerEndpointConfigurationEncryption.py
394	CKV_AWS_99	resource	AWS::Glue::SecurityConfiguration	Ensure Glue Security Configuration Encryption is enabled	Cloudformation	GlueSecurityConfiguration.py
395	CKV_AWS_99	resource	aws_glue_security_configuration	Ensure Glue Security Configuration Encryption is enabled	Terraform	GlueSecurityConfiguration.py
396	CKV_AWS_100	resource	AWS::EKS::Nodegroup	Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0	Cloudformation	EKSNodeGroupRemoteAccess.py
397	CKV_AWS_100	resource	aws_eks_node_group	Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0	Terraform	EKSNodeGroupRemoteAccess.py
398	CKV_AWS_101	resource	AWS::Neptune::DBCluster	Ensure Neptune logging is enabled	Cloudformation	NeptuneClusterLogging.py
399	CKV_AWS_101	resource	aws_neptune_cluster	Ensure Neptune logging is enabled	Terraform	NeptuneClusterLogging.py
400	CKV_AWS_102	resource	aws_neptune_cluster_instance	Ensure Neptune Cluster instance is not publicly available	Terraform	NeptuneClusterInstancePublic.py
401	CKV_AWS_103	resource	AWS::ElasticLoadBalancingV2::Listener	Ensure that Load Balancer Listener is using at least TLS v1.2	Cloudformation	ALBListenerTLS12.py
402	CKV_AWS_103	resource	aws_alb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
403	CKV_AWS_103	resource	aws_lb	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
404	CKV_AWS_103	resource	aws_lb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
405	CKV_AWS_104	resource	AWS::DocDB::DBClusterParameterGroup	Ensure DocDB has audit logs enabled	Cloudformation	DocDBAuditLogs.py
406	CKV_AWS_104	resource	aws_docdb_cluster_parameter_group	Ensure DocDB has audit logs enabled	Terraform	DocDBAuditLogs.py
407	CKV_AWS_105	resource	AWS::Redshift::ClusterParameterGroup	Ensure Redshift uses SSL	Cloudformation	RedShiftSSL.py
408	CKV_AWS_105	resource	aws_redshift_parameter_group	Ensure Redshift uses SSL	Terraform	RedShiftSSL.py
409	CKV_AWS_106	resource	aws_ebs_encryption_by_default	Ensure EBS default encryption is enabled	Terraform	EBSDefaultEncryption.py
410	CKV_AWS_107	resource	AWS::IAM::Group	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
411	CKV_AWS_107	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
412	CKV_AWS_107	resource	AWS::IAM::Policy	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
413	CKV_AWS_107	resource	AWS::IAM::Role	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
414	CKV_AWS_107	resource	AWS::IAM::User	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
415	CKV_AWS_107	data	aws_iam_policy_document	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
416	CKV_AWS_108	resource	AWS::IAM::Group	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
417	CKV_AWS_108	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
418	CKV_AWS_108	resource	AWS::IAM::Policy	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
419	CKV_AWS_108	resource	AWS::IAM::Role	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
420	CKV_AWS_108	resource	AWS::IAM::User	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
421	CKV_AWS_108	data	aws_iam_policy_document	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
422	CKV_AWS_109	resource	AWS::IAM::Group	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
423	CKV_AWS_109	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
424	CKV_AWS_109	resource	AWS::IAM::Policy	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
425	CKV_AWS_109	resource	AWS::IAM::Role	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
426	CKV_AWS_109	resource	AWS::IAM::User	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
427	CKV_AWS_109	data	aws_iam_policy_document	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
428	CKV_AWS_110	resource	AWS::IAM::Group	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
429	CKV_AWS_110	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
430	CKV_AWS_110	resource	AWS::IAM::Policy	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
431	CKV_AWS_110	resource	AWS::IAM::Role	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
432	CKV_AWS_110	resource	AWS::IAM::User	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
433	CKV_AWS_110	data	aws_iam_policy_document	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
434	CKV_AWS_111	resource	AWS::IAM::Group	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
435	CKV_AWS_111	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
436	CKV_AWS_111	resource	AWS::IAM::Policy	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
437	CKV_AWS_111	resource	AWS::IAM::Role	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
438	CKV_AWS_111	resource	AWS::IAM::User	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
439	CKV_AWS_111	data	aws_iam_policy_document	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
440	CKV_AWS_112	resource	aws_ssm_document	Ensure Session Manager data is encrypted in transit	Terraform	SSMSessionManagerDocumentEncryption.py
441	CKV_AWS_113	resource	aws_ssm_document	Ensure Session Manager logs are enabled and encrypted	Terraform	SSMSessionManagerDocumentLogging.py
442	CKV_AWS_114	resource	aws_emr_cluster	Ensure that EMR clusters with Kerberos have Kerberos Realm set	Terraform	EMRClusterKerberosAttributes.py
443	CKV_AWS_115	resource	AWS::Lambda::Function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Cloudformation	LambdaFunctionLevelConcurrentExecutionLimit.py
444	CKV_AWS_115	resource	AWS::Serverless::Function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Cloudformation	LambdaFunctionLevelConcurrentExecutionLimit.py
445	CKV_AWS_115	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Terraform	LambdaFunctionLevelConcurrentExecutionLimit.py
446	CKV_AWS_116	resource	AWS::Lambda::Function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Cloudformation	LambdaDLQConfigured.py
447	CKV_AWS_116	resource	AWS::Serverless::Function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Cloudformation	LambdaDLQConfigured.py
448	CKV_AWS_116	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Terraform	LambdaDLQConfigured.py
449	CKV_AWS_117	resource	AWS::Lambda::Function	Ensure that AWS Lambda function is configured inside a VPC	Cloudformation	LambdaInVPC.py
450	CKV_AWS_117	resource	AWS::Serverless::Function	Ensure that AWS Lambda function is configured inside a VPC	Cloudformation	LambdaInVPC.py
451	CKV_AWS_117	resource	aws_lambda_function	Ensure that AWS Lambda function is configured inside a VPC	Terraform	LambdaInVPC.py
452	CKV_AWS_118	resource	AWS::RDS::DBInstance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Cloudformation	RDSEnhancedMonitorEnabled.py
453	CKV_AWS_118	resource	aws_db_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	RDSEnhancedMonitorEnabled.py
454	CKV_AWS_118	resource	aws_rds_cluster_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	RDSEnhancedMonitorEnabled.py
455	CKV_AWS_119	resource	AWS::DynamoDB::Table	Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK	Cloudformation	DynamoDBTablesEncrypted.py
456	CKV_AWS_119	resource	aws_dynamodb_table	Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK	Terraform	DynamoDBTablesEncrypted.py
457	CKV_AWS_120	resource	AWS::ApiGateway::Stage	Ensure API Gateway caching is enabled	Cloudformation	APIGatewayCacheEnable.py
458	CKV_AWS_120	resource	AWS::Serverless::Api	Ensure API Gateway caching is enabled	Cloudformation	APIGatewayCacheEnable.py
459	CKV_AWS_120	resource	aws_api_gateway_stage	Ensure API Gateway caching is enabled	Terraform	APIGatewayCacheEnable.py
460	CKV_AWS_121	resource	aws_config_configuration_aggregator	Ensure AWS Config is enabled in all regions	Terraform	ConfigConfgurationAggregatorAllRegions.py
461	CKV_AWS_122	resource	aws_sagemaker_notebook_instance	Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance	Terraform	SageMakerInternetAccessDisabled.py
462	CKV_AWS_123	resource	AWS::EC2::VPCEndpointService	Ensure that VPC Endpoint Service is configured for Manual Acceptance	Cloudformation	VPCEndpointAcceptanceConfigured.py
463	CKV_AWS_123	resource	aws_vpc_endpoint_service	Ensure that VPC Endpoint Service is configured for Manual Acceptance	Terraform	VPCEndpointAcceptanceConfigured.py
464	CKV_AWS_124	resource	aws_cloudformation_stack	Ensure that CloudFormation stacks are sending event notifications to an SNS topic	Terraform	CloudformationStackNotificationArns.py
465	CKV_AWS_126	resource	aws_instance	Ensure that detailed monitoring is enabled for EC2 instances	Terraform	EC2DetailedMonitoringEnabled.py
466	CKV_AWS_127	resource	aws_elb	Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager	Terraform	ELBUsesSSL.py
467	CKV_AWS_129	resource	aws_db_instance	Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled	Terraform	DBInstanceLogging.py
468	CKV_AWS_130	resource	aws_subnet	Ensure VPC subnets do not assign public IP by default	Terraform	SubnetPublicIP.py
469	CKV_AWS_131	resource	AWS::ElasticLoadBalancingV2::LoadBalancer	Ensure that ALB drops HTTP headers	Cloudformation	ALBDropHttpHeaders.py
470	CKV_AWS_131	resource	aws_alb	Ensure that ALB drops HTTP headers	Terraform	ALBDropHttpHeaders.py
471	CKV_AWS_131	resource	aws_lb	Ensure that ALB drops HTTP headers	Terraform	ALBDropHttpHeaders.py
472	CKV_AWS_133	resource	aws_db_instance	Ensure that RDS instances has backup policy	Terraform	DBInstanceBackupRetentionPeriod.py
473	CKV_AWS_133	resource	aws_rds_cluster	Ensure that RDS instances has backup policy	Terraform	DBInstanceBackupRetentionPeriod.py
474	CKV_AWS_134	resource	aws_elasticache_cluster	Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on	Terraform	ElasticCacheAutomaticBackup.py
475	CKV_AWS_135	resource	[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
476	CKV_AWS_135	resource	[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
477	CKV_AWS_135	resource	[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
478	CKV_AWS_135	resource	[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
479	CKV_AWS_135	resource	[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
480	CKV_AWS_135	resource	[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
481	CKV_AWS_135	resource	[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
482	CKV_AWS_135	resource	[].block[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
483	CKV_AWS_135	resource	[].tasks[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
484	CKV_AWS_135	resource	[].tasks[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
485	CKV_AWS_135	resource	[].tasks[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
486	CKV_AWS_135	resource	[].tasks[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
487	CKV_AWS_135	resource	[].tasks[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
488	CKV_AWS_135	resource	[].tasks[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
489	CKV_AWS_135	resource	[].tasks[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
490	CKV_AWS_135	resource	[].tasks[].block[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
491	CKV_AWS_135	resource	aws_instance	Ensure that EC2 is EBS optimized	Terraform	EC2EBSOptimized.py
492	CKV_AWS_136	resource	AWS::ECR::Repository	Ensure that ECR repositories are encrypted using KMS	Cloudformation	ECRRepositoryEncrypted.py
493	CKV_AWS_136	resource	aws_ecr_repository	Ensure that ECR repositories are encrypted using KMS	Terraform	ECRRepositoryEncrypted.py
494	CKV_AWS_137	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	ElasticsearchInVPC.py
495	CKV_AWS_137	resource	aws_opensearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	ElasticsearchInVPC.py
496	CKV_AWS_138	resource	aws_elb	Ensure that ELB is cross-zone-load-balancing enabled	Terraform	ELBCrossZoneEnable.py
497	CKV_AWS_139	resource	aws_rds_cluster	Ensure that RDS clusters have deletion protection enabled	Terraform	RDSDeletionProtection.py
498	CKV_AWS_140	resource	aws_rds_global_cluster	Ensure that RDS global clusters are encrypted	Terraform	RDSClusterEncrypted.py
499	CKV_AWS_141	resource	aws_redshift_cluster	Ensured that redshift cluster allowing version upgrade by default	Terraform	RedshiftClusterAllowVersionUpgrade.py
500	CKV_AWS_142	resource	aws_redshift_cluster	Ensure that Redshift cluster is encrypted by KMS	Terraform	RedshiftClusterKMSKey.py
501	CKV_AWS_143	resource	aws_s3_bucket	Ensure that S3 bucket has lock configuration enabled by default	Terraform	S3BucketObjectLock.py
502	CKV_AWS_144	resource	aws_s3_bucket	Ensure that S3 bucket has cross-region replication enabled	Terraform	S3BucketReplicationConfiguration.yaml
503	CKV_AWS_144	resource	aws_s3_bucket_replication_configuration	Ensure that S3 bucket has cross-region replication enabled	Terraform	S3BucketReplicationConfiguration.yaml
504	CKV_AWS_145	resource	aws_s3_bucket	Ensure that S3 buckets are encrypted with KMS by default	Terraform	S3KMSEncryptedByDefault.yaml
505	CKV_AWS_145	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure that S3 buckets are encrypted with KMS by default	Terraform	S3KMSEncryptedByDefault.yaml
506	CKV_AWS_146	resource	aws_db_cluster_snapshot	Ensure that RDS database cluster snapshot is encrypted	Terraform	RDSClusterSnapshotEncrypted.py
507	CKV_AWS_147	resource	aws_codebuild_project	Ensure that CodeBuild projects are encrypted using CMK	Terraform	CodebuildUsesCMK.py
508	CKV_AWS_148	resource	aws_default_vpc	Ensure no default VPC is planned to be provisioned	Terraform	VPCDefaultNetwork.py
509	CKV_AWS_149	resource	AWS::SecretsManager::Secret	Ensure that Secrets Manager secret is encrypted using KMS CMK	Cloudformation	SecretManagerSecretEncrypted.py
510	CKV_AWS_149	resource	aws_secretsmanager_secret	Ensure that Secrets Manager secret is encrypted using KMS CMK	Terraform	SecretManagerSecretEncrypted.py
511	CKV_AWS_150	resource	aws_alb	Ensure that Load Balancer has deletion protection enabled	Terraform	LBDeletionProtection.py
512	CKV_AWS_150	resource	aws_lb	Ensure that Load Balancer has deletion protection enabled	Terraform	LBDeletionProtection.py
513	CKV_AWS_152	resource	aws_alb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	LBCrossZone.py
514	CKV_AWS_152	resource	aws_lb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	LBCrossZone.py
515	CKV_AWS_153	resource	aws_autoscaling_group	Autoscaling groups should supply tags to launch configurations	Terraform	AutoScalingTagging.py
516	CKV_AWS_154	resource	AWS::Redshift::Cluster	Ensure Redshift is not deployed outside of a VPC	Cloudformation	RedshiftInEc2ClassicMode.py
517	CKV_AWS_154	resource	aws_redshift_cluster	Ensure Redshift is not deployed outside of a VPC	Terraform	RedshiftInEc2ClassicMode.py
518	CKV_AWS_155	resource	AWS::WorkSpaces::Workspace	Ensure that Workspace user volumes are encrypted	Cloudformation	WorkspaceUserVolumeEncrypted.py
519	CKV_AWS_155	resource	aws_workspaces_workspace	Ensure that Workspace user volumes are encrypted	Terraform	WorkspaceUserVolumeEncrypted.py
520	CKV_AWS_156	resource	AWS::WorkSpaces::Workspace	Ensure that Workspace root volumes are encrypted	Cloudformation	WorkspaceRootVolumeEncrypted.py
521	CKV_AWS_156	resource	aws_workspaces_workspace	Ensure that Workspace root volumes are encrypted	Terraform	WorkspaceRootVolumeEncrypted.py
522	CKV_AWS_157	resource	AWS::RDS::DBInstance	Ensure that RDS instances have Multi-AZ enabled	Cloudformation	RDSMultiAZEnabled.py
523	CKV_AWS_157	resource	aws_db_instance	Ensure that RDS instances have Multi-AZ enabled	Terraform	RDSMultiAZEnabled.py
524	CKV_AWS_158	resource	AWS::Logs::LogGroup	Ensure that CloudWatch Log Group is encrypted by KMS	Cloudformation	CloudWatchLogGroupKMSKey.py
525	CKV_AWS_158	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group is encrypted by KMS	Terraform	CloudWatchLogGroupKMSKey.py
526	CKV_AWS_159	resource	aws_athena_workgroup	Ensure that Athena Workgroup is encrypted	Terraform	AthenaWorkgroupEncryption.py
527	CKV_AWS_160	resource	AWS::Timestream::Database	Ensure that Timestream database is encrypted with KMS CMK	Cloudformation	TimestreamDatabaseKMSKey.py
528	CKV_AWS_160	resource	aws_timestreamwrite_database	Ensure that Timestream database is encrypted with KMS CMK	Terraform	TimestreamDatabaseKMSKey.py
529	CKV_AWS_161	resource	AWS::RDS::DBInstance	Ensure RDS database has IAM authentication enabled	Cloudformation	RDSIAMAuthentication.py
530	CKV_AWS_161	resource	aws_db_instance	Ensure RDS database has IAM authentication enabled	Terraform	RDSIAMAuthentication.py
531	CKV_AWS_162	resource	AWS::RDS::DBCluster	Ensure RDS cluster has IAM authentication enabled	Cloudformation	RDSClusterIAMAuthentication.py
532	CKV_AWS_162	resource	aws_rds_cluster	Ensure RDS cluster has IAM authentication enabled	Terraform	RDSClusterIAMAuthentication.py
533	CKV_AWS_163	resource	AWS::ECR::Repository	Ensure ECR image scanning on push is enabled	Cloudformation	ECRImageScanning.py
534	CKV_AWS_163	resource	aws_ecr_repository	Ensure ECR image scanning on push is enabled	Terraform	ECRImageScanning.py
535	CKV_AWS_164	resource	AWS::Transfer::Server	Ensure Transfer Server is not exposed publicly.	Cloudformation	TransferServerIsPublic.py
536	CKV_AWS_164	resource	aws_transfer_server	Ensure Transfer Server is not exposed publicly.	Terraform	TransferServerIsPublic.py
537	CKV_AWS_165	resource	AWS::DynamoDB::GlobalTable	Ensure Dynamodb global table point in time recovery (backup) is enabled	Cloudformation	DynamodbGlobalTableRecovery.py
538	CKV_AWS_165	resource	aws_dynamodb_global_table	Ensure Dynamodb point in time recovery (backup) is enabled for global tables	Terraform	DynamoDBGlobalTableRecovery.py
539	CKV_AWS_166	resource	AWS::Backup::BackupVault	Ensure Backup Vault is encrypted at rest using KMS CMK	Cloudformation	BackupVaultEncrypted.py
540	CKV_AWS_166	resource	aws_backup_vault	Ensure Backup Vault is encrypted at rest using KMS CMK	Terraform	BackupVaultEncrypted.py
541	CKV_AWS_167	resource	aws_glacier_vault	Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it	Terraform	GlacierVaultAnyPrincipal.py
542	CKV_AWS_168	resource	aws_sqs_queue	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	SQSQueuePolicyAnyPrincipal.py
543	CKV_AWS_168	resource	aws_sqs_queue_policy	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	SQSQueuePolicyAnyPrincipal.py
544	CKV_AWS_169	resource	aws_sns_topic_policy	Ensure SNS topic policy is not public by only allowing specific services or principals to access it	Terraform	SNSTopicPolicyAnyPrincipal.py
545	CKV_AWS_170	resource	AWS::QLDB::Ledger	Ensure QLDB ledger permissions mode is set to STANDARD	Cloudformation	QLDBLedgerPermissionsMode.py
546	CKV_AWS_170	resource	aws_qldb_ledger	Ensure QLDB ledger permissions mode is set to STANDARD	Terraform	QLDBLedgerPermissionsMode.py
547	CKV_AWS_171	resource	aws_emr_security_configuration	Ensure Cluster security configuration encryption is using SSE-KMS	Terraform	EMRClusterIsEncryptedKMS.py
548	CKV_AWS_172	resource	AWS::QLDB::Ledger	Ensure QLDB ledger has deletion protection enabled	Cloudformation	QLDBLedgerDeletionProtection.py
549	CKV_AWS_172	resource	aws_qldb_ledger	Ensure QLDB ledger has deletion protection enabled	Terraform	QLDBLedgerDeletionProtection.py
550	CKV_AWS_173	resource	AWS::Lambda::Function	Check encryption settings for Lambda environmental variable	Cloudformation	LambdaEnvironmentEncryptionSettings.py
551	CKV_AWS_173	resource	AWS::Serverless::Function	Check encryption settings for Lambda environmental variable	Cloudformation	LambdaEnvironmentEncryptionSettings.py
552	CKV_AWS_173	resource	aws_lambda_function	Check encryption settings for Lambda environmental variable	Terraform	LambdaEnvironmentEncryptionSettings.py
553	CKV_AWS_174	resource	AWS::CloudFront::Distribution	Verify CloudFront Distribution Viewer Certificate is using TLS v1.2	Cloudformation	CloudFrontTLS12.py
554	CKV_AWS_174	resource	aws_cloudfront_distribution	Verify CloudFront Distribution Viewer Certificate is using TLS v1.2	Terraform	CloudfrontTLS12.py
555	CKV_AWS_175	resource	aws_waf_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
556	CKV_AWS_175	resource	aws_wafregional_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
557	CKV_AWS_175	resource	aws_wafv2_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
558	CKV_AWS_176	resource	aws_waf_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	WAFHasLogs.py
559	CKV_AWS_176	resource	aws_wafregional_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	WAFHasLogs.py
560	CKV_AWS_177	resource	aws_kinesis_video_stream	Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	KinesisVideoEncryptedWithCMK.py
561	CKV_AWS_178	resource	aws_fsx_ontap_file_system	Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXOntapFSEncryptedWithCMK.py
562	CKV_AWS_179	resource	aws_fsx_windows_file_system	Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXWindowsFSEncryptedWithCMK.py
563	CKV_AWS_180	resource	aws_imagebuilder_component	Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK)	Terraform	ImagebuilderComponentEncryptedWithCMK.py
564	CKV_AWS_181	resource	aws_s3_object_copy	Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	S3ObjectCopyEncryptedWithCMK.py
565	CKV_AWS_182	resource	aws_docdb_cluster	Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK)	Terraform	DocDBEncryptedWithCMK.py
566	CKV_AWS_183	resource	aws_ebs_snapshot_copy	Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	EBSSnapshotCopyEncryptedWithCMK.py
567	CKV_AWS_184	resource	aws_efs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	EFSFileSystemEncryptedWithCMK.py
568	CKV_AWS_185	resource	aws_kinesis_stream	Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	KinesisStreamEncryptedWithCMK.py
569	CKV_AWS_186	resource	aws_s3_bucket_object	Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)	Terraform	S3BucketObjectEncryptedWithCMK.py
570	CKV_AWS_187	resource	aws_sagemaker_domain	Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	SagemakerDomainEncryptedWithCMK.py
571	CKV_AWS_188	resource	aws_redshift_cluster	Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)	Terraform	RedshiftClusterEncryptedWithCMK.py
572	CKV_AWS_189	resource	aws_ebs_volume	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	EBSVolumeEncryptedWithCMK.py
573	CKV_AWS_190	resource	aws_fsx_lustre_file_system	Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK)	Terraform	LustreFSEncryptedWithCMK.py
574	CKV_AWS_191	resource	aws_elasticache_replication_group	Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)	Terraform	ElasticacheReplicationGroupEncryptedWithCMK.py
575	CKV_AWS_192	resource	AWS::WAFv2::WebACL	Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Cloudformation	WAFACLCVE202144228.py
576	CKV_AWS_192	resource	aws_wafv2_web_acl	Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	WAFACLCVE202144228.py
577	CKV_AWS_193	resource	AWS::AppSync::GraphQLApi	Ensure AppSync has Logging enabled	Cloudformation	AppSyncLogging.py
578	CKV_AWS_193	resource	aws_appsync_graphql_api	Ensure AppSync has Logging enabled	Terraform	AppSyncLogging.py
579	CKV_AWS_194	resource	AWS::AppSync::GraphQLApi	Ensure AppSync has Field-Level logs enabled	Cloudformation	AppSyncFieldLevelLogs.py
580	CKV_AWS_194	resource	aws_appsync_graphql_api	Ensure AppSync has Field-Level logs enabled	Terraform	AppSyncFieldLevelLogs.py
581	CKV_AWS_195	resource	AWS::Glue::Crawler	Ensure Glue component has a security configuration associated	Cloudformation	GlueSecurityConfigurationEnabled.py
582	CKV_AWS_195	resource	AWS::Glue::DevEndpoint	Ensure Glue component has a security configuration associated	Cloudformation	GlueSecurityConfigurationEnabled.py
583	CKV_AWS_195	resource	AWS::Glue::Job	Ensure Glue component has a security configuration associated	Cloudformation	GlueSecurityConfigurationEnabled.py
584	CKV_AWS_195	resource	aws_glue_crawler	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
585	CKV_AWS_195	resource	aws_glue_dev_endpoint	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
586	CKV_AWS_195	resource	aws_glue_job	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
587	CKV_AWS_196	resource	aws_elasticache_security_group	Ensure no aws_elasticache_security_group resources exist	Terraform	ElasticacheHasSecurityGroup.py
588	CKV_AWS_197	resource	AWS::AmazonMQ::Broker	Ensure MQ Broker Audit logging is enabled	Cloudformation	MQBrokerAuditLogging.py
589	CKV_AWS_197	resource	aws_mq_broker	Ensure MQ Broker Audit logging is enabled	Terraform	MQBrokerAuditLogging.py
590	CKV_AWS_198	resource	aws_db_security_group	Ensure no aws_db_security_group resources exist	Terraform	RDSHasSecurityGroup.py
591	CKV_AWS_199	resource	aws_imagebuilder_distribution_configuration	Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK)	Terraform	ImagebuilderDistributionConfigurationEncryptedWithCMK.py
592	CKV_AWS_200	resource	aws_imagebuilder_image_recipe	Ensure that Image Recipe EBS Disk are encrypted with CMK	Terraform	ImagebuilderImageRecipeEBSEncrypted.py
593	CKV_AWS_201	resource	aws_memorydb_cluster	Ensure MemoryDB is encrypted at rest using KMS CMKs	Terraform	MemoryDBEncryptionWithCMK.py
594	CKV_AWS_202	resource	aws_memorydb_cluster	Ensure MemoryDB data is encrypted in transit	Terraform	MemoryDBClusterIntransitEncryption.py
595	CKV_AWS_203	resource	aws_fsx_openzfs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXOpenZFSFileSystemEncryptedWithCMK.py
596	CKV_AWS_204	resource	aws_ami	Ensure AMIs are encrypted using KMS CMKs	Terraform	AMIEncryption.py
597	CKV_AWS_205	resource	aws_ami_launch_permission	Ensure to Limit AMI launch Permissions	Terraform	AMILaunchIsShared.py
598	CKV_AWS_206	resource	aws_api_gateway_domain_name	Ensure API Gateway Domain uses a modern security Policy	Terraform	APIGatewayDomainNameTLS.py
599	CKV_AWS_207	resource	aws_mq_broker	Ensure MQ Broker minor version updates are enabled	Terraform	MQBrokerMinorAutoUpgrade.py
600	CKV_AWS_208	resource	aws_mq_broker	Ensure MQBroker version is current	Terraform	MQBrokerVersion.py
601	CKV_AWS_208	resource	aws_mq_configuration	Ensure MQBroker version is current	Terraform	MQBrokerVersion.py
602	CKV_AWS_209	resource	aws_mq_broker	Ensure MQ broker encrypted by KMS using a customer managed Key (CMK)	Terraform	MQBrokerEncryptedWithCMK.py
603	CKV_AWS_210	resource	aws_batch_job_definition	Batch job does not define a privileged container	Terraform	BatchJobIsNotPrivileged.py
604	CKV_AWS_211	resource	aws_db_instance	Ensure RDS uses a modern CaCert	Terraform	RDSCACertIsRecent.py
605	CKV_AWS_212	resource	aws_dms_replication_instance	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	DMSReplicationInstanceEncryptedWithCMK.py
606	CKV_AWS_213	resource	aws_load_balancer_policy	Ensure ELB Policy uses only secure protocols	Terraform	ELBPolicyUsesSecureProtocols.py
607	CKV_AWS_214	resource	aws_appsync_api_cache	Ensure Appsync API Cache is encrypted at rest	Terraform	AppsyncAPICacheEncryptionAtRest.py
608	CKV_AWS_215	resource	aws_appsync_api_cache	Ensure Appsync API Cache is encrypted in transit	Terraform	AppsyncAPICacheEncryptionInTransit.py
609	CKV_AWS_216	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution is enabled	Terraform	CloudfrontDistributionEnabled.py
610	CKV_AWS_217	resource	aws_api_gateway_deployment	Ensure Create before destroy for API deployments	Terraform	APIGatewayDeploymentCreateBeforeDestroy.py
611	CKV_AWS_218	resource	aws_cloudsearch_domain	Ensure that Cloudsearch is using latest TLS	Terraform	CloudsearchDomainTLS.py
612	CKV_AWS_219	resource	aws_codepipeline	Ensure Code Pipeline Artifact store is using a KMS CMK	Terraform	CodePipelineArtifactsEncrypted.py
613	CKV_AWS_220	resource	aws_cloudsearch_domain	Ensure that Cloudsearch is using https	Terraform	CloudsearchDomainEnforceHttps.py
614	CKV_AWS_221	resource	aws_codeartifact_domain	Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	CodeArtifactDomainEncryptedWithCMK.py
615	CKV_AWS_222	resource	aws_dms_replication_instance	Ensure DMS instance gets all minor upgrade automatically	Terraform	DMSReplicationInstanceMinorUpgrade.py
616	CKV_AWS_223	resource	aws_ecs_cluster	Ensure ECS Cluster enables logging of ECS Exec	Terraform	ECSClusterLoggingEnabled.py
617	CKV_AWS_224	resource	aws_ecs_cluster	Ensure ECS Cluster logging uses CMK	Terraform	ECSClusterLoggingEncryptedWithCMK.py
618	CKV_AWS_225	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is enabled	Terraform	APIGatewayMethodSettingsCacheEnabled.py
619	CKV_AWS_226	resource	aws_db_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	DBInstanceMinorUpgrade.py
620	CKV_AWS_226	resource	aws_rds_cluster_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	DBInstanceMinorUpgrade.py
621	CKV_AWS_227	resource	aws_kms_key	Ensure KMS key is enabled	Terraform	KMSKeyIsEnabled.py
622	CKV_AWS_228	resource	aws_elasticsearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	ElasticsearchTLSPolicy.py
623	CKV_AWS_228	resource	aws_opensearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	ElasticsearchTLSPolicy.py
624	CKV_AWS_229	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	NetworkACLUnrestrictedIngress21.py
625	CKV_AWS_229	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	NetworkACLUnrestrictedIngress21.py
626	CKV_AWS_230	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	NetworkACLUnrestrictedIngress20.py
627	CKV_AWS_230	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	NetworkACLUnrestrictedIngress20.py
628	CKV_AWS_231	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	NetworkACLUnrestrictedIngress3389.py
629	CKV_AWS_231	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	NetworkACLUnrestrictedIngress3389.py
630	CKV_AWS_232	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	NetworkACLUnrestrictedIngress22.py
631	CKV_AWS_232	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	NetworkACLUnrestrictedIngress22.py
632	CKV_AWS_233	resource	aws_acm_certificate	Ensure Create before destroy for ACM certificates	Terraform	ACMCertCreateBeforeDestroy.py
633	CKV_AWS_234	resource	aws_acm_certificate	Verify logging preference for ACM certificates	Terraform	ACMCertSetLoggingPreference.py
634	CKV_AWS_235	resource	aws_ami_copy	Ensure that copied AMIs are encrypted	Terraform	AMICopyIsEncrypted.py
635	CKV_AWS_236	resource	aws_ami_copy	Ensure AMI copying uses a CMK	Terraform	AMICopyUsesCMK.py
636	CKV_AWS_237	resource	aws_api_gateway_rest_api	Ensure Create before destroy for API GATEWAY	Terraform	APIGatewayCreateBeforeDestroy.py
637	CKV_AWS_238	resource	aws_guardduty_detector	Ensure that Guard Duty detector is enabled	Terraform	GuarddutyDetectorEnabled.py
638	CKV_AWS_239	resource	aws_dax_cluster	Ensure DAX cluster endpoint is using TLS	Terraform	DAXEndpointTLS.py
639	CKV_AWS_240	resource	aws_kinesis_firehose_delivery_stream	Ensure Kinesis Firehose delivery stream is encrypted	Terraform	KinesisFirehoseDeliveryStreamSSE.py
640	CKV_AWS_241	resource	aws_kinesis_firehose_delivery_stream	Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK	Terraform	KinesisFirehoseDeliveryStreamUsesCMK.py
641	CKV_AWS_242	resource	aws_mwaa_environment	Ensure MWAA environment has scheduler logs enabled	Terraform	MWAASchedulerLogsEnabled.py
642	CKV_AWS_243	resource	aws_mwaa_environment	Ensure MWAA environment has worker logs enabled	Terraform	MWAAWorkerLogsEnabled.py
643	CKV_AWS_244	resource	aws_mwaa_environment	Ensure MWAA environment has webserver logs enabled	Terraform	MWAAWebserverLogsEnabled.py
644	CKV_AWS_245	resource	aws_db_instance_automated_backups_replication	Ensure replicated backups are encrypted at rest using KMS CMKs	Terraform	RDSInstanceAutoBackupEncryptionWithCMK.py
645	CKV_AWS_246	resource	aws_rds_cluster_activity_stream	Ensure RDS Cluster activity streams are encrypted using KMS CMKs	Terraform	RDSClusterActivityStreamEncryptedWithCMK.py
646	CKV_AWS_247	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	ElasticsearchEncryptionWithCMK.py
647	CKV_AWS_247	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	ElasticsearchEncryptionWithCMK.py
648	CKV_AWS_248	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	ElasticsearchDefaultSG.py
649	CKV_AWS_248	resource	aws_opensearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	ElasticsearchDefaultSG.py
650	CKV_AWS_249	resource	aws_ecs_task_definition	Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions	Terraform	ECSTaskDefinitionRoleCheck.py
651	CKV_AWS_250	resource	aws_db_instance	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	RDSPostgreSQLLogFDWExtension.py
652	CKV_AWS_250	resource	aws_rds_cluster	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	RDSPostgreSQLLogFDWExtension.py
653	CKV_AWS_251	resource	aws_cloudtrail	Ensure CloudTrail logging is enabled	Terraform	CloudtrailEnableLogging.py
654	CKV_AWS_252	resource	aws_cloudtrail	Ensure CloudTrail defines an SNS Topic	Terraform	CloudtrailDefinesSNSTopic.py
655	CKV_AWS_253	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted	Terraform	DLMEventsCrossRegionEncryption.py
656	CKV_AWS_254	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted with Customer Managed Key	Terraform	DLMEventsCrossRegionEncryptionWithCMK.py
657	CKV_AWS_255	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted	Terraform	DLMScheduleCrossRegionEncryption.py
658	CKV_AWS_256	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted using a Customer Managed Key	Terraform	DLMScheduleCrossRegionEncryptionWithCMK.py
659	CKV_AWS_257	resource	aws_codecommit_approval_rule_template	Ensure codecommit branch changes have at least 2 approvals	Terraform	CodecommitApprovalsRulesRequireMin2.py
660	CKV_AWS_258	resource	AWS::Lambda::Url	Ensure that Lambda function URLs AuthType is not None	Cloudformation	LambdaFunctionURLAuth.py
661	CKV_AWS_258	resource	aws_lambda_function_url	Ensure that Lambda function URLs AuthType is not None	Terraform	LambdaFunctionURLAuth.py
662	CKV_AWS_259	resource	aws_cloudfront_response_headers_policy	Ensure CloudFront response header policy enforces Strict Transport Security	Terraform	CloudFrontResponseHeaderStrictTransportSecurity.py
663	CKV_AWS_260	resource	AWS::EC2::SecurityGroup	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Cloudformation	SecurityGroupUnrestrictedIngress80.py
664	CKV_AWS_260	resource	AWS::EC2::SecurityGroupIngress	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Cloudformation	SecurityGroupUnrestrictedIngress80.py
665	CKV_AWS_260	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
666	CKV_AWS_260	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
667	CKV_AWS_260	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
668	CKV_AWS_261	resource	aws_alb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupsDefinesHealthcheck.py
669	CKV_AWS_261	resource	aws_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupsDefinesHealthcheck.py
670	CKV_AWS_262	resource	aws_kendra_index	Ensure Kendra index Server side encryption uses CMK	Terraform	KendraIndexSSEUsesCMK.py
671	CKV_AWS_263	resource	aws_appflow_flow	Ensure App Flow flow uses CMK	Terraform	AppFlowUsesCMK.py
672	CKV_AWS_264	resource	aws_appflow_connector_profile	Ensure App Flow connector profile uses CMK	Terraform	AppFlowConnectorProfileUsesCMK.py
673	CKV_AWS_265	resource	aws_keyspaces_table	Ensure Keyspaces Table uses CMK	Terraform	KeyspacesTableUsesCMK.py
674	CKV_AWS_266	resource	aws_db_snapshot_copy	Ensure App Flow connector profile uses CMK	Terraform	DBSnapshotCopyUsesCMK.py
675	CKV_AWS_267	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s model is encrypted by KMS using a customer managed Key (CMK)	Terraform	ComprehendEntityRecognizerModelUsesCMK.py
676	CKV_AWS_268	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	ComprehendEntityRecognizerVolumeUsesCMK.py
677	CKV_AWS_269	resource	aws_connect_instance_storage_config	Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK	Terraform	ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py
678	CKV_AWS_270	resource	aws_connect_instance_storage_config	Ensure Connect Instance S3 Storage Config uses CMK	Terraform	ConnectInstanceS3StorageConfigUsesCMK.py
679	CKV_AWS_271	resource	aws_dynamodb_table_replica	Ensure DynamoDB table replica KMS encryption uses CMK	Terraform	DynamoDBTableReplicaKMSUsesCMK.py
680	CKV_AWS_272	resource	aws_lambda_function	Ensure AWS Lambda function is configured to validate code-signing	Terraform	LambdaCodeSigningConfigured.py
681	CKV_AWS_273	resource	aws_iam_user	Ensure access is controlled through SSO and not AWS IAM defined users	Terraform	IAMUserNotUsedForAccess.py
682	CKV_AWS_274	resource	aws_iam_group_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
683	CKV_AWS_274	resource	aws_iam_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
684	CKV_AWS_274	resource	aws_iam_role	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
685	CKV_AWS_274	resource	aws_iam_role_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
686	CKV_AWS_274	resource	aws_iam_user_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
687	CKV_AWS_274	resource	aws_ssoadmin_managed_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
688	CKV_AWS_275	data	aws_iam_policy	Disallow policies from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
689	CKV_AWS_276	resource	aws_api_gateway_method_settings	Ensure Data Trace is not enabled in API Gateway Method Settings	Terraform	APIGatewayMethodSettingsDataTrace.py
690	CKV_AWS_277	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
691	CKV_AWS_277	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
692	CKV_AWS_277	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
693	CKV_AWS_278	resource	aws_memorydb_snapshot	Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	MemoryDBSnapshotEncryptionWithCMK.py
694	CKV_AWS_279	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is securely encrypted	Terraform	NeptuneClusterSnapshotEncrypted.py
695	CKV_AWS_280	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	NeptuneClusterSnapshotEncryptedWithCMK.py
696	CKV_AWS_281	resource	aws_redshift_snapshot_copy_grant	Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py
697	CKV_AWS_282	resource	aws_redshiftserverless_namespace	Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK)	Terraform	RedshiftServerlessNamespaceKMSKey.py
698	CKV_AWS_283	data	aws_iam_policy_document	Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource	Terraform	IAMPublicActionsPolicy.py
699	CKV_AWS_284	resource	aws_sfn_state_machine	Ensure State Machine has X-Ray tracing enabled	Terraform	StateMachineXray.py
700	CKV_AWS_285	resource	aws_sfn_state_machine	Ensure State Machine has execution history logging enabled	Terraform	StateMachineLoggingExecutionHistory.py
701	CKV_AWS_286	resource	aws_iam_group_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
702	CKV_AWS_286	resource	aws_iam_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
703	CKV_AWS_286	resource	aws_iam_role_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
704	CKV_AWS_286	resource	aws_iam_user_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
705	CKV_AWS_286	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
706	CKV_AWS_287	resource	aws_iam_group_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
707	CKV_AWS_287	resource	aws_iam_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
708	CKV_AWS_287	resource	aws_iam_role_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
709	CKV_AWS_287	resource	aws_iam_user_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
710	CKV_AWS_287	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
711	CKV_AWS_288	resource	aws_iam_group_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
712	CKV_AWS_288	resource	aws_iam_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
713	CKV_AWS_288	resource	aws_iam_role_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
714	CKV_AWS_288	resource	aws_iam_user_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
715	CKV_AWS_288	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
716	CKV_AWS_289	resource	aws_iam_group_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
717	CKV_AWS_289	resource	aws_iam_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
718	CKV_AWS_289	resource	aws_iam_role_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
719	CKV_AWS_289	resource	aws_iam_user_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
720	CKV_AWS_289	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
721	CKV_AWS_290	resource	aws_iam_group_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
722	CKV_AWS_290	resource	aws_iam_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
723	CKV_AWS_290	resource	aws_iam_role_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
724	CKV_AWS_290	resource	aws_iam_user_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
725	CKV_AWS_290	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
726	CKV_AWS_291	resource	aws_msk_cluster	Ensure MSK nodes are private	Terraform	MSKClusterNodesArePrivate.py
727	CKV_AWS_292	resource	aws_docdb_global_cluster	Ensure DocDB Global Cluster is encrypted at rest (default is unencrypted)	Terraform	DocDBGlobalClusterEncryption.py
728	CKV_AWS_293	resource	aws_db_instance	Ensure that AWS database instances have deletion protection enabled	Terraform	RDSInstanceDeletionProtection.py
729	CKV_AWS_294	resource	aws_cloudtrail_event_data_store	Ensure Cloud Trail Event Data Store uses CMK	Terraform	CloudtrailEventDataStoreUsesCMK.py
730	CKV_AWS_295	resource	aws_datasync_location_object_storage	Ensure DataSync Location Object Storage doesn’t expose secrets	Terraform	DatasyncLocationExposesSecrets.py
731	CKV_AWS_296	resource	aws_dms_endpoint	Ensure DMS endpoint uses Customer Managed Key (CMK)	Terraform	DMSEndpointUsesCMK.py
732	CKV_AWS_297	resource	aws_scheduler_schedule	Ensure EventBridge Scheduler Schedule uses Customer Managed Key (CMK)	Terraform	SchedulerScheduleUsesCMK.py
733	CKV_AWS_298	resource	aws_dms_s3_endpoint	Ensure DMS S3 uses Customer Managed Key (CMK)	Terraform	DMSS3UsesCMK.py
734	CKV_AWS_299	resource	aws_dms_s3_endpoint	Ensure DMS S3 defines in-transit encryption	Terraform	DMSS3DefinesIntransitEncryption.py
735	CKV_AWS_300	resource	aws_s3_bucket_lifecycle_configuration	Ensure S3 lifecycle configuration sets period for aborting failed uploads	Terraform	S3AbortIncompleteUploads.py
736	CKV_AWS_301	resource	aws_lambda_permission	Ensure that AWS Lambda function is not publicly accessible	Terraform	LambdaFunctionIsNotPublic.py
737	CKV_AWS_302	resource	aws_db_snapshot	Ensure DB Snapshots are not Public	Terraform	DBSnapshotsArePrivate.py
738	CKV_AWS_303	resource	aws_ssm_document	Ensure SSM documents are not Public	Terraform	SSMDocumentsArePrivate.py
739	CKV_AWS_304	resource	aws_secretsmanager_secret_rotation	Ensure Secrets Manager secrets should be rotated within 90 days	Terraform	SecretManagerSecret90days.py
740	CKV_AWS_305	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution has a default root object configured	Terraform	CloudfrontDistributionDefaultRoot.py
741	CKV_AWS_306	resource	aws_sagemaker_notebook_instance	Ensure SageMaker notebook instances should be launched into a custom VPC	Terraform	SagemakerNotebookInCustomVPC.py
742	CKV_AWS_307	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Users should not have root access to SageMaker notebook instances	Terraform	SagemakerNotebookRoot.py
743	CKV_AWS_308	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is set to encrypted	Terraform	APIGatewayMethodSettingsCacheEncrypted.py
744	CKV_AWS_309	resource	aws_apigatewayv2_route	Ensure API GatewayV2 routes specify an authorization type	Terraform	APIGatewayV2RouteDefinesAuthorizationType.py
745	CKV_AWS_310	resource	aws_cloudfront_distribution	Ensure CloudFront distributions should have origin failover configured	Terraform	CloudfrontDistributionOriginFailover.py
746	CKV_AWS_311	resource	aws_codebuild_project	Ensure that CodeBuild S3 logs are encrypted	Terraform	CodebuildS3LogsEncrypted.py
747	CKV_AWS_312	resource	aws_elastic_beanstalk_environment	Ensure Elastic Beanstalk environments have enhanced health reporting enabled	Terraform	ElasticBeanstalkUseEnhancedHealthChecks.py
748	CKV_AWS_313	resource	aws_rds_cluster	Ensure RDS cluster configured to copy tags to snapshots	Terraform	RDSClusterCopyTags.py
749	CKV_AWS_314	resource	aws_codebuild_project	Ensure CodeBuild project environments have a logging configuration	Terraform	CodebuildHasLogs.py
750	CKV_AWS_315	resource	aws_autoscaling_group	Ensure EC2 Auto Scaling groups use EC2 launch templates	Terraform	AutoScalingLaunchTemplate.py
751	CKV_AWS_316	resource	aws_codebuild_project	Ensure CodeBuild project environments do not have privileged mode enabled	Terraform	CodeBuildPrivilegedMode.py
752	CKV_AWS_317	resource	AWS::Elasticsearch::Domain	Ensure Elasticsearch Domain Audit Logging is enabled	Cloudformation	ElasticsearchDomainAuditLogging.py
753	CKV_AWS_317	resource	AWS::OpenSearchService::Domain	Ensure Elasticsearch Domain Audit Logging is enabled	Cloudformation	ElasticsearchDomainAuditLogging.py
754	CKV_AWS_317	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Audit Logging is enabled	Terraform	ElasticsearchDomainAuditLogging.py
755	CKV_AWS_317	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Audit Logging is enabled	Terraform	ElasticsearchDomainAuditLogging.py
756	CKV_AWS_318	resource	aws_elasticsearch_domain	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA	Terraform	ElasticsearchDomainHA.py
757	CKV_AWS_318	resource	aws_opensearch_domain	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA	Terraform	ElasticsearchDomainHA.py
758	CKV_AWS_319	resource	aws_cloudwatch_metric_alarm	Ensure that CloudWatch alarm actions are enabled	Terraform	CloudWatchAlarmsEnabled.py
759	CKV_AWS_320	resource	aws_redshift_cluster	Ensure Redshift clusters do not use the default database name	Terraform	RedshiftClusterDatabaseName.py
760	CKV_AWS_321	resource	aws_redshift_cluster	Ensure Redshift clusters use enhanced VPC routing	Terraform	RedshiftClusterUseEnhancedVPCRouting.py
761	CKV_AWS_322	resource	aws_elasticache_cluster	Ensure ElastiCache for Redis cache clusters have auto minor version upgrades enabled	Terraform	ElasticCacheAutomaticMinorUpgrades.py
762	CKV_AWS_323	resource	aws_elasticache_cluster	Ensure ElastiCache clusters do not use the default subnet group	Terraform	ElastiCacheHasCustomSubnet.py
763	CKV_AWS_324	resource	aws_rds_cluster	Ensure that RDS Cluster log capture is enabled	Terraform	RDSClusterLogging.py
764	CKV_AWS_325	resource	aws_rds_cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine	Terraform	RDSClusterAuditLogging.py
765	CKV_AWS_326	resource	aws_rds_cluster	Ensure that RDS Aurora Clusters have backtracking enabled	Terraform	RDSClusterAuroraBacktrack.py
766	CKV_AWS_327	resource	aws_rds_cluster	Ensure RDS Clusters are encrypted using KMS CMKs	Terraform	RDSClusterEncryptedWithCMK.py
767	CKV_AWS_328	resource	aws_alb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
768	CKV_AWS_328	resource	aws_elb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
769	CKV_AWS_328	resource	aws_lb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
770	CKV_AWS_329	resource	aws_efs_access_point	EFS access points should enforce a root directory	Terraform	EFSAccessPointRoot.py
771	CKV_AWS_330	resource	aws_efs_access_point	EFS access points should enforce a user identity	Terraform	EFSAccessUserIdentity.py
772	CKV_AWS_331	resource	aws_ec2_transit_gateway	Ensure Transit Gateways do not automatically accept VPC attachment requests	Terraform	Ec2TransitGatewayAutoAccept.py
773	CKV_AWS_332	resource	aws_ecs_service	Ensure ECS Fargate services run on the latest Fargate platform version	Terraform	ECSServiceFargateLatest.py
774	CKV_AWS_333	resource	aws_ecs_service	Ensure ECS services do not have public IP addresses assigned to them automatically	Terraform	ECSServicePublicIP.py
775	CKV_AWS_334	resource	aws_ecs_task_definition	Ensure ECS containers should run as non-privileged	Terraform	ECSContainerPrivilege.py
776	CKV_AWS_335	resource	aws_ecs_task_definition	Ensure ECS task definitions should not share the host’s process namespace	Terraform	ECSContainerHostProcess.py
777	CKV_AWS_336	resource	aws_ecs_task_definition	Ensure ECS containers are limited to read-only access to root filesystems	Terraform	ECSContainerReadOnlyRoot.py
778	CKV_AWS_337	resource	aws_ssm_parameter	Ensure SSM parameters are using KMS CMK	Terraform	SSMParameterUsesCMK.py
779	CKV_AWS_338	resource	aws_cloudwatch_log_group	Ensure CloudWatch log groups retains logs for at least 1 year	Terraform	CloudWatchLogGroupRetentionYear.py
780	CKV_AWS_339	resource	aws_eks_cluster	Ensure EKS clusters run on a supported Kubernetes version	Terraform	EKSPlatformVersion.py
781	CKV_AWS_340	resource	aws_elastic_beanstalk_environment	Ensure Elastic Beanstalk managed platform updates are enabled	Terraform	ElasticBeanstalkUseManagedUpdates.py
782	CKV_AWS_341	resource	aws_launch_configuration	Ensure Launch template should not have a metadata response hop limit greater than 1	Terraform	LaunchTemplateMetadataHop.py
783	CKV_AWS_341	resource	aws_launch_template	Ensure Launch template should not have a metadata response hop limit greater than 1	Terraform	LaunchTemplateMetadataHop.py
784	CKV_AWS_342	resource	aws_waf_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
785	CKV_AWS_342	resource	aws_waf_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
786	CKV_AWS_342	resource	aws_wafregional_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
787	CKV_AWS_342	resource	aws_wafregional_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
788	CKV_AWS_342	resource	aws_wafv2_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
789	CKV_AWS_342	resource	aws_wafv2_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
790	CKV_AWS_343	resource	aws_redshift_cluster	Ensure Amazon Redshift clusters should have automatic snapshots enabled	Terraform	RedshiftClusterAutoSnap.py
791	CKV_AWS_344	resource	aws_networkfirewall_firewall	Ensure that Network firewalls have deletion protection enabled	Terraform	NetworkFirewallDeletionProtection.py
792	CKV_AWS_345	resource	aws_networkfirewall_firewall	Ensure that Network firewall encryption is via a CMK	Terraform	NetworkFirewallUsesCMK.py
793	CKV_AWS_345	resource	aws_networkfirewall_rule_group	Ensure that Network firewall encryption is via a CMK	Terraform	NetworkFirewallUsesCMK.py
794	CKV_AWS_346	resource	aws_networkfirewall_firewall_policy	Ensure Network Firewall Policy defines an encryption configuration that uses a customer managed Key (CMK)	Terraform	NetworkFirewallPolicyDefinesCMK.py
795	CKV_AWS_347	resource	aws_neptune_cluster	Ensure Neptune is encrypted by KMS using a customer managed Key (CMK)	Terraform	NeptuneClusterEncryptedWithCMK.py
796	CKV_AWS_348	resource	aws_iam_access_key	Ensure IAM root user doesnt have Access keys	Terraform	IAMUserRootAccessKeys.py
797	CKV_AWS_349	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts local disks	Terraform	EMRClusterConfEncryptsLocalDisk.py
798	CKV_AWS_350	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts ebs disks	Terraform	EMRClusterConfEncryptsEBS.py
799	CKV_AWS_351	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts InTransit	Terraform	EMRClusterConfEncryptsInTransit.py
800	CKV_AWS_352	resource	aws_network_acl_rule	Ensure NACL ingress does not allow all Ports	Terraform	NetworkACLUnrestricted.py
801	CKV_AWS_353	resource	aws_db_instance	Ensure that RDS instances have performance insights enabled	Terraform	RDSInstancePerformanceInsights.py
802	CKV_AWS_353	resource	aws_rds_cluster_instance	Ensure that RDS instances have performance insights enabled	Terraform	RDSInstancePerformanceInsights.py
803	CKV_AWS_354	resource	aws_db_instance	Ensure RDS Performance Insights are encrypted using KMS CMKs	Terraform	RDSInstancePerfInsightsEncryptionWithCMK.py
804	CKV_AWS_354	resource	aws_rds_cluster_instance	Ensure RDS Performance Insights are encrypted using KMS CMKs	Terraform	RDSInstancePerfInsightsEncryptionWithCMK.py
805	CKV_AWS_355	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
806	CKV_AWS_355	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
807	CKV_AWS_355	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
808	CKV_AWS_355	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
809	CKV_AWS_355	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
810	CKV_AWS_356	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	ResourcePolicyDocument.py
811	CKV2_AWS_1	resource	aws_network_acl	Ensure that all NACL are attached to subnets	Terraform	SubnetHasACL.yaml
812	CKV2_AWS_1	resource	aws_subnet	Ensure that all NACL are attached to subnets	Terraform	SubnetHasACL.yaml
813	CKV2_AWS_2	resource	aws_ebs_volume	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
814	CKV2_AWS_2	resource	aws_volume_attachment	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
815	CKV2_AWS_3	resource	aws_guardduty_detector	Ensure GuardDuty is enabled to specific org/region	Terraform	GuardDutyIsEnabled.yaml
816	CKV2_AWS_3	resource	aws_guardduty_organization_configuration	Ensure GuardDuty is enabled to specific org/region	Terraform	GuardDutyIsEnabled.yaml
817	CKV2_AWS_4	resource	aws_api_gateway_method_settings	Ensure API Gateway stage have logging level defined as appropriate	Terraform	APIGWLoggingLevelsDefinedProperly.yaml
818	CKV2_AWS_4	resource	aws_api_gateway_stage	Ensure API Gateway stage have logging level defined as appropriate	Terraform	APIGWLoggingLevelsDefinedProperly.yaml
819	CKV2_AWS_5	resource	aws_security_group	Ensure that Security Groups are attached to another resource	Terraform	SGAttachedToResource.yaml
820	CKV2_AWS_6	resource	aws_s3_bucket	Ensure that S3 bucket has a Public Access block	Terraform	S3BucketHasPublicAccessBlock.yaml
821	CKV2_AWS_6	resource	aws_s3_bucket_public_access_block	Ensure that S3 bucket has a Public Access block	Terraform	S3BucketHasPublicAccessBlock.yaml
822	CKV2_AWS_7	resource	aws_emr_cluster	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	AMRClustersNotOpenToInternet.yaml
823	CKV2_AWS_7	resource	aws_security_group	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	AMRClustersNotOpenToInternet.yaml
824	CKV2_AWS_8	resource	aws_rds_cluster	Ensure that RDS clusters has backup plan of AWS Backup	Terraform	RDSClusterHasBackupPlan.yaml
825	CKV2_AWS_9	resource	aws_backup_selection	Ensure that EBS are added in the backup plans of AWS Backup	Terraform	EBSAddedBackup.yaml
826	CKV2_AWS_10	resource	aws_cloudtrail	Ensure CloudTrail trails are integrated with CloudWatch Logs	Terraform	CloudtrailHasCloudwatch.yaml
827	CKV2_AWS_11	resource	aws_vpc	Ensure VPC flow logging is enabled in all VPCs	Terraform	VPCHasFlowLog.yaml
828	CKV2_AWS_12	resource	aws_default_security_group	Ensure the default security group of every VPC restricts all traffic	Terraform	VPCHasRestrictedSG.yaml
829	CKV2_AWS_12	resource	aws_vpc	Ensure the default security group of every VPC restricts all traffic	Terraform	VPCHasRestrictedSG.yaml
830	CKV2_AWS_14	resource	aws_iam_group	Ensure that IAM groups includes at least one IAM user	Terraform	IAMGroupHasAtLeastOneUser.yaml
831	CKV2_AWS_14	resource	aws_iam_group_membership	Ensure that IAM groups includes at least one IAM user	Terraform	IAMGroupHasAtLeastOneUser.yaml
832	CKV2_AWS_15	resource	aws_autoscaling_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
833	CKV2_AWS_15	resource	aws_elb	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
834	CKV2_AWS_15	resource	aws_lb_target_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
835	CKV2_AWS_16	resource	aws_appautoscaling_target	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	AutoScalingEnableOnDynamoDBTables.yaml
836	CKV2_AWS_16	resource	aws_dynamodb_table	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	AutoScalingEnableOnDynamoDBTables.yaml
837	CKV2_AWS_18	resource	aws_backup_selection	Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup	Terraform	EFSAddedBackup.yaml
838	CKV2_AWS_19	resource	aws_eip	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	EIPAllocatedToVPCAttachedEC2.yaml
839	CKV2_AWS_19	resource	aws_eip_association	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	EIPAllocatedToVPCAttachedEC2.yaml
840	CKV2_AWS_20	resource	aws_alb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
841	CKV2_AWS_20	resource	aws_alb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
842	CKV2_AWS_20	resource	aws_lb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
843	CKV2_AWS_20	resource	aws_lb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
844	CKV2_AWS_21	resource	aws_iam_group_membership	Ensure that all IAM users are members of at least one IAM group.	Terraform	IAMUsersAreMembersAtLeastOneGroup.yaml
845	CKV2_AWS_22	resource	aws_iam_user	Ensure an IAM User does not have access to the console	Terraform	IAMUserHasNoConsoleAccess.yaml
846	CKV2_AWS_23	resource	aws_route53_record	Route53 A Record has Attached Resource	Terraform	Route53ARecordAttachedResource.yaml
847	CKV2_AWS_27	resource	aws_rds_cluster	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	PostgresRDSHasQueryLoggingEnabled.yaml
848	CKV2_AWS_27	resource	aws_rds_cluster_parameter_group	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	PostgresRDSHasQueryLoggingEnabled.yaml
849	CKV2_AWS_28	resource	aws_alb	Ensure public facing ALB are protected by WAF	Terraform	ALBProtectedByWAF.yaml
850	CKV2_AWS_28	resource	aws_lb	Ensure public facing ALB are protected by WAF	Terraform	ALBProtectedByWAF.yaml
851	CKV2_AWS_29	resource	aws_api_gateway_rest_api	Ensure public API gateway are protected by WAF	Terraform	APIProtectedByWAF.yaml
852	CKV2_AWS_29	resource	aws_api_gateway_stage	Ensure public API gateway are protected by WAF	Terraform	APIProtectedByWAF.yaml
853	CKV2_AWS_30	resource	aws_db_instance	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	PostgresDBHasQueryLoggingEnabled.yaml
854	CKV2_AWS_30	resource	aws_db_parameter_group	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	PostgresDBHasQueryLoggingEnabled.yaml
855	CKV2_AWS_31	resource	aws_wafv2_web_acl	Ensure WAF2 has a Logging Configuration	Terraform	WAF2HasLogs.yaml
856	CKV2_AWS_32	resource	aws_cloudfront_distribution	Ensure CloudFront distribution has a response headers policy attached	Terraform	CloudFrontHasResponseHeadersPolicy.yaml
857	CKV2_AWS_33	resource	AWS::AppSync::GraphQLApi	Ensure AppSync is protected by WAF	Cloudformation	AppSyncProtectedByWAF.yaml
858	CKV2_AWS_33	resource	aws_appsync_graphql_api	Ensure AppSync is protected by WAF	Terraform	AppSyncProtectedByWAF.yaml
859	CKV2_AWS_34	resource	aws_ssm_parameter	AWS SSM Parameter should be Encrypted	Terraform	AWSSSMParameterShouldBeEncrypted.yaml
860	CKV2_AWS_35	resource	aws_route	AWS NAT Gateways should be utilized for the default route	Terraform	AWSNATGatewaysshouldbeutilized.yaml
861	CKV2_AWS_35	resource	aws_route_table	AWS NAT Gateways should be utilized for the default route	Terraform	AWSNATGatewaysshouldbeutilized.yaml
862	CKV2_AWS_36	resource	aws_ssm_parameter	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	HTTPNotSendingPasswords.yaml
863	CKV2_AWS_36	resource	data.http	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	HTTPNotSendingPasswords.yaml
864	CKV2_AWS_37	resource	aws	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
865	CKV2_AWS_37	resource	aws_accessanalyzer_analyzer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
866	CKV2_AWS_37	resource	aws_acm_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
867	CKV2_AWS_37	resource	aws_acm_certificate_validation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
868	CKV2_AWS_37	resource	aws_acmpca_certificate_authority	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
869	CKV2_AWS_37	resource	aws_ami	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
870	CKV2_AWS_37	resource	aws_ami_copy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
871	CKV2_AWS_37	resource	aws_ami_from_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
872	CKV2_AWS_37	resource	aws_ami_launch_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
873	CKV2_AWS_37	resource	aws_api_gateway_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
874	CKV2_AWS_37	resource	aws_api_gateway_api_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
875	CKV2_AWS_37	resource	aws_api_gateway_authorizer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
876	CKV2_AWS_37	resource	aws_api_gateway_base_path_mapping	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
877	CKV2_AWS_37	resource	aws_api_gateway_client_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
878	CKV2_AWS_37	resource	aws_api_gateway_deployment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
879	CKV2_AWS_37	resource	aws_api_gateway_documentation_part	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
880	CKV2_AWS_37	resource	aws_api_gateway_documentation_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
881	CKV2_AWS_37	resource	aws_api_gateway_domain_name	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
882	CKV2_AWS_37	resource	aws_api_gateway_gateway_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
883	CKV2_AWS_37	resource	aws_api_gateway_integration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
884	CKV2_AWS_37	resource	aws_api_gateway_integration_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
885	CKV2_AWS_37	resource	aws_api_gateway_method	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
886	CKV2_AWS_37	resource	aws_api_gateway_method_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
887	CKV2_AWS_37	resource	aws_api_gateway_method_settings	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
888	CKV2_AWS_37	resource	aws_api_gateway_model	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
889	CKV2_AWS_37	resource	aws_api_gateway_request_validator	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
890	CKV2_AWS_37	resource	aws_api_gateway_resource	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
891	CKV2_AWS_37	resource	aws_api_gateway_rest_api	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
892	CKV2_AWS_37	resource	aws_api_gateway_stage	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
893	CKV2_AWS_37	resource	aws_api_gateway_usage_plan	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
894	CKV2_AWS_37	resource	aws_api_gateway_usage_plan_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
895	CKV2_AWS_37	resource	aws_api_gateway_vpc_link	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
896	CKV2_AWS_37	resource	aws_apigatewayv2_api	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
897	CKV2_AWS_37	resource	aws_apigatewayv2_api_mapping	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
898	CKV2_AWS_37	resource	aws_apigatewayv2_authorizer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
899	CKV2_AWS_37	resource	aws_apigatewayv2_deployment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
900	CKV2_AWS_37	resource	aws_apigatewayv2_domain_name	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
901	CKV2_AWS_37	resource	aws_apigatewayv2_integration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
902	CKV2_AWS_37	resource	aws_apigatewayv2_integration_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
903	CKV2_AWS_37	resource	aws_apigatewayv2_model	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
904	CKV2_AWS_37	resource	aws_apigatewayv2_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
905	CKV2_AWS_37	resource	aws_apigatewayv2_route_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
906	CKV2_AWS_37	resource	aws_apigatewayv2_stage	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
907	CKV2_AWS_37	resource	aws_apigatewayv2_vpc_link	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
908	CKV2_AWS_37	resource	aws_app_cookie_stickiness_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
909	CKV2_AWS_37	resource	aws_appautoscaling_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
910	CKV2_AWS_37	resource	aws_appautoscaling_scheduled_action	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
911	CKV2_AWS_37	resource	aws_appautoscaling_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
912	CKV2_AWS_37	resource	aws_appmesh_mesh	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
913	CKV2_AWS_37	resource	aws_appmesh_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
914	CKV2_AWS_37	resource	aws_appmesh_virtual_node	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
915	CKV2_AWS_37	resource	aws_appmesh_virtual_router	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
916	CKV2_AWS_37	resource	aws_appmesh_virtual_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
917	CKV2_AWS_37	resource	aws_appsync_api_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
918	CKV2_AWS_37	resource	aws_appsync_datasource	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
919	CKV2_AWS_37	resource	aws_appsync_function	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
920	CKV2_AWS_37	resource	aws_appsync_graphql_api	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
921	CKV2_AWS_37	resource	aws_appsync_resolver	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
922	CKV2_AWS_37	resource	aws_athena_database	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
923	CKV2_AWS_37	resource	aws_athena_named_query	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
924	CKV2_AWS_37	resource	aws_athena_workgroup	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
925	CKV2_AWS_37	resource	aws_autoscaling_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
926	CKV2_AWS_37	resource	aws_autoscaling_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
927	CKV2_AWS_37	resource	aws_autoscaling_lifecycle_hook	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
928	CKV2_AWS_37	resource	aws_autoscaling_notification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
929	CKV2_AWS_37	resource	aws_autoscaling_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
930	CKV2_AWS_37	resource	aws_autoscaling_schedule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
931	CKV2_AWS_37	resource	aws_backup_plan	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
932	CKV2_AWS_37	resource	aws_backup_selection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
933	CKV2_AWS_37	resource	aws_backup_vault	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
934	CKV2_AWS_37	resource	aws_batch_compute_environment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
935	CKV2_AWS_37	resource	aws_batch_job_definition	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
936	CKV2_AWS_37	resource	aws_batch_job_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
937	CKV2_AWS_37	resource	aws_budgets_budget	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
938	CKV2_AWS_37	resource	aws_cloud9_environment_ec2	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
939	CKV2_AWS_37	resource	aws_cloudformation_stack	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
940	CKV2_AWS_37	resource	aws_cloudformation_stack_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
941	CKV2_AWS_37	resource	aws_cloudformation_stack_set_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
942	CKV2_AWS_37	resource	aws_cloudfront_distribution	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
943	CKV2_AWS_37	resource	aws_cloudfront_origin_access_identity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
944	CKV2_AWS_37	resource	aws_cloudfront_public_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
945	CKV2_AWS_37	resource	aws_cloudhsm_v2_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
946	CKV2_AWS_37	resource	aws_cloudhsm_v2_hsm	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
947	CKV2_AWS_37	resource	aws_cloudtrail	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
948	CKV2_AWS_37	resource	aws_cloudwatch_dashboard	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
949	CKV2_AWS_37	resource	aws_cloudwatch_event_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
950	CKV2_AWS_37	resource	aws_cloudwatch_event_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
951	CKV2_AWS_37	resource	aws_cloudwatch_event_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
952	CKV2_AWS_37	resource	aws_cloudwatch_log_destination	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
953	CKV2_AWS_37	resource	aws_cloudwatch_log_destination_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
954	CKV2_AWS_37	resource	aws_cloudwatch_log_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
955	CKV2_AWS_37	resource	aws_cloudwatch_log_metric_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
956	CKV2_AWS_37	resource	aws_cloudwatch_log_resource_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
957	CKV2_AWS_37	resource	aws_cloudwatch_log_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
958	CKV2_AWS_37	resource	aws_cloudwatch_log_subscription_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
959	CKV2_AWS_37	resource	aws_cloudwatch_metric_alarm	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
960	CKV2_AWS_37	resource	aws_codebuild_project	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
961	CKV2_AWS_37	resource	aws_codebuild_source_credential	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
962	CKV2_AWS_37	resource	aws_codebuild_webhook	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
963	CKV2_AWS_37	resource	aws_codecommit_repository	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
964	CKV2_AWS_37	resource	aws_codecommit_trigger	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
965	CKV2_AWS_37	resource	aws_codedeploy_app	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
966	CKV2_AWS_37	resource	aws_codedeploy_deployment_config	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
967	CKV2_AWS_37	resource	aws_codedeploy_deployment_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
968	CKV2_AWS_37	resource	aws_codepipeline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
969	CKV2_AWS_37	resource	aws_codepipeline_webhook	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
970	CKV2_AWS_37	resource	aws_codestarnotifications_notification_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
971	CKV2_AWS_37	resource	aws_cognito_identity_pool	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
972	CKV2_AWS_37	resource	aws_cognito_identity_pool_roles_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
973	CKV2_AWS_37	resource	aws_cognito_identity_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
974	CKV2_AWS_37	resource	aws_cognito_resource_server	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
975	CKV2_AWS_37	resource	aws_cognito_user_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
976	CKV2_AWS_37	resource	aws_cognito_user_pool	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
977	CKV2_AWS_37	resource	aws_cognito_user_pool_client	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
978	CKV2_AWS_37	resource	aws_cognito_user_pool_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
979	CKV2_AWS_37	resource	aws_config_aggregate_authorization	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
980	CKV2_AWS_37	resource	aws_config_config_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
981	CKV2_AWS_37	resource	aws_config_configuration_aggregator	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
982	CKV2_AWS_37	resource	aws_config_configuration_recorder	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
983	CKV2_AWS_37	resource	aws_config_configuration_recorder_status	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
984	CKV2_AWS_37	resource	aws_config_delivery_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
985	CKV2_AWS_37	resource	aws_config_organization_custom_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
986	CKV2_AWS_37	resource	aws_config_organization_managed_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
987	CKV2_AWS_37	resource	aws_cur_report_definition	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
988	CKV2_AWS_37	resource	aws_customer_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
989	CKV2_AWS_37	resource	aws_datapipeline_pipeline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
990	CKV2_AWS_37	resource	aws_datasync_agent	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
991	CKV2_AWS_37	resource	aws_datasync_location_efs	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
992	CKV2_AWS_37	resource	aws_datasync_location_nfs	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
993	CKV2_AWS_37	resource	aws_datasync_location_s3	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
994	CKV2_AWS_37	resource	aws_datasync_location_smb	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
995	CKV2_AWS_37	resource	aws_datasync_task	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
996	CKV2_AWS_37	resource	aws_dax_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
997	CKV2_AWS_37	resource	aws_dax_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
998	CKV2_AWS_37	resource	aws_dax_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
999	CKV2_AWS_37	resource	aws_db_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1000	CKV2_AWS_37	resource	aws_db_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1001	CKV2_AWS_37	resource	aws_db_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1002	CKV2_AWS_37	resource	aws_db_instance_role_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1003	CKV2_AWS_37	resource	aws_db_option_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1004	CKV2_AWS_37	resource	aws_db_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1005	CKV2_AWS_37	resource	aws_db_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1006	CKV2_AWS_37	resource	aws_db_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1007	CKV2_AWS_37	resource	aws_db_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1008	CKV2_AWS_37	resource	aws_default_network_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1009	CKV2_AWS_37	resource	aws_default_route_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1010	CKV2_AWS_37	resource	aws_default_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1011	CKV2_AWS_37	resource	aws_default_subnet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1012	CKV2_AWS_37	resource	aws_default_vpc	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1013	CKV2_AWS_37	resource	aws_default_vpc_dhcp_options	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1014	CKV2_AWS_37	resource	aws_devicefarm_project	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1015	CKV2_AWS_37	resource	aws_directory_service_conditional_forwarder	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1016	CKV2_AWS_37	resource	aws_directory_service_directory	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1017	CKV2_AWS_37	resource	aws_directory_service_log_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1018	CKV2_AWS_37	resource	aws_dlm_lifecycle_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1019	CKV2_AWS_37	resource	aws_dms_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1020	CKV2_AWS_37	resource	aws_dms_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1021	CKV2_AWS_37	resource	aws_dms_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1022	CKV2_AWS_37	resource	aws_dms_replication_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1023	CKV2_AWS_37	resource	aws_dms_replication_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1024	CKV2_AWS_37	resource	aws_dms_replication_task	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1025	CKV2_AWS_37	resource	aws_docdb_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1026	CKV2_AWS_37	resource	aws_docdb_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1027	CKV2_AWS_37	resource	aws_docdb_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1028	CKV2_AWS_37	resource	aws_docdb_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1029	CKV2_AWS_37	resource	aws_docdb_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1030	CKV2_AWS_37	resource	aws_dx_bgp_peer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1031	CKV2_AWS_37	resource	aws_dx_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1032	CKV2_AWS_37	resource	aws_dx_connection_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1033	CKV2_AWS_37	resource	aws_dx_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1034	CKV2_AWS_37	resource	aws_dx_gateway_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1035	CKV2_AWS_37	resource	aws_dx_gateway_association_proposal	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1036	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1037	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1038	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1039	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1040	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1041	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1042	CKV2_AWS_37	resource	aws_dx_lag	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1043	CKV2_AWS_37	resource	aws_dx_private_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1044	CKV2_AWS_37	resource	aws_dx_public_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1045	CKV2_AWS_37	resource	aws_dx_transit_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1046	CKV2_AWS_37	resource	aws_dynamodb_global_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1047	CKV2_AWS_37	resource	aws_dynamodb_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1048	CKV2_AWS_37	resource	aws_dynamodb_table_item	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1049	CKV2_AWS_37	resource	aws_ebs_default_kms_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1050	CKV2_AWS_37	resource	aws_ebs_encryption_by_default	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1051	CKV2_AWS_37	resource	aws_ebs_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1052	CKV2_AWS_37	resource	aws_ebs_snapshot_copy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1053	CKV2_AWS_37	resource	aws_ebs_volume	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1054	CKV2_AWS_37	resource	aws_ec2_availability_zone_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1055	CKV2_AWS_37	resource	aws_ec2_capacity_reservation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1056	CKV2_AWS_37	resource	aws_ec2_client_vpn_authorization_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1057	CKV2_AWS_37	resource	aws_ec2_client_vpn_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1058	CKV2_AWS_37	resource	aws_ec2_client_vpn_network_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1059	CKV2_AWS_37	resource	aws_ec2_client_vpn_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1060	CKV2_AWS_37	resource	aws_ec2_fleet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1061	CKV2_AWS_37	resource	aws_ec2_local_gateway_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1062	CKV2_AWS_37	resource	aws_ec2_local_gateway_route_table_vpc_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1063	CKV2_AWS_37	resource	aws_ec2_tag	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1064	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1065	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1066	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_session	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1067	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1068	CKV2_AWS_37	resource	aws_ec2_transit_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1069	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1070	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1071	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1072	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1073	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1074	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_propagation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1075	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1076	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1077	CKV2_AWS_37	resource	aws_ecr_lifecycle_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1078	CKV2_AWS_37	resource	aws_ecr_repository	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1079	CKV2_AWS_37	resource	aws_ecr_repository_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1080	CKV2_AWS_37	resource	aws_ecs_capacity_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1081	CKV2_AWS_37	resource	aws_ecs_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1082	CKV2_AWS_37	resource	aws_ecs_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1083	CKV2_AWS_37	resource	aws_ecs_task_definition	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1084	CKV2_AWS_37	resource	aws_efs_access_point	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1085	CKV2_AWS_37	resource	aws_efs_file_system	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1086	CKV2_AWS_37	resource	aws_efs_file_system_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1087	CKV2_AWS_37	resource	aws_efs_mount_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1088	CKV2_AWS_37	resource	aws_egress_only_internet_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1089	CKV2_AWS_37	resource	aws_eip	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1090	CKV2_AWS_37	resource	aws_eip_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1091	CKV2_AWS_37	resource	aws_eks_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1092	CKV2_AWS_37	resource	aws_eks_fargate_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1093	CKV2_AWS_37	resource	aws_eks_node_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1094	CKV2_AWS_37	resource	aws_elastic_beanstalk_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1095	CKV2_AWS_37	resource	aws_elastic_beanstalk_application_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1096	CKV2_AWS_37	resource	aws_elastic_beanstalk_configuration_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1097	CKV2_AWS_37	resource	aws_elastic_beanstalk_environment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1098	CKV2_AWS_37	resource	aws_elasticache_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1099	CKV2_AWS_37	resource	aws_elasticache_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1100	CKV2_AWS_37	resource	aws_elasticache_replication_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1101	CKV2_AWS_37	resource	aws_elasticache_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1102	CKV2_AWS_37	resource	aws_elasticache_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1103	CKV2_AWS_37	resource	aws_elasticsearch_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1104	CKV2_AWS_37	resource	aws_elasticsearch_domain_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1105	CKV2_AWS_37	resource	aws_elastictranscoder_pipeline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1106	CKV2_AWS_37	resource	aws_elastictranscoder_preset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1107	CKV2_AWS_37	resource	aws_elb	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1108	CKV2_AWS_37	resource	aws_elb_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1109	CKV2_AWS_37	resource	aws_emr_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1110	CKV2_AWS_37	resource	aws_emr_instance_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1111	CKV2_AWS_37	resource	aws_emr_security_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1112	CKV2_AWS_37	resource	aws_flow_log	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1113	CKV2_AWS_37	resource	aws_fms_admin_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1114	CKV2_AWS_37	resource	aws_fsx_lustre_file_system	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1115	CKV2_AWS_37	resource	aws_fsx_windows_file_system	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1116	CKV2_AWS_37	resource	aws_gamelift_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1117	CKV2_AWS_37	resource	aws_gamelift_build	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1118	CKV2_AWS_37	resource	aws_gamelift_fleet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1119	CKV2_AWS_37	resource	aws_gamelift_game_session_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1120	CKV2_AWS_37	resource	aws_glacier_vault	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1121	CKV2_AWS_37	resource	aws_glacier_vault_lock	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1122	CKV2_AWS_37	resource	aws_globalaccelerator_accelerator	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1123	CKV2_AWS_37	resource	aws_globalaccelerator_endpoint_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1124	CKV2_AWS_37	resource	aws_globalaccelerator_listener	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1125	CKV2_AWS_37	resource	aws_glue_catalog_database	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1126	CKV2_AWS_37	resource	aws_glue_catalog_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1127	CKV2_AWS_37	resource	aws_glue_classifier	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1128	CKV2_AWS_37	resource	aws_glue_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1129	CKV2_AWS_37	resource	aws_glue_crawler	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1130	CKV2_AWS_37	resource	aws_glue_job	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1131	CKV2_AWS_37	resource	aws_glue_security_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1132	CKV2_AWS_37	resource	aws_glue_trigger	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1133	CKV2_AWS_37	resource	aws_glue_workflow	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1134	CKV2_AWS_37	resource	aws_guardduty_detector	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1135	CKV2_AWS_37	resource	aws_guardduty_invite_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1136	CKV2_AWS_37	resource	aws_guardduty_ipset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1137	CKV2_AWS_37	resource	aws_guardduty_member	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1138	CKV2_AWS_37	resource	aws_guardduty_organization_admin_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1139	CKV2_AWS_37	resource	aws_guardduty_organization_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1140	CKV2_AWS_37	resource	aws_guardduty_threatintelset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1141	CKV2_AWS_37	resource	aws_iam_access_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1142	CKV2_AWS_37	resource	aws_iam_account_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1143	CKV2_AWS_37	resource	aws_iam_account_password_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1144	CKV2_AWS_37	resource	aws_iam_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1145	CKV2_AWS_37	resource	aws_iam_group_membership	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1146	CKV2_AWS_37	resource	aws_iam_group_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1147	CKV2_AWS_37	resource	aws_iam_group_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1148	CKV2_AWS_37	resource	aws_iam_instance_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1149	CKV2_AWS_37	resource	aws_iam_openid_connect_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1150	CKV2_AWS_37	resource	aws_iam_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1151	CKV2_AWS_37	resource	aws_iam_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1152	CKV2_AWS_37	resource	aws_iam_policy_document	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1153	CKV2_AWS_37	resource	aws_iam_role	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1154	CKV2_AWS_37	resource	aws_iam_role_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1155	CKV2_AWS_37	resource	aws_iam_role_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1156	CKV2_AWS_37	resource	aws_iam_saml_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1157	CKV2_AWS_37	resource	aws_iam_server_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1158	CKV2_AWS_37	resource	aws_iam_service_linked_role	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1159	CKV2_AWS_37	resource	aws_iam_user	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1160	CKV2_AWS_37	resource	aws_iam_user_group_membership	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1161	CKV2_AWS_37	resource	aws_iam_user_login_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1162	CKV2_AWS_37	resource	aws_iam_user_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1163	CKV2_AWS_37	resource	aws_iam_user_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1164	CKV2_AWS_37	resource	aws_iam_user_ssh_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1165	CKV2_AWS_37	resource	aws_inspector_assessment_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1166	CKV2_AWS_37	resource	aws_inspector_assessment_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1167	CKV2_AWS_37	resource	aws_inspector_resource_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1168	CKV2_AWS_37	resource	aws_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1169	CKV2_AWS_37	resource	aws_internet_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1170	CKV2_AWS_37	resource	aws_iot_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1171	CKV2_AWS_37	resource	aws_iot_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1172	CKV2_AWS_37	resource	aws_iot_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1173	CKV2_AWS_37	resource	aws_iot_role_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1174	CKV2_AWS_37	resource	aws_iot_thing	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1175	CKV2_AWS_37	resource	aws_iot_thing_principal_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1176	CKV2_AWS_37	resource	aws_iot_thing_type	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1177	CKV2_AWS_37	resource	aws_iot_topic_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1178	CKV2_AWS_37	resource	aws_key_pair	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1179	CKV2_AWS_37	resource	aws_kinesis_analytics_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1180	CKV2_AWS_37	resource	aws_kinesis_firehose_delivery_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1181	CKV2_AWS_37	resource	aws_kinesis_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1182	CKV2_AWS_37	resource	aws_kinesis_video_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1183	CKV2_AWS_37	resource	aws_kms_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1184	CKV2_AWS_37	resource	aws_kms_ciphertext	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1185	CKV2_AWS_37	resource	aws_kms_external_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1186	CKV2_AWS_37	resource	aws_kms_grant	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1187	CKV2_AWS_37	resource	aws_kms_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1188	CKV2_AWS_37	resource	aws_lambda_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1189	CKV2_AWS_37	resource	aws_lambda_event_source_mapping	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1190	CKV2_AWS_37	resource	aws_lambda_function	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1191	CKV2_AWS_37	resource	aws_lambda_function_event_invoke_config	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1192	CKV2_AWS_37	resource	aws_lambda_layer_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1193	CKV2_AWS_37	resource	aws_lambda_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1194	CKV2_AWS_37	resource	aws_lambda_provisioned_concurrency_config	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1195	CKV2_AWS_37	resource	aws_launch_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1196	CKV2_AWS_37	resource	aws_launch_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1197	CKV2_AWS_37	resource	aws_lb	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1198	CKV2_AWS_37	resource	aws_lb_cookie_stickiness_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1199	CKV2_AWS_37	resource	aws_lb_listener	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1200	CKV2_AWS_37	resource	aws_lb_listener_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1201	CKV2_AWS_37	resource	aws_lb_listener_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1202	CKV2_AWS_37	resource	aws_lb_ssl_negotiation_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1203	CKV2_AWS_37	resource	aws_lb_target_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1204	CKV2_AWS_37	resource	aws_lb_target_group_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1205	CKV2_AWS_37	resource	aws_licensemanager_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1206	CKV2_AWS_37	resource	aws_licensemanager_license_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1207	CKV2_AWS_37	resource	aws_lightsail_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1208	CKV2_AWS_37	resource	aws_lightsail_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1209	CKV2_AWS_37	resource	aws_lightsail_key_pair	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1210	CKV2_AWS_37	resource	aws_lightsail_static_ip	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1211	CKV2_AWS_37	resource	aws_lightsail_static_ip_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1212	CKV2_AWS_37	resource	aws_load_balancer_backend_server_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1213	CKV2_AWS_37	resource	aws_load_balancer_listener_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1214	CKV2_AWS_37	resource	aws_load_balancer_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1215	CKV2_AWS_37	resource	aws_macie_member_account_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1216	CKV2_AWS_37	resource	aws_macie_s3_bucket_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1217	CKV2_AWS_37	resource	aws_main_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1218	CKV2_AWS_37	resource	aws_media_convert_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1219	CKV2_AWS_37	resource	aws_media_package_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1220	CKV2_AWS_37	resource	aws_media_store_container	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1221	CKV2_AWS_37	resource	aws_media_store_container_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1222	CKV2_AWS_37	resource	aws_mq_broker	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1223	CKV2_AWS_37	resource	aws_mq_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1224	CKV2_AWS_37	resource	aws_msk_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1225	CKV2_AWS_37	resource	aws_msk_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1226	CKV2_AWS_37	resource	aws_nat_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1227	CKV2_AWS_37	resource	aws_neptune_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1228	CKV2_AWS_37	resource	aws_neptune_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1229	CKV2_AWS_37	resource	aws_neptune_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1230	CKV2_AWS_37	resource	aws_neptune_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1231	CKV2_AWS_37	resource	aws_neptune_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1232	CKV2_AWS_37	resource	aws_neptune_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1233	CKV2_AWS_37	resource	aws_neptune_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1234	CKV2_AWS_37	resource	aws_network_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1235	CKV2_AWS_37	resource	aws_network_acl_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1236	CKV2_AWS_37	resource	aws_network_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1237	CKV2_AWS_37	resource	aws_network_interface_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1238	CKV2_AWS_37	resource	aws_network_interface_sg_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1239	CKV2_AWS_37	resource	aws_opsworks_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1240	CKV2_AWS_37	resource	aws_opsworks_custom_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1241	CKV2_AWS_37	resource	aws_opsworks_ganglia_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1242	CKV2_AWS_37	resource	aws_opsworks_haproxy_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1243	CKV2_AWS_37	resource	aws_opsworks_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1244	CKV2_AWS_37	resource	aws_opsworks_java_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1245	CKV2_AWS_37	resource	aws_opsworks_memcached_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1246	CKV2_AWS_37	resource	aws_opsworks_mysql_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1247	CKV2_AWS_37	resource	aws_opsworks_nodejs_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1248	CKV2_AWS_37	resource	aws_opsworks_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1249	CKV2_AWS_37	resource	aws_opsworks_php_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1250	CKV2_AWS_37	resource	aws_opsworks_rails_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1251	CKV2_AWS_37	resource	aws_opsworks_rds_db_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1252	CKV2_AWS_37	resource	aws_opsworks_stack	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1253	CKV2_AWS_37	resource	aws_opsworks_static_web_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1254	CKV2_AWS_37	resource	aws_opsworks_user_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1255	CKV2_AWS_37	resource	aws_organizations_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1256	CKV2_AWS_37	resource	aws_organizations_organization	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1257	CKV2_AWS_37	resource	aws_organizations_organizational_unit	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1258	CKV2_AWS_37	resource	aws_organizations_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1259	CKV2_AWS_37	resource	aws_organizations_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1260	CKV2_AWS_37	resource	aws_pinpoint_adm_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1261	CKV2_AWS_37	resource	aws_pinpoint_apns_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1262	CKV2_AWS_37	resource	aws_pinpoint_apns_sandbox_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1263	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1264	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_sandbox_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1265	CKV2_AWS_37	resource	aws_pinpoint_app	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1266	CKV2_AWS_37	resource	aws_pinpoint_baidu_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1267	CKV2_AWS_37	resource	aws_pinpoint_email_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1268	CKV2_AWS_37	resource	aws_pinpoint_event_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1269	CKV2_AWS_37	resource	aws_pinpoint_gcm_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1270	CKV2_AWS_37	resource	aws_pinpoint_sms_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1271	CKV2_AWS_37	resource	aws_placement_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1272	CKV2_AWS_37	resource	aws_proxy_protocol_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1273	CKV2_AWS_37	resource	aws_qldb_ledger	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1274	CKV2_AWS_37	resource	aws_quicksight_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1275	CKV2_AWS_37	resource	aws_quicksight_user	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1276	CKV2_AWS_37	resource	aws_ram_principal_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1277	CKV2_AWS_37	resource	aws_ram_resource_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1278	CKV2_AWS_37	resource	aws_ram_resource_share	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1279	CKV2_AWS_37	resource	aws_ram_resource_share_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1280	CKV2_AWS_37	resource	aws_rds_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1281	CKV2_AWS_37	resource	aws_rds_cluster_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1282	CKV2_AWS_37	resource	aws_rds_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1283	CKV2_AWS_37	resource	aws_rds_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1284	CKV2_AWS_37	resource	aws_rds_global_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1285	CKV2_AWS_37	resource	aws_redshift_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1286	CKV2_AWS_37	resource	aws_redshift_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1287	CKV2_AWS_37	resource	aws_redshift_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1288	CKV2_AWS_37	resource	aws_redshift_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1289	CKV2_AWS_37	resource	aws_redshift_snapshot_copy_grant	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1290	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1291	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1292	CKV2_AWS_37	resource	aws_redshift_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1293	CKV2_AWS_37	resource	aws_resourcegroups_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1294	CKV2_AWS_37	resource	aws_root	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1295	CKV2_AWS_37	resource	aws_root_access_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1296	CKV2_AWS_37	resource	aws_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1297	CKV2_AWS_37	resource	aws_route53_delegation_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1298	CKV2_AWS_37	resource	aws_route53_health_check	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1299	CKV2_AWS_37	resource	aws_route53_query_log	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1300	CKV2_AWS_37	resource	aws_route53_record	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1301	CKV2_AWS_37	resource	aws_route53_resolver_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1302	CKV2_AWS_37	resource	aws_route53_resolver_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1303	CKV2_AWS_37	resource	aws_route53_resolver_rule_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1304	CKV2_AWS_37	resource	aws_route53_vpc_association_authorization	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1305	CKV2_AWS_37	resource	aws_route53_zone	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1306	CKV2_AWS_37	resource	aws_route53_zone_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1307	CKV2_AWS_37	resource	aws_route_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1308	CKV2_AWS_37	resource	aws_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1309	CKV2_AWS_37	resource	aws_s3_access_point	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1310	CKV2_AWS_37	resource	aws_s3_account_public_access_block	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1311	CKV2_AWS_37	resource	aws_s3_bucket	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1312	CKV2_AWS_37	resource	aws_s3_bucket_analytics_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1313	CKV2_AWS_37	resource	aws_s3_bucket_inventory	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1314	CKV2_AWS_37	resource	aws_s3_bucket_metric	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1315	CKV2_AWS_37	resource	aws_s3_bucket_notification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1316	CKV2_AWS_37	resource	aws_s3_bucket_object	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1317	CKV2_AWS_37	resource	aws_s3_bucket_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1318	CKV2_AWS_37	resource	aws_s3_bucket_public_access_block	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1319	CKV2_AWS_37	resource	aws_sagemaker_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1320	CKV2_AWS_37	resource	aws_sagemaker_endpoint_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1321	CKV2_AWS_37	resource	aws_sagemaker_model	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1322	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1323	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance_lifecycle_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1324	CKV2_AWS_37	resource	aws_secretsmanager_secret	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1325	CKV2_AWS_37	resource	aws_secretsmanager_secret_rotation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1326	CKV2_AWS_37	resource	aws_secretsmanager_secret_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1327	CKV2_AWS_37	resource	aws_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1328	CKV2_AWS_37	resource	aws_security_group_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1329	CKV2_AWS_37	resource	aws_securityhub_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1330	CKV2_AWS_37	resource	aws_securityhub_member	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1331	CKV2_AWS_37	resource	aws_securityhub_product_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1332	CKV2_AWS_37	resource	aws_securityhub_standards_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1333	CKV2_AWS_37	resource	aws_service_discovery_http_namespace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1334	CKV2_AWS_37	resource	aws_service_discovery_private_dns_namespace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1335	CKV2_AWS_37	resource	aws_service_discovery_public_dns_namespace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1336	CKV2_AWS_37	resource	aws_service_discovery_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1337	CKV2_AWS_37	resource	aws_servicecatalog_portfolio	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1338	CKV2_AWS_37	resource	aws_servicequotas_service_quota	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1339	CKV2_AWS_37	resource	aws_ses_active_receipt_rule_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1340	CKV2_AWS_37	resource	aws_ses_configuration_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1341	CKV2_AWS_37	resource	aws_ses_domain_dkim	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1342	CKV2_AWS_37	resource	aws_ses_domain_identity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1343	CKV2_AWS_37	resource	aws_ses_domain_identity_verification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1344	CKV2_AWS_37	resource	aws_ses_domain_mail_from	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1345	CKV2_AWS_37	resource	aws_ses_email_identity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1346	CKV2_AWS_37	resource	aws_ses_event_destination	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1347	CKV2_AWS_37	resource	aws_ses_identity_notification_topic	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1348	CKV2_AWS_37	resource	aws_ses_identity_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1349	CKV2_AWS_37	resource	aws_ses_receipt_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1350	CKV2_AWS_37	resource	aws_ses_receipt_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1351	CKV2_AWS_37	resource	aws_ses_receipt_rule_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1352	CKV2_AWS_37	resource	aws_ses_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1353	CKV2_AWS_37	resource	aws_sfn_activity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1354	CKV2_AWS_37	resource	aws_sfn_state_machine	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1355	CKV2_AWS_37	resource	aws_shield_protection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1356	CKV2_AWS_37	resource	aws_simpledb_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1357	CKV2_AWS_37	resource	aws_snapshot_create_volume_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1358	CKV2_AWS_37	resource	aws_sns_platform_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1359	CKV2_AWS_37	resource	aws_sns_sms_preferences	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1360	CKV2_AWS_37	resource	aws_sns_topic	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1361	CKV2_AWS_37	resource	aws_sns_topic_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1362	CKV2_AWS_37	resource	aws_sns_topic_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1363	CKV2_AWS_37	resource	aws_spot_datafeed_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1364	CKV2_AWS_37	resource	aws_spot_fleet_request	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1365	CKV2_AWS_37	resource	aws_spot_instance_request	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1366	CKV2_AWS_37	resource	aws_sqs_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1367	CKV2_AWS_37	resource	aws_sqs_queue_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1368	CKV2_AWS_37	resource	aws_ssm_activation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1369	CKV2_AWS_37	resource	aws_ssm_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1370	CKV2_AWS_37	resource	aws_ssm_document	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1371	CKV2_AWS_37	resource	aws_ssm_maintenance_window	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1372	CKV2_AWS_37	resource	aws_ssm_maintenance_window_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1373	CKV2_AWS_37	resource	aws_ssm_maintenance_window_task	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1374	CKV2_AWS_37	resource	aws_ssm_parameter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1375	CKV2_AWS_37	resource	aws_ssm_patch_baseline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1376	CKV2_AWS_37	resource	aws_ssm_patch_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1377	CKV2_AWS_37	resource	aws_ssm_resource_data_sync	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1378	CKV2_AWS_37	resource	aws_storagegateway_cache	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1379	CKV2_AWS_37	resource	aws_storagegateway_cached_iscsi_volume	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1380	CKV2_AWS_37	resource	aws_storagegateway_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1381	CKV2_AWS_37	resource	aws_storagegateway_nfs_file_share	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1382	CKV2_AWS_37	resource	aws_storagegateway_smb_file_share	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1383	CKV2_AWS_37	resource	aws_storagegateway_upload_buffer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1384	CKV2_AWS_37	resource	aws_storagegateway_working_storage	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1385	CKV2_AWS_37	resource	aws_subnet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1386	CKV2_AWS_37	resource	aws_swf_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1387	CKV2_AWS_37	resource	aws_transfer_server	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1388	CKV2_AWS_37	resource	aws_transfer_ssh_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1389	CKV2_AWS_37	resource	aws_transfer_user	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1390	CKV2_AWS_37	resource	aws_volume_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1391	CKV2_AWS_37	resource	aws_vpc	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1392	CKV2_AWS_37	resource	aws_vpc_dhcp_options	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1393	CKV2_AWS_37	resource	aws_vpc_dhcp_options_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1394	CKV2_AWS_37	resource	aws_vpc_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1395	CKV2_AWS_37	resource	aws_vpc_endpoint_connection_notification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1396	CKV2_AWS_37	resource	aws_vpc_endpoint_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1397	CKV2_AWS_37	resource	aws_vpc_endpoint_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1398	CKV2_AWS_37	resource	aws_vpc_endpoint_service_allowed_principal	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1399	CKV2_AWS_37	resource	aws_vpc_endpoint_subnet_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1400	CKV2_AWS_37	resource	aws_vpc_ipv4_cidr_block_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1401	CKV2_AWS_37	resource	aws_vpc_peering_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1402	CKV2_AWS_37	resource	aws_vpc_peering_connection_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1403	CKV2_AWS_37	resource	aws_vpc_peering_connection_options	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1404	CKV2_AWS_37	resource	aws_vpn_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1405	CKV2_AWS_37	resource	aws_vpn_connection_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1406	CKV2_AWS_37	resource	aws_vpn_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1407	CKV2_AWS_37	resource	aws_vpn_gateway_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1408	CKV2_AWS_37	resource	aws_vpn_gateway_route_propagation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1409	CKV2_AWS_37	resource	aws_waf_byte_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1410	CKV2_AWS_37	resource	aws_waf_geo_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1411	CKV2_AWS_37	resource	aws_waf_ipset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1412	CKV2_AWS_37	resource	aws_waf_rate_based_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1413	CKV2_AWS_37	resource	aws_waf_regex_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1414	CKV2_AWS_37	resource	aws_waf_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1415	CKV2_AWS_37	resource	aws_waf_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1416	CKV2_AWS_37	resource	aws_waf_rule_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1417	CKV2_AWS_37	resource	aws_waf_size_constraint_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1418	CKV2_AWS_37	resource	aws_waf_sql_injection_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1419	CKV2_AWS_37	resource	aws_waf_web_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1420	CKV2_AWS_37	resource	aws_waf_xss_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1421	CKV2_AWS_37	resource	aws_wafregional_byte_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1422	CKV2_AWS_37	resource	aws_wafregional_geo_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1423	CKV2_AWS_37	resource	aws_wafregional_ipset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1424	CKV2_AWS_37	resource	aws_wafregional_rate_based_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1425	CKV2_AWS_37	resource	aws_wafregional_regex_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1426	CKV2_AWS_37	resource	aws_wafregional_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1427	CKV2_AWS_37	resource	aws_wafregional_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1428	CKV2_AWS_37	resource	aws_wafregional_rule_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1429	CKV2_AWS_37	resource	aws_wafregional_size_constraint_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1430	CKV2_AWS_37	resource	aws_wafregional_sql_injection_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1431	CKV2_AWS_37	resource	aws_wafregional_web_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1432	CKV2_AWS_37	resource	aws_wafregional_web_acl_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1433	CKV2_AWS_37	resource	aws_wafregional_xss_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1434	CKV2_AWS_37	resource	aws_wafv2_ip_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1435	CKV2_AWS_37	resource	aws_wafv2_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1436	CKV2_AWS_37	resource	aws_wafv2_rule_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1437	CKV2_AWS_37	resource	aws_wafv2_web_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1438	CKV2_AWS_37	resource	aws_wafv2_web_acl_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1439	CKV2_AWS_37	resource	aws_wafv2_web_acl_logging_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1440	CKV2_AWS_37	resource	aws_worklink_fleet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1441	CKV2_AWS_37	resource	aws_worklink_website_certificate_authority_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1442	CKV2_AWS_37	resource	aws_workspaces_directory	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1443	CKV2_AWS_37	resource	aws_workspaces_ip_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1444	CKV2_AWS_37	resource	aws_workspaces_workspace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1445	CKV2_AWS_37	resource	aws_xray_sampling_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1446	CKV2_AWS_38	resource	aws_route53_zone	Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones	Terraform	Route53ZoneEnableDNSSECSigning.yaml
1447	CKV2_AWS_39	resource	aws_route53_zone	Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones	Terraform	Route53ZoneHasMatchingQueryLog.yaml
1448	CKV2_AWS_40	resource	aws_iam_group_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1449	CKV2_AWS_40	resource	aws_iam_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1450	CKV2_AWS_40	resource	aws_iam_role_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1451	CKV2_AWS_40	resource	aws_iam_user_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1452	CKV2_AWS_40	resource	aws_ssoadmin_permission_set_inline_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1453	CKV2_AWS_40	resource	data.aws_iam_policy_document	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1454	CKV2_AWS_41	resource	aws_instance	Ensure an IAM role is attached to EC2 instance	Terraform	EC2InstanceHasIAMRoleAttached.yaml
1455	CKV2_AWS_42	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution uses custom SSL certificate	Terraform	CloudFrontHasCustomSSLCertificate.yaml
1456	CKV2_AWS_43	resource	aws_s3_bucket_acl	Ensure S3 Bucket does not allow access to all Authenticated users	Terraform	S3NotAllowAccessToAllAuthenticatedUsers.yaml
1457	CKV2_AWS_44	resource	aws_route	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	VPCPeeringRouteTableOverlyPermissive.yaml
1458	CKV2_AWS_44	resource	aws_route_table	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	VPCPeeringRouteTableOverlyPermissive.yaml
1459	CKV2_AWS_45	resource	aws_config_configuration_recorder	Ensure AWS Config recorder is enabled to record all supported resources	Terraform	AWSConfigRecorderEnabled.yaml
1460	CKV2_AWS_45	resource	aws_config_configuration_recorder_status	Ensure AWS Config recorder is enabled to record all supported resources	Terraform	AWSConfigRecorderEnabled.yaml
1461	CKV2_AWS_46	resource	aws_cloudfront_distribution	Ensure AWS Cloudfront Distribution with S3 have Origin Access set to enabled	Terraform	CLoudFrontS3OriginConfigWithOAI.yaml
1462	CKV2_AWS_47	resource	aws_cloudfront_distribution	Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability	Terraform	CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1463	CKV2_AWS_47	resource	aws_wafv2_web_acl	Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability	Terraform	CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1464	CKV2_AWS_48	resource	aws_config_configuration_recorder	Ensure AWS Config must record all possible resources	Terraform	ConfigRecorderRecordsAllGlobalResources.yaml
1465	CKV2_AWS_49	resource	aws_dms_endpoint	Ensure AWS Database Migration Service endpoints have SSL configured	Terraform	DMSEndpointHaveSSLConfigured.yaml
1466	CKV2_AWS_50	resource	aws_elasticache_replication_group	Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled	Terraform	ElastiCacheRedisConfiguredAutomaticFailOver.yaml
1467	CKV2_AWS_51	resource	aws_api_gateway_stage	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1468	CKV2_AWS_51	resource	aws_apigatewayv2_api	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1469	CKV2_AWS_51	resource	aws_apigatewayv2_stage	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1470	CKV2_AWS_52	resource	aws_elasticsearch_domain	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled	Terraform	OpenSearchDomainHasFineGrainedControl.yaml
1471	CKV2_AWS_52	resource	aws_opensearch_domain	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled	Terraform	OpenSearchDomainHasFineGrainedControl.yaml
1472	CKV2_AWS_53	resource	aws_api_gateway_method	Ensure AWS API gateway request is validated	Terraform	APIGatewayRequestParameterValidationEnabled.yaml
1473	CKV2_AWS_54	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution is using secure SSL protocols for HTTPS communication	Terraform	CloudFrontUsesSecureProtocolsForHTTPS.yaml
1474	CKV2_AWS_55	resource	aws_emr_cluster	Ensure AWS EMR cluster is configured with security configuration	Terraform	EMRClusterHasSecurityConfiguration.yaml
1475	CKV2_AWS_56	resource	aws_iam_group_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1476	CKV2_AWS_56	resource	aws_iam_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1477	CKV2_AWS_56	resource	aws_iam_role	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1478	CKV2_AWS_56	resource	aws_iam_role_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1479	CKV2_AWS_56	resource	aws_iam_user_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1480	CKV2_AWS_56	resource	aws_ssoadmin_managed_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1481	CKV2_AWS_56	resource	data.aws_iam_policy	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1482	CKV2_AWS_57	resource	aws_secretsmanager_secret	Ensure Secrets Manager secrets should have automatic rotation enabled	Terraform	SecretsAreRotated.yaml
1483	CKV2_AWS_58	resource	aws_neptune_cluster	Ensure AWS Neptune cluster deletion protection is enabled	Terraform	NeptuneDeletionProtectionEnabled.yaml
1484	CKV2_AWS_59	resource	aws_elasticsearch_domain	Ensure ElasticSearch/OpenSearch has dedicated master node enabled	Terraform	ElasticSearchDedicatedMasterEnabled.yaml
1485	CKV2_AWS_59	resource	aws_opensearch_domain	Ensure ElasticSearch/OpenSearch has dedicated master node enabled	Terraform	ElasticSearchDedicatedMasterEnabled.yaml
1486	CKV2_AWS_60	resource	aws_db_instance	Ensure RDS instance with copy tags to snapshots is enabled	Terraform	RDSEnableCopyTagsToSnapshot.yaml
1487	CKV2_AWS_61	resource	aws_s3_bucket	Ensure that an S3 bucket has a lifecycle configuration	Terraform	S3BucketLifecycle.yaml
1488	CKV2_AWS_62	resource	aws_s3_bucket	Ensure S3 buckets should have event notifications enabled	Terraform	S3BucketEventNotifications.yaml
1489	CKV2_AWS_63	resource	aws_networkfirewall_firewall	Ensure Network firewall has logging configuration defined	Terraform	NetworkFirewallHasLogging.yaml
1490	CKV_AZURE_1	resource	Microsoft.Compute/virtualMachines	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	arm	AzureInstancePassword.py
1491	CKV_AZURE_1	resource	Microsoft.Compute/virtualMachines	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Bicep	AzureInstancePassword.py
1492	CKV_AZURE_1	resource	azurerm_linux_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	AzureInstancePassword.py
1493	CKV_AZURE_1	resource	azurerm_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	AzureInstancePassword.py
1494	CKV_AZURE_2	resource	Microsoft.Compute/disks	Ensure Azure managed disk have encryption enabled	arm	AzureManagedDiscEncryption.py
1495	CKV_AZURE_2	resource	Microsoft.Compute/disks	Ensure Azure managed disk have encryption enabled	Bicep	AzureManagedDiscEncryption.py
1496	CKV_AZURE_2	resource	azurerm_managed_disk	Ensure Azure managed disk has encryption enabled	Terraform	AzureManagedDiskEncryption.py
1497	CKV_AZURE_3	resource	Microsoft.Storage/storageAccounts	Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’	arm	StorageAccountsTransportEncryption.py
1498	CKV_AZURE_3	resource	Microsoft.Storage/storageAccounts	Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’	Bicep	StorageAccountsTransportEncryption.py
1499	CKV_AZURE_3	resource	azurerm_storage_account	Ensure that ‘enable_https_traffic_only’ is enabled	Terraform	StorageAccountsTransportEncryption.py
1500	CKV_AZURE_4	resource	Microsoft.ContainerService/managedClusters	Ensure AKS logging to Azure Monitoring is Configured	arm	AKSLoggingEnabled.py
1501	CKV_AZURE_4	resource	Microsoft.ContainerService/managedClusters	Ensure AKS logging to Azure Monitoring is Configured	Bicep	AKSLoggingEnabled.py
1502	CKV_AZURE_4	resource	azurerm_kubernetes_cluster	Ensure AKS logging to Azure Monitoring is Configured	Terraform	AKSLoggingEnabled.py
1503	CKV_AZURE_5	resource	Microsoft.ContainerService/managedClusters	Ensure RBAC is enabled on AKS clusters	arm	AKSRbacEnabled.py
1504	CKV_AZURE_5	resource	Microsoft.ContainerService/managedClusters	Ensure RBAC is enabled on AKS clusters	Bicep	AKSRbacEnabled.py
1505	CKV_AZURE_5	resource	azurerm_kubernetes_cluster	Ensure RBAC is enabled on AKS clusters	Terraform	AKSRbacEnabled.py
1506	CKV_AZURE_6	resource	Microsoft.ContainerService/managedClusters	Ensure AKS has an API Server Authorized IP Ranges enabled	arm	AKSApiServerAuthorizedIpRanges.py
1507	CKV_AZURE_6	resource	Microsoft.ContainerService/managedClusters	Ensure AKS has an API Server Authorized IP Ranges enabled	Bicep	AKSApiServerAuthorizedIpRanges.py
1508	CKV_AZURE_6	resource	azurerm_kubernetes_cluster	Ensure AKS has an API Server Authorized IP Ranges enabled	Terraform	AKSApiServerAuthorizedIpRanges.py
1509	CKV_AZURE_7	resource	Microsoft.ContainerService/managedClusters	Ensure AKS cluster has Network Policy configured	arm	AKSNetworkPolicy.py
1510	CKV_AZURE_7	resource	Microsoft.ContainerService/managedClusters	Ensure AKS cluster has Network Policy configured	Bicep	AKSNetworkPolicy.py
1511	CKV_AZURE_7	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Network Policy configured	Terraform	AKSNetworkPolicy.py
1512	CKV_AZURE_8	resource	Microsoft.ContainerService/managedClusters	Ensure Kubernetes Dashboard is disabled	arm	AKSDashboardDisabled.py
1513	CKV_AZURE_8	resource	Microsoft.ContainerService/managedClusters	Ensure Kubernetes Dashboard is disabled	Bicep	AKSDashboardDisabled.py
1514	CKV_AZURE_8	resource	azurerm_kubernetes_cluster	Ensure Kubernetes Dashboard is disabled	Terraform	AKSDashboardDisabled.py
1515	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups	Ensure that RDP access is restricted from the internet	arm	NSGRuleRDPAccessRestricted.py
1516	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups	Ensure that RDP access is restricted from the internet	Bicep	NSGRuleRDPAccessRestricted.py
1517	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that RDP access is restricted from the internet	arm	NSGRuleRDPAccessRestricted.py
1518	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that RDP access is restricted from the internet	Bicep	NSGRuleRDPAccessRestricted.py
1519	CKV_AZURE_9	resource	azurerm_network_security_group	Ensure that RDP access is restricted from the internet	Terraform	NSGRuleRDPAccessRestricted.py
1520	CKV_AZURE_9	resource	azurerm_network_security_rule	Ensure that RDP access is restricted from the internet	Terraform	NSGRuleRDPAccessRestricted.py
1521	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups	Ensure that SSH access is restricted from the internet	arm	NSGRuleSSHAccessRestricted.py
1522	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups	Ensure that SSH access is restricted from the internet	Bicep	NSGRuleSSHAccessRestricted.py
1523	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that SSH access is restricted from the internet	arm	NSGRuleSSHAccessRestricted.py
1524	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that SSH access is restricted from the internet	Bicep	NSGRuleSSHAccessRestricted.py
1525	CKV_AZURE_10	resource	azurerm_network_security_group	Ensure that SSH access is restricted from the internet	Terraform	NSGRuleSSHAccessRestricted.py
1526	CKV_AZURE_10	resource	azurerm_network_security_rule	Ensure that SSH access is restricted from the internet	Terraform	NSGRuleSSHAccessRestricted.py
1527	CKV_AZURE_11	resource	Microsoft.Sql/servers	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	arm	SQLServerNoPublicAccess.py
1528	CKV_AZURE_11	resource	Microsoft.Sql/servers	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Bicep	SQLServerNoPublicAccess.py
1529	CKV_AZURE_11	resource	azurerm_mariadb_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1530	CKV_AZURE_11	resource	azurerm_mysql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1531	CKV_AZURE_11	resource	azurerm_postgresql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1532	CKV_AZURE_11	resource	azurerm_sql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1533	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1534	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1535	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1536	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1537	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1538	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1539	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1540	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1541	CKV_AZURE_12	resource	azurerm_network_watcher_flow_log	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Terraform	NetworkWatcherFlowLogPeriod.py
1542	CKV_AZURE_13	resource	Microsoft.Web/sites/config	Ensure App Service Authentication is set on Azure App Service	arm	AppServiceAuthentication.py
1543	CKV_AZURE_13	resource	Microsoft.Web/sites/config	Ensure App Service Authentication is set on Azure App Service	Bicep	AppServiceAuthentication.py
1544	CKV_AZURE_13	resource	azurerm_app_service	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1545	CKV_AZURE_13	resource	azurerm_linux_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1546	CKV_AZURE_13	resource	azurerm_windows_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1547	CKV_AZURE_13	resource	config	Ensure App Service Authentication is set on Azure App Service	arm	AppServiceAuthentication.py
1548	CKV_AZURE_13	resource	config	Ensure App Service Authentication is set on Azure App Service	Bicep	AppServiceAuthentication.py
1549	CKV_AZURE_14	resource	Microsoft.Web/sites	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	arm	AppServiceHTTPSOnly.py
1550	CKV_AZURE_14	resource	Microsoft.Web/sites	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Bicep	AppServiceHTTPSOnly.py
1551	CKV_AZURE_14	resource	azurerm_app_service	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1552	CKV_AZURE_14	resource	azurerm_linux_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1553	CKV_AZURE_14	resource	azurerm_windows_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1554	CKV_AZURE_15	resource	Microsoft.Web/sites	Ensure web app is using the latest version of TLS encryption	arm	AppServiceMinTLSVersion.py
1555	CKV_AZURE_15	resource	Microsoft.Web/sites	Ensure web app is using the latest version of TLS encryption	Bicep	AppServiceMinTLSVersion.py
1556	CKV_AZURE_15	resource	azurerm_app_service	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1557	CKV_AZURE_15	resource	azurerm_linux_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1558	CKV_AZURE_15	resource	azurerm_windows_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1559	CKV_AZURE_16	resource	Microsoft.Web/sites	Ensure that Register with Azure Active Directory is enabled on App Service	arm	AppServiceIdentity.py
1560	CKV_AZURE_16	resource	Microsoft.Web/sites	Ensure that Register with Azure Active Directory is enabled on App Service	Bicep	AppServiceIdentity.py
1561	CKV_AZURE_16	resource	azurerm_app_service	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1562	CKV_AZURE_16	resource	azurerm_linux_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1563	CKV_AZURE_16	resource	azurerm_windows_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1564	CKV_AZURE_17	resource	Microsoft.Web/sites	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	arm	AppServiceClientCertificate.py
1565	CKV_AZURE_17	resource	Microsoft.Web/sites	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Bicep	AppServiceClientCertificate.py
1566	CKV_AZURE_17	resource	azurerm_app_service	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1567	CKV_AZURE_17	resource	azurerm_linux_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1568	CKV_AZURE_17	resource	azurerm_windows_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1569	CKV_AZURE_18	resource	Microsoft.Web/sites	Ensure that ‘HTTP Version’ is the latest if used to run the web app	arm	AppServiceHttps20Enabled.py
1570	CKV_AZURE_18	resource	Microsoft.Web/sites	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Bicep	AppServiceHttps20Enabled.py
1571	CKV_AZURE_18	resource	azurerm_app_service	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1572	CKV_AZURE_18	resource	azurerm_linux_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1573	CKV_AZURE_18	resource	azurerm_windows_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1574	CKV_AZURE_19	resource	Microsoft.Security/pricings	Ensure that standard pricing tier is selected	arm	SecurityCenterStandardPricing.py
1575	CKV_AZURE_19	resource	Microsoft.Security/pricings	Ensure that standard pricing tier is selected	Bicep	SecurityCenterStandardPricing.py
1576	CKV_AZURE_19	resource	azurerm_security_center_subscription_pricing	Ensure that standard pricing tier is selected	Terraform	SecurityCenterStandardPricing.py
1577	CKV_AZURE_20	resource	Microsoft.Security/securityContacts	Ensure that security contact ‘Phone number’ is set	arm	SecurityCenterContactPhone.py
1578	CKV_AZURE_20	resource	Microsoft.Security/securityContacts	Ensure that security contact ‘Phone number’ is set	Bicep	SecurityCenterContactPhone.py
1579	CKV_AZURE_20	resource	azurerm_security_center_contact	Ensure that security contact ‘Phone number’ is set	Terraform	SecurityCenterContactPhone.py
1580	CKV_AZURE_21	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	arm	SecurityCenterContactEmailAlert.py
1581	CKV_AZURE_21	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Bicep	SecurityCenterContactEmailAlert.py
1582	CKV_AZURE_21	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	SecurityCenterContactEmailAlert.py
1583	CKV_AZURE_22	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	arm	SecurityCenterContactEmailAlertAdmins.py
1584	CKV_AZURE_22	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Bicep	SecurityCenterContactEmailAlertAdmins.py
1585	CKV_AZURE_22	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	SecurityCenterContactEmailAlertAdmins.py
1586	CKV_AZURE_23	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers	arm	SQLServerAuditingEnabled.py
1587	CKV_AZURE_23	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1588	CKV_AZURE_23	resource	Microsoft.Sql/servers/auditingSettings	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1589	CKV_AZURE_23	resource	Microsoft.Sql/servers/databases	Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers	arm	SQLServerAuditingEnabled.py
1590	CKV_AZURE_23	resource	Microsoft.Sql/servers/databases	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1591	CKV_AZURE_23	resource	Microsoft.Sql/servers/databases/auditingSettings	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1592	CKV_AZURE_23	resource	azurerm_mssql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1593	CKV_AZURE_23	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1594	CKV_AZURE_23	resource	azurerm_sql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1595	CKV_AZURE_24	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	arm	SQLServerAuditingRetention90Days.py
1596	CKV_AZURE_24	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Bicep	SQLServerAuditingRetention90Days.py
1597	CKV_AZURE_24	resource	azurerm_mssql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1598	CKV_AZURE_24	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1599	CKV_AZURE_24	resource	azurerm_sql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1600	CKV_AZURE_25	resource	Microsoft.Sql/servers/databases	Ensure that ‘Threat Detection types’ is set to ‘All’	arm	SQLServerThreatDetectionTypes.py
1601	CKV_AZURE_25	resource	Microsoft.Sql/servers/databases	Ensure that ‘Threat Detection types’ is set to ‘All’	Bicep	SQLServerThreatDetectionTypes.py
1602	CKV_AZURE_25	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Threat Detection types’ is set to ‘All’	Terraform	SQLServerThreatDetectionTypes.py
1603	CKV_AZURE_26	resource	Microsoft.Sql/servers/databases	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	arm	SQLServerEmailAlertsEnabled.py
1604	CKV_AZURE_26	resource	Microsoft.Sql/servers/databases	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	Bicep	SQLServerEmailAlertsEnabled.py
1605	CKV_AZURE_26	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	Terraform	SQLServerEmailAlertsEnabled.py
1606	CKV_AZURE_27	resource	Microsoft.Sql/servers/databases	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	arm	SQLServerEmailAlertsToAdminsEnabled.py
1607	CKV_AZURE_27	resource	Microsoft.Sql/servers/databases	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	Bicep	SQLServerEmailAlertsToAdminsEnabled.py
1608	CKV_AZURE_27	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	Terraform	SQLServerEmailAlertsToAdminsEnabled.py
1609	CKV_AZURE_28	resource	Microsoft.DBforMySQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	arm	MySQLServerSSLEnforcementEnabled.py
1610	CKV_AZURE_28	resource	Microsoft.DBforMySQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	Bicep	MySQLServerSSLEnforcementEnabled.py
1611	CKV_AZURE_28	resource	azurerm_mysql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	Terraform	MySQLServerSSLEnforcementEnabled.py
1612	CKV_AZURE_29	resource	Microsoft.DBforPostgreSQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	arm	PostgreSQLServerSSLEnforcementEnabled.py
1613	CKV_AZURE_29	resource	Microsoft.DBforPostgreSQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	Bicep	PostgreSQLServerSSLEnforcementEnabled.py
1614	CKV_AZURE_29	resource	azurerm_postgresql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	Terraform	PostgreSQLServerSSLEnforcementEnabled.py
1615	CKV_AZURE_30	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogCheckpointsEnabled.py
1616	CKV_AZURE_30	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogCheckpointsEnabled.py
1617	CKV_AZURE_30	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogCheckpointsEnabled.py
1618	CKV_AZURE_30	resource	configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogCheckpointsEnabled.py
1619	CKV_AZURE_30	resource	configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogCheckpointsEnabled.py
1620	CKV_AZURE_31	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogConnectionsEnabled.py
1621	CKV_AZURE_31	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogConnectionsEnabled.py
1622	CKV_AZURE_31	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogConnectionsEnabled.py
1623	CKV_AZURE_31	resource	configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogConnectionsEnabled.py
1624	CKV_AZURE_31	resource	configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogConnectionsEnabled.py
1625	CKV_AZURE_32	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerConnectionThrottlingEnabled.py
1626	CKV_AZURE_32	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerConnectionThrottlingEnabled.py
1627	CKV_AZURE_32	resource	azurerm_postgresql_configuration	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerConnectionThrottlingEnabled.py
1628	CKV_AZURE_32	resource	configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerConnectionThrottlingEnabled.py
1629	CKV_AZURE_32	resource	configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerConnectionThrottlingEnabled.py
1630	CKV_AZURE_33	resource	Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings	Ensure Storage logging is enabled for Queue service for read, write and delete requests	arm	StorageAccountLoggingQueueServiceEnabled.py
1631	CKV_AZURE_33	resource	Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings	Ensure Storage logging is enabled for Queue service for read, write and delete requests	Bicep	StorageAccountLoggingQueueServiceEnabled.py
1632	CKV_AZURE_33	resource	azurerm_storage_account	Ensure Storage logging is enabled for Queue service for read, write and delete requests	Terraform	StorageAccountLoggingQueueServiceEnabled.py
1633	CKV_AZURE_34	resource	Microsoft.Storage/storageAccounts/blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	arm	StorageBlobServiceContainerPrivateAccess.py
1634	CKV_AZURE_34	resource	Microsoft.Storage/storageAccounts/blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	Bicep	StorageBlobServiceContainerPrivateAccess.py
1635	CKV_AZURE_34	resource	azurerm_storage_container	Ensure that ‘Public access level’ is set to Private for blob containers	Terraform	StorageBlobServiceContainerPrivateAccess.py
1636	CKV_AZURE_34	resource	blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	arm	StorageBlobServiceContainerPrivateAccess.py
1637	CKV_AZURE_34	resource	blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	Bicep	StorageBlobServiceContainerPrivateAccess.py
1638	CKV_AZURE_34	resource	containers	Ensure that ‘Public access level’ is set to Private for blob containers	arm	StorageBlobServiceContainerPrivateAccess.py
1639	CKV_AZURE_34	resource	containers	Ensure that ‘Public access level’ is set to Private for blob containers	Bicep	StorageBlobServiceContainerPrivateAccess.py
1640	CKV_AZURE_35	resource	Microsoft.Storage/storageAccounts	Ensure default network access rule for Storage Accounts is set to deny	arm	StorageAccountDefaultNetworkAccessDeny.py
1641	CKV_AZURE_35	resource	Microsoft.Storage/storageAccounts	Ensure default network access rule for Storage Accounts is set to deny	Bicep	StorageAccountDefaultNetworkAccessDeny.py
1642	CKV_AZURE_35	resource	azurerm_storage_account	Ensure default network access rule for Storage Accounts is set to deny	Terraform	StorageAccountDefaultNetworkAccessDeny.py
1643	CKV_AZURE_35	resource	azurerm_storage_account_network_rules	Ensure default network access rule for Storage Accounts is set to deny	Terraform	StorageAccountDefaultNetworkAccessDeny.py
1644	CKV_AZURE_36	resource	Microsoft.Storage/storageAccounts	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	arm	StorageAccountAzureServicesAccessEnabled.py
1645	CKV_AZURE_36	resource	Microsoft.Storage/storageAccounts	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Bicep	StorageAccountAzureServicesAccessEnabled.py
1646	CKV_AZURE_36	resource	azurerm_storage_account	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	StorageAccountAzureServicesAccessEnabled.py
1647	CKV_AZURE_36	resource	azurerm_storage_account_network_rules	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	StorageAccountAzureServicesAccessEnabled.py
1648	CKV_AZURE_37	resource	Microsoft.Insights/logprofiles	Ensure that Activity Log Retention is set 365 days or greater	arm	MonitorLogProfileRetentionDays.py
1649	CKV_AZURE_37	resource	Microsoft.Insights/logprofiles	Ensure that Activity Log Retention is set 365 days or greater	Bicep	MonitorLogProfileRetentionDays.py
1650	CKV_AZURE_37	resource	azurerm_monitor_log_profile	Ensure that Activity Log Retention is set 365 days or greater	Terraform	MonitorLogProfileRetentionDays.py
1651	CKV_AZURE_38	resource	Microsoft.Insights/logprofiles	Ensure audit profile captures all the activities	arm	MonitorLogProfileCategories.py
1652	CKV_AZURE_38	resource	Microsoft.Insights/logprofiles	Ensure audit profile captures all the activities	Bicep	MonitorLogProfileCategories.py
1653	CKV_AZURE_38	resource	azurerm_monitor_log_profile	Ensure audit profile captures all the activities	Terraform	MonitorLogProfileCategories.py
1654	CKV_AZURE_39	resource	Microsoft.Authorization/roleDefinitions	Ensure that no custom subscription owner roles are created	arm	CustomRoleDefinitionSubscriptionOwner.py
1655	CKV_AZURE_39	resource	Microsoft.Authorization/roleDefinitions	Ensure that no custom subscription owner roles are created	Bicep	CustomRoleDefinitionSubscriptionOwner.py
1656	CKV_AZURE_39	resource	azurerm_role_definition	Ensure that no custom subscription owner roles are created	Terraform	CutsomRoleDefinitionSubscriptionOwner.py
1657	CKV_AZURE_40	resource	azurerm_key_vault_key	Ensure that the expiration date is set on all keys	Terraform	KeyExpirationDate.py
1658	CKV_AZURE_41	resource	Microsoft.KeyVault/vaults/secrets	Ensure that the expiration date is set on all secrets	arm	SecretExpirationDate.py
1659	CKV_AZURE_41	resource	Microsoft.KeyVault/vaults/secrets	Ensure that the expiration date is set on all secrets	Bicep	SecretExpirationDate.py
1660	CKV_AZURE_41	resource	azurerm_key_vault_secret	Ensure that the expiration date is set on all secrets	Terraform	SecretExpirationDate.py
1661	CKV_AZURE_42	resource	Microsoft.KeyVault/vaults	Ensure the key vault is recoverable	arm	KeyvaultRecoveryEnabled.py
1662	CKV_AZURE_42	resource	Microsoft.KeyVault/vaults	Ensure the key vault is recoverable	Bicep	KeyvaultRecoveryEnabled.py
1663	CKV_AZURE_42	resource	azurerm_key_vault	Ensure the key vault is recoverable	Terraform	KeyvaultRecoveryEnabled.py
1664	CKV_AZURE_43	resource	azurerm_storage_account	Ensure Storage Accounts adhere to the naming rules	Terraform	StorageAccountName.py
1665	CKV_AZURE_44	resource	azurerm_storage_account	Ensure Storage Account is using the latest version of TLS encryption	Terraform	StorageAccountMinimumTlsVersion.py
1666	CKV_AZURE_45	resource	azurerm_virtual_machine	Ensure that no sensitive credentials are exposed in VM custom_data	Terraform	VMCredsInCustomData.py
1667	CKV_AZURE_47	resource	Microsoft.DBforMariaDB/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	arm	MariaDBSSLEnforcementEnabled.py
1668	CKV_AZURE_47	resource	Microsoft.DBforMariaDB/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	Bicep	MariaDBSSLEnforcementEnabled.py
1669	CKV_AZURE_47	resource	azurerm_mariadb_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	Terraform	MariaDBSSLEnforcementEnabled.py
1670	CKV_AZURE_48	resource	azurerm_mariadb_server	Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers	Terraform	MariaDBPublicAccessDisabled.py
1671	CKV_AZURE_49	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	arm	AzureScaleSetPassword.py
1672	CKV_AZURE_49	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	Bicep	AzureScaleSetPassword.py
1673	CKV_AZURE_49	resource	azurerm_linux_virtual_machine_scale_set	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	Terraform	AzureScaleSetPassword.py
1674	CKV_AZURE_50	resource	azurerm_linux_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	AzureInstanceExtensions.py
1675	CKV_AZURE_50	resource	azurerm_windows_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	AzureInstanceExtensions.py
1676	CKV_AZURE_52	resource	azurerm_mssql_server	Ensure MSSQL is using the latest version of TLS encryption	Terraform	MSSQLServerMinTLSVersion.py
1677	CKV_AZURE_53	resource	azurerm_mysql_server	Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers	Terraform	MySQLPublicAccessDisabled.py
1678	CKV_AZURE_54	resource	azurerm_mysql_server	Ensure MySQL is using the latest version of TLS encryption	Terraform	MySQLServerMinTLSVersion.py
1679	CKV_AZURE_55	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Servers	Terraform	AzureDefenderOnServers.py
1680	CKV_AZURE_56	resource	azurerm_function_app	Ensure that function apps enables Authentication	Terraform	FunctionAppsEnableAuthentication.py
1681	CKV_AZURE_57	resource	azurerm_app_service	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1682	CKV_AZURE_57	resource	azurerm_linux_web_app	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1683	CKV_AZURE_57	resource	azurerm_windows_web_app	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1684	CKV_AZURE_58	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces enables managed virtual networks	Terraform	SynapseWorkspaceEnablesManagedVirtualNetworks.py
1685	CKV_AZURE_59	resource	Microsoft.Storage/storageAccounts	Ensure that Storage accounts disallow public access	arm	StorageAccountDisablePublicAccess.py
1686	CKV_AZURE_59	resource	Microsoft.Storage/storageAccounts	Ensure that Storage accounts disallow public access	Bicep	StorageAccountDisablePublicAccess.py
1687	CKV_AZURE_59	resource	azurerm_storage_account	Ensure that Storage accounts disallow public access	Terraform	StorageAccountDisablePublicAccess.py
1688	CKV_AZURE_61	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for App Service	Terraform	AzureDefenderOnAppServices.py
1689	CKV_AZURE_62	resource	azurerm_function_app	Ensure function apps are not accessible from all regions	Terraform	FunctionAppDisallowCORS.py
1690	CKV_AZURE_63	resource	azurerm_app_service	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1691	CKV_AZURE_63	resource	azurerm_linux_web_app	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1692	CKV_AZURE_63	resource	azurerm_windows_web_app	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1693	CKV_AZURE_64	resource	azurerm_storage_sync	Ensure that Azure File Sync disables public network access	Terraform	StorageSyncPublicAccessDisabled.py
1694	CKV_AZURE_65	resource	azurerm_app_service	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1695	CKV_AZURE_65	resource	azurerm_linux_web_app	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1696	CKV_AZURE_65	resource	azurerm_windows_web_app	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1697	CKV_AZURE_66	resource	azurerm_app_service	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1698	CKV_AZURE_66	resource	azurerm_linux_web_app	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1699	CKV_AZURE_66	resource	azurerm_windows_web_app	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1700	CKV_AZURE_67	resource	azurerm_function_app	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	FunctionAppHttpVersionLatest.py
1701	CKV_AZURE_67	resource	azurerm_function_app_slot	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	FunctionAppHttpVersionLatest.py
1702	CKV_AZURE_68	resource	azurerm_postgresql_server	Ensure that PostgreSQL server disables public network access	Terraform	PostgreSQLServerPublicAccessDisabled.py
1703	CKV_AZURE_69	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Azure SQL database servers	Terraform	AzureDefenderOnSqlServers.py
1704	CKV_AZURE_70	resource	azurerm_function_app	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1705	CKV_AZURE_71	resource	azurerm_app_service	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1706	CKV_AZURE_71	resource	azurerm_linux_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1707	CKV_AZURE_71	resource	azurerm_windows_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1708	CKV_AZURE_72	resource	azurerm_app_service	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1709	CKV_AZURE_72	resource	azurerm_linux_web_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1710	CKV_AZURE_72	resource	azurerm_windows_web_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1711	CKV_AZURE_73	resource	azurerm_automation_variable_bool	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1712	CKV_AZURE_73	resource	azurerm_automation_variable_datetime	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1713	CKV_AZURE_73	resource	azurerm_automation_variable_int	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1714	CKV_AZURE_73	resource	azurerm_automation_variable_string	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1715	CKV_AZURE_74	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer (Kusto) uses disk encryption	Terraform	DataExplorerUsesDiskEncryption.py
1716	CKV_AZURE_75	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer uses double encryption	Terraform	AzureDataExplorerDoubleEncryptionEnabled.py
1717	CKV_AZURE_76	resource	azurerm_batch_account	Ensure that Azure Batch account uses key vault to encrypt data	Terraform	AzureBatchAccountUsesKeyVaultEncryption.py
1718	CKV_AZURE_77	resource	azurerm_network_security_group	Ensure that UDP Services are restricted from the Internet	Terraform	NSGRuleUDPAccessRestricted.py
1719	CKV_AZURE_77	resource	azurerm_network_security_rule	Ensure that UDP Services are restricted from the Internet	Terraform	NSGRuleUDPAccessRestricted.py
1720	CKV_AZURE_78	resource	azurerm_app_service	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1721	CKV_AZURE_78	resource	azurerm_linux_web_app	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1722	CKV_AZURE_78	resource	azurerm_windows_web_app	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1723	CKV_AZURE_79	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for SQL servers on machines	Terraform	AzureDefenderOnSqlServerVMS.py
1724	CKV_AZURE_80	resource	azurerm_app_service	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Terraform	AppServiceDotnetFrameworkVersion.py
1725	CKV_AZURE_81	resource	azurerm_app_service	Ensure that ‘PHP version’ is the latest, if used to run the web app	Terraform	AppServicePHPVersion.py
1726	CKV_AZURE_82	resource	azurerm_app_service	Ensure that ‘Python version’ is the latest, if used to run the web app	Terraform	AppServicePythonVersion.py
1727	CKV_AZURE_83	resource	azurerm_app_service	Ensure that ‘Java version’ is the latest, if used to run the web app	Terraform	AppServiceJavaVersion.py
1728	CKV_AZURE_84	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Storage	Terraform	AzureDefenderOnStorage.py
1729	CKV_AZURE_85	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Kubernetes	Terraform	AzureDefenderOnKubernetes.py
1730	CKV_AZURE_86	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Container Registries	Terraform	AzureDefenderOnContainerRegistry.py
1731	CKV_AZURE_87	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Key Vault	Terraform	AzureDefenderOnKeyVaults.py
1732	CKV_AZURE_88	resource	azurerm_app_service	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1733	CKV_AZURE_88	resource	azurerm_linux_web_app	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1734	CKV_AZURE_88	resource	azurerm_windows_web_app	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1735	CKV_AZURE_89	resource	azurerm_redis_cache	Ensure that Azure Cache for Redis disables public network access	Terraform	RedisCachePublicNetworkAccessEnabled.py
1736	CKV_AZURE_91	resource	azurerm_redis_cache	Ensure that only SSL are enabled for Cache for Redis	Terraform	RedisCacheEnableNonSSLPort.py
1737	CKV_AZURE_92	resource	azurerm_linux_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	VMStorageOsDisk.py
1738	CKV_AZURE_92	resource	azurerm_windows_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	VMStorageOsDisk.py
1739	CKV_AZURE_93	resource	azurerm_managed_disk	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	Terraform	AzureManagedDiskEncryptionSet.py
1740	CKV_AZURE_94	resource	azurerm_mysql_flexible_server	Ensure that My SQL server enables geo-redundant backups	Terraform	MySQLGeoBackupEnabled.py
1741	CKV_AZURE_94	resource	azurerm_mysql_server	Ensure that My SQL server enables geo-redundant backups	Terraform	MySQLGeoBackupEnabled.py
1742	CKV_AZURE_95	resource	azurerm_virtual_machine_scale_set	Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets	Terraform	VMScaleSetsAutoOSImagePatchingEnabled.py
1743	CKV_AZURE_96	resource	azurerm_mysql_server	Ensure that MySQL server enables infrastructure encryption	Terraform	MySQLEncryptionEnaled.py
1744	CKV_AZURE_97	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	VMEncryptionAtHostEnabled.py
1745	CKV_AZURE_97	resource	azurerm_windows_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	VMEncryptionAtHostEnabled.py
1746	CKV_AZURE_98	resource	azurerm_container_group	Ensure that Azure Container group is deployed into virtual network	Terraform	AzureContainerGroupDeployedIntoVirtualNetwork.py
1747	CKV_AZURE_99	resource	azurerm_cosmosdb_account	Ensure Cosmos DB accounts have restricted access	Terraform	CosmosDBAccountsRestrictedAccess.py
1748	CKV_AZURE_100	resource	azurerm_cosmosdb_account	Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest	Terraform	CosmosDBHaveCMK.py
1749	CKV_AZURE_101	resource	azurerm_cosmosdb_account	Ensure that Azure Cosmos DB disables public network access	Terraform	CosmosDBDisablesPublicNetwork.py
1750	CKV_AZURE_102	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables geo-redundant backups	Terraform	PostgressSQLGeoBackupEnabled.py
1751	CKV_AZURE_103	resource	azurerm_data_factory	Ensure that Azure Data Factory uses Git repository for source control	Terraform	DataFactoryUsesGitRepository.py
1752	CKV_AZURE_104	resource	azurerm_data_factory	Ensure that Azure Data factory public network access is disabled	Terraform	DataFactoryNoPublicNetworkAccess.py
1753	CKV_AZURE_105	resource	azurerm_data_lake_store	Ensure that Data Lake Store accounts enables encryption	Terraform	DataLakeStoreEncryption.py
1754	CKV_AZURE_106	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain public network access is disabled	Terraform	EventgridDomainNetworkAccess.py
1755	CKV_AZURE_107	resource	azurerm_api_management	Ensure that API management services use virtual networks	Terraform	APIServicesUseVirtualNetwork.py
1756	CKV_AZURE_108	resource	azurerm_iothub	Ensure that Azure IoT Hub disables public network access	Terraform	IoTNoPublicNetworkAccess.py
1757	CKV_AZURE_109	resource	azurerm_key_vault	Ensure that key vault allows firewall rules settings	Terraform	KeyVaultEnablesFirewallRulesSettings.py
1758	CKV_AZURE_110	resource	azurerm_key_vault	Ensure that key vault enables purge protection	Terraform	KeyVaultEnablesPurgeProtection.py
1759	CKV_AZURE_111	resource	azurerm_key_vault	Ensure that key vault enables soft delete	Terraform	KeyVaultEnablesSoftDelete.py
1760	CKV_AZURE_112	resource	azurerm_key_vault_key	Ensure that key vault key is backed by HSM	Terraform	KeyBackedByHSM.py
1761	CKV_AZURE_113	resource	azurerm_mssql_server	Ensure that SQL server disables public network access	Terraform	SQLServerPublicAccessDisabled.py
1762	CKV_AZURE_114	resource	azurerm_key_vault_secret	Ensure that key vault secrets have “content_type” set	Terraform	SecretContentType.py
1763	CKV_AZURE_115	resource	azurerm_kubernetes_cluster	Ensure that AKS enables private clusters	Terraform	AKSEnablesPrivateClusters.py
1764	CKV_AZURE_116	resource	azurerm_kubernetes_cluster	Ensure that AKS uses Azure Policies Add-on	Terraform	AKSUsesAzurePoliciesAddon.py
1765	CKV_AZURE_117	resource	azurerm_kubernetes_cluster	Ensure that AKS uses disk encryption set	Terraform	AKSUsesDiskEncryptionSet.py
1766	CKV_AZURE_118	resource	azurerm_network_interface	Ensure that Network Interfaces disable IP forwarding	Terraform	NetworkInterfaceEnableIPForwarding.py
1767	CKV_AZURE_119	resource	azurerm_network_interface	Ensure that Network Interfaces don’t use public IPs	Terraform	AzureNetworkInterfacePublicIPAddressId.yaml
1768	CKV_AZURE_120	resource	azurerm_application_gateway	Ensure that Application Gateway enables WAF	Terraform	ApplicationGatewayEnablesWAF.yaml
1769	CKV_AZURE_120	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway enables WAF	Terraform	ApplicationGatewayEnablesWAF.yaml
1770	CKV_AZURE_121	resource	Microsoft.Network/frontDoors	Ensure that Azure Front Door enables WAF	arm	AzureFrontDoorEnablesWAF.py
1771	CKV_AZURE_121	resource	Microsoft.Network/frontDoors	Ensure that Azure Front Door enables WAF	Bicep	AzureFrontDoorEnablesWAF.py
1772	CKV_AZURE_121	resource	azurerm_frontdoor	Ensure that Azure Front Door enables WAF	Terraform	AzureFrontDoorEnablesWAF.py
1773	CKV_AZURE_122	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes	Terraform	AppGWUseWAFMode.py
1774	CKV_AZURE_123	resource	Microsoft.Network/FrontDoorWebApplicationFirewallPolicies	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	arm	FrontdoorUseWAFMode.py
1775	CKV_AZURE_123	resource	Microsoft.Network/FrontDoorWebApplicationFirewallPolicies	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	Bicep	FrontdoorUseWAFMode.py
1776	CKV_AZURE_123	resource	azurerm_frontdoor_firewall_policy	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	Terraform	FrontdoorUseWAFMode.py
1777	CKV_AZURE_124	resource	azurerm_search_service	Ensure that Azure Cognitive Search disables public network access	Terraform	AzureSearchPublicNetworkAccessDisabled.py
1778	CKV_AZURE_125	resource	azurerm_service_fabric_cluster	Ensures that Service Fabric use three levels of protection available	Terraform	AzureServiceFabricClusterProtectionLevel.py
1779	CKV_AZURE_126	resource	azurerm_service_fabric_cluster	Ensures that Active Directory is used for authentication for Service Fabric	Terraform	ActiveDirectoryUsedAuthenticationServiceFabric.py
1780	CKV_AZURE_127	resource	azurerm_mysql_server	Ensure that My SQL server enables Threat detection policy	Terraform	MySQLTreatDetectionEnabled.py
1781	CKV_AZURE_128	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables Threat detection policy	Terraform	PostgresSQLTreatDetectionEnabled.py
1782	CKV_AZURE_129	resource	azurerm_mariadb_server	Ensure that MariaDB server enables geo-redundant backups	Terraform	MariaDBGeoBackupEnabled.py
1783	CKV_AZURE_130	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables infrastructure encryption	Terraform	PostgreSQLEncryptionEnabled.py
1784	CKV_AZURE_131	resource	azurerm_security_center_contact	Ensure that ‘Security contact emails’ is set	Terraform	SecurityCenterContactEmails.py
1785	CKV_AZURE_131	parameter	secureString	SecureString parameter should not have hardcoded default values	arm	SecureStringParameterNoHardcodedValue.py
1786	CKV_AZURE_131	parameter	string	SecureString parameter should not have hardcoded default values	Bicep	SecureStringParameterNoHardcodedValue.py
1787	CKV_AZURE_132	resource	Microsoft.DocumentDB/databaseAccounts	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	arm	CosmosDBDisableAccessKeyWrite.py
1788	CKV_AZURE_132	resource	Microsoft.DocumentDB/databaseAccounts	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	Bicep	CosmosDBDisableAccessKeyWrite.py
1789	CKV_AZURE_132	resource	azurerm_cosmosdb_account	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	Terraform	CosmosDBDisableAccessKeyWrite.py
1790	CKV_AZURE_133	resource	azurerm_frontdoor_firewall_policy	Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	FrontDoorWAFACLCVE202144228.py
1791	CKV_AZURE_134	resource	azurerm_cognitive_account	Ensure that Cognitive Services accounts disable public network access	Terraform	CognitiveServicesDisablesPublicNetwork.py
1792	CKV_AZURE_135	resource	azurerm_web_application_firewall_policy	Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	AppGatewayWAFACLCVE202144228.py
1793	CKV_AZURE_136	resource	azurerm_postgresql_flexible_server	Ensure that PostgreSQL Flexible server enables geo-redundant backups	Terraform	PostgreSQLFlexiServerGeoBackupEnabled.py
1794	CKV_AZURE_137	resource	azurerm_container_registry	Ensure ACR admin account is disabled	Terraform	ACRAdminAccountDisabled.py
1795	CKV_AZURE_138	resource	azurerm_container_registry	Ensures that ACR disables anonymous pulling of images	Terraform	ACRAnonymousPullDisabled.py
1796	CKV_AZURE_139	resource	azurerm_container_registry	Ensure ACR set to disable public networking	Terraform	ACRPublicNetworkAccessDisabled.py
1797	CKV_AZURE_140	resource	azurerm_cosmosdb_account	Ensure that Local Authentication is disabled on CosmosDB	Terraform	CosmosDBLocalAuthDisabled.py
1798	CKV_AZURE_141	resource	azurerm_kubernetes_cluster	Ensure AKS local admin account is disabled	Terraform	AKSLocalAdminDisabled.py
1799	CKV_AZURE_142	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Local Authentication is disabled	Terraform	MLCCLADisabled.py
1800	CKV_AZURE_143	resource	azurerm_kubernetes_cluster	Ensure AKS cluster nodes do not have public IP addresses	Terraform	AKSNodePublicIpDisabled.py
1801	CKV_AZURE_144	resource	azurerm_machine_learning_workspace	Ensure that Public Access is disabled for Machine Learning Workspace	Terraform	MLPublicAccess.py
1802	CKV_AZURE_145	resource	azurerm_function_app	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
1803	CKV_AZURE_146	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogRetentionEnabled.py
1804	CKV_AZURE_147	resource	azurerm_postgresql_server	Ensure PostgreSQL is using the latest version of TLS encryption	Terraform	PostgreSQLMinTLSVersion.py
1805	CKV_AZURE_148	resource	azurerm_redis_cache	Ensure Redis Cache is using the latest version of TLS encryption	Terraform	RedisCacheMinTLSVersion.py
1806	CKV_AZURE_149	resource	azurerm_linux_virtual_machine	Ensure that Virtual machine does not enable password authentication	Terraform	VMDisablePasswordAuthentication.py
1807	CKV_AZURE_149	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine does not enable password authentication	Terraform	VMDisablePasswordAuthentication.py
1808	CKV_AZURE_150	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0	Terraform	MLComputeClusterMinNodes.py
1809	CKV_AZURE_151	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables encryption	Terraform	WinVMEncryptionAtHost.py
1810	CKV_AZURE_152	resource	azurerm_api_management	Ensure Client Certificates are enforced for API management	Terraform	APIManagementCertsEnforced.py
1811	CKV_AZURE_153	resource	azurerm_app_service_slot	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Terraform	AppServiceSlotHTTPSOnly.py
1812	CKV_AZURE_154	resource	azurerm_app_service_slot	Ensure the App service slot is using the latest version of TLS encryption	Terraform	AppServiceSlotMinTLS.py
1813	CKV_AZURE_155	resource	azurerm_app_service_slot	Ensure debugging is disabled for the App service slot	Terraform	AppServiceSlotDebugDisabled.py
1814	CKV_AZURE_156	resource	azurerm_mssql_database_extended_auditing_policy	Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs	Terraform	MSSQLServerAuditPolicyLogMonitor.py
1815	CKV_AZURE_157	resource	azurerm_synapse_workspace	Ensure that Synapse workspace has data_exfiltration_protection_enabled	Terraform	SynapseWorkspaceEnablesDataExfilProtection.py
1816	CKV_AZURE_158	resource	azurerm_databricks_workspace	Ensure that databricks workspace has not public	Terraform	DatabricksWorkspaceIsNotPublic.py
1817	CKV_AZURE_159	resource	azurerm_function_app	Ensure function app builtin logging is enabled	Terraform	FunctionAppEnableLogging.py
1818	CKV_AZURE_159	resource	azurerm_function_app_slot	Ensure function app builtin logging is enabled	Terraform	FunctionAppEnableLogging.py
1819	CKV_AZURE_160	resource	azurerm_network_security_group	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	NSGRuleHTTPAccessRestricted.py
1820	CKV_AZURE_160	resource	azurerm_network_security_rule	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	NSGRuleHTTPAccessRestricted.py
1821	CKV_AZURE_161	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal is enabled on for HTTPS	Terraform	SpringCloudAPIPortalHTTPSOnly.py
1822	CKV_AZURE_162	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal Public Access Is Disabled	Terraform	SpringCloudAPIPortalPublicAccessIsDisabled.py
1823	CKV_AZURE_163	resource	azurerm_container_registry	Enable vulnerability scanning for container images.	Terraform	ACRContainerScanEnabled.py
1824	CKV_AZURE_164	resource	azurerm_container_registry	Ensures that ACR uses signed/trusted images	Terraform	ACRUseSignedImages.py
1825	CKV_AZURE_165	resource	azurerm_container_registry	Ensure geo-replicated container registries to match multi-region container deployments.	Terraform	ACRGeoreplicated.py
1826	CKV_AZURE_166	resource	azurerm_container_registry	Ensure container image quarantine, scan, and mark images verified	Terraform	ACREnableImageQuarantine.py
1827	CKV_AZURE_167	resource	azurerm_container_registry	Ensure a retention policy is set to cleanup untagged manifests.	Terraform	ACREnableRetentionPolicy.py
1828	CKV_AZURE_168	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	AKSMaxPodsMinimum.py
1829	CKV_AZURE_168	resource	azurerm_kubernetes_cluster_node_pool	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	AKSMaxPodsMinimum.py
1830	CKV_AZURE_169	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets	Terraform	AKSPoolTypeIsScaleSet.py
1831	CKV_AZURE_170	resource	azurerm_kubernetes_cluster	Ensure that AKS use the Paid Sku for its SLA	Terraform	AKSIsPaidSku.py
1832	CKV_AZURE_171	resource	azurerm_kubernetes_cluster	Ensure AKS cluster upgrade channel is chosen	Terraform	AKSUpgradeChannel.py
1833	CKV_AZURE_172	resource	azurerm_kubernetes_cluster	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	Terraform	AKSSecretStoreRotation.py
1834	CKV_AZURE_173	resource	azurerm_api_management	Ensure API management uses at least TLS 1.2	Terraform	APIManagementMinTLS12.py
1835	CKV_AZURE_174	resource	azurerm_api_management	Ensure API management public access is disabled	Terraform	APIManagementPublicAccess.py
1836	CKV_AZURE_175	resource	azurerm_web_pubsub	Ensure Web PubSub uses a SKU with an SLA	Terraform	PubsubSKUSLA.py
1837	CKV_AZURE_176	resource	azurerm_web_pubsub	Ensure Web PubSub uses managed identities to access Azure resources	Terraform	PubsubSpecifyIdentity.py
1838	CKV_AZURE_177	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables automatic updates	Terraform	WinVMAutomaticUpdates.py
1839	CKV_AZURE_177	resource	azurerm_windows_virtual_machine_scale_set	Ensure Windows VM enables automatic updates	Terraform	WinVMAutomaticUpdates.py
1840	CKV_AZURE_178	resource	azurerm_linux_virtual_machine	Ensure linux VM enables SSH with keys for secure communication	Terraform	LinuxVMUsesSSH.py
1841	CKV_AZURE_178	resource	azurerm_linux_virtual_machine_scale_set	Ensure linux VM enables SSH with keys for secure communication	Terraform	LinuxVMUsesSSH.py
1842	CKV_AZURE_179	resource	azurerm_linux_virtual_machine	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1843	CKV_AZURE_179	resource	azurerm_linux_virtual_machine_scale_set	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1844	CKV_AZURE_179	resource	azurerm_windows_virtual_machine	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1845	CKV_AZURE_179	resource	azurerm_windows_virtual_machine_scale_set	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1846	CKV_AZURE_180	resource	azurerm_kusto_cluster	Ensure that data explorer uses Sku with an SLA	Terraform	DataExplorerSKUHasSLA.py
1847	CKV_AZURE_181	resource	azurerm_kusto_cluster	Ensure that data explorer/Kusto uses managed identities to access Azure resources securely.	Terraform	DataExplorerServiceIdentity.py
1848	CKV_AZURE_182	resource	azurerm_virtual_network	Ensure that VNET has at least 2 connected DNS Endpoints	Terraform	VnetSingleDNSServer.py
1849	CKV_AZURE_182	resource	azurerm_virtual_network_dns_servers	Ensure that VNET has at least 2 connected DNS Endpoints	Terraform	VnetSingleDNSServer.py
1850	CKV_AZURE_183	resource	azurerm_virtual_network	Ensure that VNET uses local DNS addresses	Terraform	VnetLocalDNS.py
1851	CKV_AZURE_184	resource	azurerm_app_configuration	Ensure ‘local_auth_enabled’ is set to ‘False’	Terraform	AppConfigLocalAuth.py
1852	CKV_AZURE_185	resource	azurerm_app_configuration	Ensure ‘Public Access’ is not Enabled for App configuration	Terraform	AppConfigPublicAccess.py
1853	CKV_AZURE_186	resource	azurerm_app_configuration	Ensure App configuration encryption block is set.	Terraform	AppConfigEncryption.py
1854	CKV_AZURE_187	resource	azurerm_app_configuration	Ensure App configuration purge protection is enabled	Terraform	AppConfigPurgeProtection.py
1855	CKV_AZURE_188	resource	azurerm_app_configuration	Ensure App configuration Sku is standard	Terraform	AppConfigSku.py
1856	CKV_AZURE_189	resource	azurerm_key_vault	Ensure that Azure Key Vault disables public network access	Terraform	KeyVaultDisablesPublicNetworkAccess.py
1857	CKV_AZURE_190	resource	azurerm_storage_account	Ensure that Storage blobs restrict public access	Terraform	StorageBlobRestrictPublicAccess.py
1858	CKV_AZURE_191	resource	azurerm_eventgrid_topic	Ensure that Managed identity provider is enabled for Azure Event Grid Topic	Terraform	EventgridTopicIdentityProviderEnabled.py
1859	CKV_AZURE_192	resource	azurerm_eventgrid_topic	Ensure that Azure Event Grid Topic local Authentication is disabled	Terraform	EventgridTopicLocalAuthentication.py
1860	CKV_AZURE_193	resource	azurerm_eventgrid_topic	Ensure public network access is disabled for Azure Event Grid Topic	Terraform	EventgridTopicNetworkAccess.py
1861	CKV_AZURE_194	resource	azurerm_eventgrid_domain	Ensure that Managed identity provider is enabled for Azure Event Grid Domain	Terraform	EventgridDomainIdentityProviderEnabled.py
1862	CKV_AZURE_195	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain local Authentication is disabled	Terraform	EventgridDomainLocalAuthentication.py
1863	CKV_AZURE_196	resource	azurerm_signalr_service	Ensure that SignalR uses a Paid Sku for its SLA	Terraform	SignalRSKUSLA.py
1864	CKV_AZURE_197	resource	azurerm_cdn_endpoint	Ensure the Azure CDN disables the HTTP endpoint	Terraform	CDNDisableHttpEndpoints.py
1865	CKV_AZURE_198	resource	azurerm_cdn_endpoint	Ensure the Azure CDN enables the HTTPS endpoint	Terraform	CDNEnableHttpsEndpoints.py
1866	CKV_AZURE_199	resource	azurerm_servicebus_namespace	Ensure that Azure Service Bus uses double encryption	Terraform	AzureServicebusDoubleEncryptionEnabled.py
1867	CKV_AZURE_200	resource	azurerm_cdn_endpoint_custom_domain	Ensure the Azure CDN endpoint is using the latest version of TLS encryption	Terraform	CDNTLSProtocol12.py
1868	CKV_AZURE_201	resource	azurerm_servicebus_namespace	Ensure that Azure Service Bus uses a customer-managed key to encrypt data	Terraform	AzureServicebusHasCMK.py
1869	CKV_AZURE_202	resource	azurerm_servicebus_namespace	Ensure that Managed identity provider is enabled for Azure Service Bus	Terraform	AzureServicebusIdentityProviderEnabled.py
1870	CKV_AZURE_203	resource	azurerm_servicebus_namespace	Ensure Azure Service Bus Local Authentication is disabled	Terraform	AzureServicebusLocalAuthDisabled.py
1871	CKV_AZURE_204	resource	azurerm_servicebus_namespace	Ensure ‘public network access enabled’ is set to ‘False’ for Azure Service Bus	Terraform	AzureServicebusPublicAccessDisabled.py
1872	CKV_AZURE_205	resource	azurerm_servicebus_namespace	Ensure Azure Service Bus is using the latest version of TLS encryption	Terraform	AzureServicebusMinTLSVersion.py
1873	CKV_AZURE_206	resource	azurerm_storage_account	Ensure that Storage Accounts use replication	Terraform	StorageAccountsUseReplication.py
1874	CKV_AZURE_207	resource	azurerm_search_service	Ensure Azure Cognitive Search service uses managed identities to access Azure resources	Terraform	AzureSearchManagedIdentity.py
1875	CKV_AZURE_208	resource	azurerm_search_service	Ensure that Azure Cognitive Search maintains SLA for index updates	Terraform	AzureSearchSLAIndex.py
1876	CKV_AZURE_209	resource	azurerm_search_service	Ensure that Azure Cognitive Search maintains SLA for search index queries	Terraform	AzureSearchSLAQueryUpdates.py
1877	CKV_AZURE_210	resource	azurerm_search_service	Ensure Azure Cognitive Search service allowed IPS does not give public Access	Terraform	AzureSearchAllowedIPsNotGlobal.py
1878	CKV_AZURE_211	resource	azurerm_service_plan	Ensure App Service plan suitable for production use	Terraform	AppServiceSkuMinimum.py
1879	CKV_AZURE_212	resource	azurerm_service_plan	Ensure App Service has a minimum number of instances for failover	Terraform	AppServiceInstanceMinimum.py
1880	CKV_AZURE_213	resource	azurerm_app_service	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
1881	CKV_AZURE_213	resource	azurerm_linux_web_app	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
1882	CKV_AZURE_213	resource	azurerm_windows_web_app	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
1883	CKV_AZURE_214	resource	azurerm_linux_web_app	Ensure App Service is set to be always on	Terraform	AppServiceAlwaysOn.py
1884	CKV_AZURE_214	resource	azurerm_windows_web_app	Ensure App Service is set to be always on	Terraform	AppServiceAlwaysOn.py
1885	CKV_AZURE_215	resource	azurerm_api_management_backend	Ensure API management backend uses https	Terraform	APIManagementBackendHTTPS.py
1886	CKV_AZURE_216	resource	Microsoft.Network/azureFirewalls	Ensure DenyIntelMode is set to Deny for Azure Firewalls	arm	AzureFirewallDenyThreatIntelMode.py
1887	CKV_AZURE_216	resource	Microsoft.Network/azureFirewalls	Ensure DenyIntelMode is set to Deny for Azure Firewalls	Bicep	AzureFirewallDenyThreatIntelMode.py
1888	CKV_AZURE_216	resource	azurerm_firewall	Ensure DenyIntelMode is set to Deny for Azure Firewalls	Terraform	AzureFirewallDenyThreatIntelMode.py
1889	CKV_AZURE_217	resource	azurerm_application_gateway	Ensure Azure Application gateways listener that allow connection requests over HTTP	Terraform	AppGWUsesHttps.py
1890	CKV_AZURE_218	resource	azurerm_application_gateway	Ensure Application Gateway defines secure protocols for in transit communication	Terraform	AppGWDefinesSecureProtocols.py
1891	CKV_AZURE_219	resource	azurerm_firewall	Ensure Firewall defines a firewall policy	Terraform	AzureFirewallDefinesPolicy.py
1892	CKV_AZURE_220	resource	azurerm_firewall_policy	Ensure Firewall policy has IDPS mode as deny	Terraform	AzureFirewallPolicyIDPSDeny.py
1893	CKV2_AZURE_1	resource	azurerm_storage_account	Ensure storage for critical data are encrypted with Customer Managed Key	Terraform	StorageCriticalDataEncryptedCMK.yaml
1894	CKV2_AZURE_2	resource	azurerm_mssql_server_security_alert_policy	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	VAisEnabledInStorageAccount.yaml
1895	CKV2_AZURE_2	resource	azurerm_sql_server	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	VAisEnabledInStorageAccount.yaml
1896	CKV2_AZURE_3	resource	azurerm_mssql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1897	CKV2_AZURE_3	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1898	CKV2_AZURE_3	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1899	CKV2_AZURE_3	resource	azurerm_sql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1900	CKV2_AZURE_4	resource	azurerm_mssql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1901	CKV2_AZURE_4	resource	azurerm_mssql_server_security_alert_policy	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1902	CKV2_AZURE_4	resource	azurerm_mssql_server_vulnerability_assessment	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1903	CKV2_AZURE_4	resource	azurerm_sql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1904	CKV2_AZURE_5	resource	azurerm_mssql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1905	CKV2_AZURE_5	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1906	CKV2_AZURE_5	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1907	CKV2_AZURE_5	resource	azurerm_sql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1908	CKV2_AZURE_6	resource	azurerm_sql_firewall_rule	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1909	CKV2_AZURE_6	resource	azurerm_sql_server	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1910	CKV2_AZURE_7	resource	azurerm_sql_server	Ensure that Azure Active Directory Admin is configured	Terraform	AzureActiveDirectoryAdminIsConfigured.yaml
1911	CKV2_AZURE_8	resource	azurerm_monitor_activity_log_alert	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
1912	CKV2_AZURE_8	resource	azurerm_storage_account	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
1913	CKV2_AZURE_8	resource	azurerm_storage_container	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
1914	CKV2_AZURE_9	resource	azurerm_virtual_machine	Ensure Virtual Machines are utilizing Managed Disks	Terraform	VirtualMachinesUtilizingManagedDisks.yaml
1915	CKV2_AZURE_10	resource	azurerm_virtual_machine	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1916	CKV2_AZURE_10	resource	azurerm_virtual_machine_extension	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1917	CKV2_AZURE_11	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer encryption at rest uses a customer-managed key	Terraform	DataExplorerEncryptionUsesCustomKey.yaml
1918	CKV2_AZURE_12	resource	azurerm_virtual_machine	Ensure that virtual machines are backed up using Azure Backup	Terraform	VMHasBackUpMachine.yaml
1919	CKV2_AZURE_13	resource	azurerm_mssql_server_security_alert_policy	Ensure that sql servers enables data security policy	Terraform	AzureMSSQLServerHasSecurityAlertPolicy.yaml
1920	CKV2_AZURE_13	resource	azurerm_sql_server	Ensure that sql servers enables data security policy	Terraform	AzureMSSQLServerHasSecurityAlertPolicy.yaml
1921	CKV2_AZURE_14	resource	azurerm_managed_disk	Ensure that Unattached disks are encrypted	Terraform	AzureUnattachedDisksAreEncrypted.yaml
1922	CKV2_AZURE_14	resource	azurerm_virtual_machine	Ensure that Unattached disks are encrypted	Terraform	AzureUnattachedDisksAreEncrypted.yaml
1923	CKV2_AZURE_15	resource	azurerm_data_factory	Ensure that Azure data factories are encrypted with a customer-managed key	Terraform	AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml
1924	CKV2_AZURE_16	resource	azurerm_mysql_server	Ensure that MySQL server enables customer-managed key for encryption	Terraform	MSQLenablesCustomerManagedKey.yaml
1925	CKV2_AZURE_16	resource	azurerm_mysql_server_key	Ensure that MySQL server enables customer-managed key for encryption	Terraform	MSQLenablesCustomerManagedKey.yaml
1926	CKV2_AZURE_17	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	PGSQLenablesCustomerManagedKey.yaml
1927	CKV2_AZURE_17	resource	azurerm_postgresql_server_key	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	PGSQLenablesCustomerManagedKey.yaml
1928	CKV2_AZURE_18	resource	azurerm_storage_account	Ensure that Storage Accounts use customer-managed key for encryption	Terraform	AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml
1929	CKV2_AZURE_18	resource	azurerm_storage_account_customer_managed_key	Ensure that Storage Accounts use customer-managed key for encryption	Terraform	AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml
1930	CKV2_AZURE_19	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces have no IP firewall rules attached	Terraform	AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml
1931	CKV2_AZURE_20	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
1932	CKV2_AZURE_20	resource	azurerm_storage_account	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
1933	CKV2_AZURE_20	resource	azurerm_storage_table	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
1934	CKV2_AZURE_21	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
1935	CKV2_AZURE_21	resource	azurerm_storage_account	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
1936	CKV2_AZURE_21	resource	azurerm_storage_container	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
1937	CKV2_AZURE_22	resource	azurerm_cognitive_account	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	CognitiveServicesCustomerManagedKey.yaml
1938	CKV2_AZURE_22	resource	azurerm_cognitive_account_customer_managed_key	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	CognitiveServicesCustomerManagedKey.yaml
1939	CKV2_AZURE_23	resource	Microsoft.AppPlatform/Spring	Ensure Azure spring cloud is configured with Virtual network (Vnet)	arm	AzureSpringCloudConfigWithVnet.yaml
1940	CKV2_AZURE_23	resource	azurerm_spring_cloud_service	Ensure Azure spring cloud is configured with Virtual network (Vnet)	Terraform	AzureSpringCloudConfigWithVnet.yaml
1941	CKV2_AZURE_24	resource	azurerm_automation_account	Ensure Azure automation account does NOT have overly permissive network access	Terraform	AzureAutomationAccNotOverlyPermissiveNetAccess.yaml
1942	CKV2_AZURE_25	resource	azurerm_mssql_database	Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled	Terraform	AzureSqlDbEnableTransparentDataEncryption.yaml
1943	CKV2_AZURE_26	resource	azurerm_postgresql_flexible_server_firewall_rule	Ensure Azure PostgreSQL Flexible server is not configured with overly permissive network access	Terraform	AzurePostgreSQLFlexServerNotOverlyPermissive.yaml
1944	CKV2_AZURE_27	resource	azurerm_mssql_server	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	Terraform	AzureConfigMSSQLwithAD.yaml
1945	CKV2_AZURE_28	resource	azurerm_container_group	Ensure Container Instance is configured with managed identity	Terraform	AzureContainerInstanceconfigManagedIdentity.yaml
1946	CKV2_AZURE_29	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Azure CNI networking enabled	Terraform	AzureAKSclusterAzureCNIEnabled.yaml
1947	CKV2_AZURE_30	resource	azurerm_container_registry_webhook	Ensure Azure Container Registry (ACR) has HTTPS enabled for webhook	Terraform	AzureACR_HTTPSwebhook.yaml
1948	CKV2_AZURE_31	resource	azurerm_subnet	Ensure VNET subnet is configured with a Network Security Group (NSG)	Terraform	AzureSubnetConfigWithNSG.yaml
1949	CKV2_AZURE_32	resource	azurerm_key_vault	Ensure private endpoint is configured to key vault	Terraform	AzureKeyVaultConfigPrivateEndpoint.yaml
1950	CKV2_AZURE_33	resource	azurerm_storage_account	Ensure storage account is configured with private endpoint	Terraform	AzureStorageAccConfigWithPrivateEndpoint.yaml
1951	CKV2_AZURE_34	resource	azurerm_sql_firewall_rule	Ensure Azure SQL server firewall is not overly permissive	Terraform	AzureSQLserverNotOverlyPermissive.yaml
1952	CKV2_AZURE_35	resource	azurerm_recovery_services_vault	Ensure Azure recovery services vault is configured with managed identity	Terraform	AzureRecoveryServicesvaultConfigManagedIdentity.yaml
1953	CKV2_AZURE_36	resource	azurerm_automation_account	Ensure Azure automation account is configured with managed identity	Terraform	AzureAutomationAccConfigManagedIdentity.yaml
1954	CKV2_AZURE_37	resource	azurerm_mariadb_server	Ensure Azure MariaDB server is using latest TLS (1.2)	Terraform	AzureMariaDBserverUsingTLS_1_2.yaml
1955	CKV2_AZURE_38	resource	azurerm_storage_account	Ensure soft-delete is enabled on Azure storage account	Terraform	AzureStorageAccountEnableSoftDelete.yaml
1956	CKV_AZUREPIPELINES_1	azure_pipelines	jobs	Ensure container job uses a non latest version tag	Azure Pipelines	ContainerLatestTag.py
1957	CKV_AZUREPIPELINES_1	azure_pipelines	stages[].jobs[]	Ensure container job uses a non latest version tag	Azure Pipelines	ContainerLatestTag.py
1958	CKV_AZUREPIPELINES_2	azure_pipelines	jobs	Ensure container job uses a version digest	Azure Pipelines	ContainerDigest.py
1959	CKV_AZUREPIPELINES_2	azure_pipelines	stages[].jobs[]	Ensure container job uses a version digest	Azure Pipelines	ContainerDigest.py
1960	CKV_AZUREPIPELINES_3	azure_pipelines	jobs[].steps[]	Ensure set variable is not marked as a secret	Azure Pipelines	SetSecretVariable.py
1961	CKV_AZUREPIPELINES_3	azure_pipelines	stages[].jobs[].steps[]	Ensure set variable is not marked as a secret	Azure Pipelines	SetSecretVariable.py
1962	CKV_AZUREPIPELINES_5	azure_pipelines	*.container[]	Detecting image usages in azure pipelines workflows	Azure Pipelines	DetectImagesUsage.py
1963	CKV_AZUREPIPELINES_5	azure_pipelines	jobs[]	Detecting image usages in azure pipelines workflows	Azure Pipelines	DetectImagesUsage.py
1964	CKV_AZUREPIPELINES_5	azure_pipelines	stages[].jobs[]	Detecting image usages in azure pipelines workflows	Azure Pipelines	DetectImagesUsage.py
1965	CKV_BCW_1	provider	bridgecrew	Ensure no hard coded API token exist in the provider	Terraform	credentials.py
1966	CKV_BITBUCKET_1	bitbucket_configuration	*	Merge requests should require at least 2 approvals	bitbucket_configuration	merge_requests_approvals.py
1967	CKV_BITBUCKETPIPELINES_1	bitbucket_pipelines	[{image:image,startline:startline,endline:endline}]	Ensure the pipeline image uses a non latest version tag	bitbucket_pipelines	latest_image.py
1968	CKV_BITBUCKETPIPELINES_1	bitbucket_pipelines	pipelines..[][][][].step.{image: image, startline: startline, endline:endline}	Ensure the pipeline image uses a non latest version tag	bitbucket_pipelines	latest_image.py
1969	CKV_BITBUCKETPIPELINES_1	bitbucket_pipelines	pipelines.default[].step.{image: image, startline: startline, endline:endline}	Ensure the pipeline image uses a non latest version tag	bitbucket_pipelines	latest_image.py
1970	CKV_CIRCLECIPIPELINES_1	circleci_pipelines	jobs.*.docker[].{image: image, startline: startline, endline:endline}	Ensure the pipeline image uses a non latest version tag	circleci_pipelines	latest_image.py
1971	CKV_CIRCLECIPIPELINES_2	circleci_pipelines	jobs.*.docker[].{image: image, startline: startline, endline:endline}	Ensure the pipeline image version is referenced via hash not arbitrary tag.	circleci_pipelines	image_version_not_hash.py
1972	CKV_CIRCLECIPIPELINES_3	circleci_pipelines	orbs.{orbs: @}	Ensure mutable development orbs are not used.	circleci_pipelines	prevent_development_orbs.py
1973	CKV_CIRCLECIPIPELINES_4	circleci_pipelines	orbs.{orbs: @}	Ensure unversioned volatile orbs are not used.	circleci_pipelines	prevent_volatile_orbs.py
1974	CKV_CIRCLECIPIPELINES_5	circleci_pipelines	jobs.*.steps[]	Suspicious use of netcat with IP address	circleci_pipelines	ReverseShellNetcat.py
1975	CKV_CIRCLECIPIPELINES_6	circleci_pipelines	jobs.*.steps[]	Ensure run commands are not vulnerable to shell injection	circleci_pipelines	ShellInjection.py
1976	CKV_CIRCLECIPIPELINES_7	circleci_pipelines	jobs.*.steps[]	Suspicious use of curl in run task	circleci_pipelines	SuspectCurlInScript.py
1977	CKV_CIRCLECIPIPELINES_8	circleci_pipelines	executors.*.docker[].{image: image, startline: startline, endline:endline}	Detecting image usages in circleci pipelines	circleci_pipelines	DetectImagesUsage.py
1978	CKV_CIRCLECIPIPELINES_8	circleci_pipelines	jobs.*.docker[].{image: image, startline: startline, endline:endline}	Detecting image usages in circleci pipelines	circleci_pipelines	DetectImagesUsage.py
1979	CKV_DIO_1	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket has versioning enabled	Terraform	SpacesBucketVersioning.py
1980	CKV_DIO_2	resource	digitalocean_droplet	Ensure the droplet specifies an SSH key	Terraform	DropletSSHKeys.py
1981	CKV_DIO_3	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket is private	Terraform	SpacesBucketPublicRead.py
1982	CKV_DIO_4	resource	digitalocean_firewall	Ensure the firewall ingress is not wide open	Terraform	FirewallIngressOpen.py
1983	CKV_DOCKER_1	dockerfile	EXPOSE	Ensure port 22 is not exposed	dockerfile	ExposePort22.py
1984	CKV_DOCKER_2	dockerfile	*	Ensure that HEALTHCHECK instructions have been added to container images	dockerfile	HealthcheckExists.py
1985	CKV_DOCKER_3	dockerfile	*	Ensure that a user for the container has been created	dockerfile	UserExists.py
1986	CKV_DOCKER_4	dockerfile	ADD	Ensure that COPY is used instead of ADD in Dockerfiles	dockerfile	AddExists.py
1987	CKV_DOCKER_5	dockerfile	RUN	Ensure update instructions are not use alone in the Dockerfile	dockerfile	UpdateNotAlone.py
1988	CKV_DOCKER_6	dockerfile	MAINTAINER	Ensure that LABEL maintainer is used instead of MAINTAINER (deprecated)	dockerfile	MaintainerExists.py
1989	CKV_DOCKER_7	dockerfile	FROM	Ensure the base image uses a non latest version tag	dockerfile	ReferenceLatestTag.py
1990	CKV_DOCKER_8	dockerfile	USER	Ensure the last USER is not root	dockerfile	RootUser.py
1991	CKV_DOCKER_9	dockerfile	RUN	Ensure that APT isn’t used	dockerfile	RunUsingAPT.py
1992	CKV_DOCKER_10	dockerfile	WORKDIR	Ensure that WORKDIR values are absolute paths	dockerfile	WorkdirIsAbsolute.py
1993	CKV_DOCKER_11	dockerfile	FROM	Ensure From Alias are unique for multistage builds.	dockerfile	AliasIsUnique.py
1994	CKV2_DOCKER_1	resource	RUN	Ensure that sudo isn’t used	dockerfile	RunUsingSudo.yaml
1995	CKV2_DOCKER_2	resource	RUN	Ensure that certificate validation isn’t disabled with curl	dockerfile	RunUnsafeCurl.yaml
1996	CKV2_DOCKER_3	resource	RUN	Ensure that certificate validation isn’t disabled with wget	dockerfile	RunUnsafeWget.yaml
1997	CKV2_DOCKER_4	resource	RUN	Ensure that certificate validation isn’t disabled with the pip ‘–trusted-host’ option	dockerfile	RunPipTrustedHost.yaml
1998	CKV2_DOCKER_5	resource	ARG	Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable	dockerfile	EnvPythonHttpsVerify.yaml
1999	CKV2_DOCKER_5	resource	ENV	Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable	dockerfile	EnvPythonHttpsVerify.yaml
2000	CKV2_DOCKER_5	resource	RUN	Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable	dockerfile	EnvPythonHttpsVerify.yaml
2001	CKV2_DOCKER_6	resource	ARG	Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable	dockerfile	EnvNodeTlsRejectUnauthorized.yaml
2002	CKV2_DOCKER_6	resource	ENV	Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable	dockerfile	EnvNodeTlsRejectUnauthorized.yaml
2003	CKV2_DOCKER_6	resource	RUN	Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable	dockerfile	EnvNodeTlsRejectUnauthorized.yaml
2004	CKV2_DOCKER_7	resource	RUN	Ensure that packages with untrusted or missing signatures are not used by apk via the ‘–allow-untrusted’ option	dockerfile	RunApkAllowUntrusted.yaml
2005	CKV2_DOCKER_8	resource	RUN	Ensure that packages with untrusted or missing signatures are not used by apt-get via the ‘–allow-unauthenticated’ option	dockerfile	RunAptGetAllowUnauthenticated.yaml
2006	CKV2_DOCKER_9	resource	RUN	Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the ‘–nogpgcheck’ option	dockerfile	RunYumNoGpgCheck.yaml
2007	CKV2_DOCKER_10	resource	RUN	Ensure that packages with untrusted or missing signatures are not used by rpm via the ‘–nodigest’, ‘–nosignature’, ‘–noverify’, or ‘–nofiledigest’ options	dockerfile	RunRpmNoSignature.yaml
2008	CKV2_DOCKER_11	resource	RUN	Ensure that the ‘–force-yes’ option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	dockerfile	RunAptGetForceYes.yaml
2009	CKV2_DOCKER_12	resource	ARG	Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable	dockerfile	EnvNpmConfigStrictSsl.yaml
2010	CKV2_DOCKER_12	resource	ENV	Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable	dockerfile	EnvNpmConfigStrictSsl.yaml
2011	CKV2_DOCKER_12	resource	RUN	Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable	dockerfile	EnvNpmConfigStrictSsl.yaml
2012	CKV2_DOCKER_13	resource	RUN	Ensure that certificate validation isn’t disabled for npm or yarn by setting the option strict-ssl to false	dockerfile	RunNpmConfigSetStrictSsl.yaml
2013	CKV2_DOCKER_14	resource	ARG	Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value	dockerfile	EnvGitSslNoVerify.yaml
2014	CKV2_DOCKER_14	resource	ENV	Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value	dockerfile	EnvGitSslNoVerify.yaml
2015	CKV2_DOCKER_14	resource	RUN	Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value	dockerfile	EnvGitSslNoVerify.yaml
2016	CKV2_DOCKER_15	resource	RUN	Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the ‘sslverify’ configuration option	dockerfile	RunYumConfigManagerSslVerify.yaml
2017	CKV2_DOCKER_16	resource	ARG	Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable	dockerfile	EnvPipTrustedHost.yaml
2018	CKV2_DOCKER_16	resource	ENV	Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable	dockerfile	EnvPipTrustedHost.yaml
2019	CKV2_DOCKER_16	resource	RUN	Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable	dockerfile	EnvPipTrustedHost.yaml
2020	CKV_GCP_1	resource	google_container_cluster	Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters	Terraform	GKEClusterLogging.py
2021	CKV_GCP_2	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted ssh access	Terraform	GoogleComputeFirewallUnrestrictedIngress22.py
2022	CKV_GCP_3	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted rdp access	Terraform	GoogleComputeFirewallUnrestrictedIngress3389.py
2023	CKV_GCP_4	resource	google_compute_ssl_policy	Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites	Terraform	GoogleComputeSSLPolicy.py
2024	CKV_GCP_6	resource	google_sql_database_instance	Ensure all Cloud SQL database instance requires all incoming connections to use SSL	Terraform	GoogleCloudSqlDatabaseRequireSsl.py
2025	CKV_GCP_7	resource	google_container_cluster	Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters	Terraform	GKEDisableLegacyAuth.py
2026	CKV_GCP_8	resource	google_container_cluster	Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters	Terraform	GKEMonitoringEnabled.py
2027	CKV_GCP_9	resource	google_container_node_pool	Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters	Terraform	GKENodePoolAutoRepairEnabled.py
2028	CKV_GCP_10	resource	google_container_node_pool	Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters	Terraform	GKENodePoolAutoUpgradeEnabled.py
2029	CKV_GCP_11	resource	google_sql_database_instance	Ensure that Cloud SQL database Instances are not open to the world	Terraform	GoogleCloudSqlDatabasePubliclyAccessible.py
2030	CKV_GCP_12	resource	google_container_cluster	Ensure Network Policy is enabled on Kubernetes Engine Clusters	Terraform	GKENetworkPolicyEnabled.py
2031	CKV_GCP_13	resource	google_container_cluster	Ensure client certificate authentication to Kubernetes Engine Clusters is disabled	Terraform	GKEClientCertificateDisabled.py
2032	CKV_GCP_14	resource	google_sql_database_instance	Ensure all Cloud SQL database instance have backup configuration enabled	Terraform	GoogleCloudSqlBackupConfiguration.py
2033	CKV_GCP_15	resource	google_bigquery_dataset	Ensure that BigQuery datasets are not anonymously or publicly accessible	Terraform	GoogleBigQueryDatasetPublicACL.py
2034	CKV_GCP_16	resource	google_dns_managed_zone	Ensure that DNSSEC is enabled for Cloud DNS	Terraform	GoogleCloudDNSSECEnabled.py
2035	CKV_GCP_17	resource	google_dns_managed_zone	Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC	Terraform	GoogleCloudDNSKeySpecsRSASHA1.py
2036	CKV_GCP_18	resource	google_container_cluster	Ensure GKE Control Plane is not public	Terraform	GKEPublicControlPlane.py
2037	CKV_GCP_19	resource	google_container_cluster	Ensure GKE basic auth is disabled	Terraform	GKEBasicAuth.py
2038	CKV_GCP_20	resource	google_container_cluster	Ensure master authorized networks is set to enabled in GKE clusters	Terraform	GKEMasterAuthorizedNetworksEnabled.py
2039	CKV_GCP_21	resource	google_container_cluster	Ensure Kubernetes Clusters are configured with Labels	Terraform	GKEHasLabels.py
2040	CKV_GCP_22	resource	google_container_node_pool	Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image	Terraform	GKEUseCosImage.py
2041	CKV_GCP_23	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Alias IP ranges enabled	Terraform	GKEAliasIpEnabled.py
2042	CKV_GCP_24	resource	google_container_cluster	Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters	Terraform	GKEPodSecurityPolicyEnabled.py
2043	CKV_GCP_25	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Private cluster enabled	Terraform	GKEPrivateClusterConfig.py
2044	CKV_GCP_26	resource	google_compute_subnetwork	Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network	Terraform	GoogleSubnetworkLoggingEnabled.py
2045	CKV_GCP_27	resource	google_project	Ensure that the default network does not exist in a project	Terraform	GoogleProjectDefaultNetwork.py
2046	CKV_GCP_28	resource	google_storage_bucket_iam_binding	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	GoogleStorageBucketNotPublic.py
2047	CKV_GCP_28	resource	google_storage_bucket_iam_member	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	GoogleStorageBucketNotPublic.py
2048	CKV_GCP_29	resource	google_storage_bucket	Ensure that Cloud Storage buckets have uniform bucket-level access enabled	Terraform	GoogleStorageBucketUniformAccess.py
2049	CKV_GCP_30	resource	google_compute_instance	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
2050	CKV_GCP_30	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
2051	CKV_GCP_30	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
2052	CKV_GCP_31	resource	google_compute_instance	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
2053	CKV_GCP_31	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
2054	CKV_GCP_31	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
2055	CKV_GCP_32	resource	google_compute_instance	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
2056	CKV_GCP_32	resource	google_compute_instance_from_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
2057	CKV_GCP_32	resource	google_compute_instance_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
2058	CKV_GCP_33	resource	google_compute_project_metadata	Ensure oslogin is enabled for a Project	Terraform	GoogleComputeProjectOSLogin.py
2059	CKV_GCP_34	resource	google_compute_instance	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
2060	CKV_GCP_34	resource	google_compute_instance_from_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
2061	CKV_GCP_34	resource	google_compute_instance_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
2062	CKV_GCP_35	resource	google_compute_instance	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
2063	CKV_GCP_35	resource	google_compute_instance_from_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
2064	CKV_GCP_35	resource	google_compute_instance_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
2065	CKV_GCP_36	resource	google_compute_instance	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
2066	CKV_GCP_36	resource	google_compute_instance_from_template	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
2067	CKV_GCP_36	resource	google_compute_instance_template	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
2068	CKV_GCP_37	resource	google_compute_disk	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	GoogleComputeDiskEncryption.py
2069	CKV_GCP_38	resource	google_compute_instance	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	GoogleComputeBootDiskEncryption.py
2070	CKV_GCP_39	resource	google_compute_instance	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
2071	CKV_GCP_39	resource	google_compute_instance_from_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
2072	CKV_GCP_39	resource	google_compute_instance_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
2073	CKV_GCP_40	resource	google_compute_instance	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
2074	CKV_GCP_40	resource	google_compute_instance_from_template	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
2075	CKV_GCP_40	resource	google_compute_instance_template	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
2076	CKV_GCP_41	resource	google_project_iam_binding	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	GoogleRoleServiceAccountUser.py
2077	CKV_GCP_41	resource	google_project_iam_member	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	GoogleRoleServiceAccountUser.py
2078	CKV_GCP_42	resource	google_project_iam_member	Ensure that Service Account has no Admin privileges	Terraform	GoogleProjectAdminServiceAccount.py
2079	CKV_GCP_43	resource	google_kms_crypto_key	Ensure KMS encryption keys are rotated within a period of 90 days	Terraform	GoogleKMSRotationPeriod.py
2080	CKV_GCP_44	resource	google_folder_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	GoogleFolderImpersonationRole.py
2081	CKV_GCP_44	resource	google_folder_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	GoogleFolderImpersonationRole.py
2082	CKV_GCP_45	resource	google_organization_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	GoogleOrgImpersonationRole.py
2083	CKV_GCP_45	resource	google_organization_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	GoogleOrgImpersonationRole.py
2084	CKV_GCP_46	resource	google_project_iam_binding	Ensure Default Service account is not used at a project level	Terraform	GoogleProjectMemberDefaultServiceAccount.py
2085	CKV_GCP_46	resource	google_project_iam_member	Ensure Default Service account is not used at a project level	Terraform	GoogleProjectMemberDefaultServiceAccount.py
2086	CKV_GCP_47	resource	google_organization_iam_binding	Ensure default service account is not used at an organization level	Terraform	GoogleOrgMemberDefaultServiceAccount.py
2087	CKV_GCP_47	resource	google_organization_iam_member	Ensure default service account is not used at an organization level	Terraform	GoogleOrgMemberDefaultServiceAccount.py
2088	CKV_GCP_48	resource	google_folder_iam_binding	Ensure Default Service account is not used at a folder level	Terraform	GoogleFolderMemberDefaultServiceAccount.py
2089	CKV_GCP_48	resource	google_folder_iam_member	Ensure Default Service account is not used at a folder level	Terraform	GoogleFolderMemberDefaultServiceAccount.py
2090	CKV_GCP_49	resource	google_project_iam_binding	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	GoogleProjectImpersonationRole.py
2091	CKV_GCP_49	resource	google_project_iam_member	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	GoogleProjectImpersonationRole.py
2092	CKV_GCP_50	resource	google_sql_database_instance	Ensure MySQL database ‘local_infile’ flag is set to ‘off’	Terraform	GoogleCloudMySqlLocalInfileOff.py
2093	CKV_GCP_51	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogCheckpoints.py
2094	CKV_GCP_52	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogConnection.py
2095	CKV_GCP_53	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogDisconnection.py
2096	CKV_GCP_54	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogLockWaits.py
2097	CKV_GCP_55	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value	Terraform	GoogleCloudPostgreSqlLogMinMessage.py
2098	CKV_GCP_56	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’	Terraform	GoogleCloudPostgreSqlLogTemp.py
2099	CKV_GCP_57	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’	Terraform	GoogleCloudPostgreSqlLogMinDuration.py
2100	CKV_GCP_58	resource	google_sql_database_instance	Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’	Terraform	GoogleCloudSqlServerCrossDBOwnershipChaining.py
2101	CKV_GCP_59	resource	google_sql_database_instance	Ensure SQL database ‘contained database authentication’ flag is set to ‘off’	Terraform	GoogleCloudSqlServerContainedDBAuthentication.py
2102	CKV_GCP_60	resource	google_sql_database_instance	Ensure Cloud SQL database does not have public IP	Terraform	GoogleCloudSqlServerNoPublicIP.py
2103	CKV_GCP_61	resource	google_container_cluster	Enable VPC Flow Logs and Intranode Visibility	Terraform	GKEEnableVPCFlowLogs.py
2104	CKV_GCP_62	resource	google_storage_bucket	Bucket should log access	Terraform	CloudStorageLogging.py
2105	CKV_GCP_63	resource	google_storage_bucket	Bucket should not log to itself	Terraform	CloudStorageSelfLogging.py
2106	CKV_GCP_64	resource	google_container_cluster	Ensure clusters are created with Private Nodes	Terraform	GKEPrivateNodes.py
2107	CKV_GCP_65	resource	google_container_cluster	Manage Kubernetes RBAC users with Google Groups for GKE	Terraform	GKEKubernetesRBACGoogleGroups.py
2108	CKV_GCP_66	resource	google_container_cluster	Ensure use of Binary Authorization	Terraform	GKEBinaryAuthorization.py
2109	CKV_GCP_67	resource	google_container_cluster	Ensure legacy Compute Engine instance metadata APIs are Disabled	Terraform	GKELegacyInstanceMetadataDisabled.py
2110	CKV_GCP_68	resource	google_container_cluster	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	GKESecureBootforShieldedNodes.py
2111	CKV_GCP_68	resource	google_container_node_pool	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	GKESecureBootforShieldedNodes.py
2112	CKV_GCP_69	resource	google_container_cluster	Ensure the GKE Metadata Server is Enabled	Terraform	GKEMetadataServerIsEnabled.py
2113	CKV_GCP_69	resource	google_container_node_pool	Ensure the GKE Metadata Server is Enabled	Terraform	GKEMetadataServerIsEnabled.py
2114	CKV_GCP_70	resource	google_container_cluster	Ensure the GKE Release Channel is set	Terraform	GKEReleaseChannel.py
2115	CKV_GCP_71	resource	google_container_cluster	Ensure Shielded GKE Nodes are Enabled	Terraform	GKEEnableShieldedNodes.py
2116	CKV_GCP_72	resource	google_container_cluster	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	GKEEnsureIntegrityMonitoring.py
2117	CKV_GCP_72	resource	google_container_node_pool	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	GKEEnsureIntegrityMonitoring.py
2118	CKV_GCP_73	resource	google_compute_security_policy	Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	CloudArmorWAFACLCVE202144228.py
2119	CKV_GCP_74	resource	google_compute_subnetwork	Ensure that private_ip_google_access is enabled for Subnet	Terraform	GoogleSubnetworkPrivateGoogleEnabled.py
2120	CKV_GCP_75	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted FTP access	Terraform	GoogleComputeFirewallUnrestrictedIngress21.py
2121	CKV_GCP_76	resource	google_compute_subnetwork	Ensure that Private google access is enabled for IPV6	Terraform	GoogleSubnetworkIPV6PrivateGoogleEnabled.py
2122	CKV_GCP_77	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow on ftp port	Terraform	GoogleComputeFirewallUnrestrictedIngress20.py
2123	CKV_GCP_78	resource	google_storage_bucket	Ensure Cloud storage has versioning enabled	Terraform	CloudStorageVersioningEnabled.py
2124	CKV_GCP_79	resource	google_sql_database_instance	Ensure SQL database is using latest Major version	Terraform	CloudSqlMajorVersion.py
2125	CKV_GCP_80	resource	google_bigquery_table	Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigQueryTableEncryptedWithCMK.py
2126	CKV_GCP_81	resource	google_bigquery_dataset	Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigQueryDatasetEncryptedWithCMK.py
2127	CKV_GCP_82	resource	google_kms_crypto_key	Ensure KMS keys are protected from deletion	Terraform	GoogleKMSPreventDestroy.py
2128	CKV_GCP_83	resource	google_pubsub_topic	Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	CloudPubSubEncryptedWithCMK.py
2129	CKV_GCP_84	resource	google_artifact_registry_repository	Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	ArtifactRegsitryEncryptedWithCMK.py
2130	CKV_GCP_85	resource	google_bigtable_instance	Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigTableInstanceEncryptedWithCMK.py
2131	CKV_GCP_86	resource	google_cloudbuild_worker_pool	Ensure Cloud build workers are private	Terraform	CloudBuildWorkersArePrivate.py
2132	CKV_GCP_87	resource	google_data_fusion_instance	Ensure Data fusion instances are private	Terraform	DataFusionPrivateInstance.py
2133	CKV_GCP_88	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted mysql access	Terraform	GoogleComputeFirewallUnrestrictedIngress3306.py
2134	CKV_GCP_89	resource	google_notebooks_instance	Ensure Vertex AI instances are private	Terraform	VertexAIPrivateInstance.py
2135	CKV_GCP_90	resource	google_dataflow_job	Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	DataflowJobEncryptedWithCMK.py
2136	CKV_GCP_91	resource	google_dataproc_cluster	Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	DataprocClusterEncryptedWithCMK.py
2137	CKV_GCP_92	resource	google_vertex_ai_dataset	Ensure Vertex AI datasets uses a CMK (Customer Manager Key)	Terraform	VertexAIDatasetEncryptedWithCMK.py
2138	CKV_GCP_93	resource	google_spanner_database	Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	SpannerDatabaseEncryptedWithCMK.py
2139	CKV_GCP_94	resource	google_dataflow_job	Ensure Dataflow jobs are private	Terraform	DataflowPrivateJob.py
2140	CKV_GCP_95	resource	google_redis_instance	Ensure Memorystore for Redis has AUTH enabled	Terraform	MemorystoreForRedisAuthEnabled.py
2141	CKV_GCP_96	resource	google_vertex_ai_metadata_store	Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key)	Terraform	VertexAIMetadataStoreEncryptedWithCMK.py
2142	CKV_GCP_97	resource	google_redis_instance	Ensure Memorystore for Redis uses intransit encryption	Terraform	MemorystoreForRedisInTransitEncryption.py
2143	CKV_GCP_98	resource	google_dataproc_cluster_iam_binding	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	DataprocPrivateCluster.py
2144	CKV_GCP_98	resource	google_dataproc_cluster_iam_member	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	DataprocPrivateCluster.py
2145	CKV_GCP_99	resource	google_pubsub_topic_iam_binding	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	PubSubPrivateTopic.py
2146	CKV_GCP_99	resource	google_pubsub_topic_iam_member	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	PubSubPrivateTopic.py
2147	CKV_GCP_100	resource	google_bigquery_table_iam_binding	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	BigQueryPrivateTable.py
2148	CKV_GCP_100	resource	google_bigquery_table_iam_member	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	BigQueryPrivateTable.py
2149	CKV_GCP_101	resource	google_artifact_registry_repository_iam_binding	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	ArtifactRegistryPrivateRepo.py
2150	CKV_GCP_101	resource	google_artifact_registry_repository_iam_member	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	ArtifactRegistryPrivateRepo.py
2151	CKV_GCP_102	resource	google_cloud_run_service_iam_binding	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	GCPCloudRunPrivateService.py
2152	CKV_GCP_102	resource	google_cloud_run_service_iam_member	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	GCPCloudRunPrivateService.py
2153	CKV_GCP_103	resource	google_dataproc_cluster	Ensure Dataproc Clusters do not have public IPs	Terraform	DataprocPublicIpCluster.py
2154	CKV_GCP_104	resource	google_data_fusion_instance	Ensure Datafusion has stack driver logging enabled	Terraform	DataFusionStackdriverLogs.py
2155	CKV_GCP_105	resource	google_data_fusion_instance	Ensure Datafusion has stack driver monitoring enabled	Terraform	DataFusionStackdriverMonitoring.py
2156	CKV_GCP_106	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted http port 80 access	Terraform	GoogleComputeFirewallUnrestrictedIngress80.py
2157	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_binding	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2158	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_member	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2159	CKV_GCP_107	resource	google_cloudfunctions_function_iam_binding	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2160	CKV_GCP_107	resource	google_cloudfunctions_function_iam_member	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2161	CKV_GCP_108	resource	google_sql_database_instance	Ensure hostnames are logged for GCP PostgreSQL databases	Terraform	GoogleCloudPostgreSqlLogHostname.py
2162	CKV_GCP_109	resource	google_sql_database_instance	Ensure the GCP PostgreSQL database log levels are set to ERROR or lower	Terraform	GoogleCloudPostgreSqlLogMinErrorStatement.py
2163	CKV_GCP_110	resource	google_sql_database_instance	Ensure pgAudit is enabled for your GCP PostgreSQL database	Terraform	GoogleCloudPostgreSqlEnablePgaudit.py
2164	CKV_GCP_111	resource	google_sql_database_instance	Ensure GCP PostgreSQL logs SQL statements	Terraform	GoogleCloudPostgreSqlLogStatement.py
2165	CKV_GCP_112	resource	google_kms_crypto_key_iam_binding	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
2166	CKV_GCP_112	resource	google_kms_crypto_key_iam_member	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
2167	CKV_GCP_112	resource	google_kms_crypto_key_iam_policy	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
2168	CKV_GCP_113	data	google_iam_policy	Ensure IAM policy should not define public access	Terraform	GooglePolicyIsPrivate.py
2169	CKV_GCP_114	resource	google_storage_bucket	Ensure public access prevention is enforced on Cloud Storage bucket	Terraform	GoogleStoragePublicAccessPrevention.py
2170	CKV_GCP_115	resource	google_organization_iam_binding	Ensure basic roles are not used at organization level.	Terraform	GoogleOrgBasicRole.py
2171	CKV_GCP_115	resource	google_organization_iam_member	Ensure basic roles are not used at organization level.	Terraform	GoogleOrgBasicRole.py
2172	CKV_GCP_116	resource	google_folder_iam_binding	Ensure basic roles are not used at folder level.	Terraform	GoogleFolderBasicRole.py
2173	CKV_GCP_116	resource	google_folder_iam_member	Ensure basic roles are not used at folder level.	Terraform	GoogleFolderBasicRole.py
2174	CKV_GCP_117	resource	google_project_iam_binding	Ensure basic roles are not used at project level.	Terraform	GoogleProjectBasicRole.py
2175	CKV_GCP_117	resource	google_project_iam_member	Ensure basic roles are not used at project level.	Terraform	GoogleProjectBasicRole.py
2176	CKV2_GCP_1	resource	google_project_default_service_accounts	Ensure GKE clusters are not running using the Compute Engine default service account	Terraform	GKEClustersAreNotUsingDefaultServiceAccount.yaml
2177	CKV2_GCP_2	resource	google_compute_network	Ensure legacy networks do not exist for a project	Terraform	GCPProjectHasNoLegacyNetworks.yaml
2178	CKV2_GCP_3	resource	google_service_account_key	Ensure that there are only GCP-managed service account keys for each service account	Terraform	ServiceAccountHasGCPmanagedKey.yaml
2179	CKV2_GCP_4	resource	google_logging_folder_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2180	CKV2_GCP_4	resource	google_logging_organization_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2181	CKV2_GCP_4	resource	google_logging_project_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2182	CKV2_GCP_4	resource	google_storage_bucket	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2183	CKV2_GCP_5	resource	google_project	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
2184	CKV2_GCP_5	resource	google_project_iam_audit_config	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
2185	CKV2_GCP_6	resource	google_kms_crypto_key	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2186	CKV2_GCP_6	resource	google_kms_crypto_key_iam_binding	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2187	CKV2_GCP_6	resource	google_kms_crypto_key_iam_member	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2188	CKV2_GCP_7	resource	google_sql_database_instance	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
2189	CKV2_GCP_7	resource	google_sql_user	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
2190	CKV2_GCP_8	resource	google_kms_key_ring	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2191	CKV2_GCP_8	resource	google_kms_key_ring_iam_binding	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2192	CKV2_GCP_8	resource	google_kms_key_ring_iam_member	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2193	CKV2_GCP_9	resource	google_container_registry	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2194	CKV2_GCP_9	resource	google_storage_bucket_iam_binding	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2195	CKV2_GCP_9	resource	google_storage_bucket_iam_member	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2196	CKV2_GCP_10	resource	google_cloudfunctions_function	Ensure GCP Cloud Function HTTP trigger is secured	Terraform	CloudFunctionSecureHTTPTrigger.yaml
2197	CKV2_GCP_11	resource	google_project_services	Ensure GCP GCR Container Vulnerability Scanning is enabled	Terraform	GCRContainerVulnerabilityScanningEnabled.yaml
2198	CKV2_GCP_12	resource	google_compute_firewall	Ensure GCP compute firewall ingress does not allow unrestricted access to all ports	Terraform	GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml
2199	CKV2_GCP_13	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_duration’ is set to ‘on’	Terraform	GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml
2200	CKV2_GCP_14	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_executor_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml
2201	CKV2_GCP_15	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_parser_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml
2202	CKV2_GCP_16	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_planner_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml
2203	CKV2_GCP_17	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_statement_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml
2204	CKV2_GCP_18	resource	google_compute_network	Ensure GCP network defines a firewall and does not use the default firewall	Terraform	GCPNetworkDoesNotUseDefaultFirewall.yaml
2205	CKV2_GCP_19	resource	google_container_cluster	Ensure GCP Kubernetes engine clusters have ‘alpha cluster’ feature disabled	Terraform	GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml
2206	CKV2_GCP_20	resource	google_sql_database_instance	Ensure MySQL DB instance has point-in-time recovery backup configured	Terraform	GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml
2207	CKV_GHA_1	jobs	jobs	Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn’t true on environment variables	github_actions	AllowUnsecureCommandsOnJob.py
2208	CKV_GHA_1	jobs	jobs.*.steps[]	Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn’t true on environment variables	github_actions	AllowUnsecureCommandsOnJob.py
2209	CKV_GHA_2	jobs	jobs	Ensure run commands are not vulnerable to shell injection	github_actions	ShellInjection.py
2210	CKV_GHA_2	jobs	jobs.*.steps[]	Ensure run commands are not vulnerable to shell injection	github_actions	ShellInjection.py
2211	CKV_GHA_3	jobs	jobs	Suspicious use of curl with secrets	github_actions	SuspectCurlInScript.py
2212	CKV_GHA_3	jobs	jobs.*.steps[]	Suspicious use of curl with secrets	github_actions	SuspectCurlInScript.py
2213	CKV_GHA_4	jobs	jobs	Suspicious use of netcat with IP address	github_actions	ReverseShellNetcat.py
2214	CKV_GHA_4	jobs	jobs.*.steps[]	Suspicious use of netcat with IP address	github_actions	ReverseShellNetcat.py
2215	CKV_GHA_5	jobs	jobs	Found artifact build without evidence of cosign sign execution in pipeline	github_actions	CosignArtifacts.py
2216	CKV_GHA_6	jobs	jobs	Found artifact build without evidence of cosign sbom attestation in pipeline	github_actions	CosignSBOM.py
2217	CKV_GHA_7	jobs	on	The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty.	github_actions	EmptyWorkflowDispatch.py
2218	CKV2_GHA_1	resource	permissions	Ensure top-level permissions are not set to write-all	github_actions	ReadOnlyTopLevelPermissions.yaml
2219	CKV_GIT_1	resource	github_repository	Ensure GitHub repository is Private	Terraform	PrivateRepo.py
2220	CKV_GIT_2	resource	github_repository_webhook	Ensure GitHub repository webhooks are using HTTPS	Terraform	WebhookInsecureSsl.py
2221	CKV_GIT_3	resource	github_repository	Ensure GitHub repository has vulnerability alerts enabled	Terraform	RepositoryEnableVulnerabilityAlerts.py
2222	CKV_GIT_4	resource	github_actions_environment_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
2223	CKV_GIT_4	resource	github_actions_organization_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
2224	CKV_GIT_4	resource	github_actions_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
2225	CKV_GIT_5	resource	github_branch_protection	GitHub pull requests should require at least 2 approvals	Terraform	BranchProtectionReviewNumTwo.py
2226	CKV_GIT_5	resource	github_branch_protection_v3	GitHub pull requests should require at least 2 approvals	Terraform	BranchProtectionReviewNumTwo.py
2227	CKV_GIT_6	resource	github_branch_protection	Ensure GitHub branch protection rules requires signed commits	Terraform	BranchProtectionRequireSignedCommits.py
2228	CKV_GIT_6	resource	github_branch_protection_v3	Ensure GitHub branch protection rules requires signed commits	Terraform	BranchProtectionRequireSignedCommits.py
2229	CKV2_GIT_1	resource	github_repository	Ensure each Repository has branch protection associated	Terraform	RepositoryHasBranchProtection.yaml
2230	CKV_GITHUB_1	github_configuration	*	Ensure GitHub organization security settings require 2FA	github_configuration	2fa.py
2231	CKV_GITHUB_2	github_configuration	*	Ensure GitHub organization security settings require SSO	github_configuration	sso.py
2232	CKV_GITHUB_3	github_configuration	*	Ensure GitHub organization security settings has IP allow list enabled	github_configuration	ipallowlist.py
2233	CKV_GITHUB_4	github_configuration	*	Ensure GitHub branch protection rules requires signed commits	github_configuration	require_signatures.py
2234	CKV_GITHUB_5	github_configuration	*	Ensure GitHub branch protection rules does not allow force pushes	github_configuration	disallow_force_pushes.py
2235	CKV_GITHUB_6	github_configuration	*	Ensure GitHub organization webhooks are using HTTPS	github_configuration	webhooks_https_orgs.py
2236	CKV_GITHUB_7	github_configuration	*	Ensure GitHub repository webhooks are using HTTPS	github_configuration	webhooks_https_repos.py
2237	CKV_GITHUB_8	github_configuration	*	Ensure GitHub branch protection rules requires linear history	github_configuration	require_linear_history.py
2238	CKV_GITHUB_9	github_configuration	*	Ensure 2 admins are set for each repository	github_configuration	repository_collaborators.py
2239	CKV_GITHUB_10	github_configuration	*	Ensure branch protection rules are enforced on administrators	github_configuration	enforce_branch_protection_admins.py
2240	CKV_GITHUB_11	github_configuration	*	Ensure GitHub branch protection dismisses stale review on new commit	github_configuration	dismiss_stale_reviews.py
2241	CKV_GITHUB_12	github_configuration	*	Ensure GitHub branch protection restricts who can dismiss PR reviews	github_configuration	restrict_pr_review_dismissal.py
2242	CKV_GITHUB_13	github_configuration	*	Ensure GitHub branch protection requires CODEOWNER reviews	github_configuration	require_code_owner_reviews.py
2243	CKV_GITHUB_14	github_configuration	*	Ensure all checks have passed before the merge of new code	github_configuration	require_status_checks_pr.py
2244	CKV_GITHUB_15	github_configuration	*	Ensure inactive branches are reviewed and removed periodically	github_configuration	disallow_inactive_branch_60days.py
2245	CKV_GITHUB_16	github_configuration	*	Ensure GitHub branch protection requires conversation resolution	github_configuration	require_conversation_resolution.py
2246	CKV_GITHUB_17	github_configuration	*	Ensure GitHub branch protection requires push restrictions	github_configuration	require_push_restrictions.py
2247	CKV_GITHUB_18	github_configuration	*	Ensure GitHub branch protection rules does not allow deletions	github_configuration	disallow_branch_deletions.py
2248	CKV_GITHUB_19	github_configuration	*	Ensure any change to code receives approval of two strongly authenticated users	github_configuration	require_2approvals.py
2249	CKV_GITHUB_20	github_configuration	*	Ensure open git branches are up to date before they can be merged into codebase	github_configuration	require_updated_branch_pr.py
2250	CKV_GITHUB_21	github_configuration	*	Ensure public repository creation is limited to specific members	github_configuration	public_repository_creation_is_limited.py
2251	CKV_GITHUB_22	github_configuration	*	Ensure private repository creation is limited to specific members	github_configuration	private_repository_creation_is_limited.py
2252	CKV_GITHUB_23	github_configuration	*	Ensure internal repository creation is limited to specific members	github_configuration	internal_repository_creation_is_limited.py
2253	CKV_GITHUB_26	github_configuration	*	Ensure minimum admins are set for the organization	github_configuration	minimum_admins_in_org.py
2254	CKV_GITHUB_27	github_configuration	*	Ensure strict base permissions are set for repositories	github_configuration	require_strict_base_permissions_repository.py
2255	CKV_GITHUB_28	github_configuration	*	Ensure an organization’s identity is confirmed with a Verified badge Passed	github_configuration	require_verified_organization.py
2256	CKV_GITLAB_1	gitlab_configuration	*	Merge requests should require at least 2 approvals	gitlab_configuration	merge_requests_approvals.py
2257	CKV_GITLAB_2	gitlab_configuration	*	Ensure all Gitlab groups require two factor authentication	gitlab_configuration	two_factor_authentication.py
2258	CKV_GITLABCI_1	jobs	*.script[]	Suspicious use of curl with CI environment variables in script	gitlab_ci	SuspectCurlInScript.py
2259	CKV_GITLABCI_2	jobs	*.rules	Avoid creating rules that generate double pipelines	gitlab_ci	AvoidDoublePipelines.py
2260	CKV_GITLABCI_3	jobs	*.image[]	Detecting image usages in gitlab workflows	gitlab_ci	DetectImagesUsage.py
2261	CKV_GITLABCI_3	jobs	*.services[]	Detecting image usages in gitlab workflows	gitlab_ci	DetectImagesUsage.py
2262	CKV_GLB_1	resource	gitlab_project	Ensure at least two approving reviews are required to merge a GitLab MR	Terraform	RequireTwoApprovalsToMerge.py
2263	CKV_GLB_2	resource	gitlab_branch_protection	Ensure GitLab branch protection rules does not allow force pushes	Terraform	ForcePushDisabled.py
2264	CKV_GLB_3	resource	gitlab_project	Ensure GitLab prevent secrets is enabled	Terraform	PreventSecretsEnabled.py
2265	CKV_GLB_4	resource	gitlab_project	Ensure GitLab commits are signed	Terraform	RejectUnsignedCommits.py
2266	CKV_K8S_1	resource	PodSecurityPolicy	Do not admit containers wishing to share the host process ID namespace	Kubernetes	ShareHostPIDPSP.py
2267	CKV_K8S_1	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPIDPSP.py
2268	CKV_K8S_2	resource	PodSecurityPolicy	Do not admit privileged containers	Kubernetes	PrivilegedContainersPSP.py
2269	CKV_K8S_2	resource	kubernetes_pod_security_policy	Do not admit privileged containers	Terraform	PrivilegedContainerPSP.py
2270	CKV_K8S_3	resource	PodSecurityPolicy	Do not admit containers wishing to share the host IPC namespace	Kubernetes	ShareHostIPCPSP.py
2271	CKV_K8S_3	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPCPSP.py
2272	CKV_K8S_4	resource	PodSecurityPolicy	Do not admit containers wishing to share the host network namespace	Kubernetes	SharedHostNetworkNamespacePSP.py
2273	CKV_K8S_4	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespacePSP.py
2274	CKV_K8S_5	resource	PodSecurityPolicy	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalationPSP.py
2275	CKV_K8S_5	resource	kubernetes_pod_security_policy	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalationPSP.py
2276	CKV_K8S_6	resource	PodSecurityPolicy	Do not admit root containers	Kubernetes	RootContainersPSP.py
2277	CKV_K8S_6	resource	kubernetes_pod_security_policy	Do not admit root containers	Terraform	RootContainerPSP.py
2278	CKV_K8S_7	resource	PodSecurityPolicy	Do not admit containers with the NET_RAW capability	Kubernetes	DropCapabilitiesPSP.py
2279	CKV_K8S_7	resource	kubernetes_pod_security_policy	Do not admit containers with the NET_RAW capability	Terraform	DropCapabilitiesPSP.py
2280	CKV_K8S_8	resource	DaemonSet	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2281	CKV_K8S_8	resource	Deployment	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2282	CKV_K8S_8	resource	DeploymentConfig	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2283	CKV_K8S_8	resource	Pod	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2284	CKV_K8S_8	resource	PodTemplate	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2285	CKV_K8S_8	resource	ReplicaSet	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2286	CKV_K8S_8	resource	ReplicationController	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2287	CKV_K8S_8	resource	StatefulSet	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2288	CKV_K8S_8	resource	kubernetes_deployment	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2289	CKV_K8S_8	resource	kubernetes_deployment_v1	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2290	CKV_K8S_8	resource	kubernetes_pod	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2291	CKV_K8S_8	resource	kubernetes_pod_v1	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2292	CKV_K8S_9	resource	DaemonSet	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2293	CKV_K8S_9	resource	Deployment	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2294	CKV_K8S_9	resource	DeploymentConfig	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2295	CKV_K8S_9	resource	Pod	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2296	CKV_K8S_9	resource	PodTemplate	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2297	CKV_K8S_9	resource	ReplicaSet	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2298	CKV_K8S_9	resource	ReplicationController	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2299	CKV_K8S_9	resource	StatefulSet	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2300	CKV_K8S_9	resource	kubernetes_deployment	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2301	CKV_K8S_9	resource	kubernetes_deployment_v1	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2302	CKV_K8S_9	resource	kubernetes_pod	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2303	CKV_K8S_9	resource	kubernetes_pod_v1	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2304	CKV_K8S_10	resource	CronJob	CPU requests should be set	Kubernetes	CPURequests.py
2305	CKV_K8S_10	resource	DaemonSet	CPU requests should be set	Kubernetes	CPURequests.py
2306	CKV_K8S_10	resource	Deployment	CPU requests should be set	Kubernetes	CPURequests.py
2307	CKV_K8S_10	resource	DeploymentConfig	CPU requests should be set	Kubernetes	CPURequests.py
2308	CKV_K8S_10	resource	Job	CPU requests should be set	Kubernetes	CPURequests.py
2309	CKV_K8S_10	resource	Pod	CPU requests should be set	Kubernetes	CPURequests.py
2310	CKV_K8S_10	resource	PodTemplate	CPU requests should be set	Kubernetes	CPURequests.py
2311	CKV_K8S_10	resource	ReplicaSet	CPU requests should be set	Kubernetes	CPURequests.py
2312	CKV_K8S_10	resource	ReplicationController	CPU requests should be set	Kubernetes	CPURequests.py
2313	CKV_K8S_10	resource	StatefulSet	CPU requests should be set	Kubernetes	CPURequests.py
2314	CKV_K8S_10	resource	kubernetes_deployment	CPU requests should be set	Terraform	CPURequests.py
2315	CKV_K8S_10	resource	kubernetes_deployment_v1	CPU requests should be set	Terraform	CPURequests.py
2316	CKV_K8S_10	resource	kubernetes_pod	CPU requests should be set	Terraform	CPURequests.py
2317	CKV_K8S_10	resource	kubernetes_pod_v1	CPU requests should be set	Terraform	CPURequests.py
2318	CKV_K8S_11	resource	CronJob	CPU limits should be set	Kubernetes	CPULimits.py
2319	CKV_K8S_11	resource	DaemonSet	CPU limits should be set	Kubernetes	CPULimits.py
2320	CKV_K8S_11	resource	Deployment	CPU limits should be set	Kubernetes	CPULimits.py
2321	CKV_K8S_11	resource	DeploymentConfig	CPU limits should be set	Kubernetes	CPULimits.py
2322	CKV_K8S_11	resource	Job	CPU limits should be set	Kubernetes	CPULimits.py
2323	CKV_K8S_11	resource	Pod	CPU limits should be set	Kubernetes	CPULimits.py
2324	CKV_K8S_11	resource	PodTemplate	CPU limits should be set	Kubernetes	CPULimits.py
2325	CKV_K8S_11	resource	ReplicaSet	CPU limits should be set	Kubernetes	CPULimits.py
2326	CKV_K8S_11	resource	ReplicationController	CPU limits should be set	Kubernetes	CPULimits.py
2327	CKV_K8S_11	resource	StatefulSet	CPU limits should be set	Kubernetes	CPULimits.py
2328	CKV_K8S_11	resource	kubernetes_deployment	CPU Limits should be set	Terraform	CPULimits.py
2329	CKV_K8S_11	resource	kubernetes_deployment_v1	CPU Limits should be set	Terraform	CPULimits.py
2330	CKV_K8S_11	resource	kubernetes_pod	CPU Limits should be set	Terraform	CPULimits.py
2331	CKV_K8S_11	resource	kubernetes_pod_v1	CPU Limits should be set	Terraform	CPULimits.py
2332	CKV_K8S_12	resource	CronJob	Memory requests should be set	Kubernetes	MemoryRequests.py
2333	CKV_K8S_12	resource	DaemonSet	Memory requests should be set	Kubernetes	MemoryRequests.py
2334	CKV_K8S_12	resource	Deployment	Memory requests should be set	Kubernetes	MemoryRequests.py
2335	CKV_K8S_12	resource	DeploymentConfig	Memory requests should be set	Kubernetes	MemoryRequests.py
2336	CKV_K8S_12	resource	Job	Memory requests should be set	Kubernetes	MemoryRequests.py
2337	CKV_K8S_12	resource	Pod	Memory requests should be set	Kubernetes	MemoryRequests.py
2338	CKV_K8S_12	resource	PodTemplate	Memory requests should be set	Kubernetes	MemoryRequests.py
2339	CKV_K8S_12	resource	ReplicaSet	Memory requests should be set	Kubernetes	MemoryRequests.py
2340	CKV_K8S_12	resource	ReplicationController	Memory requests should be set	Kubernetes	MemoryRequests.py
2341	CKV_K8S_12	resource	StatefulSet	Memory requests should be set	Kubernetes	MemoryRequests.py
2342	CKV_K8S_12	resource	kubernetes_deployment	Memory Limits should be set	Terraform	MemoryLimits.py
2343	CKV_K8S_12	resource	kubernetes_deployment_v1	Memory Limits should be set	Terraform	MemoryLimits.py
2344	CKV_K8S_12	resource	kubernetes_pod	Memory Limits should be set	Terraform	MemoryLimits.py
2345	CKV_K8S_12	resource	kubernetes_pod_v1	Memory Limits should be set	Terraform	MemoryLimits.py
2346	CKV_K8S_13	resource	CronJob	Memory limits should be set	Kubernetes	MemoryLimits.py
2347	CKV_K8S_13	resource	DaemonSet	Memory limits should be set	Kubernetes	MemoryLimits.py
2348	CKV_K8S_13	resource	Deployment	Memory limits should be set	Kubernetes	MemoryLimits.py
2349	CKV_K8S_13	resource	DeploymentConfig	Memory limits should be set	Kubernetes	MemoryLimits.py
2350	CKV_K8S_13	resource	Job	Memory limits should be set	Kubernetes	MemoryLimits.py
2351	CKV_K8S_13	resource	Pod	Memory limits should be set	Kubernetes	MemoryLimits.py
2352	CKV_K8S_13	resource	PodTemplate	Memory limits should be set	Kubernetes	MemoryLimits.py
2353	CKV_K8S_13	resource	ReplicaSet	Memory limits should be set	Kubernetes	MemoryLimits.py
2354	CKV_K8S_13	resource	ReplicationController	Memory limits should be set	Kubernetes	MemoryLimits.py
2355	CKV_K8S_13	resource	StatefulSet	Memory limits should be set	Kubernetes	MemoryLimits.py
2356	CKV_K8S_13	resource	kubernetes_deployment	Memory requests should be set	Terraform	MemoryRequests.py
2357	CKV_K8S_13	resource	kubernetes_deployment_v1	Memory requests should be set	Terraform	MemoryRequests.py
2358	CKV_K8S_13	resource	kubernetes_pod	Memory requests should be set	Terraform	MemoryRequests.py
2359	CKV_K8S_13	resource	kubernetes_pod_v1	Memory requests should be set	Terraform	MemoryRequests.py
2360	CKV_K8S_14	resource	CronJob	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2361	CKV_K8S_14	resource	DaemonSet	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2362	CKV_K8S_14	resource	Deployment	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2363	CKV_K8S_14	resource	DeploymentConfig	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2364	CKV_K8S_14	resource	Job	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2365	CKV_K8S_14	resource	Pod	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2366	CKV_K8S_14	resource	PodTemplate	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2367	CKV_K8S_14	resource	ReplicaSet	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2368	CKV_K8S_14	resource	ReplicationController	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2369	CKV_K8S_14	resource	StatefulSet	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2370	CKV_K8S_14	resource	kubernetes_deployment	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2371	CKV_K8S_14	resource	kubernetes_deployment_v1	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2372	CKV_K8S_14	resource	kubernetes_pod	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2373	CKV_K8S_14	resource	kubernetes_pod_v1	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2374	CKV_K8S_15	resource	CronJob	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2375	CKV_K8S_15	resource	DaemonSet	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2376	CKV_K8S_15	resource	Deployment	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2377	CKV_K8S_15	resource	DeploymentConfig	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2378	CKV_K8S_15	resource	Job	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2379	CKV_K8S_15	resource	Pod	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2380	CKV_K8S_15	resource	PodTemplate	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2381	CKV_K8S_15	resource	ReplicaSet	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2382	CKV_K8S_15	resource	ReplicationController	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2383	CKV_K8S_15	resource	StatefulSet	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2384	CKV_K8S_15	resource	kubernetes_deployment	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2385	CKV_K8S_15	resource	kubernetes_deployment_v1	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2386	CKV_K8S_15	resource	kubernetes_pod	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2387	CKV_K8S_15	resource	kubernetes_pod_v1	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2388	CKV_K8S_16	resource	CronJob	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2389	CKV_K8S_16	resource	DaemonSet	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2390	CKV_K8S_16	resource	Deployment	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2391	CKV_K8S_16	resource	DeploymentConfig	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2392	CKV_K8S_16	resource	Job	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2393	CKV_K8S_16	resource	Pod	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2394	CKV_K8S_16	resource	PodTemplate	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2395	CKV_K8S_16	resource	ReplicaSet	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2396	CKV_K8S_16	resource	ReplicationController	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2397	CKV_K8S_16	resource	StatefulSet	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2398	CKV_K8S_16	resource	kubernetes_deployment	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2399	CKV_K8S_16	resource	kubernetes_deployment_v1	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2400	CKV_K8S_16	resource	kubernetes_pod	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2401	CKV_K8S_16	resource	kubernetes_pod_v1	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2402	CKV_K8S_17	resource	CronJob	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2403	CKV_K8S_17	resource	DaemonSet	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2404	CKV_K8S_17	resource	Deployment	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2405	CKV_K8S_17	resource	Job	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2406	CKV_K8S_17	resource	Pod	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2407	CKV_K8S_17	resource	ReplicaSet	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2408	CKV_K8S_17	resource	ReplicationController	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2409	CKV_K8S_17	resource	StatefulSet	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2410	CKV_K8S_17	resource	kubernetes_deployment	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2411	CKV_K8S_17	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2412	CKV_K8S_17	resource	kubernetes_pod	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2413	CKV_K8S_17	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2414	CKV_K8S_18	resource	CronJob	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2415	CKV_K8S_18	resource	DaemonSet	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2416	CKV_K8S_18	resource	Deployment	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2417	CKV_K8S_18	resource	Job	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2418	CKV_K8S_18	resource	Pod	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2419	CKV_K8S_18	resource	ReplicaSet	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2420	CKV_K8S_18	resource	ReplicationController	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2421	CKV_K8S_18	resource	StatefulSet	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2422	CKV_K8S_18	resource	kubernetes_deployment	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2423	CKV_K8S_18	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2424	CKV_K8S_18	resource	kubernetes_pod	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2425	CKV_K8S_18	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2426	CKV_K8S_19	resource	CronJob	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py