image/svg+xml Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • GitHub Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
    • OpenAI
  • 5.Policy Index
    • all resource scans (auto generated)
    • ansible resource scans
    • argo_workflows resource scans
    • arm resource scans
    • azure_pipelines resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • circleci_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans
    • terraform resource scans
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Azure Pipelines configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Terraform Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Ansible configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Pipelines configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CSV
    • CycloneDX BOM
    • GitLab SAST
    • JUnit XML
    • SARIF
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 5.policy index
  • all resource scans
Edit on GitHub

all resource scans (auto generated)

  Id Type Entity Policy IaC Resource Link
0 CKV2_ADO_1 resource azuredevops_branch_policy_min_reviewers Ensure at least two approving reviews for PRs Terraform ADORepositoryHasMinTwoReviewers.yaml
1 CKV2_ADO_1 resource azuredevops_git_repository Ensure at least two approving reviews for PRs Terraform ADORepositoryHasMinTwoReviewers.yaml
2 CKV_ALI_1 resource alicloud_oss_bucket Alibaba Cloud OSS bucket accessible to public Terraform OSSBucketPublic.py
3 CKV_ALI_2 resource alicloud_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
4 CKV_ALI_3 resource alicloud_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
5 CKV_ALI_4 resource alicloud_actiontrail_trail Ensure Action Trail Logging for all regions Terraform ActionTrailLogAllRegions.py
6 CKV_ALI_5 resource alicloud_actiontrail_trail Ensure Action Trail Logging for all events Terraform ActionTrailLogAllEvents.py
7 CKV_ALI_6 resource alicloud_oss_bucket Ensure OSS bucket is encrypted with Customer Master Key Terraform OSSBucketEncryptedWithCMK.py
8 CKV_ALI_7 resource alicloud_disk Ensure disk is encrypted Terraform DiskIsEncrypted.py
9 CKV_ALI_8 resource alicloud_disk Ensure Disk is encrypted with Customer Master Key Terraform DiskEncryptedWithCMK.py
10 CKV_ALI_9 resource alicloud_db_instance Ensure database instance is not public Terraform RDSIsPublic.py
11 CKV_ALI_10 resource alicloud_oss_bucket Ensure OSS bucket has versioning enabled Terraform OSSBucketVersioning.py
12 CKV_ALI_11 resource alicloud_oss_bucket Ensure OSS bucket has transfer Acceleration enabled Terraform OSSBucketTransferAcceleration.py
13 CKV_ALI_12 resource alicloud_oss_bucket Ensure the OSS bucket has access logging enabled Terraform OSSBucketAccessLogs.py
14 CKV_ALI_13 resource alicloud_ram_account_password_policy Ensure RAM password policy requires minimum length of 14 or greater Terraform RAMPasswordPolicyLength.py
15 CKV_ALI_14 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one number Terraform RAMPasswordPolicyNumber.py
16 CKV_ALI_15 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one symbol Terraform RAMPasswordPolicySymbol.py
17 CKV_ALI_16 resource alicloud_ram_account_password_policy Ensure RAM password policy expires passwords within 90 days or less Terraform RAMPasswordPolicyExpiration.py
18 CKV_ALI_17 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one lowercase letter Terraform RAMPasswordPolicyLowercaseLetter.py
19 CKV_ALI_18 resource alicloud_ram_account_password_policy Ensure RAM password policy prevents password reuse Terraform RAMPasswordPolicyReuse.py
20 CKV_ALI_19 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one uppercase letter Terraform RAMPasswordPolicyUppcaseLetter.py
21 CKV_ALI_20 resource alicloud_db_instance Ensure RDS instance uses SSL Terraform RDSInstanceSSL.py
22 CKV_ALI_21 resource alicloud_api_gateway_api Ensure API Gateway API Protocol HTTPS Terraform APIGatewayProtocolHTTPS.py
23 CKV_ALI_22 resource alicloud_db_instance Ensure Transparent Data Encryption is Enabled on instance Terraform RDSTransparentDataEncryptionEnabled.py
24 CKV_ALI_23 resource alicloud_ram_account_password_policy Ensure Ram Account Password Policy Max Login Attempts not > 5 Terraform RAMPasswordPolicyMaxLogin.py
25 CKV_ALI_24 resource alicloud_ram_security_preference Ensure RAM enforces MFA Terraform RAMSecurityEnforceMFA.py
26 CKV_ALI_25 resource alicloud_db_instance Ensure RDS Instance SQL Collector Retention Period should be greater than 180 Terraform RDSRetention.py
27 CKV_ALI_26 resource alicloud_cs_kubernetes Ensure Kubernetes installs plugin Terway or Flannel to support standard policies Terraform K8sEnableNetworkPolicies.py
28 CKV_ALI_27 resource alicloud_kms_key Ensure KMS Key Rotation is enabled Terraform KMSKeyRotationIsEnabled.py
29 CKV_ALI_28 resource alicloud_kms_key Ensure KMS Keys are enabled Terraform KMSKeyIsEnabled.py
30 CKV_ALI_29 resource alicloud_alb_acl_entry_attachment Alibaba ALB ACL does not restrict Access Terraform ALBACLIsUnrestricted.py
31 CKV_ALI_30 resource alicloud_db_instance Ensure RDS instance auto upgrades for minor versions Terraform RDSInstanceAutoUpgrade.py
32 CKV_ALI_31 resource alicloud_cs_kubernetes_node_pool Ensure K8s nodepools are set to auto repair Terraform K8sNodePoolAutoRepair.py
33 CKV_ALI_32 resource alicloud_ecs_launch_template Ensure launch template data disks are encrypted Terraform LaunchTemplateDisksAreEncrypted.py
34 CKV_ALI_33 resource alicloud_slb_tls_cipher_policy Alibaba Cloud Cypher Policy are secure Terraform TLSPoliciesAreSecure.py
35 CKV_ALI_35 resource alicloud_db_instance Ensure RDS instance has log_duration enabled Terraform RDSInstanceLogsEnabled.py
36 CKV_ALI_36 resource alicloud_db_instance Ensure RDS instance has log_disconnections enabled Terraform RDSInstanceLogDisconnections.py
37 CKV_ALI_37 resource alicloud_db_instance Ensure RDS instance has log_connections enabled Terraform RDSInstanceLogConnections.py
38 CKV_ALI_38 resource alicloud_log_audit Ensure log audit is enabled for RDS Terraform LogAuditRDSEnabled.py
39 CKV_ALI_41 resource alicloud_mongodb_instance Ensure MongoDB is deployed inside a VPC Terraform MongoDBInsideVPC.py
40 CKV_ALI_42 resource alicloud_mongodb_instance Ensure Mongodb instance uses SSL Terraform MongoDBInstanceSSL.py
41 CKV_ALI_43 resource alicloud_mongodb_instance Ensure MongoDB instance is not public Terraform MongoDBIsPublic.py
42 CKV_ALI_44 resource alicloud_mongodb_instance Ensure MongoDB has Transparent Data Encryption Enabled Terraform MongoDBTransparentDataEncryptionEnabled.py
43 CKV_ANSIBLE_1 resource [?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
44 CKV_ANSIBLE_1 resource [?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
45 CKV_ANSIBLE_1 resource [].block[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
46 CKV_ANSIBLE_1 resource [].block[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
47 CKV_ANSIBLE_1 resource [].block[].block[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
48 CKV_ANSIBLE_1 resource [].block[].block[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
49 CKV_ANSIBLE_1 resource [].block[].block[].block[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
50 CKV_ANSIBLE_1 resource [].block[].block[].block[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
51 CKV_ANSIBLE_1 resource [].tasks[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
52 CKV_ANSIBLE_1 resource [].tasks[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
53 CKV_ANSIBLE_1 resource [].tasks[].block[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
54 CKV_ANSIBLE_1 resource [].tasks[].block[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
55 CKV_ANSIBLE_1 resource [].tasks[].block[].block[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
56 CKV_ANSIBLE_1 resource [].tasks[].block[].block[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
57 CKV_ANSIBLE_1 resource [].tasks[].block[].block[].block[?”ansible.builtin.uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
58 CKV_ANSIBLE_1 resource [].tasks[].block[].block[].block[?”uri” != null][] Ensure that certificate validation isn’t disabled with uri Ansible UriValidateCerts.py
59 CKV_ANSIBLE_2 resource [?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
60 CKV_ANSIBLE_2 resource [?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
61 CKV_ANSIBLE_2 resource [].block[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
62 CKV_ANSIBLE_2 resource [].block[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
63 CKV_ANSIBLE_2 resource [].block[].block[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
64 CKV_ANSIBLE_2 resource [].block[].block[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
65 CKV_ANSIBLE_2 resource [].block[].block[].block[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
66 CKV_ANSIBLE_2 resource [].block[].block[].block[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
67 CKV_ANSIBLE_2 resource [].tasks[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
68 CKV_ANSIBLE_2 resource [].tasks[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
69 CKV_ANSIBLE_2 resource [].tasks[].block[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
70 CKV_ANSIBLE_2 resource [].tasks[].block[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
71 CKV_ANSIBLE_2 resource [].tasks[].block[].block[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
72 CKV_ANSIBLE_2 resource [].tasks[].block[].block[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
73 CKV_ANSIBLE_2 resource [].tasks[].block[].block[].block[?”ansible.builtin.get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
74 CKV_ANSIBLE_2 resource [].tasks[].block[].block[].block[?”get_url” != null][] Ensure that certificate validation isn’t disabled with get_url Ansible GetUrlValidateCerts.py
75 CKV_ANSIBLE_3 resource [?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
76 CKV_ANSIBLE_3 resource [?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
77 CKV_ANSIBLE_3 resource [].block[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
78 CKV_ANSIBLE_3 resource [].block[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
79 CKV_ANSIBLE_3 resource [].block[].block[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
80 CKV_ANSIBLE_3 resource [].block[].block[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
81 CKV_ANSIBLE_3 resource [].block[].block[].block[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
82 CKV_ANSIBLE_3 resource [].block[].block[].block[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
83 CKV_ANSIBLE_3 resource [].tasks[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
84 CKV_ANSIBLE_3 resource [].tasks[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
85 CKV_ANSIBLE_3 resource [].tasks[].block[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
86 CKV_ANSIBLE_3 resource [].tasks[].block[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
87 CKV_ANSIBLE_3 resource [].tasks[].block[].block[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
88 CKV_ANSIBLE_3 resource [].tasks[].block[].block[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
89 CKV_ANSIBLE_3 resource [].tasks[].block[].block[].block[?”ansible.builtin.yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
90 CKV_ANSIBLE_3 resource [].tasks[].block[].block[].block[?”yum” != null][] Ensure that certificate validation isn’t disabled with yum Ansible YumValidateCerts.py
91 CKV_ANSIBLE_4 resource [?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
92 CKV_ANSIBLE_4 resource [?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
93 CKV_ANSIBLE_4 resource [].block[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
94 CKV_ANSIBLE_4 resource [].block[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
95 CKV_ANSIBLE_4 resource [].block[].block[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
96 CKV_ANSIBLE_4 resource [].block[].block[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
97 CKV_ANSIBLE_4 resource [].block[].block[].block[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
98 CKV_ANSIBLE_4 resource [].block[].block[].block[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
99 CKV_ANSIBLE_4 resource [].tasks[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
100 CKV_ANSIBLE_4 resource [].tasks[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
101 CKV_ANSIBLE_4 resource [].tasks[].block[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
102 CKV_ANSIBLE_4 resource [].tasks[].block[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
103 CKV_ANSIBLE_4 resource [].tasks[].block[].block[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
104 CKV_ANSIBLE_4 resource [].tasks[].block[].block[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
105 CKV_ANSIBLE_4 resource [].tasks[].block[].block[].block[?”ansible.builtin.yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
106 CKV_ANSIBLE_4 resource [].tasks[].block[].block[].block[?”yum” != null][] Ensure that SSL validation isn’t disabled with yum Ansible YumSslVerify.py
107 CKV_ANSIBLE_5 resource [?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
108 CKV_ANSIBLE_5 resource [?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
109 CKV_ANSIBLE_5 resource [].block[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
110 CKV_ANSIBLE_5 resource [].block[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
111 CKV_ANSIBLE_5 resource [].block[].block[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
112 CKV_ANSIBLE_5 resource [].block[].block[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
113 CKV_ANSIBLE_5 resource [].block[].block[].block[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
114 CKV_ANSIBLE_5 resource [].block[].block[].block[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
115 CKV_ANSIBLE_5 resource [].tasks[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
116 CKV_ANSIBLE_5 resource [].tasks[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
117 CKV_ANSIBLE_5 resource [].tasks[].block[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
118 CKV_ANSIBLE_5 resource [].tasks[].block[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
119 CKV_ANSIBLE_5 resource [].tasks[].block[].block[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
120 CKV_ANSIBLE_5 resource [].tasks[].block[].block[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
121 CKV_ANSIBLE_5 resource [].tasks[].block[].block[].block[?”ansible.builtin.apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
122 CKV_ANSIBLE_5 resource [].tasks[].block[].block[].block[?”apt” != null][] Ensure that packages with untrusted or missing signatures are not used Ansible AptAllowUnauthenticated.py
123 CKV_ANSIBLE_6 resource [?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
124 CKV_ANSIBLE_6 resource [?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
125 CKV_ANSIBLE_6 resource [].block[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
126 CKV_ANSIBLE_6 resource [].block[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
127 CKV_ANSIBLE_6 resource [].block[].block[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
128 CKV_ANSIBLE_6 resource [].block[].block[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
129 CKV_ANSIBLE_6 resource [].block[].block[].block[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
130 CKV_ANSIBLE_6 resource [].block[].block[].block[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
131 CKV_ANSIBLE_6 resource [].tasks[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
132 CKV_ANSIBLE_6 resource [].tasks[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
133 CKV_ANSIBLE_6 resource [].tasks[].block[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
134 CKV_ANSIBLE_6 resource [].tasks[].block[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
135 CKV_ANSIBLE_6 resource [].tasks[].block[].block[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
136 CKV_ANSIBLE_6 resource [].tasks[].block[].block[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
137 CKV_ANSIBLE_6 resource [].tasks[].block[].block[].block[?”ansible.builtin.apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
138 CKV_ANSIBLE_6 resource [].tasks[].block[].block[].block[?”apt” != null][] Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state Ansible AptForce.py
139 CKV2_ANSIBLE_1 resource tasks.ansible.builtin.uri Ensure that HTTPS url is used with uri Ansible UriHttpsOnly.yaml
140 CKV2_ANSIBLE_1 resource tasks.uri Ensure that HTTPS url is used with uri Ansible UriHttpsOnly.yaml
141 CKV2_ANSIBLE_2 resource tasks.ansible.builtin.get_url Ensure that HTTPS url is used with get_url Ansible GetUrlHttpsOnly.yaml
142 CKV2_ANSIBLE_2 resource tasks.get_url Ensure that HTTPS url is used with get_url Ansible GetUrlHttpsOnly.yaml
143 CKV2_ANSIBLE_3 resource block Ensure block is handling task errors properly Ansible BlockErrorHandling.yaml
144 CKV2_ANSIBLE_4 resource tasks.ansible.builtin.dnf Ensure that packages with untrusted or missing GPG signatures are not used by dnf Ansible DnfDisableGpgCheck.yaml
145 CKV2_ANSIBLE_4 resource tasks.dnf Ensure that packages with untrusted or missing GPG signatures are not used by dnf Ansible DnfDisableGpgCheck.yaml
146 CKV2_ANSIBLE_5 resource tasks.ansible.builtin.dnf Ensure that SSL validation isn’t disabled with dnf Ansible DnfSslVerify.yaml
147 CKV2_ANSIBLE_5 resource tasks.dnf Ensure that SSL validation isn’t disabled with dnf Ansible DnfSslVerify.yaml
148 CKV2_ANSIBLE_6 resource tasks.ansible.builtin.dnf Ensure that certificate validation isn’t disabled with dnf Ansible DnfValidateCerts.yaml
149 CKV2_ANSIBLE_6 resource tasks.dnf Ensure that certificate validation isn’t disabled with dnf Ansible DnfValidateCerts.yaml
150 CKV_ARGO_1 argo_workflows spec Ensure Workflow pods are not using the default ServiceAccount Argo Workflows DefaultServiceAccount.py
151 CKV_ARGO_2 argo_workflows spec Ensure Workflow pods are running as non-root user Argo Workflows RunAsNonRoot.py
152 CKV_AWS_1 data aws_iam_policy_document Ensure IAM policies that allow full “-” administrative privileges are not created Terraform AdminPolicyDocument.py
153 CKV_AWS_1 resource serverless_aws Ensure IAM policies that allow full “-” administrative privileges are not created serverless AdminPolicyDocument.py
154 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation ALBListenerHTTPS.py
155 CKV_AWS_2 resource aws_alb_listener Ensure ALB protocol is HTTPS Terraform ALBListenerHTTPS.py
156 CKV_AWS_2 resource aws_lb_listener Ensure ALB protocol is HTTPS Terraform ALBListenerHTTPS.py
157 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation EBSEncryption.py
158 CKV_AWS_3 resource aws_ebs_volume Ensure all data stored in the EBS is securely encrypted Terraform EBSEncryption.py
159 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation ElasticsearchEncryption.py
160 CKV_AWS_5 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform ElasticsearchEncryption.py
161 CKV_AWS_5 resource aws_opensearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform ElasticsearchEncryption.py
162 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation ElasticsearchNodeToNodeEncryption.py
163 CKV_AWS_6 resource aws_elasticsearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform ElasticsearchNodeToNodeEncryption.py
164 CKV_AWS_6 resource aws_opensearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform ElasticsearchNodeToNodeEncryption.py
165 CKV_AWS_7 resource AWS::KMS::Key Ensure rotation for customer created CMKs is enabled Cloudformation KMSRotation.py
166 CKV_AWS_7 resource aws_kms_key Ensure rotation for customer created CMKs is enabled Terraform KMSRotation.py
167 CKV_AWS_8 resource AWS::AutoScaling::LaunchConfiguration Ensure all data stored in the Launch configuration EBS is securely encrypted Cloudformation LaunchConfigurationEBSEncryption.py
168 CKV_AWS_8 resource aws_instance Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted Terraform LaunchConfigurationEBSEncryption.py
169 CKV_AWS_8 resource aws_launch_configuration Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted Terraform LaunchConfigurationEBSEncryption.py
170 CKV_AWS_9 resource aws_iam_account_password_policy Ensure IAM password policy expires passwords within 90 days or less Terraform PasswordPolicyExpiration.py
171 CKV_AWS_10 resource aws_iam_account_password_policy Ensure IAM password policy requires minimum length of 14 or greater Terraform PasswordPolicyLength.py
172 CKV_AWS_11 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one lowercase letter Terraform PasswordPolicyLowercaseLetter.py
173 CKV_AWS_12 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one number Terraform PasswordPolicyNumber.py
174 CKV_AWS_13 resource aws_iam_account_password_policy Ensure IAM password policy prevents password reuse Terraform PasswordPolicyReuse.py
175 CKV_AWS_14 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one symbol Terraform PasswordPolicySymbol.py
176 CKV_AWS_15 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one uppercase letter Terraform PasswordPolicyUppercaseLetter.py
177 CKV_AWS_16 resource AWS::RDS::DBInstance Ensure all data stored in the RDS is securely encrypted at rest Cloudformation RDSEncryption.py
178 CKV_AWS_16 resource aws_db_instance Ensure all data stored in the RDS is securely encrypted at rest Terraform RDSEncryption.py
179 CKV_AWS_17 resource AWS::RDS::DBInstance Ensure all data stored in RDS is not publicly accessible Cloudformation RDSPubliclyAccessible.py
180 CKV_AWS_17 resource aws_db_instance Ensure all data stored in RDS is not publicly accessible Terraform RDSPubliclyAccessible.py
181 CKV_AWS_17 resource aws_rds_cluster_instance Ensure all data stored in RDS is not publicly accessible Terraform RDSPubliclyAccessible.py
182 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation S3AccessLogs.py
183 CKV_AWS_18 resource aws_s3_bucket Ensure the S3 bucket has access logging enabled Terraform S3BucketLogging.yaml
184 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation S3Encryption.py
185 CKV_AWS_19 resource aws_s3_bucket Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform S3BucketEncryption.yaml
186 CKV_AWS_19 resource aws_s3_bucket_server_side_encryption_configuration Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform S3BucketEncryption.yaml
187 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation S3PublicACLRead.py
188 CKV_AWS_20 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public READ access. Terraform S3PublicACLRead.yaml
189 CKV_AWS_20 resource aws_s3_bucket_acl S3 Bucket has an ACL defined which allows public READ access. Terraform S3PublicACLRead.yaml
190 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation S3Versioning.py
191 CKV_AWS_21 resource aws_s3_bucket Ensure all data stored in the S3 bucket have versioning enabled Terraform S3BucketVersioning.yaml
192 CKV_AWS_21 resource aws_s3_bucket_versioning Ensure all data stored in the S3 bucket have versioning enabled Terraform S3BucketVersioning.yaml
193 CKV_AWS_22 resource aws_sagemaker_notebook_instance Ensure SageMaker Notebook is encrypted at rest using KMS CMK Terraform SagemakerNotebookEncryption.py
194 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation SecurityGroupRuleDescription.py
195 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation SecurityGroupRuleDescription.py
196 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation SecurityGroupRuleDescription.py
197 CKV_AWS_23 resource aws_db_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
198 CKV_AWS_23 resource aws_elasticache_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
199 CKV_AWS_23 resource aws_redshift_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
200 CKV_AWS_23 resource aws_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
201 CKV_AWS_23 resource aws_security_group_rule Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
202 CKV_AWS_23 resource aws_vpc_security_group_egress_rule Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
203 CKV_AWS_23 resource aws_vpc_security_group_ingress_rule Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
204 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation SecurityGroupUnrestrictedIngress22.py
205 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation SecurityGroupUnrestrictedIngress22.py
206 CKV_AWS_24 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
207 CKV_AWS_24 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
208 CKV_AWS_24 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
209 CKV_AWS_25 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation SecurityGroupUnrestrictedIngress3389.py
210 CKV_AWS_25 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation SecurityGroupUnrestrictedIngress3389.py
211 CKV_AWS_25 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
212 CKV_AWS_25 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
213 CKV_AWS_25 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
214 CKV_AWS_26 resource AWS::SNS::Topic Ensure all data stored in the SNS topic is encrypted Cloudformation SNSTopicEncryption.py
215 CKV_AWS_26 resource aws_sns_topic Ensure all data stored in the SNS topic is encrypted Terraform SNSTopicEncryption.py
216 CKV_AWS_27 resource AWS::SQS::Queue Ensure all data stored in the SQS queue is encrypted Cloudformation SQSQueueEncryption.py
217 CKV_AWS_27 resource aws_sqs_queue Ensure all data stored in the SQS queue is encrypted Terraform SQSQueueEncryption.py
218 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation DynamodbRecovery.py
219 CKV_AWS_28 resource aws_dynamodb_table Ensure Dynamodb point in time recovery (backup) is enabled Terraform DynamodbRecovery.py
220 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation ElasticacheReplicationGroupEncryptionAtRest.py
221 CKV_AWS_29 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Terraform ElasticacheReplicationGroupEncryptionAtRest.py
222 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation ElasticacheReplicationGroupEncryptionAtTransit.py
223 CKV_AWS_30 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Terraform ElasticacheReplicationGroupEncryptionAtTransit.py
224 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
225 CKV_AWS_31 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Terraform ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
226 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation ECRPolicy.py
227 CKV_AWS_32 resource aws_ecr_repository_policy Ensure ECR policy is not set to public Terraform ECRPolicy.py
228 CKV_AWS_33 resource AWS::KMS::Key Ensure KMS key policy does not contain wildcard (*) principal Cloudformation KMSKeyWildCardPrincipal.py
229 CKV_AWS_33 resource aws_kms_key Ensure KMS key policy does not contain wildcard (*) principal Terraform KMSKeyWildcardPrincipal.py
230 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation CloudfrontDistributionEncryption.py
231 CKV_AWS_34 resource aws_cloudfront_distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Terraform CloudfrontDistributionEncryption.py
232 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation CloudtrailEncryption.py
233 CKV_AWS_35 resource aws_cloudtrail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Terraform CloudtrailEncryptionWithCMK.py
234 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation CloudtrailLogValidation.py
235 CKV_AWS_36 resource aws_cloudtrail Ensure CloudTrail log file validation is enabled Terraform CloudtrailLogValidation.py
236 CKV_AWS_37 resource aws_eks_cluster Ensure Amazon EKS control plane logging enabled for all log types Terraform EKSControlPlaneLogging.py
237 CKV_AWS_38 resource aws_eks_cluster Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 Terraform EKSPublicAccessCIDR.py
238 CKV_AWS_39 resource aws_eks_cluster Ensure Amazon EKS public endpoint disabled Terraform EKSPublicAccess.py
239 CKV_AWS_40 resource AWS::IAM::Policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Cloudformation IAMPolicyAttachedToGroupOrRoles.py
240 CKV_AWS_40 resource aws_iam_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform IAMPolicyAttachedToGroupOrRoles.py
241 CKV_AWS_40 resource aws_iam_user_policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform IAMPolicyAttachedToGroupOrRoles.py
242 CKV_AWS_40 resource aws_iam_user_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform IAMPolicyAttachedToGroupOrRoles.py
243 CKV_AWS_41 provider aws Ensure no hard coded AWS access key and secret key exists in provider Terraform credentials.py
244 CKV_AWS_41 resource serverless_aws Ensure no hard coded AWS access key and secret key exists in provider serverless AWSCredentials.py
245 CKV_AWS_42 resource AWS::EFS::FileSystem Ensure EFS is securely encrypted Cloudformation EFSEncryptionEnabled.py
246 CKV_AWS_42 resource aws_efs_file_system Ensure EFS is securely encrypted Terraform EFSEncryptionEnabled.py
247 CKV_AWS_43 resource AWS::Kinesis::Stream Ensure Kinesis Stream is securely encrypted Cloudformation KinesisStreamEncryptionType.py
248 CKV_AWS_43 resource aws_kinesis_stream Ensure Kinesis Stream is securely encrypted Terraform KinesisStreamEncryptionType.py
249 CKV_AWS_44 resource AWS::Neptune::DBCluster Ensure Neptune storage is securely encrypted Cloudformation NeptuneClusterStorageEncrypted.py
250 CKV_AWS_44 resource aws_neptune_cluster Ensure Neptune storage is securely encrypted Terraform NeptuneClusterStorageEncrypted.py
251 CKV_AWS_45 resource AWS::Lambda::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation LambdaEnvironmentCredentials.py
252 CKV_AWS_45 resource AWS::Serverless::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation LambdaEnvironmentCredentials.py
253 CKV_AWS_45 resource aws_lambda_function Ensure no hard-coded secrets exist in lambda environment Terraform LambdaEnvironmentCredentials.py
254 CKV_AWS_46 resource AWS::EC2::Instance Ensure no hard-coded secrets exist in EC2 user data Cloudformation EC2Credentials.py
255 CKV_AWS_46 resource aws_instance Ensure no hard-coded secrets exist in EC2 user data Terraform EC2Credentials.py
256 CKV_AWS_46 resource aws_launch_configuration Ensure no hard-coded secrets exist in EC2 user data Terraform EC2Credentials.py
257 CKV_AWS_46 resource aws_launch_template Ensure no hard-coded secrets exist in EC2 user data Terraform EC2Credentials.py
258 CKV_AWS_47 resource AWS::DAX::Cluster Ensure DAX is encrypted at rest (default is unencrypted) Cloudformation DAXEncryption.py
259 CKV_AWS_47 resource aws_dax_cluster Ensure DAX is encrypted at rest (default is unencrypted) Terraform DAXEncryption.py
260 CKV_AWS_48 resource aws_mq_broker Ensure MQ Broker logging is enabled Terraform MQBrokerLogging.py
261 CKV_AWS_49 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s actions Terraform StarActionPolicyDocument.py
262 CKV_AWS_49 resource serverless_aws Ensure no IAM policies documents allow “*” as a statement’s actions serverless StarActionPolicyDocument.py
263 CKV_AWS_50 resource aws_lambda_function X-ray tracing is enabled for Lambda Terraform LambdaXrayEnabled.py
264 CKV_AWS_51 resource AWS::ECR::Repository Ensure ECR Image Tags are immutable Cloudformation ECRImmutableTags.py
265 CKV_AWS_51 resource aws_ecr_repository Ensure ECR Image Tags are immutable Terraform ECRImmutableTags.py
266 CKV_AWS_53 resource AWS::S3::Bucket Ensure S3 bucket has block public ACLS enabled Cloudformation S3BlockPublicACLs.py
267 CKV_AWS_53 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public ACLS enabled Terraform S3BlockPublicACLs.py
268 CKV_AWS_54 resource AWS::S3::Bucket Ensure S3 bucket has block public policy enabled Cloudformation S3BlockPublicPolicy.py
269 CKV_AWS_54 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public policy enabled Terraform S3BlockPublicPolicy.py
270 CKV_AWS_55 resource AWS::S3::Bucket Ensure S3 bucket has ignore public ACLs enabled Cloudformation S3IgnorePublicACLs.py
271 CKV_AWS_55 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ignore public ACLs enabled Terraform S3IgnorePublicACLs.py
272 CKV_AWS_56 resource AWS::S3::Bucket Ensure S3 bucket has ‘restrict_public_bucket’ enabled Cloudformation S3RestrictPublicBuckets.py
273 CKV_AWS_56 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ‘restrict_public_bucket’ enabled Terraform S3RestrictPublicBuckets.py
274 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation S3PublicACLWrite.py
275 CKV_AWS_57 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public WRITE access. Terraform S3PublicACLWrite.yaml
276 CKV_AWS_57 resource aws_s3_bucket_acl S3 Bucket has an ACL defined which allows public WRITE access. Terraform S3PublicACLWrite.yaml
277 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation EKSSecretsEncryption.py
278 CKV_AWS_58 resource aws_eks_cluster Ensure EKS Cluster has Secrets Encryption Enabled Terraform EKSSecretsEncryption.py
279 CKV_AWS_59 resource AWS::ApiGateway::Method Ensure there is no open access to back-end resources through API Cloudformation APIGatewayAuthorization.py
280 CKV_AWS_59 resource aws_api_gateway_method Ensure there is no open access to back-end resources through API Terraform APIGatewayAuthorization.py
281 CKV_AWS_60 resource AWS::IAM::Role Ensure IAM role allows only specific services or principals to assume it Cloudformation IAMRoleAllowsPublicAssume.py
282 CKV_AWS_60 resource aws_iam_role Ensure IAM role allows only specific services or principals to assume it Terraform IAMRoleAllowsPublicAssume.py
283 CKV_AWS_61 resource AWS::IAM::Role Ensure AWS IAM policy does not allow assume role permission across all services Cloudformation IAMRoleAllowAssumeFromAccount.py
284 CKV_AWS_61 resource aws_iam_role Ensure AWS IAM policy does not allow assume role permission across all services Terraform IAMRoleAllowAssumeFromAccount.py
285 CKV_AWS_62 resource AWS::IAM::Group Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
286 CKV_AWS_62 resource AWS::IAM::Policy Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
287 CKV_AWS_62 resource AWS::IAM::Role Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
288 CKV_AWS_62 resource AWS::IAM::User Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
289 CKV_AWS_62 resource aws_iam_group_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
290 CKV_AWS_62 resource aws_iam_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
291 CKV_AWS_62 resource aws_iam_role_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
292 CKV_AWS_62 resource aws_iam_user_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
293 CKV_AWS_62 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
294 CKV_AWS_63 resource AWS::IAM::Group Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
295 CKV_AWS_63 resource AWS::IAM::Policy Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
296 CKV_AWS_63 resource AWS::IAM::Role Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
297 CKV_AWS_63 resource AWS::IAM::User Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
298 CKV_AWS_63 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
299 CKV_AWS_63 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
300 CKV_AWS_63 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
301 CKV_AWS_63 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
302 CKV_AWS_63 resource aws_ssoadmin_permission_set_inline_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
303 CKV_AWS_64 resource AWS::Redshift::Cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Cloudformation RedshiftClusterEncryption.py
304 CKV_AWS_64 resource aws_redshift_cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Terraform RedshiftClusterEncryption.py
305 CKV_AWS_65 resource AWS::ECS::Cluster Ensure container insights are enabled on ECS cluster Cloudformation ECSClusterContainerInsights.py
306 CKV_AWS_65 resource aws_ecs_cluster Ensure container insights are enabled on ECS cluster Terraform ECSClusterContainerInsights.py
307 CKV_AWS_66 resource AWS::Logs::LogGroup Ensure that CloudWatch Log Group specifies retention days Cloudformation CloudWatchLogGroupRetention.py
308 CKV_AWS_66 resource aws_cloudwatch_log_group Ensure that CloudWatch Log Group specifies retention days Terraform CloudWatchLogGroupRetention.py
309 CKV_AWS_67 resource AWS::CloudTrail::Trail Ensure CloudTrail is enabled in all Regions Cloudformation CloudtrailMultiRegion.py
310 CKV_AWS_67 resource aws_cloudtrail Ensure CloudTrail is enabled in all Regions Terraform CloudtrailMultiRegion.py
311 CKV_AWS_68 resource AWS::CloudFront::Distribution CloudFront Distribution should have WAF enabled Cloudformation WAFEnabled.py
312 CKV_AWS_68 resource aws_cloudfront_distribution CloudFront Distribution should have WAF enabled Terraform WAFEnabled.py
313 CKV_AWS_69 resource AWS::AmazonMQ::Broker Ensure Amazon MQ Broker should not have public access Cloudformation AmazonMQBrokerPublicAccess.py
314 CKV_AWS_69 resource aws_mq_broker Ensure MQ Broker is not publicly exposed Terraform MQBrokerNotPubliclyExposed.py
315 CKV_AWS_70 resource aws_s3_bucket Ensure S3 bucket does not allow an action with any Principal Terraform S3AllowsAnyPrincipal.py
316 CKV_AWS_70 resource aws_s3_bucket_policy Ensure S3 bucket does not allow an action with any Principal Terraform S3AllowsAnyPrincipal.py
317 CKV_AWS_71 resource AWS::Redshift::Cluster Ensure Redshift Cluster logging is enabled Cloudformation RedshiftClusterLogging.py
318 CKV_AWS_71 resource aws_redshift_cluster Ensure Redshift Cluster logging is enabled Terraform RedshiftClusterLogging.py
319 CKV_AWS_72 resource aws_sqs_queue_policy Ensure SQS policy does not allow ALL (*) actions. Terraform SQSPolicy.py
320 CKV_AWS_73 resource AWS::ApiGateway::Stage Ensure API Gateway has X-Ray Tracing enabled Cloudformation APIGatewayXray.py
321 CKV_AWS_73 resource AWS::Serverless::Api Ensure API Gateway has X-Ray Tracing enabled Cloudformation APIGatewayXray.py
322 CKV_AWS_73 resource aws_api_gateway_stage Ensure API Gateway has X-Ray Tracing enabled Terraform APIGatewayXray.py
323 CKV_AWS_74 resource AWS::DocDB::DBCluster Ensure DocDB is encrypted at rest (default is unencrypted) Cloudformation DocDBEncryption.py
324 CKV_AWS_74 resource aws_docdb_cluster Ensure DocDB is encrypted at rest (default is unencrypted) Terraform DocDBEncryption.py
325 CKV_AWS_75 resource aws_globalaccelerator_accelerator Ensure Global Accelerator accelerator has flow logs enabled Terraform GlobalAcceleratorAcceleratorFlowLogs.py
326 CKV_AWS_76 resource AWS::ApiGateway::Stage Ensure API Gateway has Access Logging enabled Cloudformation APIGatewayAccessLogging.py
327 CKV_AWS_76 resource AWS::Serverless::Api Ensure API Gateway has Access Logging enabled Cloudformation APIGatewayAccessLogging.py
328 CKV_AWS_76 resource aws_api_gateway_stage Ensure API Gateway has Access Logging enabled Terraform APIGatewayAccessLogging.py
329 CKV_AWS_76 resource aws_apigatewayv2_stage Ensure API Gateway has Access Logging enabled Terraform APIGatewayAccessLogging.py
330 CKV_AWS_77 resource aws_athena_database Ensure Athena Database is encrypted at rest (default is unencrypted) Terraform AthenaDatabaseEncryption.py
331 CKV_AWS_78 resource AWS::CodeBuild::Project Ensure that CodeBuild Project encryption is not disabled Cloudformation CodeBuildProjectEncryption.py
332 CKV_AWS_78 resource aws_codebuild_project Ensure that CodeBuild Project encryption is not disabled Terraform CodeBuildProjectEncryption.py
333 CKV_AWS_79 resource AWS::EC2::LaunchTemplate Ensure Instance Metadata Service Version 1 is not enabled Cloudformation IMDSv1Disabled.py
334 CKV_AWS_79 resource aws_instance Ensure Instance Metadata Service Version 1 is not enabled Terraform IMDSv1Disabled.py
335 CKV_AWS_79 resource aws_launch_configuration Ensure Instance Metadata Service Version 1 is not enabled Terraform IMDSv1Disabled.py
336 CKV_AWS_79 resource aws_launch_template Ensure Instance Metadata Service Version 1 is not enabled Terraform IMDSv1Disabled.py
337 CKV_AWS_80 resource aws_msk_cluster Ensure MSK Cluster logging is enabled Terraform MSKClusterLogging.py
338 CKV_AWS_81 resource aws_msk_cluster Ensure MSK Cluster encryption in rest and transit is enabled Terraform MSKClusterEncryption.py
339 CKV_AWS_82 resource AWS::Athena::WorkGroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Cloudformation AthenaWorkgroupConfiguration.py
340 CKV_AWS_82 resource aws_athena_workgroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Terraform AthenaWorkgroupConfiguration.py
341 CKV_AWS_83 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain enforces HTTPS Cloudformation ElasticsearchDomainEnforceHTTPS.py
342 CKV_AWS_83 resource aws_elasticsearch_domain Ensure Elasticsearch Domain enforces HTTPS Terraform ElasticsearchDomainEnforceHTTPS.py
343 CKV_AWS_83 resource aws_opensearch_domain Ensure Elasticsearch Domain enforces HTTPS Terraform ElasticsearchDomainEnforceHTTPS.py
344 CKV_AWS_84 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain Logging is enabled Cloudformation ElasticsearchDomainLogging.py
345 CKV_AWS_84 resource AWS::OpenSearchService::Domain Ensure Elasticsearch Domain Logging is enabled Cloudformation ElasticsearchDomainLogging.py
346 CKV_AWS_84 resource aws_elasticsearch_domain Ensure Elasticsearch Domain Logging is enabled Terraform ElasticsearchDomainLogging.py
347 CKV_AWS_84 resource aws_opensearch_domain Ensure Elasticsearch Domain Logging is enabled Terraform ElasticsearchDomainLogging.py
348 CKV_AWS_85 resource AWS::DocDB::DBCluster Ensure DocDB Logging is enabled Cloudformation DocDBLogging.py
349 CKV_AWS_85 resource aws_docdb_cluster Ensure DocDB Logging is enabled Terraform DocDBLogging.py
350 CKV_AWS_86 resource AWS::CloudFront::Distribution Ensure Cloudfront distribution has Access Logging enabled Cloudformation CloudfrontDistributionLogging.py
351 CKV_AWS_86 resource aws_cloudfront_distribution Ensure Cloudfront distribution has Access Logging enabled Terraform CloudfrontDistributionLogging.py
352 CKV_AWS_87 resource AWS::Redshift::Cluster Redshift cluster should not be publicly accessible Cloudformation RedshiftClusterPubliclyAccessible.py
353 CKV_AWS_87 resource aws_redshift_cluster Redshift cluster should not be publicly accessible Terraform RedshitClusterPubliclyAvailable.py
354 CKV_AWS_88 resource AWS::EC2::Instance EC2 instance should not have public IP. Cloudformation EC2PublicIP.py
355 CKV_AWS_88 resource AWS::EC2::LaunchTemplate EC2 instance should not have public IP. Cloudformation EC2PublicIP.py
356 CKV_AWS_88 resource [?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
357 CKV_AWS_88 resource [?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
358 CKV_AWS_88 resource [].block[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
359 CKV_AWS_88 resource [].block[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
360 CKV_AWS_88 resource [].block[].block[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
361 CKV_AWS_88 resource [].block[].block[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
362 CKV_AWS_88 resource [].block[].block[].block[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
363 CKV_AWS_88 resource [].block[].block[].block[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
364 CKV_AWS_88 resource [].tasks[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
365 CKV_AWS_88 resource [].tasks[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
366 CKV_AWS_88 resource [].tasks[].block[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
367 CKV_AWS_88 resource [].tasks[].block[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
368 CKV_AWS_88 resource [].tasks[].block[].block[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
369 CKV_AWS_88 resource [].tasks[].block[].block[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
370 CKV_AWS_88 resource [].tasks[].block[].block[].block[?”amazon.aws.ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
371 CKV_AWS_88 resource [].tasks[].block[].block[].block[?”ec2_instance” != null][] EC2 instance should not have public IP. Ansible EC2PublicIP.py
372 CKV_AWS_88 resource aws_instance EC2 instance should not have public IP. Terraform EC2PublicIP.py
373 CKV_AWS_88 resource aws_launch_template EC2 instance should not have public IP. Terraform EC2PublicIP.py
374 CKV_AWS_89 resource AWS::DMS::ReplicationInstance DMS replication instance should not be publicly accessible Cloudformation DMSReplicationInstancePubliclyAccessible.py
375 CKV_AWS_89 resource aws_dms_replication_instance DMS replication instance should not be publicly accessible Terraform DMSReplicationInstancePubliclyAccessible.py
376 CKV_AWS_90 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB TLS is not disabled Cloudformation DocDBTLS.py
377 CKV_AWS_90 resource aws_docdb_cluster_parameter_group Ensure DocDB TLS is not disabled Terraform DocDBTLS.py
378 CKV_AWS_91 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure the ELBv2 (Application/Network) has access logging enabled Cloudformation ELBv2AccessLogs.py
379 CKV_AWS_91 resource aws_alb Ensure the ELBv2 (Application/Network) has access logging enabled Terraform ELBv2AccessLogs.py
380 CKV_AWS_91 resource aws_lb Ensure the ELBv2 (Application/Network) has access logging enabled Terraform ELBv2AccessLogs.py
381 CKV_AWS_92 resource AWS::ElasticLoadBalancing::LoadBalancer Ensure the ELB has access logging enabled Cloudformation ELBAccessLogs.py
382 CKV_AWS_92 resource aws_elb Ensure the ELB has access logging enabled Terraform ELBAccessLogs.py
383 CKV_AWS_93 resource aws_s3_bucket Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) Terraform S3ProtectAgainstPolicyLockout.py
384 CKV_AWS_93 resource aws_s3_bucket_policy Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) Terraform S3ProtectAgainstPolicyLockout.py
385 CKV_AWS_94 resource AWS::Glue::DataCatalogEncryptionSettings Ensure Glue Data Catalog Encryption is enabled Cloudformation GlueDataCatalogEncryption.py
386 CKV_AWS_94 resource aws_glue_data_catalog_encryption_settings Ensure Glue Data Catalog Encryption is enabled Terraform GlueDataCatalogEncryption.py
387 CKV_AWS_95 resource AWS::ApiGatewayV2::Stage Ensure API Gateway V2 has Access Logging enabled Cloudformation APIGatewayV2AccessLogging.py
388 CKV_AWS_95 resource AWS::Serverless::HttpApi Ensure API Gateway V2 has Access Logging enabled Cloudformation APIGatewayV2AccessLogging.py
389 CKV_AWS_96 resource AWS::RDS::DBCluster Ensure all data stored in Aurora is securely encrypted at rest Cloudformation AuroraEncryption.py
390 CKV_AWS_96 resource aws_rds_cluster Ensure all data stored in Aurora is securely encrypted at rest Terraform AuroraEncryption.py
391 CKV_AWS_97 resource AWS::ECS::TaskDefinition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Cloudformation ECSTaskDefinitionEFSVolumeEncryption.py
392 CKV_AWS_97 resource aws_ecs_task_definition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Terraform ECSTaskDefinitionEFSVolumeEncryption.py
393 CKV_AWS_98 resource aws_sagemaker_endpoint_configuration Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest Terraform SagemakerEndpointConfigurationEncryption.py
394 CKV_AWS_99 resource AWS::Glue::SecurityConfiguration Ensure Glue Security Configuration Encryption is enabled Cloudformation GlueSecurityConfiguration.py
395 CKV_AWS_99 resource aws_glue_security_configuration Ensure Glue Security Configuration Encryption is enabled Terraform GlueSecurityConfiguration.py
396 CKV_AWS_100 resource AWS::EKS::Nodegroup Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 Cloudformation EKSNodeGroupRemoteAccess.py
397 CKV_AWS_100 resource aws_eks_node_group Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 Terraform EKSNodeGroupRemoteAccess.py
398 CKV_AWS_101 resource AWS::Neptune::DBCluster Ensure Neptune logging is enabled Cloudformation NeptuneClusterLogging.py
399 CKV_AWS_101 resource aws_neptune_cluster Ensure Neptune logging is enabled Terraform NeptuneClusterLogging.py
400 CKV_AWS_102 resource aws_neptune_cluster_instance Ensure Neptune Cluster instance is not publicly available Terraform NeptuneClusterInstancePublic.py
401 CKV_AWS_103 resource AWS::ElasticLoadBalancingV2::Listener Ensure that Load Balancer Listener is using at least TLS v1.2 Cloudformation ALBListenerTLS12.py
402 CKV_AWS_103 resource aws_alb_listener Ensure that load balancer is using at least TLS 1.2 Terraform AppLoadBalancerTLS12.yaml
403 CKV_AWS_103 resource aws_lb Ensure that load balancer is using at least TLS 1.2 Terraform AppLoadBalancerTLS12.yaml
404 CKV_AWS_103 resource aws_lb_listener Ensure that load balancer is using at least TLS 1.2 Terraform AppLoadBalancerTLS12.yaml
405 CKV_AWS_104 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB has audit logs enabled Cloudformation DocDBAuditLogs.py
406 CKV_AWS_104 resource aws_docdb_cluster_parameter_group Ensure DocDB has audit logs enabled Terraform DocDBAuditLogs.py
407 CKV_AWS_105 resource AWS::Redshift::ClusterParameterGroup Ensure Redshift uses SSL Cloudformation RedShiftSSL.py
408 CKV_AWS_105 resource aws_redshift_parameter_group Ensure Redshift uses SSL Terraform RedShiftSSL.py
409 CKV_AWS_106 resource aws_ebs_encryption_by_default Ensure EBS default encryption is enabled Terraform EBSDefaultEncryption.py
410 CKV_AWS_107 resource AWS::IAM::Group Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
411 CKV_AWS_107 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
412 CKV_AWS_107 resource AWS::IAM::Policy Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
413 CKV_AWS_107 resource AWS::IAM::Role Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
414 CKV_AWS_107 resource AWS::IAM::User Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
415 CKV_AWS_107 data aws_iam_policy_document Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
416 CKV_AWS_108 resource AWS::IAM::Group Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
417 CKV_AWS_108 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
418 CKV_AWS_108 resource AWS::IAM::Policy Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
419 CKV_AWS_108 resource AWS::IAM::Role Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
420 CKV_AWS_108 resource AWS::IAM::User Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
421 CKV_AWS_108 data aws_iam_policy_document Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
422 CKV_AWS_109 resource AWS::IAM::Group Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
423 CKV_AWS_109 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
424 CKV_AWS_109 resource AWS::IAM::Policy Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
425 CKV_AWS_109 resource AWS::IAM::Role Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
426 CKV_AWS_109 resource AWS::IAM::User Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
427 CKV_AWS_109 data aws_iam_policy_document Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
428 CKV_AWS_110 resource AWS::IAM::Group Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
429 CKV_AWS_110 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
430 CKV_AWS_110 resource AWS::IAM::Policy Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
431 CKV_AWS_110 resource AWS::IAM::Role Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
432 CKV_AWS_110 resource AWS::IAM::User Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
433 CKV_AWS_110 data aws_iam_policy_document Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
434 CKV_AWS_111 resource AWS::IAM::Group Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
435 CKV_AWS_111 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
436 CKV_AWS_111 resource AWS::IAM::Policy Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
437 CKV_AWS_111 resource AWS::IAM::Role Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
438 CKV_AWS_111 resource AWS::IAM::User Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
439 CKV_AWS_111 data aws_iam_policy_document Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
440 CKV_AWS_112 resource aws_ssm_document Ensure Session Manager data is encrypted in transit Terraform SSMSessionManagerDocumentEncryption.py
441 CKV_AWS_113 resource aws_ssm_document Ensure Session Manager logs are enabled and encrypted Terraform SSMSessionManagerDocumentLogging.py
442 CKV_AWS_114 resource aws_emr_cluster Ensure that EMR clusters with Kerberos have Kerberos Realm set Terraform EMRClusterKerberosAttributes.py
443 CKV_AWS_115 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Cloudformation LambdaFunctionLevelConcurrentExecutionLimit.py
444 CKV_AWS_115 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Cloudformation LambdaFunctionLevelConcurrentExecutionLimit.py
445 CKV_AWS_115 resource aws_lambda_function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Terraform LambdaFunctionLevelConcurrentExecutionLimit.py
446 CKV_AWS_116 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Cloudformation LambdaDLQConfigured.py
447 CKV_AWS_116 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Cloudformation LambdaDLQConfigured.py
448 CKV_AWS_116 resource aws_lambda_function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Terraform LambdaDLQConfigured.py
449 CKV_AWS_117 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured inside a VPC Cloudformation LambdaInVPC.py
450 CKV_AWS_117 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured inside a VPC Cloudformation LambdaInVPC.py
451 CKV_AWS_117 resource aws_lambda_function Ensure that AWS Lambda function is configured inside a VPC Terraform LambdaInVPC.py
452 CKV_AWS_118 resource AWS::RDS::DBInstance Ensure that enhanced monitoring is enabled for Amazon RDS instances Cloudformation RDSEnhancedMonitorEnabled.py
453 CKV_AWS_118 resource aws_db_instance Ensure that enhanced monitoring is enabled for Amazon RDS instances Terraform RDSEnhancedMonitorEnabled.py
454 CKV_AWS_118 resource aws_rds_cluster_instance Ensure that enhanced monitoring is enabled for Amazon RDS instances Terraform RDSEnhancedMonitorEnabled.py
455 CKV_AWS_119 resource AWS::DynamoDB::Table Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK Cloudformation DynamoDBTablesEncrypted.py
456 CKV_AWS_119 resource aws_dynamodb_table Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK Terraform DynamoDBTablesEncrypted.py
457 CKV_AWS_120 resource AWS::ApiGateway::Stage Ensure API Gateway caching is enabled Cloudformation APIGatewayCacheEnable.py
458 CKV_AWS_120 resource AWS::Serverless::Api Ensure API Gateway caching is enabled Cloudformation APIGatewayCacheEnable.py
459 CKV_AWS_120 resource aws_api_gateway_stage Ensure API Gateway caching is enabled Terraform APIGatewayCacheEnable.py
460 CKV_AWS_121 resource aws_config_configuration_aggregator Ensure AWS Config is enabled in all regions Terraform ConfigConfgurationAggregatorAllRegions.py
461 CKV_AWS_122 resource aws_sagemaker_notebook_instance Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance Terraform SageMakerInternetAccessDisabled.py
462 CKV_AWS_123 resource AWS::EC2::VPCEndpointService Ensure that VPC Endpoint Service is configured for Manual Acceptance Cloudformation VPCEndpointAcceptanceConfigured.py
463 CKV_AWS_123 resource aws_vpc_endpoint_service Ensure that VPC Endpoint Service is configured for Manual Acceptance Terraform VPCEndpointAcceptanceConfigured.py
464 CKV_AWS_124 resource aws_cloudformation_stack Ensure that CloudFormation stacks are sending event notifications to an SNS topic Terraform CloudformationStackNotificationArns.py
465 CKV_AWS_126 resource aws_instance Ensure that detailed monitoring is enabled for EC2 instances Terraform EC2DetailedMonitoringEnabled.py
466 CKV_AWS_127 resource aws_elb Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager Terraform ELBUsesSSL.py
467 CKV_AWS_129 resource aws_db_instance Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled Terraform DBInstanceLogging.py
468 CKV_AWS_130 resource aws_subnet Ensure VPC subnets do not assign public IP by default Terraform SubnetPublicIP.py
469 CKV_AWS_131 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure that ALB drops HTTP headers Cloudformation ALBDropHttpHeaders.py
470 CKV_AWS_131 resource aws_alb Ensure that ALB drops HTTP headers Terraform ALBDropHttpHeaders.py
471 CKV_AWS_131 resource aws_lb Ensure that ALB drops HTTP headers Terraform ALBDropHttpHeaders.py
472 CKV_AWS_133 resource aws_db_instance Ensure that RDS instances has backup policy Terraform DBInstanceBackupRetentionPeriod.py
473 CKV_AWS_133 resource aws_rds_cluster Ensure that RDS instances has backup policy Terraform DBInstanceBackupRetentionPeriod.py
474 CKV_AWS_134 resource aws_elasticache_cluster Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on Terraform ElasticCacheAutomaticBackup.py
475 CKV_AWS_135 resource [?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
476 CKV_AWS_135 resource [?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
477 CKV_AWS_135 resource [].block[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
478 CKV_AWS_135 resource [].block[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
479 CKV_AWS_135 resource [].block[].block[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
480 CKV_AWS_135 resource [].block[].block[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
481 CKV_AWS_135 resource [].block[].block[].block[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
482 CKV_AWS_135 resource [].block[].block[].block[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
483 CKV_AWS_135 resource [].tasks[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
484 CKV_AWS_135 resource [].tasks[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
485 CKV_AWS_135 resource [].tasks[].block[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
486 CKV_AWS_135 resource [].tasks[].block[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
487 CKV_AWS_135 resource [].tasks[].block[].block[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
488 CKV_AWS_135 resource [].tasks[].block[].block[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
489 CKV_AWS_135 resource [].tasks[].block[].block[].block[?”amazon.aws.ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
490 CKV_AWS_135 resource [].tasks[].block[].block[].block[?”ec2_instance” != null][] Ensure that EC2 is EBS optimized Ansible EC2EBSOptimized.py
491 CKV_AWS_135 resource aws_instance Ensure that EC2 is EBS optimized Terraform EC2EBSOptimized.py
492 CKV_AWS_136 resource AWS::ECR::Repository Ensure that ECR repositories are encrypted using KMS Cloudformation ECRRepositoryEncrypted.py
493 CKV_AWS_136 resource aws_ecr_repository Ensure that ECR repositories are encrypted using KMS Terraform ECRRepositoryEncrypted.py
494 CKV_AWS_137 resource aws_elasticsearch_domain Ensure that Elasticsearch is configured inside a VPC Terraform ElasticsearchInVPC.py
495 CKV_AWS_137 resource aws_opensearch_domain Ensure that Elasticsearch is configured inside a VPC Terraform ElasticsearchInVPC.py
496 CKV_AWS_138 resource aws_elb Ensure that ELB is cross-zone-load-balancing enabled Terraform ELBCrossZoneEnable.py
497 CKV_AWS_139 resource aws_rds_cluster Ensure that RDS clusters have deletion protection enabled Terraform RDSDeletionProtection.py
498 CKV_AWS_140 resource aws_rds_global_cluster Ensure that RDS global clusters are encrypted Terraform RDSClusterEncrypted.py
499 CKV_AWS_141 resource aws_redshift_cluster Ensured that redshift cluster allowing version upgrade by default Terraform RedshiftClusterAllowVersionUpgrade.py
500 CKV_AWS_142 resource aws_redshift_cluster Ensure that Redshift cluster is encrypted by KMS Terraform RedshiftClusterKMSKey.py
501 CKV_AWS_143 resource aws_s3_bucket Ensure that S3 bucket has lock configuration enabled by default Terraform S3BucketObjectLock.py
502 CKV_AWS_144 resource aws_s3_bucket Ensure that S3 bucket has cross-region replication enabled Terraform S3BucketReplicationConfiguration.yaml
503 CKV_AWS_144 resource aws_s3_bucket_replication_configuration Ensure that S3 bucket has cross-region replication enabled Terraform S3BucketReplicationConfiguration.yaml
504 CKV_AWS_145 resource aws_s3_bucket Ensure that S3 buckets are encrypted with KMS by default Terraform S3KMSEncryptedByDefault.yaml
505 CKV_AWS_145 resource aws_s3_bucket_server_side_encryption_configuration Ensure that S3 buckets are encrypted with KMS by default Terraform S3KMSEncryptedByDefault.yaml
506 CKV_AWS_146 resource aws_db_cluster_snapshot Ensure that RDS database cluster snapshot is encrypted Terraform RDSClusterSnapshotEncrypted.py
507 CKV_AWS_147 resource aws_codebuild_project Ensure that CodeBuild projects are encrypted using CMK Terraform CodebuildUsesCMK.py
508 CKV_AWS_148 resource aws_default_vpc Ensure no default VPC is planned to be provisioned Terraform VPCDefaultNetwork.py
509 CKV_AWS_149 resource AWS::SecretsManager::Secret Ensure that Secrets Manager secret is encrypted using KMS CMK Cloudformation SecretManagerSecretEncrypted.py
510 CKV_AWS_149 resource aws_secretsmanager_secret Ensure that Secrets Manager secret is encrypted using KMS CMK Terraform SecretManagerSecretEncrypted.py
511 CKV_AWS_150 resource aws_alb Ensure that Load Balancer has deletion protection enabled Terraform LBDeletionProtection.py
512 CKV_AWS_150 resource aws_lb Ensure that Load Balancer has deletion protection enabled Terraform LBDeletionProtection.py
513 CKV_AWS_152 resource aws_alb Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled Terraform LBCrossZone.py
514 CKV_AWS_152 resource aws_lb Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled Terraform LBCrossZone.py
515 CKV_AWS_153 resource aws_autoscaling_group Autoscaling groups should supply tags to launch configurations Terraform AutoScalingTagging.py
516 CKV_AWS_154 resource AWS::Redshift::Cluster Ensure Redshift is not deployed outside of a VPC Cloudformation RedshiftInEc2ClassicMode.py
517 CKV_AWS_154 resource aws_redshift_cluster Ensure Redshift is not deployed outside of a VPC Terraform RedshiftInEc2ClassicMode.py
518 CKV_AWS_155 resource AWS::WorkSpaces::Workspace Ensure that Workspace user volumes are encrypted Cloudformation WorkspaceUserVolumeEncrypted.py
519 CKV_AWS_155 resource aws_workspaces_workspace Ensure that Workspace user volumes are encrypted Terraform WorkspaceUserVolumeEncrypted.py
520 CKV_AWS_156 resource AWS::WorkSpaces::Workspace Ensure that Workspace root volumes are encrypted Cloudformation WorkspaceRootVolumeEncrypted.py
521 CKV_AWS_156 resource aws_workspaces_workspace Ensure that Workspace root volumes are encrypted Terraform WorkspaceRootVolumeEncrypted.py
522 CKV_AWS_157 resource AWS::RDS::DBInstance Ensure that RDS instances have Multi-AZ enabled Cloudformation RDSMultiAZEnabled.py
523 CKV_AWS_157 resource aws_db_instance Ensure that RDS instances have Multi-AZ enabled Terraform RDSMultiAZEnabled.py
524 CKV_AWS_158 resource AWS::Logs::LogGroup Ensure that CloudWatch Log Group is encrypted by KMS Cloudformation CloudWatchLogGroupKMSKey.py
525 CKV_AWS_158 resource aws_cloudwatch_log_group Ensure that CloudWatch Log Group is encrypted by KMS Terraform CloudWatchLogGroupKMSKey.py
526 CKV_AWS_159 resource aws_athena_workgroup Ensure that Athena Workgroup is encrypted Terraform AthenaWorkgroupEncryption.py
527 CKV_AWS_160 resource AWS::Timestream::Database Ensure that Timestream database is encrypted with KMS CMK Cloudformation TimestreamDatabaseKMSKey.py
528 CKV_AWS_160 resource aws_timestreamwrite_database Ensure that Timestream database is encrypted with KMS CMK Terraform TimestreamDatabaseKMSKey.py
529 CKV_AWS_161 resource AWS::RDS::DBInstance Ensure RDS database has IAM authentication enabled Cloudformation RDSIAMAuthentication.py
530 CKV_AWS_161 resource aws_db_instance Ensure RDS database has IAM authentication enabled Terraform RDSIAMAuthentication.py
531 CKV_AWS_162 resource AWS::RDS::DBCluster Ensure RDS cluster has IAM authentication enabled Cloudformation RDSClusterIAMAuthentication.py
532 CKV_AWS_162 resource aws_rds_cluster Ensure RDS cluster has IAM authentication enabled Terraform RDSClusterIAMAuthentication.py
533 CKV_AWS_163 resource AWS::ECR::Repository Ensure ECR image scanning on push is enabled Cloudformation ECRImageScanning.py
534 CKV_AWS_163 resource aws_ecr_repository Ensure ECR image scanning on push is enabled Terraform ECRImageScanning.py
535 CKV_AWS_164 resource AWS::Transfer::Server Ensure Transfer Server is not exposed publicly. Cloudformation TransferServerIsPublic.py
536 CKV_AWS_164 resource aws_transfer_server Ensure Transfer Server is not exposed publicly. Terraform TransferServerIsPublic.py
537 CKV_AWS_165 resource AWS::DynamoDB::GlobalTable Ensure Dynamodb global table point in time recovery (backup) is enabled Cloudformation DynamodbGlobalTableRecovery.py
538 CKV_AWS_165 resource aws_dynamodb_global_table Ensure Dynamodb point in time recovery (backup) is enabled for global tables Terraform DynamoDBGlobalTableRecovery.py
539 CKV_AWS_166 resource AWS::Backup::BackupVault Ensure Backup Vault is encrypted at rest using KMS CMK Cloudformation BackupVaultEncrypted.py
540 CKV_AWS_166 resource aws_backup_vault Ensure Backup Vault is encrypted at rest using KMS CMK Terraform BackupVaultEncrypted.py
541 CKV_AWS_167 resource aws_glacier_vault Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it Terraform GlacierVaultAnyPrincipal.py
542 CKV_AWS_168 resource aws_sqs_queue Ensure SQS queue policy is not public by only allowing specific services or principals to access it Terraform SQSQueuePolicyAnyPrincipal.py
543 CKV_AWS_168 resource aws_sqs_queue_policy Ensure SQS queue policy is not public by only allowing specific services or principals to access it Terraform SQSQueuePolicyAnyPrincipal.py
544 CKV_AWS_169 resource aws_sns_topic_policy Ensure SNS topic policy is not public by only allowing specific services or principals to access it Terraform SNSTopicPolicyAnyPrincipal.py
545 CKV_AWS_170 resource AWS::QLDB::Ledger Ensure QLDB ledger permissions mode is set to STANDARD Cloudformation QLDBLedgerPermissionsMode.py
546 CKV_AWS_170 resource aws_qldb_ledger Ensure QLDB ledger permissions mode is set to STANDARD Terraform QLDBLedgerPermissionsMode.py
547 CKV_AWS_171 resource aws_emr_security_configuration Ensure Cluster security configuration encryption is using SSE-KMS Terraform EMRClusterIsEncryptedKMS.py
548 CKV_AWS_172 resource AWS::QLDB::Ledger Ensure QLDB ledger has deletion protection enabled Cloudformation QLDBLedgerDeletionProtection.py
549 CKV_AWS_172 resource aws_qldb_ledger Ensure QLDB ledger has deletion protection enabled Terraform QLDBLedgerDeletionProtection.py
550 CKV_AWS_173 resource AWS::Lambda::Function Check encryption settings for Lambda environmental variable Cloudformation LambdaEnvironmentEncryptionSettings.py
551 CKV_AWS_173 resource AWS::Serverless::Function Check encryption settings for Lambda environmental variable Cloudformation LambdaEnvironmentEncryptionSettings.py
552 CKV_AWS_173 resource aws_lambda_function Check encryption settings for Lambda environmental variable Terraform LambdaEnvironmentEncryptionSettings.py
553 CKV_AWS_174 resource AWS::CloudFront::Distribution Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 Cloudformation CloudFrontTLS12.py
554 CKV_AWS_174 resource aws_cloudfront_distribution Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 Terraform CloudfrontTLS12.py
555 CKV_AWS_175 resource aws_waf_web_acl Ensure WAF has associated rules Terraform WAFHasAnyRules.py
556 CKV_AWS_175 resource aws_wafregional_web_acl Ensure WAF has associated rules Terraform WAFHasAnyRules.py
557 CKV_AWS_175 resource aws_wafv2_web_acl Ensure WAF has associated rules Terraform WAFHasAnyRules.py
558 CKV_AWS_176 resource aws_waf_web_acl Ensure Logging is enabled for WAF Web Access Control Lists Terraform WAFHasLogs.py
559 CKV_AWS_176 resource aws_wafregional_web_acl Ensure Logging is enabled for WAF Web Access Control Lists Terraform WAFHasLogs.py
560 CKV_AWS_177 resource aws_kinesis_video_stream Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK) Terraform KinesisVideoEncryptedWithCMK.py
561 CKV_AWS_178 resource aws_fsx_ontap_file_system Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK) Terraform FSXOntapFSEncryptedWithCMK.py
562 CKV_AWS_179 resource aws_fsx_windows_file_system Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK) Terraform FSXWindowsFSEncryptedWithCMK.py
563 CKV_AWS_180 resource aws_imagebuilder_component Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK) Terraform ImagebuilderComponentEncryptedWithCMK.py
564 CKV_AWS_181 resource aws_s3_object_copy Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK) Terraform S3ObjectCopyEncryptedWithCMK.py
565 CKV_AWS_182 resource aws_docdb_cluster Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK) Terraform DocDBEncryptedWithCMK.py
566 CKV_AWS_183 resource aws_ebs_snapshot_copy Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK) Terraform EBSSnapshotCopyEncryptedWithCMK.py
567 CKV_AWS_184 resource aws_efs_file_system Ensure resource is encrypted by KMS using a customer managed Key (CMK) Terraform EFSFileSystemEncryptedWithCMK.py
568 CKV_AWS_185 resource aws_kinesis_stream Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK) Terraform KinesisStreamEncryptedWithCMK.py
569 CKV_AWS_186 resource aws_s3_bucket_object Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK) Terraform S3BucketObjectEncryptedWithCMK.py
570 CKV_AWS_187 resource aws_sagemaker_domain Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK) Terraform SagemakerDomainEncryptedWithCMK.py
571 CKV_AWS_188 resource aws_redshift_cluster Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK) Terraform RedshiftClusterEncryptedWithCMK.py
572 CKV_AWS_189 resource aws_ebs_volume Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) Terraform EBSVolumeEncryptedWithCMK.py
573 CKV_AWS_190 resource aws_fsx_lustre_file_system Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK) Terraform LustreFSEncryptedWithCMK.py
574 CKV_AWS_191 resource aws_elasticache_replication_group Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK) Terraform ElasticacheReplicationGroupEncryptedWithCMK.py
575 CKV_AWS_192 resource AWS::WAFv2::WebACL Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Cloudformation WAFACLCVE202144228.py
576 CKV_AWS_192 resource aws_wafv2_web_acl Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform WAFACLCVE202144228.py
577 CKV_AWS_193 resource AWS::AppSync::GraphQLApi Ensure AppSync has Logging enabled Cloudformation AppSyncLogging.py
578 CKV_AWS_193 resource aws_appsync_graphql_api Ensure AppSync has Logging enabled Terraform AppSyncLogging.py
579 CKV_AWS_194 resource AWS::AppSync::GraphQLApi Ensure AppSync has Field-Level logs enabled Cloudformation AppSyncFieldLevelLogs.py
580 CKV_AWS_194 resource aws_appsync_graphql_api Ensure AppSync has Field-Level logs enabled Terraform AppSyncFieldLevelLogs.py
581 CKV_AWS_195 resource AWS::Glue::Crawler Ensure Glue component has a security configuration associated Cloudformation GlueSecurityConfigurationEnabled.py
582 CKV_AWS_195 resource AWS::Glue::DevEndpoint Ensure Glue component has a security configuration associated Cloudformation GlueSecurityConfigurationEnabled.py
583 CKV_AWS_195 resource AWS::Glue::Job Ensure Glue component has a security configuration associated Cloudformation GlueSecurityConfigurationEnabled.py
584 CKV_AWS_195 resource aws_glue_crawler Ensure Glue component has a security configuration associated Terraform GlueSecurityConfigurationEnabled.py
585 CKV_AWS_195 resource aws_glue_dev_endpoint Ensure Glue component has a security configuration associated Terraform GlueSecurityConfigurationEnabled.py
586 CKV_AWS_195 resource aws_glue_job Ensure Glue component has a security configuration associated Terraform GlueSecurityConfigurationEnabled.py
587 CKV_AWS_196 resource aws_elasticache_security_group Ensure no aws_elasticache_security_group resources exist Terraform ElasticacheHasSecurityGroup.py
588 CKV_AWS_197 resource AWS::AmazonMQ::Broker Ensure MQ Broker Audit logging is enabled Cloudformation MQBrokerAuditLogging.py
589 CKV_AWS_197 resource aws_mq_broker Ensure MQ Broker Audit logging is enabled Terraform MQBrokerAuditLogging.py
590 CKV_AWS_198 resource aws_db_security_group Ensure no aws_db_security_group resources exist Terraform RDSHasSecurityGroup.py
591 CKV_AWS_199 resource aws_imagebuilder_distribution_configuration Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK) Terraform ImagebuilderDistributionConfigurationEncryptedWithCMK.py
592 CKV_AWS_200 resource aws_imagebuilder_image_recipe Ensure that Image Recipe EBS Disk are encrypted with CMK Terraform ImagebuilderImageRecipeEBSEncrypted.py
593 CKV_AWS_201 resource aws_memorydb_cluster Ensure MemoryDB is encrypted at rest using KMS CMKs Terraform MemoryDBEncryptionWithCMK.py
594 CKV_AWS_202 resource aws_memorydb_cluster Ensure MemoryDB data is encrypted in transit Terraform MemoryDBClusterIntransitEncryption.py
595 CKV_AWS_203 resource aws_fsx_openzfs_file_system Ensure resource is encrypted by KMS using a customer managed Key (CMK) Terraform FSXOpenZFSFileSystemEncryptedWithCMK.py
596 CKV_AWS_204 resource aws_ami Ensure AMIs are encrypted using KMS CMKs Terraform AMIEncryption.py
597 CKV_AWS_205 resource aws_ami_launch_permission Ensure to Limit AMI launch Permissions Terraform AMILaunchIsShared.py
598 CKV_AWS_206 resource aws_api_gateway_domain_name Ensure API Gateway Domain uses a modern security Policy Terraform APIGatewayDomainNameTLS.py
599 CKV_AWS_207 resource aws_mq_broker Ensure MQ Broker minor version updates are enabled Terraform MQBrokerMinorAutoUpgrade.py
600 CKV_AWS_208 resource aws_mq_broker Ensure MQBroker version is current Terraform MQBrokerVersion.py
601 CKV_AWS_208 resource aws_mq_configuration Ensure MQBroker version is current Terraform MQBrokerVersion.py
602 CKV_AWS_209 resource aws_mq_broker Ensure MQ broker encrypted by KMS using a customer managed Key (CMK) Terraform MQBrokerEncryptedWithCMK.py
603 CKV_AWS_210 resource aws_batch_job_definition Batch job does not define a privileged container Terraform BatchJobIsNotPrivileged.py
604 CKV_AWS_211 resource aws_db_instance Ensure RDS uses a modern CaCert Terraform RDSCACertIsRecent.py
605 CKV_AWS_212 resource aws_dms_replication_instance Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) Terraform DMSReplicationInstanceEncryptedWithCMK.py
606 CKV_AWS_213 resource aws_load_balancer_policy Ensure ELB Policy uses only secure protocols Terraform ELBPolicyUsesSecureProtocols.py
607 CKV_AWS_214 resource aws_appsync_api_cache Ensure Appsync API Cache is encrypted at rest Terraform AppsyncAPICacheEncryptionAtRest.py
608 CKV_AWS_215 resource aws_appsync_api_cache Ensure Appsync API Cache is encrypted in transit Terraform AppsyncAPICacheEncryptionInTransit.py
609 CKV_AWS_216 resource aws_cloudfront_distribution Ensure Cloudfront distribution is enabled Terraform CloudfrontDistributionEnabled.py
610 CKV_AWS_217 resource aws_api_gateway_deployment Ensure Create before destroy for API deployments Terraform APIGatewayDeploymentCreateBeforeDestroy.py
611 CKV_AWS_218 resource aws_cloudsearch_domain Ensure that Cloudsearch is using latest TLS Terraform CloudsearchDomainTLS.py
612 CKV_AWS_219 resource aws_codepipeline Ensure Code Pipeline Artifact store is using a KMS CMK Terraform CodePipelineArtifactsEncrypted.py
613 CKV_AWS_220 resource aws_cloudsearch_domain Ensure that Cloudsearch is using https Terraform CloudsearchDomainEnforceHttps.py
614 CKV_AWS_221 resource aws_codeartifact_domain Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK) Terraform CodeArtifactDomainEncryptedWithCMK.py
615 CKV_AWS_222 resource aws_dms_replication_instance Ensure DMS instance gets all minor upgrade automatically Terraform DMSReplicationInstanceMinorUpgrade.py
616 CKV_AWS_223 resource aws_ecs_cluster Ensure ECS Cluster enables logging of ECS Exec Terraform ECSClusterLoggingEnabled.py
617 CKV_AWS_224 resource aws_ecs_cluster Ensure ECS Cluster logging uses CMK Terraform ECSClusterLoggingEncryptedWithCMK.py
618 CKV_AWS_225 resource aws_api_gateway_method_settings Ensure API Gateway method setting caching is enabled Terraform APIGatewayMethodSettingsCacheEnabled.py
619 CKV_AWS_226 resource aws_db_instance Ensure DB instance gets all minor upgrades automatically Terraform DBInstanceMinorUpgrade.py
620 CKV_AWS_226 resource aws_rds_cluster_instance Ensure DB instance gets all minor upgrades automatically Terraform DBInstanceMinorUpgrade.py
621 CKV_AWS_227 resource aws_kms_key Ensure KMS key is enabled Terraform KMSKeyIsEnabled.py
622 CKV_AWS_228 resource aws_elasticsearch_domain Verify Elasticsearch domain is using an up to date TLS policy Terraform ElasticsearchTLSPolicy.py
623 CKV_AWS_228 resource aws_opensearch_domain Verify Elasticsearch domain is using an up to date TLS policy Terraform ElasticsearchTLSPolicy.py
624 CKV_AWS_229 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 Terraform NetworkACLUnrestrictedIngress21.py
625 CKV_AWS_229 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 Terraform NetworkACLUnrestrictedIngress21.py
626 CKV_AWS_230 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 Terraform NetworkACLUnrestrictedIngress20.py
627 CKV_AWS_230 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 Terraform NetworkACLUnrestrictedIngress20.py
628 CKV_AWS_231 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 Terraform NetworkACLUnrestrictedIngress3389.py
629 CKV_AWS_231 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 Terraform NetworkACLUnrestrictedIngress3389.py
630 CKV_AWS_232 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 Terraform NetworkACLUnrestrictedIngress22.py
631 CKV_AWS_232 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 Terraform NetworkACLUnrestrictedIngress22.py
632 CKV_AWS_233 resource aws_acm_certificate Ensure Create before destroy for ACM certificates Terraform ACMCertCreateBeforeDestroy.py
633 CKV_AWS_234 resource aws_acm_certificate Verify logging preference for ACM certificates Terraform ACMCertSetLoggingPreference.py
634 CKV_AWS_235 resource aws_ami_copy Ensure that copied AMIs are encrypted Terraform AMICopyIsEncrypted.py
635 CKV_AWS_236 resource aws_ami_copy Ensure AMI copying uses a CMK Terraform AMICopyUsesCMK.py
636 CKV_AWS_237 resource aws_api_gateway_rest_api Ensure Create before destroy for API GATEWAY Terraform APIGatewayCreateBeforeDestroy.py
637 CKV_AWS_238 resource aws_guardduty_detector Ensure that Guard Duty detector is enabled Terraform GuarddutyDetectorEnabled.py
638 CKV_AWS_239 resource aws_dax_cluster Ensure DAX cluster endpoint is using TLS Terraform DAXEndpointTLS.py
639 CKV_AWS_240 resource aws_kinesis_firehose_delivery_stream Ensure Kinesis Firehose delivery stream is encrypted Terraform KinesisFirehoseDeliveryStreamSSE.py
640 CKV_AWS_241 resource aws_kinesis_firehose_delivery_stream Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK Terraform KinesisFirehoseDeliveryStreamUsesCMK.py
641 CKV_AWS_242 resource aws_mwaa_environment Ensure MWAA environment has scheduler logs enabled Terraform MWAASchedulerLogsEnabled.py
642 CKV_AWS_243 resource aws_mwaa_environment Ensure MWAA environment has worker logs enabled Terraform MWAAWorkerLogsEnabled.py
643 CKV_AWS_244 resource aws_mwaa_environment Ensure MWAA environment has webserver logs enabled Terraform MWAAWebserverLogsEnabled.py
644 CKV_AWS_245 resource aws_db_instance_automated_backups_replication Ensure replicated backups are encrypted at rest using KMS CMKs Terraform RDSInstanceAutoBackupEncryptionWithCMK.py
645 CKV_AWS_246 resource aws_rds_cluster_activity_stream Ensure RDS Cluster activity streams are encrypted using KMS CMKs Terraform RDSClusterActivityStreamEncryptedWithCMK.py
646 CKV_AWS_247 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is encrypted with a CMK Terraform ElasticsearchEncryptionWithCMK.py
647 CKV_AWS_247 resource aws_opensearch_domain Ensure all data stored in the Elasticsearch is encrypted with a CMK Terraform ElasticsearchEncryptionWithCMK.py
648 CKV_AWS_248 resource aws_elasticsearch_domain Ensure that Elasticsearch is not using the default Security Group Terraform ElasticsearchDefaultSG.py
649 CKV_AWS_248 resource aws_opensearch_domain Ensure that Elasticsearch is not using the default Security Group Terraform ElasticsearchDefaultSG.py
650 CKV_AWS_249 resource aws_ecs_task_definition Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions Terraform ECSTaskDefinitionRoleCheck.py
651 CKV_AWS_250 resource aws_db_instance Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) Terraform RDSPostgreSQLLogFDWExtension.py
652 CKV_AWS_250 resource aws_rds_cluster Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) Terraform RDSPostgreSQLLogFDWExtension.py
653 CKV_AWS_251 resource aws_cloudtrail Ensure CloudTrail logging is enabled Terraform CloudtrailEnableLogging.py
654 CKV_AWS_252 resource aws_cloudtrail Ensure CloudTrail defines an SNS Topic Terraform CloudtrailDefinesSNSTopic.py
655 CKV_AWS_253 resource aws_dlm_lifecycle_policy Ensure DLM cross region events are encrypted Terraform DLMEventsCrossRegionEncryption.py
656 CKV_AWS_254 resource aws_dlm_lifecycle_policy Ensure DLM cross region events are encrypted with Customer Managed Key Terraform DLMEventsCrossRegionEncryptionWithCMK.py
657 CKV_AWS_255 resource aws_dlm_lifecycle_policy Ensure DLM cross region schedules are encrypted Terraform DLMScheduleCrossRegionEncryption.py
658 CKV_AWS_256 resource aws_dlm_lifecycle_policy Ensure DLM cross region schedules are encrypted using a Customer Managed Key Terraform DLMScheduleCrossRegionEncryptionWithCMK.py
659 CKV_AWS_257 resource aws_codecommit_approval_rule_template Ensure codecommit branch changes have at least 2 approvals Terraform CodecommitApprovalsRulesRequireMin2.py
660 CKV_AWS_258 resource AWS::Lambda::Url Ensure that Lambda function URLs AuthType is not None Cloudformation LambdaFunctionURLAuth.py
661 CKV_AWS_258 resource aws_lambda_function_url Ensure that Lambda function URLs AuthType is not None Terraform LambdaFunctionURLAuth.py
662 CKV_AWS_259 resource aws_cloudfront_response_headers_policy Ensure CloudFront response header policy enforces Strict Transport Security Terraform CloudFrontResponseHeaderStrictTransportSecurity.py
663 CKV_AWS_260 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Cloudformation SecurityGroupUnrestrictedIngress80.py
664 CKV_AWS_260 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Cloudformation SecurityGroupUnrestrictedIngress80.py
665 CKV_AWS_260 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform SecurityGroupUnrestrictedIngress80.py
666 CKV_AWS_260 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform SecurityGroupUnrestrictedIngress80.py
667 CKV_AWS_260 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform SecurityGroupUnrestrictedIngress80.py
668 CKV_AWS_261 resource aws_alb_target_group Ensure HTTP HTTPS Target group defines Healthcheck Terraform LBTargetGroupsDefinesHealthcheck.py
669 CKV_AWS_261 resource aws_lb_target_group Ensure HTTP HTTPS Target group defines Healthcheck Terraform LBTargetGroupsDefinesHealthcheck.py
670 CKV_AWS_262 resource aws_kendra_index Ensure Kendra index Server side encryption uses CMK Terraform KendraIndexSSEUsesCMK.py
671 CKV_AWS_263 resource aws_appflow_flow Ensure App Flow flow uses CMK Terraform AppFlowUsesCMK.py
672 CKV_AWS_264 resource aws_appflow_connector_profile Ensure App Flow connector profile uses CMK Terraform AppFlowConnectorProfileUsesCMK.py
673 CKV_AWS_265 resource aws_keyspaces_table Ensure Keyspaces Table uses CMK Terraform KeyspacesTableUsesCMK.py
674 CKV_AWS_266 resource aws_db_snapshot_copy Ensure App Flow connector profile uses CMK Terraform DBSnapshotCopyUsesCMK.py
675 CKV_AWS_267 resource aws_comprehend_entity_recognizer Ensure that Comprehend Entity Recognizer’s model is encrypted by KMS using a customer managed Key (CMK) Terraform ComprehendEntityRecognizerModelUsesCMK.py
676 CKV_AWS_268 resource aws_comprehend_entity_recognizer Ensure that Comprehend Entity Recognizer’s volume is encrypted by KMS using a customer managed Key (CMK) Terraform ComprehendEntityRecognizerVolumeUsesCMK.py
677 CKV_AWS_269 resource aws_connect_instance_storage_config Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK Terraform ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py
678 CKV_AWS_270 resource aws_connect_instance_storage_config Ensure Connect Instance S3 Storage Config uses CMK Terraform ConnectInstanceS3StorageConfigUsesCMK.py
679 CKV_AWS_271 resource aws_dynamodb_table_replica Ensure DynamoDB table replica KMS encryption uses CMK Terraform DynamoDBTableReplicaKMSUsesCMK.py
680 CKV_AWS_272 resource aws_lambda_function Ensure AWS Lambda function is configured to validate code-signing Terraform LambdaCodeSigningConfigured.py
681 CKV_AWS_273 resource aws_iam_user Ensure access is controlled through SSO and not AWS IAM defined users Terraform IAMUserNotUsedForAccess.py
682 CKV_AWS_274 resource aws_iam_group_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
683 CKV_AWS_274 resource aws_iam_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
684 CKV_AWS_274 resource aws_iam_role Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
685 CKV_AWS_274 resource aws_iam_role_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
686 CKV_AWS_274 resource aws_iam_user_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
687 CKV_AWS_274 resource aws_ssoadmin_managed_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
688 CKV_AWS_275 data aws_iam_policy Disallow policies from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
689 CKV_AWS_276 resource aws_api_gateway_method_settings Ensure Data Trace is not enabled in API Gateway Method Settings Terraform APIGatewayMethodSettingsDataTrace.py
690 CKV_AWS_277 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 Terraform SecurityGroupUnrestrictedIngressAny.py
691 CKV_AWS_277 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 Terraform SecurityGroupUnrestrictedIngressAny.py
692 CKV_AWS_277 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 Terraform SecurityGroupUnrestrictedIngressAny.py
693 CKV_AWS_278 resource aws_memorydb_snapshot Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK) Terraform MemoryDBSnapshotEncryptionWithCMK.py
694 CKV_AWS_279 resource aws_neptune_cluster_snapshot Ensure Neptune snapshot is securely encrypted Terraform NeptuneClusterSnapshotEncrypted.py
695 CKV_AWS_280 resource aws_neptune_cluster_snapshot Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK) Terraform NeptuneClusterSnapshotEncryptedWithCMK.py
696 CKV_AWS_281 resource aws_redshift_snapshot_copy_grant Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK) Terraform RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py
697 CKV_AWS_282 resource aws_redshiftserverless_namespace Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK) Terraform RedshiftServerlessNamespaceKMSKey.py
698 CKV_AWS_283 data aws_iam_policy_document Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource Terraform IAMPublicActionsPolicy.py
699 CKV_AWS_284 resource aws_sfn_state_machine Ensure State Machine has X-Ray tracing enabled Terraform StateMachineXray.py
700 CKV_AWS_285 resource aws_sfn_state_machine Ensure State Machine has execution history logging enabled Terraform StateMachineLoggingExecutionHistory.py
701 CKV_AWS_286 resource aws_iam_group_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
702 CKV_AWS_286 resource aws_iam_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
703 CKV_AWS_286 resource aws_iam_role_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
704 CKV_AWS_286 resource aws_iam_user_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
705 CKV_AWS_286 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
706 CKV_AWS_287 resource aws_iam_group_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
707 CKV_AWS_287 resource aws_iam_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
708 CKV_AWS_287 resource aws_iam_role_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
709 CKV_AWS_287 resource aws_iam_user_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
710 CKV_AWS_287 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
711 CKV_AWS_288 resource aws_iam_group_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
712 CKV_AWS_288 resource aws_iam_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
713 CKV_AWS_288 resource aws_iam_role_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
714 CKV_AWS_288 resource aws_iam_user_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
715 CKV_AWS_288 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
716 CKV_AWS_289 resource aws_iam_group_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
717 CKV_AWS_289 resource aws_iam_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
718 CKV_AWS_289 resource aws_iam_role_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
719 CKV_AWS_289 resource aws_iam_user_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
720 CKV_AWS_289 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
721 CKV_AWS_290 resource aws_iam_group_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
722 CKV_AWS_290 resource aws_iam_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
723 CKV_AWS_290 resource aws_iam_role_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
724 CKV_AWS_290 resource aws_iam_user_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
725 CKV_AWS_290 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
726 CKV_AWS_291 resource aws_msk_cluster Ensure MSK nodes are private Terraform MSKClusterNodesArePrivate.py
727 CKV_AWS_292 resource aws_docdb_global_cluster Ensure DocDB Global Cluster is encrypted at rest (default is unencrypted) Terraform DocDBGlobalClusterEncryption.py
728 CKV_AWS_293 resource aws_db_instance Ensure that AWS database instances have deletion protection enabled Terraform RDSInstanceDeletionProtection.py
729 CKV_AWS_294 resource aws_cloudtrail_event_data_store Ensure Cloud Trail Event Data Store uses CMK Terraform CloudtrailEventDataStoreUsesCMK.py
730 CKV_AWS_295 resource aws_datasync_location_object_storage Ensure DataSync Location Object Storage doesn’t expose secrets Terraform DatasyncLocationExposesSecrets.py
731 CKV_AWS_296 resource aws_dms_endpoint Ensure DMS endpoint uses Customer Managed Key (CMK) Terraform DMSEndpointUsesCMK.py
732 CKV_AWS_297 resource aws_scheduler_schedule Ensure EventBridge Scheduler Schedule uses Customer Managed Key (CMK) Terraform SchedulerScheduleUsesCMK.py
733 CKV_AWS_298 resource aws_dms_s3_endpoint Ensure DMS S3 uses Customer Managed Key (CMK) Terraform DMSS3UsesCMK.py
734 CKV_AWS_299 resource aws_dms_s3_endpoint Ensure DMS S3 defines in-transit encryption Terraform DMSS3DefinesIntransitEncryption.py
735 CKV_AWS_300 resource aws_s3_bucket_lifecycle_configuration Ensure S3 lifecycle configuration sets period for aborting failed uploads Terraform S3AbortIncompleteUploads.py
736 CKV_AWS_301 resource aws_lambda_permission Ensure that AWS Lambda function is not publicly accessible Terraform LambdaFunctionIsNotPublic.py
737 CKV_AWS_302 resource aws_db_snapshot Ensure DB Snapshots are not Public Terraform DBSnapshotsArePrivate.py
738 CKV_AWS_303 resource aws_ssm_document Ensure SSM documents are not Public Terraform SSMDocumentsArePrivate.py
739 CKV_AWS_304 resource aws_secretsmanager_secret_rotation Ensure Secrets Manager secrets should be rotated within 90 days Terraform SecretManagerSecret90days.py
740 CKV_AWS_305 resource aws_cloudfront_distribution Ensure Cloudfront distribution has a default root object configured Terraform CloudfrontDistributionDefaultRoot.py
741 CKV_AWS_306 resource aws_sagemaker_notebook_instance Ensure SageMaker notebook instances should be launched into a custom VPC Terraform SagemakerNotebookInCustomVPC.py
742 CKV_AWS_307 resource aws_sagemaker_notebook_instance Ensure SageMaker Users should not have root access to SageMaker notebook instances Terraform SagemakerNotebookRoot.py
743 CKV_AWS_308 resource aws_api_gateway_method_settings Ensure API Gateway method setting caching is set to encrypted Terraform APIGatewayMethodSettingsCacheEncrypted.py
744 CKV_AWS_309 resource aws_apigatewayv2_route Ensure API GatewayV2 routes specify an authorization type Terraform APIGatewayV2RouteDefinesAuthorizationType.py
745 CKV_AWS_310 resource aws_cloudfront_distribution Ensure CloudFront distributions should have origin failover configured Terraform CloudfrontDistributionOriginFailover.py
746 CKV_AWS_311 resource aws_codebuild_project Ensure that CodeBuild S3 logs are encrypted Terraform CodebuildS3LogsEncrypted.py
747 CKV_AWS_312 resource aws_elastic_beanstalk_environment Ensure Elastic Beanstalk environments have enhanced health reporting enabled Terraform ElasticBeanstalkUseEnhancedHealthChecks.py
748 CKV_AWS_313 resource aws_rds_cluster Ensure RDS cluster configured to copy tags to snapshots Terraform RDSClusterCopyTags.py
749 CKV_AWS_314 resource aws_codebuild_project Ensure CodeBuild project environments have a logging configuration Terraform CodebuildHasLogs.py
750 CKV_AWS_315 resource aws_autoscaling_group Ensure EC2 Auto Scaling groups use EC2 launch templates Terraform AutoScalingLaunchTemplate.py
751 CKV_AWS_316 resource aws_codebuild_project Ensure CodeBuild project environments do not have privileged mode enabled Terraform CodeBuildPrivilegedMode.py
752 CKV_AWS_317 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain Audit Logging is enabled Cloudformation ElasticsearchDomainAuditLogging.py
753 CKV_AWS_317 resource AWS::OpenSearchService::Domain Ensure Elasticsearch Domain Audit Logging is enabled Cloudformation ElasticsearchDomainAuditLogging.py
754 CKV_AWS_317 resource aws_elasticsearch_domain Ensure Elasticsearch Domain Audit Logging is enabled Terraform ElasticsearchDomainAuditLogging.py
755 CKV_AWS_317 resource aws_opensearch_domain Ensure Elasticsearch Domain Audit Logging is enabled Terraform ElasticsearchDomainAuditLogging.py
756 CKV_AWS_318 resource aws_elasticsearch_domain Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA Terraform ElasticsearchDomainHA.py
757 CKV_AWS_318 resource aws_opensearch_domain Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA Terraform ElasticsearchDomainHA.py
758 CKV_AWS_319 resource aws_cloudwatch_metric_alarm Ensure that CloudWatch alarm actions are enabled Terraform CloudWatchAlarmsEnabled.py
759 CKV_AWS_320 resource aws_redshift_cluster Ensure Redshift clusters do not use the default database name Terraform RedshiftClusterDatabaseName.py
760 CKV_AWS_321 resource aws_redshift_cluster Ensure Redshift clusters use enhanced VPC routing Terraform RedshiftClusterUseEnhancedVPCRouting.py
761 CKV_AWS_322 resource aws_elasticache_cluster Ensure ElastiCache for Redis cache clusters have auto minor version upgrades enabled Terraform ElasticCacheAutomaticMinorUpgrades.py
762 CKV_AWS_323 resource aws_elasticache_cluster Ensure ElastiCache clusters do not use the default subnet group Terraform ElastiCacheHasCustomSubnet.py
763 CKV_AWS_324 resource aws_rds_cluster Ensure that RDS Cluster log capture is enabled Terraform RDSClusterLogging.py
764 CKV_AWS_325 resource aws_rds_cluster Ensure that RDS Cluster audit logging is enabled for MySQL engine Terraform RDSClusterAuditLogging.py
765 CKV_AWS_326 resource aws_rds_cluster Ensure that RDS Aurora Clusters have backtracking enabled Terraform RDSClusterAuroraBacktrack.py
766 CKV_AWS_327 resource aws_rds_cluster Ensure RDS Clusters are encrypted using KMS CMKs Terraform RDSClusterEncryptedWithCMK.py
767 CKV_AWS_328 resource aws_alb Ensure that ALB is configured with defensive or strictest desync mitigation mode Terraform ALBDesyncMode.py
768 CKV_AWS_328 resource aws_elb Ensure that ALB is configured with defensive or strictest desync mitigation mode Terraform ALBDesyncMode.py
769 CKV_AWS_328 resource aws_lb Ensure that ALB is configured with defensive or strictest desync mitigation mode Terraform ALBDesyncMode.py
770 CKV_AWS_329 resource aws_efs_access_point EFS access points should enforce a root directory Terraform EFSAccessPointRoot.py
771 CKV_AWS_330 resource aws_efs_access_point EFS access points should enforce a user identity Terraform EFSAccessUserIdentity.py
772 CKV_AWS_331 resource aws_ec2_transit_gateway Ensure Transit Gateways do not automatically accept VPC attachment requests Terraform Ec2TransitGatewayAutoAccept.py
773 CKV_AWS_332 resource aws_ecs_service Ensure ECS Fargate services run on the latest Fargate platform version Terraform ECSServiceFargateLatest.py
774 CKV_AWS_333 resource aws_ecs_service Ensure ECS services do not have public IP addresses assigned to them automatically Terraform ECSServicePublicIP.py
775 CKV_AWS_334 resource aws_ecs_task_definition Ensure ECS containers should run as non-privileged Terraform ECSContainerPrivilege.py
776 CKV_AWS_335 resource aws_ecs_task_definition Ensure ECS task definitions should not share the host’s process namespace Terraform ECSContainerHostProcess.py
777 CKV_AWS_336 resource aws_ecs_task_definition Ensure ECS containers are limited to read-only access to root filesystems Terraform ECSContainerReadOnlyRoot.py
778 CKV_AWS_337 resource aws_ssm_parameter Ensure SSM parameters are using KMS CMK Terraform SSMParameterUsesCMK.py
779 CKV_AWS_338 resource aws_cloudwatch_log_group Ensure CloudWatch log groups retains logs for at least 1 year Terraform CloudWatchLogGroupRetentionYear.py
780 CKV_AWS_339 resource aws_eks_cluster Ensure EKS clusters run on a supported Kubernetes version Terraform EKSPlatformVersion.py
781 CKV_AWS_340 resource aws_elastic_beanstalk_environment Ensure Elastic Beanstalk managed platform updates are enabled Terraform ElasticBeanstalkUseManagedUpdates.py
782 CKV_AWS_341 resource aws_launch_configuration Ensure Launch template should not have a metadata response hop limit greater than 1 Terraform LaunchTemplateMetadataHop.py
783 CKV_AWS_341 resource aws_launch_template Ensure Launch template should not have a metadata response hop limit greater than 1 Terraform LaunchTemplateMetadataHop.py
784 CKV_AWS_342 resource aws_waf_rule_group Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
785 CKV_AWS_342 resource aws_waf_web_acl Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
786 CKV_AWS_342 resource aws_wafregional_rule_group Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
787 CKV_AWS_342 resource aws_wafregional_web_acl Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
788 CKV_AWS_342 resource aws_wafv2_rule_group Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
789 CKV_AWS_342 resource aws_wafv2_web_acl Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
790 CKV_AWS_343 resource aws_redshift_cluster Ensure Amazon Redshift clusters should have automatic snapshots enabled Terraform RedshiftClusterAutoSnap.py
791 CKV_AWS_344 resource aws_networkfirewall_firewall Ensure that Network firewalls have deletion protection enabled Terraform NetworkFirewallDeletionProtection.py
792 CKV_AWS_345 resource aws_networkfirewall_firewall Ensure that Network firewall encryption is via a CMK Terraform NetworkFirewallUsesCMK.py
793 CKV_AWS_345 resource aws_networkfirewall_rule_group Ensure that Network firewall encryption is via a CMK Terraform NetworkFirewallUsesCMK.py
794 CKV_AWS_346 resource aws_networkfirewall_firewall_policy Ensure Network Firewall Policy defines an encryption configuration that uses a customer managed Key (CMK) Terraform NetworkFirewallPolicyDefinesCMK.py
795 CKV_AWS_347 resource aws_neptune_cluster Ensure Neptune is encrypted by KMS using a customer managed Key (CMK) Terraform NeptuneClusterEncryptedWithCMK.py
796 CKV_AWS_348 resource aws_iam_access_key Ensure IAM root user doesnt have Access keys Terraform IAMUserRootAccessKeys.py
797 CKV_AWS_349 resource aws_emr_security_configuration Ensure EMR Cluster security configuration encrypts local disks Terraform EMRClusterConfEncryptsLocalDisk.py
798 CKV_AWS_350 resource aws_emr_security_configuration Ensure EMR Cluster security configuration encrypts ebs disks Terraform EMRClusterConfEncryptsEBS.py
799 CKV_AWS_351 resource aws_emr_security_configuration Ensure EMR Cluster security configuration encrypts InTransit Terraform EMRClusterConfEncryptsInTransit.py
800 CKV_AWS_352 resource aws_network_acl_rule Ensure NACL ingress does not allow all Ports Terraform NetworkACLUnrestricted.py
801 CKV_AWS_353 resource aws_db_instance Ensure that RDS instances have performance insights enabled Terraform RDSInstancePerformanceInsights.py
802 CKV_AWS_353 resource aws_rds_cluster_instance Ensure that RDS instances have performance insights enabled Terraform RDSInstancePerformanceInsights.py
803 CKV_AWS_354 resource aws_db_instance Ensure RDS Performance Insights are encrypted using KMS CMKs Terraform RDSInstancePerfInsightsEncryptionWithCMK.py
804 CKV_AWS_354 resource aws_rds_cluster_instance Ensure RDS Performance Insights are encrypted using KMS CMKs Terraform RDSInstancePerfInsightsEncryptionWithCMK.py
805 CKV_AWS_355 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
806 CKV_AWS_355 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
807 CKV_AWS_355 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
808 CKV_AWS_355 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
809 CKV_AWS_355 resource aws_ssoadmin_permission_set_inline_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
810 CKV_AWS_356 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform ResourcePolicyDocument.py
811 CKV2_AWS_1 resource aws_network_acl Ensure that all NACL are attached to subnets Terraform SubnetHasACL.yaml
812 CKV2_AWS_1 resource aws_subnet Ensure that all NACL are attached to subnets Terraform SubnetHasACL.yaml
813 CKV2_AWS_2 resource aws_ebs_volume Ensure that only encrypted EBS volumes are attached to EC2 instances Terraform EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
814 CKV2_AWS_2 resource aws_volume_attachment Ensure that only encrypted EBS volumes are attached to EC2 instances Terraform EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
815 CKV2_AWS_3 resource aws_guardduty_detector Ensure GuardDuty is enabled to specific org/region Terraform GuardDutyIsEnabled.yaml
816 CKV2_AWS_3 resource aws_guardduty_organization_configuration Ensure GuardDuty is enabled to specific org/region Terraform GuardDutyIsEnabled.yaml
817 CKV2_AWS_4 resource aws_api_gateway_method_settings Ensure API Gateway stage have logging level defined as appropriate Terraform APIGWLoggingLevelsDefinedProperly.yaml
818 CKV2_AWS_4 resource aws_api_gateway_stage Ensure API Gateway stage have logging level defined as appropriate Terraform APIGWLoggingLevelsDefinedProperly.yaml
819 CKV2_AWS_5 resource aws_security_group Ensure that Security Groups are attached to another resource Terraform SGAttachedToResource.yaml
820 CKV2_AWS_6 resource aws_s3_bucket Ensure that S3 bucket has a Public Access block Terraform S3BucketHasPublicAccessBlock.yaml
821 CKV2_AWS_6 resource aws_s3_bucket_public_access_block Ensure that S3 bucket has a Public Access block Terraform S3BucketHasPublicAccessBlock.yaml
822 CKV2_AWS_7 resource aws_emr_cluster Ensure that Amazon EMR clusters’ security groups are not open to the world Terraform AMRClustersNotOpenToInternet.yaml
823 CKV2_AWS_7 resource aws_security_group Ensure that Amazon EMR clusters’ security groups are not open to the world Terraform AMRClustersNotOpenToInternet.yaml
824 CKV2_AWS_8 resource aws_rds_cluster Ensure that RDS clusters has backup plan of AWS Backup Terraform RDSClusterHasBackupPlan.yaml
825 CKV2_AWS_9 resource aws_backup_selection Ensure that EBS are added in the backup plans of AWS Backup Terraform EBSAddedBackup.yaml
826 CKV2_AWS_10 resource aws_cloudtrail Ensure CloudTrail trails are integrated with CloudWatch Logs Terraform CloudtrailHasCloudwatch.yaml
827 CKV2_AWS_11 resource aws_vpc Ensure VPC flow logging is enabled in all VPCs Terraform VPCHasFlowLog.yaml
828 CKV2_AWS_12 resource aws_default_security_group Ensure the default security group of every VPC restricts all traffic Terraform VPCHasRestrictedSG.yaml
829 CKV2_AWS_12 resource aws_vpc Ensure the default security group of every VPC restricts all traffic Terraform VPCHasRestrictedSG.yaml
830 CKV2_AWS_14 resource aws_iam_group Ensure that IAM groups includes at least one IAM user Terraform IAMGroupHasAtLeastOneUser.yaml
831 CKV2_AWS_14 resource aws_iam_group_membership Ensure that IAM groups includes at least one IAM user Terraform IAMGroupHasAtLeastOneUser.yaml
832 CKV2_AWS_15 resource aws_autoscaling_group Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform AutoScallingEnabledELB.yaml
833 CKV2_AWS_15 resource aws_elb Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform AutoScallingEnabledELB.yaml
834 CKV2_AWS_15 resource aws_lb_target_group Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform AutoScallingEnabledELB.yaml
835 CKV2_AWS_16 resource aws_appautoscaling_target Ensure that Auto Scaling is enabled on your DynamoDB tables Terraform AutoScalingEnableOnDynamoDBTables.yaml
836 CKV2_AWS_16 resource aws_dynamodb_table Ensure that Auto Scaling is enabled on your DynamoDB tables Terraform AutoScalingEnableOnDynamoDBTables.yaml
837 CKV2_AWS_18 resource aws_backup_selection Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup Terraform EFSAddedBackup.yaml
838 CKV2_AWS_19 resource aws_eip Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances Terraform EIPAllocatedToVPCAttachedEC2.yaml
839 CKV2_AWS_19 resource aws_eip_association Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances Terraform EIPAllocatedToVPCAttachedEC2.yaml
840 CKV2_AWS_20 resource aws_alb Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
841 CKV2_AWS_20 resource aws_alb_listener Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
842 CKV2_AWS_20 resource aws_lb Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
843 CKV2_AWS_20 resource aws_lb_listener Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
844 CKV2_AWS_21 resource aws_iam_group_membership Ensure that all IAM users are members of at least one IAM group. Terraform IAMUsersAreMembersAtLeastOneGroup.yaml
845 CKV2_AWS_22 resource aws_iam_user Ensure an IAM User does not have access to the console Terraform IAMUserHasNoConsoleAccess.yaml
846 CKV2_AWS_23 resource aws_route53_record Route53 A Record has Attached Resource Terraform Route53ARecordAttachedResource.yaml
847 CKV2_AWS_27 resource aws_rds_cluster Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled Terraform PostgresRDSHasQueryLoggingEnabled.yaml
848 CKV2_AWS_27 resource aws_rds_cluster_parameter_group Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled Terraform PostgresRDSHasQueryLoggingEnabled.yaml
849 CKV2_AWS_28 resource aws_alb Ensure public facing ALB are protected by WAF Terraform ALBProtectedByWAF.yaml
850 CKV2_AWS_28 resource aws_lb Ensure public facing ALB are protected by WAF Terraform ALBProtectedByWAF.yaml
851 CKV2_AWS_29 resource aws_api_gateway_rest_api Ensure public API gateway are protected by WAF Terraform APIProtectedByWAF.yaml
852 CKV2_AWS_29 resource aws_api_gateway_stage Ensure public API gateway are protected by WAF Terraform APIProtectedByWAF.yaml
853 CKV2_AWS_30 resource aws_db_instance Ensure Postgres RDS as aws_db_instance has Query Logging enabled Terraform PostgresDBHasQueryLoggingEnabled.yaml
854 CKV2_AWS_30 resource aws_db_parameter_group Ensure Postgres RDS as aws_db_instance has Query Logging enabled Terraform PostgresDBHasQueryLoggingEnabled.yaml
855 CKV2_AWS_31 resource aws_wafv2_web_acl Ensure WAF2 has a Logging Configuration Terraform WAF2HasLogs.yaml
856 CKV2_AWS_32 resource aws_cloudfront_distribution Ensure CloudFront distribution has a response headers policy attached Terraform CloudFrontHasResponseHeadersPolicy.yaml
857 CKV2_AWS_33 resource AWS::AppSync::GraphQLApi Ensure AppSync is protected by WAF Cloudformation AppSyncProtectedByWAF.yaml
858 CKV2_AWS_33 resource aws_appsync_graphql_api Ensure AppSync is protected by WAF Terraform AppSyncProtectedByWAF.yaml
859 CKV2_AWS_34 resource aws_ssm_parameter AWS SSM Parameter should be Encrypted Terraform AWSSSMParameterShouldBeEncrypted.yaml
860 CKV2_AWS_35 resource aws_route AWS NAT Gateways should be utilized for the default route Terraform AWSNATGatewaysshouldbeutilized.yaml
861 CKV2_AWS_35 resource aws_route_table AWS NAT Gateways should be utilized for the default route Terraform AWSNATGatewaysshouldbeutilized.yaml
862 CKV2_AWS_36 resource aws_ssm_parameter Ensure terraform is not sending SSM secrets to untrusted domains over HTTP Terraform HTTPNotSendingPasswords.yaml
863 CKV2_AWS_36 resource data.http Ensure terraform is not sending SSM secrets to untrusted domains over HTTP Terraform HTTPNotSendingPasswords.yaml
864 CKV2_AWS_37 resource aws Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
865 CKV2_AWS_37 resource aws_accessanalyzer_analyzer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
866 CKV2_AWS_37 resource aws_acm_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
867 CKV2_AWS_37 resource aws_acm_certificate_validation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
868 CKV2_AWS_37 resource aws_acmpca_certificate_authority Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
869 CKV2_AWS_37 resource aws_ami Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
870 CKV2_AWS_37 resource aws_ami_copy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
871 CKV2_AWS_37 resource aws_ami_from_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
872 CKV2_AWS_37 resource aws_ami_launch_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
873 CKV2_AWS_37 resource aws_api_gateway_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
874 CKV2_AWS_37 resource aws_api_gateway_api_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
875 CKV2_AWS_37 resource aws_api_gateway_authorizer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
876 CKV2_AWS_37 resource aws_api_gateway_base_path_mapping Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
877 CKV2_AWS_37 resource aws_api_gateway_client_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
878 CKV2_AWS_37 resource aws_api_gateway_deployment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
879 CKV2_AWS_37 resource aws_api_gateway_documentation_part Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
880 CKV2_AWS_37 resource aws_api_gateway_documentation_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
881 CKV2_AWS_37 resource aws_api_gateway_domain_name Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
882 CKV2_AWS_37 resource aws_api_gateway_gateway_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
883 CKV2_AWS_37 resource aws_api_gateway_integration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
884 CKV2_AWS_37 resource aws_api_gateway_integration_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
885 CKV2_AWS_37 resource aws_api_gateway_method Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
886 CKV2_AWS_37 resource aws_api_gateway_method_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
887 CKV2_AWS_37 resource aws_api_gateway_method_settings Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
888 CKV2_AWS_37 resource aws_api_gateway_model Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
889 CKV2_AWS_37 resource aws_api_gateway_request_validator Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
890 CKV2_AWS_37 resource aws_api_gateway_resource Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
891 CKV2_AWS_37 resource aws_api_gateway_rest_api Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
892 CKV2_AWS_37 resource aws_api_gateway_stage Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
893 CKV2_AWS_37 resource aws_api_gateway_usage_plan Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
894 CKV2_AWS_37 resource aws_api_gateway_usage_plan_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
895 CKV2_AWS_37 resource aws_api_gateway_vpc_link Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
896 CKV2_AWS_37 resource aws_apigatewayv2_api Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
897 CKV2_AWS_37 resource aws_apigatewayv2_api_mapping Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
898 CKV2_AWS_37 resource aws_apigatewayv2_authorizer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
899 CKV2_AWS_37 resource aws_apigatewayv2_deployment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
900 CKV2_AWS_37 resource aws_apigatewayv2_domain_name Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
901 CKV2_AWS_37 resource aws_apigatewayv2_integration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
902 CKV2_AWS_37 resource aws_apigatewayv2_integration_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
903 CKV2_AWS_37 resource aws_apigatewayv2_model Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
904 CKV2_AWS_37 resource aws_apigatewayv2_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
905 CKV2_AWS_37 resource aws_apigatewayv2_route_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
906 CKV2_AWS_37 resource aws_apigatewayv2_stage Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
907 CKV2_AWS_37 resource aws_apigatewayv2_vpc_link Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
908 CKV2_AWS_37 resource aws_app_cookie_stickiness_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
909 CKV2_AWS_37 resource aws_appautoscaling_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
910 CKV2_AWS_37 resource aws_appautoscaling_scheduled_action Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
911 CKV2_AWS_37 resource aws_appautoscaling_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
912 CKV2_AWS_37 resource aws_appmesh_mesh Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
913 CKV2_AWS_37 resource aws_appmesh_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
914 CKV2_AWS_37 resource aws_appmesh_virtual_node Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
915 CKV2_AWS_37 resource aws_appmesh_virtual_router Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
916 CKV2_AWS_37 resource aws_appmesh_virtual_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
917 CKV2_AWS_37 resource aws_appsync_api_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
918 CKV2_AWS_37 resource aws_appsync_datasource Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
919 CKV2_AWS_37 resource aws_appsync_function Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
920 CKV2_AWS_37 resource aws_appsync_graphql_api Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
921 CKV2_AWS_37 resource aws_appsync_resolver Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
922 CKV2_AWS_37 resource aws_athena_database Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
923 CKV2_AWS_37 resource aws_athena_named_query Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
924 CKV2_AWS_37 resource aws_athena_workgroup Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
925 CKV2_AWS_37 resource aws_autoscaling_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
926 CKV2_AWS_37 resource aws_autoscaling_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
927 CKV2_AWS_37 resource aws_autoscaling_lifecycle_hook Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
928 CKV2_AWS_37 resource aws_autoscaling_notification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
929 CKV2_AWS_37 resource aws_autoscaling_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
930 CKV2_AWS_37 resource aws_autoscaling_schedule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
931 CKV2_AWS_37 resource aws_backup_plan Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
932 CKV2_AWS_37 resource aws_backup_selection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
933 CKV2_AWS_37 resource aws_backup_vault Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
934 CKV2_AWS_37 resource aws_batch_compute_environment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
935 CKV2_AWS_37 resource aws_batch_job_definition Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
936 CKV2_AWS_37 resource aws_batch_job_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
937 CKV2_AWS_37 resource aws_budgets_budget Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
938 CKV2_AWS_37 resource aws_cloud9_environment_ec2 Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
939 CKV2_AWS_37 resource aws_cloudformation_stack Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
940 CKV2_AWS_37 resource aws_cloudformation_stack_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
941 CKV2_AWS_37 resource aws_cloudformation_stack_set_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
942 CKV2_AWS_37 resource aws_cloudfront_distribution Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
943 CKV2_AWS_37 resource aws_cloudfront_origin_access_identity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
944 CKV2_AWS_37 resource aws_cloudfront_public_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
945 CKV2_AWS_37 resource aws_cloudhsm_v2_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
946 CKV2_AWS_37 resource aws_cloudhsm_v2_hsm Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
947 CKV2_AWS_37 resource aws_cloudtrail Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
948 CKV2_AWS_37 resource aws_cloudwatch_dashboard Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
949 CKV2_AWS_37 resource aws_cloudwatch_event_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
950 CKV2_AWS_37 resource aws_cloudwatch_event_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
951 CKV2_AWS_37 resource aws_cloudwatch_event_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
952 CKV2_AWS_37 resource aws_cloudwatch_log_destination Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
953 CKV2_AWS_37 resource aws_cloudwatch_log_destination_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
954 CKV2_AWS_37 resource aws_cloudwatch_log_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
955 CKV2_AWS_37 resource aws_cloudwatch_log_metric_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
956 CKV2_AWS_37 resource aws_cloudwatch_log_resource_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
957 CKV2_AWS_37 resource aws_cloudwatch_log_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
958 CKV2_AWS_37 resource aws_cloudwatch_log_subscription_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
959 CKV2_AWS_37 resource aws_cloudwatch_metric_alarm Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
960 CKV2_AWS_37 resource aws_codebuild_project Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
961 CKV2_AWS_37 resource aws_codebuild_source_credential Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
962 CKV2_AWS_37 resource aws_codebuild_webhook Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
963 CKV2_AWS_37 resource aws_codecommit_repository Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
964 CKV2_AWS_37 resource aws_codecommit_trigger Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
965 CKV2_AWS_37 resource aws_codedeploy_app Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
966 CKV2_AWS_37 resource aws_codedeploy_deployment_config Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
967 CKV2_AWS_37 resource aws_codedeploy_deployment_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
968 CKV2_AWS_37 resource aws_codepipeline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
969 CKV2_AWS_37 resource aws_codepipeline_webhook Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
970 CKV2_AWS_37 resource aws_codestarnotifications_notification_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
971 CKV2_AWS_37 resource aws_cognito_identity_pool Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
972 CKV2_AWS_37 resource aws_cognito_identity_pool_roles_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
973 CKV2_AWS_37 resource aws_cognito_identity_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
974 CKV2_AWS_37 resource aws_cognito_resource_server Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
975 CKV2_AWS_37 resource aws_cognito_user_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
976 CKV2_AWS_37 resource aws_cognito_user_pool Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
977 CKV2_AWS_37 resource aws_cognito_user_pool_client Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
978 CKV2_AWS_37 resource aws_cognito_user_pool_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
979 CKV2_AWS_37 resource aws_config_aggregate_authorization Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
980 CKV2_AWS_37 resource aws_config_config_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
981 CKV2_AWS_37 resource aws_config_configuration_aggregator Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
982 CKV2_AWS_37 resource aws_config_configuration_recorder Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
983 CKV2_AWS_37 resource aws_config_configuration_recorder_status Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
984 CKV2_AWS_37 resource aws_config_delivery_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
985 CKV2_AWS_37 resource aws_config_organization_custom_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
986 CKV2_AWS_37 resource aws_config_organization_managed_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
987 CKV2_AWS_37 resource aws_cur_report_definition Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
988 CKV2_AWS_37 resource aws_customer_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
989 CKV2_AWS_37 resource aws_datapipeline_pipeline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
990 CKV2_AWS_37 resource aws_datasync_agent Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
991 CKV2_AWS_37 resource aws_datasync_location_efs Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
992 CKV2_AWS_37 resource aws_datasync_location_nfs Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
993 CKV2_AWS_37 resource aws_datasync_location_s3 Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
994 CKV2_AWS_37 resource aws_datasync_location_smb Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
995 CKV2_AWS_37 resource aws_datasync_task Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
996 CKV2_AWS_37 resource aws_dax_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
997 CKV2_AWS_37 resource aws_dax_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
998 CKV2_AWS_37 resource aws_dax_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
999 CKV2_AWS_37 resource aws_db_cluster_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1000 CKV2_AWS_37 resource aws_db_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1001 CKV2_AWS_37 resource aws_db_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1002 CKV2_AWS_37 resource aws_db_instance_role_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1003 CKV2_AWS_37 resource aws_db_option_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1004 CKV2_AWS_37 resource aws_db_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1005 CKV2_AWS_37 resource aws_db_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1006 CKV2_AWS_37 resource aws_db_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1007 CKV2_AWS_37 resource aws_db_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1008 CKV2_AWS_37 resource aws_default_network_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1009 CKV2_AWS_37 resource aws_default_route_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1010 CKV2_AWS_37 resource aws_default_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1011 CKV2_AWS_37 resource aws_default_subnet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1012 CKV2_AWS_37 resource aws_default_vpc Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1013 CKV2_AWS_37 resource aws_default_vpc_dhcp_options Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1014 CKV2_AWS_37 resource aws_devicefarm_project Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1015 CKV2_AWS_37 resource aws_directory_service_conditional_forwarder Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1016 CKV2_AWS_37 resource aws_directory_service_directory Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1017 CKV2_AWS_37 resource aws_directory_service_log_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1018 CKV2_AWS_37 resource aws_dlm_lifecycle_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1019 CKV2_AWS_37 resource aws_dms_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1020 CKV2_AWS_37 resource aws_dms_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1021 CKV2_AWS_37 resource aws_dms_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1022 CKV2_AWS_37 resource aws_dms_replication_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1023 CKV2_AWS_37 resource aws_dms_replication_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1024 CKV2_AWS_37 resource aws_dms_replication_task Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1025 CKV2_AWS_37 resource aws_docdb_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1026 CKV2_AWS_37 resource aws_docdb_cluster_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1027 CKV2_AWS_37 resource aws_docdb_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1028 CKV2_AWS_37 resource aws_docdb_cluster_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1029 CKV2_AWS_37 resource aws_docdb_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1030 CKV2_AWS_37 resource aws_dx_bgp_peer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1031 CKV2_AWS_37 resource aws_dx_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1032 CKV2_AWS_37 resource aws_dx_connection_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1033 CKV2_AWS_37 resource aws_dx_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1034 CKV2_AWS_37 resource aws_dx_gateway_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1035 CKV2_AWS_37 resource aws_dx_gateway_association_proposal Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1036 CKV2_AWS_37 resource aws_dx_hosted_private_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1037 CKV2_AWS_37 resource aws_dx_hosted_private_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1038 CKV2_AWS_37 resource aws_dx_hosted_public_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1039 CKV2_AWS_37 resource aws_dx_hosted_public_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1040 CKV2_AWS_37 resource aws_dx_hosted_transit_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1041 CKV2_AWS_37 resource aws_dx_hosted_transit_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1042 CKV2_AWS_37 resource aws_dx_lag Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1043 CKV2_AWS_37 resource aws_dx_private_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1044 CKV2_AWS_37 resource aws_dx_public_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1045 CKV2_AWS_37 resource aws_dx_transit_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1046 CKV2_AWS_37 resource aws_dynamodb_global_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1047 CKV2_AWS_37 resource aws_dynamodb_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1048 CKV2_AWS_37 resource aws_dynamodb_table_item Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1049 CKV2_AWS_37 resource aws_ebs_default_kms_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1050 CKV2_AWS_37 resource aws_ebs_encryption_by_default Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1051 CKV2_AWS_37 resource aws_ebs_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1052 CKV2_AWS_37 resource aws_ebs_snapshot_copy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1053 CKV2_AWS_37 resource aws_ebs_volume Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1054 CKV2_AWS_37 resource aws_ec2_availability_zone_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1055 CKV2_AWS_37 resource aws_ec2_capacity_reservation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1056 CKV2_AWS_37 resource aws_ec2_client_vpn_authorization_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1057 CKV2_AWS_37 resource aws_ec2_client_vpn_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1058 CKV2_AWS_37 resource aws_ec2_client_vpn_network_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1059 CKV2_AWS_37 resource aws_ec2_client_vpn_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1060 CKV2_AWS_37 resource aws_ec2_fleet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1061 CKV2_AWS_37 resource aws_ec2_local_gateway_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1062 CKV2_AWS_37 resource aws_ec2_local_gateway_route_table_vpc_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1063 CKV2_AWS_37 resource aws_ec2_tag Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1064 CKV2_AWS_37 resource aws_ec2_traffic_mirror_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1065 CKV2_AWS_37 resource aws_ec2_traffic_mirror_filter_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1066 CKV2_AWS_37 resource aws_ec2_traffic_mirror_session Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1067 CKV2_AWS_37 resource aws_ec2_traffic_mirror_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1068 CKV2_AWS_37 resource aws_ec2_transit_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1069 CKV2_AWS_37 resource aws_ec2_transit_gateway_peering_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1070 CKV2_AWS_37 resource aws_ec2_transit_gateway_peering_attachment_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1071 CKV2_AWS_37 resource aws_ec2_transit_gateway_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1072 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1073 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1074 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table_propagation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1075 CKV2_AWS_37 resource aws_ec2_transit_gateway_vpc_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1076 CKV2_AWS_37 resource aws_ec2_transit_gateway_vpc_attachment_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1077 CKV2_AWS_37 resource aws_ecr_lifecycle_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1078 CKV2_AWS_37 resource aws_ecr_repository Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1079 CKV2_AWS_37 resource aws_ecr_repository_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1080 CKV2_AWS_37 resource aws_ecs_capacity_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1081 CKV2_AWS_37 resource aws_ecs_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1082 CKV2_AWS_37 resource aws_ecs_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1083 CKV2_AWS_37 resource aws_ecs_task_definition Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1084 CKV2_AWS_37 resource aws_efs_access_point Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1085 CKV2_AWS_37 resource aws_efs_file_system Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1086 CKV2_AWS_37 resource aws_efs_file_system_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1087 CKV2_AWS_37 resource aws_efs_mount_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1088 CKV2_AWS_37 resource aws_egress_only_internet_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1089 CKV2_AWS_37 resource aws_eip Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1090 CKV2_AWS_37 resource aws_eip_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1091 CKV2_AWS_37 resource aws_eks_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1092 CKV2_AWS_37 resource aws_eks_fargate_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1093 CKV2_AWS_37 resource aws_eks_node_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1094 CKV2_AWS_37 resource aws_elastic_beanstalk_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1095 CKV2_AWS_37 resource aws_elastic_beanstalk_application_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1096 CKV2_AWS_37 resource aws_elastic_beanstalk_configuration_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1097 CKV2_AWS_37 resource aws_elastic_beanstalk_environment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1098 CKV2_AWS_37 resource aws_elasticache_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1099 CKV2_AWS_37 resource aws_elasticache_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1100 CKV2_AWS_37 resource aws_elasticache_replication_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1101 CKV2_AWS_37 resource aws_elasticache_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1102 CKV2_AWS_37 resource aws_elasticache_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1103 CKV2_AWS_37 resource aws_elasticsearch_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1104 CKV2_AWS_37 resource aws_elasticsearch_domain_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1105 CKV2_AWS_37 resource aws_elastictranscoder_pipeline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1106 CKV2_AWS_37 resource aws_elastictranscoder_preset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1107 CKV2_AWS_37 resource aws_elb Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1108 CKV2_AWS_37 resource aws_elb_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1109 CKV2_AWS_37 resource aws_emr_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1110 CKV2_AWS_37 resource aws_emr_instance_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1111 CKV2_AWS_37 resource aws_emr_security_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1112 CKV2_AWS_37 resource aws_flow_log Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1113 CKV2_AWS_37 resource aws_fms_admin_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1114 CKV2_AWS_37 resource aws_fsx_lustre_file_system Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1115 CKV2_AWS_37 resource aws_fsx_windows_file_system Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1116 CKV2_AWS_37 resource aws_gamelift_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1117 CKV2_AWS_37 resource aws_gamelift_build Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1118 CKV2_AWS_37 resource aws_gamelift_fleet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1119 CKV2_AWS_37 resource aws_gamelift_game_session_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1120 CKV2_AWS_37 resource aws_glacier_vault Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1121 CKV2_AWS_37 resource aws_glacier_vault_lock Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1122 CKV2_AWS_37 resource aws_globalaccelerator_accelerator Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1123 CKV2_AWS_37 resource aws_globalaccelerator_endpoint_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1124 CKV2_AWS_37 resource aws_globalaccelerator_listener Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1125 CKV2_AWS_37 resource aws_glue_catalog_database Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1126 CKV2_AWS_37 resource aws_glue_catalog_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1127 CKV2_AWS_37 resource aws_glue_classifier Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1128 CKV2_AWS_37 resource aws_glue_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1129 CKV2_AWS_37 resource aws_glue_crawler Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1130 CKV2_AWS_37 resource aws_glue_job Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1131 CKV2_AWS_37 resource aws_glue_security_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1132 CKV2_AWS_37 resource aws_glue_trigger Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1133 CKV2_AWS_37 resource aws_glue_workflow Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1134 CKV2_AWS_37 resource aws_guardduty_detector Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1135 CKV2_AWS_37 resource aws_guardduty_invite_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1136 CKV2_AWS_37 resource aws_guardduty_ipset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1137 CKV2_AWS_37 resource aws_guardduty_member Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1138 CKV2_AWS_37 resource aws_guardduty_organization_admin_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1139 CKV2_AWS_37 resource aws_guardduty_organization_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1140 CKV2_AWS_37 resource aws_guardduty_threatintelset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1141 CKV2_AWS_37 resource aws_iam_access_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1142 CKV2_AWS_37 resource aws_iam_account_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1143 CKV2_AWS_37 resource aws_iam_account_password_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1144 CKV2_AWS_37 resource aws_iam_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1145 CKV2_AWS_37 resource aws_iam_group_membership Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1146 CKV2_AWS_37 resource aws_iam_group_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1147 CKV2_AWS_37 resource aws_iam_group_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1148 CKV2_AWS_37 resource aws_iam_instance_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1149 CKV2_AWS_37 resource aws_iam_openid_connect_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1150 CKV2_AWS_37 resource aws_iam_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1151 CKV2_AWS_37 resource aws_iam_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1152 CKV2_AWS_37 resource aws_iam_policy_document Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1153 CKV2_AWS_37 resource aws_iam_role Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1154 CKV2_AWS_37 resource aws_iam_role_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1155 CKV2_AWS_37 resource aws_iam_role_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1156 CKV2_AWS_37 resource aws_iam_saml_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1157 CKV2_AWS_37 resource aws_iam_server_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1158 CKV2_AWS_37 resource aws_iam_service_linked_role Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1159 CKV2_AWS_37 resource aws_iam_user Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1160 CKV2_AWS_37 resource aws_iam_user_group_membership Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1161 CKV2_AWS_37 resource aws_iam_user_login_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1162 CKV2_AWS_37 resource aws_iam_user_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1163 CKV2_AWS_37 resource aws_iam_user_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1164 CKV2_AWS_37 resource aws_iam_user_ssh_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1165 CKV2_AWS_37 resource aws_inspector_assessment_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1166 CKV2_AWS_37 resource aws_inspector_assessment_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1167 CKV2_AWS_37 resource aws_inspector_resource_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1168 CKV2_AWS_37 resource aws_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1169 CKV2_AWS_37 resource aws_internet_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1170 CKV2_AWS_37 resource aws_iot_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1171 CKV2_AWS_37 resource aws_iot_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1172 CKV2_AWS_37 resource aws_iot_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1173 CKV2_AWS_37 resource aws_iot_role_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1174 CKV2_AWS_37 resource aws_iot_thing Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1175 CKV2_AWS_37 resource aws_iot_thing_principal_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1176 CKV2_AWS_37 resource aws_iot_thing_type Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1177 CKV2_AWS_37 resource aws_iot_topic_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1178 CKV2_AWS_37 resource aws_key_pair Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1179 CKV2_AWS_37 resource aws_kinesis_analytics_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1180 CKV2_AWS_37 resource aws_kinesis_firehose_delivery_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1181 CKV2_AWS_37 resource aws_kinesis_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1182 CKV2_AWS_37 resource aws_kinesis_video_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1183 CKV2_AWS_37 resource aws_kms_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1184 CKV2_AWS_37 resource aws_kms_ciphertext Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1185 CKV2_AWS_37 resource aws_kms_external_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1186 CKV2_AWS_37 resource aws_kms_grant Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1187 CKV2_AWS_37 resource aws_kms_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1188 CKV2_AWS_37 resource aws_lambda_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1189 CKV2_AWS_37 resource aws_lambda_event_source_mapping Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1190 CKV2_AWS_37 resource aws_lambda_function Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1191 CKV2_AWS_37 resource aws_lambda_function_event_invoke_config Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1192 CKV2_AWS_37 resource aws_lambda_layer_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1193 CKV2_AWS_37 resource aws_lambda_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1194 CKV2_AWS_37 resource aws_lambda_provisioned_concurrency_config Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1195 CKV2_AWS_37 resource aws_launch_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1196 CKV2_AWS_37 resource aws_launch_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1197 CKV2_AWS_37 resource aws_lb Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1198 CKV2_AWS_37 resource aws_lb_cookie_stickiness_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1199 CKV2_AWS_37 resource aws_lb_listener Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1200 CKV2_AWS_37 resource aws_lb_listener_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1201 CKV2_AWS_37 resource aws_lb_listener_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1202 CKV2_AWS_37 resource aws_lb_ssl_negotiation_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1203 CKV2_AWS_37 resource aws_lb_target_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1204 CKV2_AWS_37 resource aws_lb_target_group_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1205 CKV2_AWS_37 resource aws_licensemanager_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1206 CKV2_AWS_37 resource aws_licensemanager_license_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1207 CKV2_AWS_37 resource aws_lightsail_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1208 CKV2_AWS_37 resource aws_lightsail_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1209 CKV2_AWS_37 resource aws_lightsail_key_pair Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1210 CKV2_AWS_37 resource aws_lightsail_static_ip Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1211 CKV2_AWS_37 resource aws_lightsail_static_ip_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1212 CKV2_AWS_37 resource aws_load_balancer_backend_server_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1213 CKV2_AWS_37 resource aws_load_balancer_listener_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1214 CKV2_AWS_37 resource aws_load_balancer_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1215 CKV2_AWS_37 resource aws_macie_member_account_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1216 CKV2_AWS_37 resource aws_macie_s3_bucket_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1217 CKV2_AWS_37 resource aws_main_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1218 CKV2_AWS_37 resource aws_media_convert_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1219 CKV2_AWS_37 resource aws_media_package_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1220 CKV2_AWS_37 resource aws_media_store_container Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1221 CKV2_AWS_37 resource aws_media_store_container_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1222 CKV2_AWS_37 resource aws_mq_broker Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1223 CKV2_AWS_37 resource aws_mq_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1224 CKV2_AWS_37 resource aws_msk_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1225 CKV2_AWS_37 resource aws_msk_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1226 CKV2_AWS_37 resource aws_nat_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1227 CKV2_AWS_37 resource aws_neptune_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1228 CKV2_AWS_37 resource aws_neptune_cluster_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1229 CKV2_AWS_37 resource aws_neptune_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1230 CKV2_AWS_37 resource aws_neptune_cluster_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1231 CKV2_AWS_37 resource aws_neptune_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1232 CKV2_AWS_37 resource aws_neptune_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1233 CKV2_AWS_37 resource aws_neptune_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1234 CKV2_AWS_37 resource aws_network_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1235 CKV2_AWS_37 resource aws_network_acl_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1236 CKV2_AWS_37 resource aws_network_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1237 CKV2_AWS_37 resource aws_network_interface_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1238 CKV2_AWS_37 resource aws_network_interface_sg_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1239 CKV2_AWS_37 resource aws_opsworks_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1240 CKV2_AWS_37 resource aws_opsworks_custom_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1241 CKV2_AWS_37 resource aws_opsworks_ganglia_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1242 CKV2_AWS_37 resource aws_opsworks_haproxy_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1243 CKV2_AWS_37 resource aws_opsworks_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1244 CKV2_AWS_37 resource aws_opsworks_java_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1245 CKV2_AWS_37 resource aws_opsworks_memcached_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1246 CKV2_AWS_37 resource aws_opsworks_mysql_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1247 CKV2_AWS_37 resource aws_opsworks_nodejs_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1248 CKV2_AWS_37 resource aws_opsworks_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1249 CKV2_AWS_37 resource aws_opsworks_php_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1250 CKV2_AWS_37 resource aws_opsworks_rails_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1251 CKV2_AWS_37 resource aws_opsworks_rds_db_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1252 CKV2_AWS_37 resource aws_opsworks_stack Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1253 CKV2_AWS_37 resource aws_opsworks_static_web_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1254 CKV2_AWS_37 resource aws_opsworks_user_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1255 CKV2_AWS_37 resource aws_organizations_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1256 CKV2_AWS_37 resource aws_organizations_organization Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1257 CKV2_AWS_37 resource aws_organizations_organizational_unit Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1258 CKV2_AWS_37 resource aws_organizations_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1259 CKV2_AWS_37 resource aws_organizations_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1260 CKV2_AWS_37 resource aws_pinpoint_adm_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1261 CKV2_AWS_37 resource aws_pinpoint_apns_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1262 CKV2_AWS_37 resource aws_pinpoint_apns_sandbox_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1263 CKV2_AWS_37 resource aws_pinpoint_apns_voip_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1264 CKV2_AWS_37 resource aws_pinpoint_apns_voip_sandbox_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1265 CKV2_AWS_37 resource aws_pinpoint_app Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1266 CKV2_AWS_37 resource aws_pinpoint_baidu_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1267 CKV2_AWS_37 resource aws_pinpoint_email_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1268 CKV2_AWS_37 resource aws_pinpoint_event_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1269 CKV2_AWS_37 resource aws_pinpoint_gcm_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1270 CKV2_AWS_37 resource aws_pinpoint_sms_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1271 CKV2_AWS_37 resource aws_placement_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1272 CKV2_AWS_37 resource aws_proxy_protocol_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1273 CKV2_AWS_37 resource aws_qldb_ledger Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1274 CKV2_AWS_37 resource aws_quicksight_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1275 CKV2_AWS_37 resource aws_quicksight_user Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1276 CKV2_AWS_37 resource aws_ram_principal_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1277 CKV2_AWS_37 resource aws_ram_resource_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1278 CKV2_AWS_37 resource aws_ram_resource_share Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1279 CKV2_AWS_37 resource aws_ram_resource_share_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1280 CKV2_AWS_37 resource aws_rds_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1281 CKV2_AWS_37 resource aws_rds_cluster_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1282 CKV2_AWS_37 resource aws_rds_cluster_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1283 CKV2_AWS_37 resource aws_rds_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1284 CKV2_AWS_37 resource aws_rds_global_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1285 CKV2_AWS_37 resource aws_redshift_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1286 CKV2_AWS_37 resource aws_redshift_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1287 CKV2_AWS_37 resource aws_redshift_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1288 CKV2_AWS_37 resource aws_redshift_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1289 CKV2_AWS_37 resource aws_redshift_snapshot_copy_grant Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1290 CKV2_AWS_37 resource aws_redshift_snapshot_schedule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1291 CKV2_AWS_37 resource aws_redshift_snapshot_schedule_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1292 CKV2_AWS_37 resource aws_redshift_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1293 CKV2_AWS_37 resource aws_resourcegroups_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1294 CKV2_AWS_37 resource aws_root Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1295 CKV2_AWS_37 resource aws_root_access_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1296 CKV2_AWS_37 resource aws_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1297 CKV2_AWS_37 resource aws_route53_delegation_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1298 CKV2_AWS_37 resource aws_route53_health_check Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1299 CKV2_AWS_37 resource aws_route53_query_log Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1300 CKV2_AWS_37 resource aws_route53_record Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1301 CKV2_AWS_37 resource aws_route53_resolver_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1302 CKV2_AWS_37 resource aws_route53_resolver_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1303 CKV2_AWS_37 resource aws_route53_resolver_rule_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1304 CKV2_AWS_37 resource aws_route53_vpc_association_authorization Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1305 CKV2_AWS_37 resource aws_route53_zone Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1306 CKV2_AWS_37 resource aws_route53_zone_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1307 CKV2_AWS_37 resource aws_route_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1308 CKV2_AWS_37 resource aws_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1309 CKV2_AWS_37 resource aws_s3_access_point Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1310 CKV2_AWS_37 resource aws_s3_account_public_access_block Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1311 CKV2_AWS_37 resource aws_s3_bucket Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1312 CKV2_AWS_37 resource aws_s3_bucket_analytics_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1313 CKV2_AWS_37 resource aws_s3_bucket_inventory Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1314 CKV2_AWS_37 resource aws_s3_bucket_metric Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1315 CKV2_AWS_37 resource aws_s3_bucket_notification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1316 CKV2_AWS_37 resource aws_s3_bucket_object Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1317 CKV2_AWS_37 resource aws_s3_bucket_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1318 CKV2_AWS_37 resource aws_s3_bucket_public_access_block Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1319 CKV2_AWS_37 resource aws_sagemaker_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1320 CKV2_AWS_37 resource aws_sagemaker_endpoint_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1321 CKV2_AWS_37 resource aws_sagemaker_model Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1322 CKV2_AWS_37 resource aws_sagemaker_notebook_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1323 CKV2_AWS_37 resource aws_sagemaker_notebook_instance_lifecycle_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1324 CKV2_AWS_37 resource aws_secretsmanager_secret Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1325 CKV2_AWS_37 resource aws_secretsmanager_secret_rotation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1326 CKV2_AWS_37 resource aws_secretsmanager_secret_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1327 CKV2_AWS_37 resource aws_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1328 CKV2_AWS_37 resource aws_security_group_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1329 CKV2_AWS_37 resource aws_securityhub_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1330 CKV2_AWS_37 resource aws_securityhub_member Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1331 CKV2_AWS_37 resource aws_securityhub_product_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1332 CKV2_AWS_37 resource aws_securityhub_standards_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1333 CKV2_AWS_37 resource aws_service_discovery_http_namespace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1334 CKV2_AWS_37 resource aws_service_discovery_private_dns_namespace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1335 CKV2_AWS_37 resource aws_service_discovery_public_dns_namespace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1336 CKV2_AWS_37 resource aws_service_discovery_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1337 CKV2_AWS_37 resource aws_servicecatalog_portfolio Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1338 CKV2_AWS_37 resource aws_servicequotas_service_quota Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1339 CKV2_AWS_37 resource aws_ses_active_receipt_rule_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1340 CKV2_AWS_37 resource aws_ses_configuration_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1341 CKV2_AWS_37 resource aws_ses_domain_dkim Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1342 CKV2_AWS_37 resource aws_ses_domain_identity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1343 CKV2_AWS_37 resource aws_ses_domain_identity_verification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1344 CKV2_AWS_37 resource aws_ses_domain_mail_from Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1345 CKV2_AWS_37 resource aws_ses_email_identity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1346 CKV2_AWS_37 resource aws_ses_event_destination Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1347 CKV2_AWS_37 resource aws_ses_identity_notification_topic Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1348 CKV2_AWS_37 resource aws_ses_identity_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1349 CKV2_AWS_37 resource aws_ses_receipt_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1350 CKV2_AWS_37 resource aws_ses_receipt_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1351 CKV2_AWS_37 resource aws_ses_receipt_rule_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1352 CKV2_AWS_37 resource aws_ses_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1353 CKV2_AWS_37 resource aws_sfn_activity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1354 CKV2_AWS_37 resource aws_sfn_state_machine Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1355 CKV2_AWS_37 resource aws_shield_protection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1356 CKV2_AWS_37 resource aws_simpledb_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1357 CKV2_AWS_37 resource aws_snapshot_create_volume_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1358 CKV2_AWS_37 resource aws_sns_platform_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1359 CKV2_AWS_37 resource aws_sns_sms_preferences Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1360 CKV2_AWS_37 resource aws_sns_topic Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1361 CKV2_AWS_37 resource aws_sns_topic_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1362 CKV2_AWS_37 resource aws_sns_topic_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1363 CKV2_AWS_37 resource aws_spot_datafeed_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1364 CKV2_AWS_37 resource aws_spot_fleet_request Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1365 CKV2_AWS_37 resource aws_spot_instance_request Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1366 CKV2_AWS_37 resource aws_sqs_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1367 CKV2_AWS_37 resource aws_sqs_queue_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1368 CKV2_AWS_37 resource aws_ssm_activation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1369 CKV2_AWS_37 resource aws_ssm_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1370 CKV2_AWS_37 resource aws_ssm_document Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1371 CKV2_AWS_37 resource aws_ssm_maintenance_window Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1372 CKV2_AWS_37 resource aws_ssm_maintenance_window_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1373 CKV2_AWS_37 resource aws_ssm_maintenance_window_task Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1374 CKV2_AWS_37 resource aws_ssm_parameter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1375 CKV2_AWS_37 resource aws_ssm_patch_baseline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1376 CKV2_AWS_37 resource aws_ssm_patch_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1377 CKV2_AWS_37 resource aws_ssm_resource_data_sync Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1378 CKV2_AWS_37 resource aws_storagegateway_cache Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1379 CKV2_AWS_37 resource aws_storagegateway_cached_iscsi_volume Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1380 CKV2_AWS_37 resource aws_storagegateway_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1381 CKV2_AWS_37 resource aws_storagegateway_nfs_file_share Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1382 CKV2_AWS_37 resource aws_storagegateway_smb_file_share Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1383 CKV2_AWS_37 resource aws_storagegateway_upload_buffer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1384 CKV2_AWS_37 resource aws_storagegateway_working_storage Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1385 CKV2_AWS_37 resource aws_subnet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1386 CKV2_AWS_37 resource aws_swf_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1387 CKV2_AWS_37 resource aws_transfer_server Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1388 CKV2_AWS_37 resource aws_transfer_ssh_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1389 CKV2_AWS_37 resource aws_transfer_user Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1390 CKV2_AWS_37 resource aws_volume_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1391 CKV2_AWS_37 resource aws_vpc Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1392 CKV2_AWS_37 resource aws_vpc_dhcp_options Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1393 CKV2_AWS_37 resource aws_vpc_dhcp_options_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1394 CKV2_AWS_37 resource aws_vpc_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1395 CKV2_AWS_37 resource aws_vpc_endpoint_connection_notification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1396 CKV2_AWS_37 resource aws_vpc_endpoint_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1397 CKV2_AWS_37 resource aws_vpc_endpoint_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1398 CKV2_AWS_37 resource aws_vpc_endpoint_service_allowed_principal Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1399 CKV2_AWS_37 resource aws_vpc_endpoint_subnet_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1400 CKV2_AWS_37 resource aws_vpc_ipv4_cidr_block_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1401 CKV2_AWS_37 resource aws_vpc_peering_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1402 CKV2_AWS_37 resource aws_vpc_peering_connection_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1403 CKV2_AWS_37 resource aws_vpc_peering_connection_options Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1404 CKV2_AWS_37 resource aws_vpn_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1405 CKV2_AWS_37 resource aws_vpn_connection_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1406 CKV2_AWS_37 resource aws_vpn_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1407 CKV2_AWS_37 resource aws_vpn_gateway_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1408 CKV2_AWS_37 resource aws_vpn_gateway_route_propagation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1409 CKV2_AWS_37 resource aws_waf_byte_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1410 CKV2_AWS_37 resource aws_waf_geo_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1411 CKV2_AWS_37 resource aws_waf_ipset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1412 CKV2_AWS_37 resource aws_waf_rate_based_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1413 CKV2_AWS_37 resource aws_waf_regex_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1414 CKV2_AWS_37 resource aws_waf_regex_pattern_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1415 CKV2_AWS_37 resource aws_waf_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1416 CKV2_AWS_37 resource aws_waf_rule_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1417 CKV2_AWS_37 resource aws_waf_size_constraint_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1418 CKV2_AWS_37 resource aws_waf_sql_injection_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1419 CKV2_AWS_37 resource aws_waf_web_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1420 CKV2_AWS_37 resource aws_waf_xss_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1421 CKV2_AWS_37 resource aws_wafregional_byte_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1422 CKV2_AWS_37 resource aws_wafregional_geo_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1423 CKV2_AWS_37 resource aws_wafregional_ipset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1424 CKV2_AWS_37 resource aws_wafregional_rate_based_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1425 CKV2_AWS_37 resource aws_wafregional_regex_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1426 CKV2_AWS_37 resource aws_wafregional_regex_pattern_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1427 CKV2_AWS_37 resource aws_wafregional_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1428 CKV2_AWS_37 resource aws_wafregional_rule_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1429 CKV2_AWS_37 resource aws_wafregional_size_constraint_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1430 CKV2_AWS_37 resource aws_wafregional_sql_injection_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1431 CKV2_AWS_37 resource aws_wafregional_web_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1432 CKV2_AWS_37 resource aws_wafregional_web_acl_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1433 CKV2_AWS_37 resource aws_wafregional_xss_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1434 CKV2_AWS_37 resource aws_wafv2_ip_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1435 CKV2_AWS_37 resource aws_wafv2_regex_pattern_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1436 CKV2_AWS_37 resource aws_wafv2_rule_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1437 CKV2_AWS_37 resource aws_wafv2_web_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1438 CKV2_AWS_37 resource aws_wafv2_web_acl_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1439 CKV2_AWS_37 resource aws_wafv2_web_acl_logging_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1440 CKV2_AWS_37 resource aws_worklink_fleet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1441 CKV2_AWS_37 resource aws_worklink_website_certificate_authority_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1442 CKV2_AWS_37 resource aws_workspaces_directory Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1443 CKV2_AWS_37 resource aws_workspaces_ip_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1444 CKV2_AWS_37 resource aws_workspaces_workspace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1445 CKV2_AWS_37 resource aws_xray_sampling_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1446 CKV2_AWS_38 resource aws_route53_zone Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones Terraform Route53ZoneEnableDNSSECSigning.yaml
1447 CKV2_AWS_39 resource aws_route53_zone Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones Terraform Route53ZoneHasMatchingQueryLog.yaml
1448 CKV2_AWS_40 resource aws_iam_group_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1449 CKV2_AWS_40 resource aws_iam_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1450 CKV2_AWS_40 resource aws_iam_role_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1451 CKV2_AWS_40 resource aws_iam_user_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1452 CKV2_AWS_40 resource aws_ssoadmin_permission_set_inline_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1453 CKV2_AWS_40 resource data.aws_iam_policy_document Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1454 CKV2_AWS_41 resource aws_instance Ensure an IAM role is attached to EC2 instance Terraform EC2InstanceHasIAMRoleAttached.yaml
1455 CKV2_AWS_42 resource aws_cloudfront_distribution Ensure AWS CloudFront distribution uses custom SSL certificate Terraform CloudFrontHasCustomSSLCertificate.yaml
1456 CKV2_AWS_43 resource aws_s3_bucket_acl Ensure S3 Bucket does not allow access to all Authenticated users Terraform S3NotAllowAccessToAllAuthenticatedUsers.yaml
1457 CKV2_AWS_44 resource aws_route Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic Terraform VPCPeeringRouteTableOverlyPermissive.yaml
1458 CKV2_AWS_44 resource aws_route_table Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic Terraform VPCPeeringRouteTableOverlyPermissive.yaml
1459 CKV2_AWS_45 resource aws_config_configuration_recorder Ensure AWS Config recorder is enabled to record all supported resources Terraform AWSConfigRecorderEnabled.yaml
1460 CKV2_AWS_45 resource aws_config_configuration_recorder_status Ensure AWS Config recorder is enabled to record all supported resources Terraform AWSConfigRecorderEnabled.yaml
1461 CKV2_AWS_46 resource aws_cloudfront_distribution Ensure AWS Cloudfront Distribution with S3 have Origin Access set to enabled Terraform CLoudFrontS3OriginConfigWithOAI.yaml
1462 CKV2_AWS_47 resource aws_cloudfront_distribution Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability Terraform CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1463 CKV2_AWS_47 resource aws_wafv2_web_acl Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability Terraform CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1464 CKV2_AWS_48 resource aws_config_configuration_recorder Ensure AWS Config must record all possible resources Terraform ConfigRecorderRecordsAllGlobalResources.yaml
1465 CKV2_AWS_49 resource aws_dms_endpoint Ensure AWS Database Migration Service endpoints have SSL configured Terraform DMSEndpointHaveSSLConfigured.yaml
1466 CKV2_AWS_50 resource aws_elasticache_replication_group Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled Terraform ElastiCacheRedisConfiguredAutomaticFailOver.yaml
1467 CKV2_AWS_51 resource aws_api_gateway_stage Ensure AWS API Gateway endpoints uses client certificate authentication Terraform APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1468 CKV2_AWS_51 resource aws_apigatewayv2_api Ensure AWS API Gateway endpoints uses client certificate authentication Terraform APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1469 CKV2_AWS_51 resource aws_apigatewayv2_stage Ensure AWS API Gateway endpoints uses client certificate authentication Terraform APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1470 CKV2_AWS_52 resource aws_elasticsearch_domain Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled Terraform OpenSearchDomainHasFineGrainedControl.yaml
1471 CKV2_AWS_52 resource aws_opensearch_domain Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled Terraform OpenSearchDomainHasFineGrainedControl.yaml
1472 CKV2_AWS_53 resource aws_api_gateway_method Ensure AWS API gateway request is validated Terraform APIGatewayRequestParameterValidationEnabled.yaml
1473 CKV2_AWS_54 resource aws_cloudfront_distribution Ensure AWS CloudFront distribution is using secure SSL protocols for HTTPS communication Terraform CloudFrontUsesSecureProtocolsForHTTPS.yaml
1474 CKV2_AWS_55 resource aws_emr_cluster Ensure AWS EMR cluster is configured with security configuration Terraform EMRClusterHasSecurityConfiguration.yaml
1475 CKV2_AWS_56 resource aws_iam_group_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1476 CKV2_AWS_56 resource aws_iam_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1477 CKV2_AWS_56 resource aws_iam_role Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1478 CKV2_AWS_56 resource aws_iam_role_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1479 CKV2_AWS_56 resource aws_iam_user_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1480 CKV2_AWS_56 resource aws_ssoadmin_managed_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1481 CKV2_AWS_56 resource data.aws_iam_policy Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1482 CKV2_AWS_57 resource aws_secretsmanager_secret Ensure Secrets Manager secrets should have automatic rotation enabled Terraform SecretsAreRotated.yaml
1483 CKV2_AWS_58 resource aws_neptune_cluster Ensure AWS Neptune cluster deletion protection is enabled Terraform NeptuneDeletionProtectionEnabled.yaml
1484 CKV2_AWS_59 resource aws_elasticsearch_domain Ensure ElasticSearch/OpenSearch has dedicated master node enabled Terraform ElasticSearchDedicatedMasterEnabled.yaml
1485 CKV2_AWS_59 resource aws_opensearch_domain Ensure ElasticSearch/OpenSearch has dedicated master node enabled Terraform ElasticSearchDedicatedMasterEnabled.yaml
1486 CKV2_AWS_60 resource aws_db_instance Ensure RDS instance with copy tags to snapshots is enabled Terraform RDSEnableCopyTagsToSnapshot.yaml
1487 CKV2_AWS_61 resource aws_s3_bucket Ensure that an S3 bucket has a lifecycle configuration Terraform S3BucketLifecycle.yaml
1488 CKV2_AWS_62 resource aws_s3_bucket Ensure S3 buckets should have event notifications enabled Terraform S3BucketEventNotifications.yaml
1489 CKV2_AWS_63 resource aws_networkfirewall_firewall Ensure Network firewall has logging configuration defined Terraform NetworkFirewallHasLogging.yaml
1490 CKV_AZURE_1 resource Microsoft.Compute/virtualMachines Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) arm AzureInstancePassword.py
1491 CKV_AZURE_1 resource Microsoft.Compute/virtualMachines Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Bicep AzureInstancePassword.py
1492 CKV_AZURE_1 resource azurerm_linux_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform AzureInstancePassword.py
1493 CKV_AZURE_1 resource azurerm_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform AzureInstancePassword.py
1494 CKV_AZURE_2 resource Microsoft.Compute/disks Ensure Azure managed disk have encryption enabled arm AzureManagedDiscEncryption.py
1495 CKV_AZURE_2 resource Microsoft.Compute/disks Ensure Azure managed disk have encryption enabled Bicep AzureManagedDiscEncryption.py
1496 CKV_AZURE_2 resource azurerm_managed_disk Ensure Azure managed disk has encryption enabled Terraform AzureManagedDiskEncryption.py
1497 CKV_AZURE_3 resource Microsoft.Storage/storageAccounts Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’ arm StorageAccountsTransportEncryption.py
1498 CKV_AZURE_3 resource Microsoft.Storage/storageAccounts Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’ Bicep StorageAccountsTransportEncryption.py
1499 CKV_AZURE_3 resource azurerm_storage_account Ensure that ‘enable_https_traffic_only’ is enabled Terraform StorageAccountsTransportEncryption.py
1500 CKV_AZURE_4 resource Microsoft.ContainerService/managedClusters Ensure AKS logging to Azure Monitoring is Configured arm AKSLoggingEnabled.py
1501 CKV_AZURE_4 resource Microsoft.ContainerService/managedClusters Ensure AKS logging to Azure Monitoring is Configured Bicep AKSLoggingEnabled.py
1502 CKV_AZURE_4 resource azurerm_kubernetes_cluster Ensure AKS logging to Azure Monitoring is Configured Terraform AKSLoggingEnabled.py
1503 CKV_AZURE_5 resource Microsoft.ContainerService/managedClusters Ensure RBAC is enabled on AKS clusters arm AKSRbacEnabled.py
1504 CKV_AZURE_5 resource Microsoft.ContainerService/managedClusters Ensure RBAC is enabled on AKS clusters Bicep AKSRbacEnabled.py
1505 CKV_AZURE_5 resource azurerm_kubernetes_cluster Ensure RBAC is enabled on AKS clusters Terraform AKSRbacEnabled.py
1506 CKV_AZURE_6 resource Microsoft.ContainerService/managedClusters Ensure AKS has an API Server Authorized IP Ranges enabled arm AKSApiServerAuthorizedIpRanges.py
1507 CKV_AZURE_6 resource Microsoft.ContainerService/managedClusters Ensure AKS has an API Server Authorized IP Ranges enabled Bicep AKSApiServerAuthorizedIpRanges.py
1508 CKV_AZURE_6 resource azurerm_kubernetes_cluster Ensure AKS has an API Server Authorized IP Ranges enabled Terraform AKSApiServerAuthorizedIpRanges.py
1509 CKV_AZURE_7 resource Microsoft.ContainerService/managedClusters Ensure AKS cluster has Network Policy configured arm AKSNetworkPolicy.py
1510 CKV_AZURE_7 resource Microsoft.ContainerService/managedClusters Ensure AKS cluster has Network Policy configured Bicep AKSNetworkPolicy.py
1511 CKV_AZURE_7 resource azurerm_kubernetes_cluster Ensure AKS cluster has Network Policy configured Terraform AKSNetworkPolicy.py
1512 CKV_AZURE_8 resource Microsoft.ContainerService/managedClusters Ensure Kubernetes Dashboard is disabled arm AKSDashboardDisabled.py
1513 CKV_AZURE_8 resource Microsoft.ContainerService/managedClusters Ensure Kubernetes Dashboard is disabled Bicep AKSDashboardDisabled.py
1514 CKV_AZURE_8 resource azurerm_kubernetes_cluster Ensure Kubernetes Dashboard is disabled Terraform AKSDashboardDisabled.py
1515 CKV_AZURE_9 resource Microsoft.Network/networkSecurityGroups Ensure that RDP access is restricted from the internet arm NSGRuleRDPAccessRestricted.py
1516 CKV_AZURE_9 resource Microsoft.Network/networkSecurityGroups Ensure that RDP access is restricted from the internet Bicep NSGRuleRDPAccessRestricted.py
1517 CKV_AZURE_9 resource Microsoft.Network/networkSecurityGroups/securityRules Ensure that RDP access is restricted from the internet arm NSGRuleRDPAccessRestricted.py
1518 CKV_AZURE_9 resource Microsoft.Network/networkSecurityGroups/securityRules Ensure that RDP access is restricted from the internet Bicep NSGRuleRDPAccessRestricted.py
1519 CKV_AZURE_9 resource azurerm_network_security_group Ensure that RDP access is restricted from the internet Terraform NSGRuleRDPAccessRestricted.py
1520 CKV_AZURE_9 resource azurerm_network_security_rule Ensure that RDP access is restricted from the internet Terraform NSGRuleRDPAccessRestricted.py
1521 CKV_AZURE_10 resource Microsoft.Network/networkSecurityGroups Ensure that SSH access is restricted from the internet arm NSGRuleSSHAccessRestricted.py
1522 CKV_AZURE_10 resource Microsoft.Network/networkSecurityGroups Ensure that SSH access is restricted from the internet Bicep NSGRuleSSHAccessRestricted.py
1523 CKV_AZURE_10 resource Microsoft.Network/networkSecurityGroups/securityRules Ensure that SSH access is restricted from the internet arm NSGRuleSSHAccessRestricted.py
1524 CKV_AZURE_10 resource Microsoft.Network/networkSecurityGroups/securityRules Ensure that SSH access is restricted from the internet Bicep NSGRuleSSHAccessRestricted.py
1525 CKV_AZURE_10 resource azurerm_network_security_group Ensure that SSH access is restricted from the internet Terraform NSGRuleSSHAccessRestricted.py
1526 CKV_AZURE_10 resource azurerm_network_security_rule Ensure that SSH access is restricted from the internet Terraform NSGRuleSSHAccessRestricted.py
1527 CKV_AZURE_11 resource Microsoft.Sql/servers Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) arm SQLServerNoPublicAccess.py
1528 CKV_AZURE_11 resource Microsoft.Sql/servers Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Bicep SQLServerNoPublicAccess.py
1529 CKV_AZURE_11 resource azurerm_mariadb_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1530 CKV_AZURE_11 resource azurerm_mysql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1531 CKV_AZURE_11 resource azurerm_postgresql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1532 CKV_AZURE_11 resource azurerm_sql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1533 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/FlowLogs Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm NetworkWatcherFlowLogPeriod.py
1534 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/FlowLogs Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Bicep NetworkWatcherFlowLogPeriod.py
1535 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/FlowLogs/ Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm NetworkWatcherFlowLogPeriod.py
1536 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/FlowLogs/ Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Bicep NetworkWatcherFlowLogPeriod.py
1537 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/flowLogs Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm NetworkWatcherFlowLogPeriod.py
1538 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/flowLogs Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Bicep NetworkWatcherFlowLogPeriod.py
1539 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/flowLogs/ Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm NetworkWatcherFlowLogPeriod.py
1540 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/flowLogs/ Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Bicep NetworkWatcherFlowLogPeriod.py
1541 CKV_AZURE_12 resource azurerm_network_watcher_flow_log Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Terraform NetworkWatcherFlowLogPeriod.py
1542 CKV_AZURE_13 resource Microsoft.Web/sites/config Ensure App Service Authentication is set on Azure App Service arm AppServiceAuthentication.py
1543 CKV_AZURE_13 resource Microsoft.Web/sites/config Ensure App Service Authentication is set on Azure App Service Bicep AppServiceAuthentication.py
1544 CKV_AZURE_13 resource azurerm_app_service Ensure App Service Authentication is set on Azure App Service Terraform AppServiceAuthentication.py
1545 CKV_AZURE_13 resource azurerm_linux_web_app Ensure App Service Authentication is set on Azure App Service Terraform AppServiceAuthentication.py
1546 CKV_AZURE_13 resource azurerm_windows_web_app Ensure App Service Authentication is set on Azure App Service Terraform AppServiceAuthentication.py
1547 CKV_AZURE_13 resource config Ensure App Service Authentication is set on Azure App Service arm AppServiceAuthentication.py
1548 CKV_AZURE_13 resource config Ensure App Service Authentication is set on Azure App Service Bicep AppServiceAuthentication.py
1549 CKV_AZURE_14 resource Microsoft.Web/sites Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service arm AppServiceHTTPSOnly.py
1550 CKV_AZURE_14 resource Microsoft.Web/sites Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Bicep AppServiceHTTPSOnly.py
1551 CKV_AZURE_14 resource azurerm_app_service Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform AppServiceHTTPSOnly.py
1552 CKV_AZURE_14 resource azurerm_linux_web_app Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform AppServiceHTTPSOnly.py
1553 CKV_AZURE_14 resource azurerm_windows_web_app Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform AppServiceHTTPSOnly.py
1554 CKV_AZURE_15 resource Microsoft.Web/sites Ensure web app is using the latest version of TLS encryption arm AppServiceMinTLSVersion.py
1555 CKV_AZURE_15 resource Microsoft.Web/sites Ensure web app is using the latest version of TLS encryption Bicep AppServiceMinTLSVersion.py
1556 CKV_AZURE_15 resource azurerm_app_service Ensure web app is using the latest version of TLS encryption Terraform AppServiceMinTLSVersion.py
1557 CKV_AZURE_15 resource azurerm_linux_web_app Ensure web app is using the latest version of TLS encryption Terraform AppServiceMinTLSVersion.py
1558 CKV_AZURE_15 resource azurerm_windows_web_app Ensure web app is using the latest version of TLS encryption Terraform AppServiceMinTLSVersion.py
1559 CKV_AZURE_16 resource Microsoft.Web/sites Ensure that Register with Azure Active Directory is enabled on App Service arm AppServiceIdentity.py
1560 CKV_AZURE_16 resource Microsoft.Web/sites Ensure that Register with Azure Active Directory is enabled on App Service Bicep AppServiceIdentity.py
1561 CKV_AZURE_16 resource azurerm_app_service Ensure that Register with Azure Active Directory is enabled on App Service Terraform AppServiceIdentity.py
1562 CKV_AZURE_16 resource azurerm_linux_web_app Ensure that Register with Azure Active Directory is enabled on App Service Terraform AppServiceIdentity.py
1563 CKV_AZURE_16 resource azurerm_windows_web_app Ensure that Register with Azure Active Directory is enabled on App Service Terraform AppServiceIdentity.py
1564 CKV_AZURE_17 resource Microsoft.Web/sites Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set arm AppServiceClientCertificate.py
1565 CKV_AZURE_17 resource Microsoft.Web/sites Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Bicep AppServiceClientCertificate.py
1566 CKV_AZURE_17 resource azurerm_app_service Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform AppServiceClientCertificate.py
1567 CKV_AZURE_17 resource azurerm_linux_web_app Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform AppServiceClientCertificate.py
1568 CKV_AZURE_17 resource azurerm_windows_web_app Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform AppServiceClientCertificate.py
1569 CKV_AZURE_18 resource Microsoft.Web/sites Ensure that ‘HTTP Version’ is the latest if used to run the web app arm AppServiceHttps20Enabled.py
1570 CKV_AZURE_18 resource Microsoft.Web/sites Ensure that ‘HTTP Version’ is the latest if used to run the web app Bicep AppServiceHttps20Enabled.py
1571 CKV_AZURE_18 resource azurerm_app_service Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform AppServiceHttps20Enabled.py
1572 CKV_AZURE_18 resource azurerm_linux_web_app Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform AppServiceHttps20Enabled.py
1573 CKV_AZURE_18 resource azurerm_windows_web_app Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform AppServiceHttps20Enabled.py
1574 CKV_AZURE_19 resource Microsoft.Security/pricings Ensure that standard pricing tier is selected arm SecurityCenterStandardPricing.py
1575 CKV_AZURE_19 resource Microsoft.Security/pricings Ensure that standard pricing tier is selected Bicep SecurityCenterStandardPricing.py
1576 CKV_AZURE_19 resource azurerm_security_center_subscription_pricing Ensure that standard pricing tier is selected Terraform SecurityCenterStandardPricing.py
1577 CKV_AZURE_20 resource Microsoft.Security/securityContacts Ensure that security contact ‘Phone number’ is set arm SecurityCenterContactPhone.py
1578 CKV_AZURE_20 resource Microsoft.Security/securityContacts Ensure that security contact ‘Phone number’ is set Bicep SecurityCenterContactPhone.py
1579 CKV_AZURE_20 resource azurerm_security_center_contact Ensure that security contact ‘Phone number’ is set Terraform SecurityCenterContactPhone.py
1580 CKV_AZURE_21 resource Microsoft.Security/securityContacts Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ arm SecurityCenterContactEmailAlert.py
1581 CKV_AZURE_21 resource Microsoft.Security/securityContacts Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Bicep SecurityCenterContactEmailAlert.py
1582 CKV_AZURE_21 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform SecurityCenterContactEmailAlert.py
1583 CKV_AZURE_22 resource Microsoft.Security/securityContacts Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ arm SecurityCenterContactEmailAlertAdmins.py
1584 CKV_AZURE_22 resource Microsoft.Security/securityContacts Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Bicep SecurityCenterContactEmailAlertAdmins.py
1585 CKV_AZURE_22 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform SecurityCenterContactEmailAlertAdmins.py
1586 CKV_AZURE_23 resource Microsoft.Sql/servers Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers arm SQLServerAuditingEnabled.py
1587 CKV_AZURE_23 resource Microsoft.Sql/servers Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Bicep SQLServerAuditingEnabled.yaml
1588 CKV_AZURE_23 resource Microsoft.Sql/servers/auditingSettings Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Bicep SQLServerAuditingEnabled.yaml
1589 CKV_AZURE_23 resource Microsoft.Sql/servers/databases Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers arm SQLServerAuditingEnabled.py
1590 CKV_AZURE_23 resource Microsoft.Sql/servers/databases Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Bicep SQLServerAuditingEnabled.yaml
1591 CKV_AZURE_23 resource Microsoft.Sql/servers/databases/auditingSettings Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Bicep SQLServerAuditingEnabled.yaml
1592 CKV_AZURE_23 resource azurerm_mssql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform SQLServerAuditingEnabled.yaml
1593 CKV_AZURE_23 resource azurerm_mssql_server_extended_auditing_policy Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform SQLServerAuditingEnabled.yaml
1594 CKV_AZURE_23 resource azurerm_sql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform SQLServerAuditingEnabled.yaml
1595 CKV_AZURE_24 resource Microsoft.Sql/servers Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers arm SQLServerAuditingRetention90Days.py
1596 CKV_AZURE_24 resource Microsoft.Sql/servers Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Bicep SQLServerAuditingRetention90Days.py
1597 CKV_AZURE_24 resource azurerm_mssql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform SQLServerAuditingRetention90Days.yaml
1598 CKV_AZURE_24 resource azurerm_mssql_server_extended_auditing_policy Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform SQLServerAuditingRetention90Days.yaml
1599 CKV_AZURE_24 resource azurerm_sql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform SQLServerAuditingRetention90Days.yaml
1600 CKV_AZURE_25 resource Microsoft.Sql/servers/databases Ensure that ‘Threat Detection types’ is set to ‘All’ arm SQLServerThreatDetectionTypes.py
1601 CKV_AZURE_25 resource Microsoft.Sql/servers/databases Ensure that ‘Threat Detection types’ is set to ‘All’ Bicep SQLServerThreatDetectionTypes.py
1602 CKV_AZURE_25 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Threat Detection types’ is set to ‘All’ Terraform SQLServerThreatDetectionTypes.py
1603 CKV_AZURE_26 resource Microsoft.Sql/servers/databases Ensure that ‘Send Alerts To’ is enabled for MSSQL servers arm SQLServerEmailAlertsEnabled.py
1604 CKV_AZURE_26 resource Microsoft.Sql/servers/databases Ensure that ‘Send Alerts To’ is enabled for MSSQL servers Bicep SQLServerEmailAlertsEnabled.py
1605 CKV_AZURE_26 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Send Alerts To’ is enabled for MSSQL servers Terraform SQLServerEmailAlertsEnabled.py
1606 CKV_AZURE_27 resource Microsoft.Sql/servers/databases Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers arm SQLServerEmailAlertsToAdminsEnabled.py
1607 CKV_AZURE_27 resource Microsoft.Sql/servers/databases Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers Bicep SQLServerEmailAlertsToAdminsEnabled.py
1608 CKV_AZURE_27 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers Terraform SQLServerEmailAlertsToAdminsEnabled.py
1609 CKV_AZURE_28 resource Microsoft.DBforMySQL/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server arm MySQLServerSSLEnforcementEnabled.py
1610 CKV_AZURE_28 resource Microsoft.DBforMySQL/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server Bicep MySQLServerSSLEnforcementEnabled.py
1611 CKV_AZURE_28 resource azurerm_mysql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server Terraform MySQLServerSSLEnforcementEnabled.py
1612 CKV_AZURE_29 resource Microsoft.DBforPostgreSQL/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server arm PostgreSQLServerSSLEnforcementEnabled.py
1613 CKV_AZURE_29 resource Microsoft.DBforPostgreSQL/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server Bicep PostgreSQLServerSSLEnforcementEnabled.py
1614 CKV_AZURE_29 resource azurerm_postgresql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server Terraform PostgreSQLServerSSLEnforcementEnabled.py
1615 CKV_AZURE_30 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server arm PostgreSQLServerLogCheckpointsEnabled.py
1616 CKV_AZURE_30 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server Bicep PostgreSQLServerLogCheckpointsEnabled.py
1617 CKV_AZURE_30 resource azurerm_postgresql_configuration Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerLogCheckpointsEnabled.py
1618 CKV_AZURE_30 resource configurations Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server arm PostgreSQLServerLogCheckpointsEnabled.py
1619 CKV_AZURE_30 resource configurations Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server Bicep PostgreSQLServerLogCheckpointsEnabled.py
1620 CKV_AZURE_31 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server arm PostgreSQLServerLogConnectionsEnabled.py
1621 CKV_AZURE_31 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server Bicep PostgreSQLServerLogConnectionsEnabled.py
1622 CKV_AZURE_31 resource azurerm_postgresql_configuration Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerLogConnectionsEnabled.py
1623 CKV_AZURE_31 resource configurations Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server arm PostgreSQLServerLogConnectionsEnabled.py
1624 CKV_AZURE_31 resource configurations Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server Bicep PostgreSQLServerLogConnectionsEnabled.py
1625 CKV_AZURE_32 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server arm PostgreSQLServerConnectionThrottlingEnabled.py
1626 CKV_AZURE_32 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server Bicep PostgreSQLServerConnectionThrottlingEnabled.py
1627 CKV_AZURE_32 resource azurerm_postgresql_configuration Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerConnectionThrottlingEnabled.py
1628 CKV_AZURE_32 resource configurations Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server arm PostgreSQLServerConnectionThrottlingEnabled.py
1629 CKV_AZURE_32 resource configurations Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server Bicep PostgreSQLServerConnectionThrottlingEnabled.py
1630 CKV_AZURE_33 resource Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings Ensure Storage logging is enabled for Queue service for read, write and delete requests arm StorageAccountLoggingQueueServiceEnabled.py
1631 CKV_AZURE_33 resource Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings Ensure Storage logging is enabled for Queue service for read, write and delete requests Bicep StorageAccountLoggingQueueServiceEnabled.py
1632 CKV_AZURE_33 resource azurerm_storage_account Ensure Storage logging is enabled for Queue service for read, write and delete requests Terraform StorageAccountLoggingQueueServiceEnabled.py
1633 CKV_AZURE_34 resource Microsoft.Storage/storageAccounts/blobServices/containers Ensure that ‘Public access level’ is set to Private for blob containers arm StorageBlobServiceContainerPrivateAccess.py
1634 CKV_AZURE_34 resource Microsoft.Storage/storageAccounts/blobServices/containers Ensure that ‘Public access level’ is set to Private for blob containers Bicep StorageBlobServiceContainerPrivateAccess.py
1635 CKV_AZURE_34 resource azurerm_storage_container Ensure that ‘Public access level’ is set to Private for blob containers Terraform StorageBlobServiceContainerPrivateAccess.py
1636 CKV_AZURE_34 resource blobServices/containers Ensure that ‘Public access level’ is set to Private for blob containers arm StorageBlobServiceContainerPrivateAccess.py
1637 CKV_AZURE_34 resource blobServices/containers Ensure that ‘Public access level’ is set to Private for blob containers Bicep StorageBlobServiceContainerPrivateAccess.py
1638 CKV_AZURE_34 resource containers Ensure that ‘Public access level’ is set to Private for blob containers arm StorageBlobServiceContainerPrivateAccess.py
1639 CKV_AZURE_34 resource containers Ensure that ‘Public access level’ is set to Private for blob containers Bicep StorageBlobServiceContainerPrivateAccess.py
1640 CKV_AZURE_35 resource Microsoft.Storage/storageAccounts Ensure default network access rule for Storage Accounts is set to deny arm StorageAccountDefaultNetworkAccessDeny.py
1641 CKV_AZURE_35 resource Microsoft.Storage/storageAccounts Ensure default network access rule for Storage Accounts is set to deny Bicep StorageAccountDefaultNetworkAccessDeny.py
1642 CKV_AZURE_35 resource azurerm_storage_account Ensure default network access rule for Storage Accounts is set to deny Terraform StorageAccountDefaultNetworkAccessDeny.py
1643 CKV_AZURE_35 resource azurerm_storage_account_network_rules Ensure default network access rule for Storage Accounts is set to deny Terraform StorageAccountDefaultNetworkAccessDeny.py
1644 CKV_AZURE_36 resource Microsoft.Storage/storageAccounts Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access arm StorageAccountAzureServicesAccessEnabled.py
1645 CKV_AZURE_36 resource Microsoft.Storage/storageAccounts Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Bicep StorageAccountAzureServicesAccessEnabled.py
1646 CKV_AZURE_36 resource azurerm_storage_account Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform StorageAccountAzureServicesAccessEnabled.py
1647 CKV_AZURE_36 resource azurerm_storage_account_network_rules Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform StorageAccountAzureServicesAccessEnabled.py
1648 CKV_AZURE_37 resource Microsoft.Insights/logprofiles Ensure that Activity Log Retention is set 365 days or greater arm MonitorLogProfileRetentionDays.py
1649 CKV_AZURE_37 resource Microsoft.Insights/logprofiles Ensure that Activity Log Retention is set 365 days or greater Bicep MonitorLogProfileRetentionDays.py
1650 CKV_AZURE_37 resource azurerm_monitor_log_profile Ensure that Activity Log Retention is set 365 days or greater Terraform MonitorLogProfileRetentionDays.py
1651 CKV_AZURE_38 resource Microsoft.Insights/logprofiles Ensure audit profile captures all the activities arm MonitorLogProfileCategories.py
1652 CKV_AZURE_38 resource Microsoft.Insights/logprofiles Ensure audit profile captures all the activities Bicep MonitorLogProfileCategories.py
1653 CKV_AZURE_38 resource azurerm_monitor_log_profile Ensure audit profile captures all the activities Terraform MonitorLogProfileCategories.py
1654 CKV_AZURE_39 resource Microsoft.Authorization/roleDefinitions Ensure that no custom subscription owner roles are created arm CustomRoleDefinitionSubscriptionOwner.py
1655 CKV_AZURE_39 resource Microsoft.Authorization/roleDefinitions Ensure that no custom subscription owner roles are created Bicep CustomRoleDefinitionSubscriptionOwner.py
1656 CKV_AZURE_39 resource azurerm_role_definition Ensure that no custom subscription owner roles are created Terraform CutsomRoleDefinitionSubscriptionOwner.py
1657 CKV_AZURE_40 resource azurerm_key_vault_key Ensure that the expiration date is set on all keys Terraform KeyExpirationDate.py
1658 CKV_AZURE_41 resource Microsoft.KeyVault/vaults/secrets Ensure that the expiration date is set on all secrets arm SecretExpirationDate.py
1659 CKV_AZURE_41 resource Microsoft.KeyVault/vaults/secrets Ensure that the expiration date is set on all secrets Bicep SecretExpirationDate.py
1660 CKV_AZURE_41 resource azurerm_key_vault_secret Ensure that the expiration date is set on all secrets Terraform SecretExpirationDate.py
1661 CKV_AZURE_42 resource Microsoft.KeyVault/vaults Ensure the key vault is recoverable arm KeyvaultRecoveryEnabled.py
1662 CKV_AZURE_42 resource Microsoft.KeyVault/vaults Ensure the key vault is recoverable Bicep KeyvaultRecoveryEnabled.py
1663 CKV_AZURE_42 resource azurerm_key_vault Ensure the key vault is recoverable Terraform KeyvaultRecoveryEnabled.py
1664 CKV_AZURE_43 resource azurerm_storage_account Ensure Storage Accounts adhere to the naming rules Terraform StorageAccountName.py
1665 CKV_AZURE_44 resource azurerm_storage_account Ensure Storage Account is using the latest version of TLS encryption Terraform StorageAccountMinimumTlsVersion.py
1666 CKV_AZURE_45 resource azurerm_virtual_machine Ensure that no sensitive credentials are exposed in VM custom_data Terraform VMCredsInCustomData.py
1667 CKV_AZURE_47 resource Microsoft.DBforMariaDB/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers arm MariaDBSSLEnforcementEnabled.py
1668 CKV_AZURE_47 resource Microsoft.DBforMariaDB/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers Bicep MariaDBSSLEnforcementEnabled.py
1669 CKV_AZURE_47 resource azurerm_mariadb_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers Terraform MariaDBSSLEnforcementEnabled.py
1670 CKV_AZURE_48 resource azurerm_mariadb_server Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers Terraform MariaDBPublicAccessDisabled.py
1671 CKV_AZURE_49 resource Microsoft.Compute/virtualMachineScaleSets Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) arm AzureScaleSetPassword.py
1672 CKV_AZURE_49 resource Microsoft.Compute/virtualMachineScaleSets Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) Bicep AzureScaleSetPassword.py
1673 CKV_AZURE_49 resource azurerm_linux_virtual_machine_scale_set Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) Terraform AzureScaleSetPassword.py
1674 CKV_AZURE_50 resource azurerm_linux_virtual_machine Ensure Virtual Machine Extensions are not Installed Terraform AzureInstanceExtensions.py
1675 CKV_AZURE_50 resource azurerm_windows_virtual_machine Ensure Virtual Machine Extensions are not Installed Terraform AzureInstanceExtensions.py
1676 CKV_AZURE_52 resource azurerm_mssql_server Ensure MSSQL is using the latest version of TLS encryption Terraform MSSQLServerMinTLSVersion.py
1677 CKV_AZURE_53 resource azurerm_mysql_server Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers Terraform MySQLPublicAccessDisabled.py
1678 CKV_AZURE_54 resource azurerm_mysql_server Ensure MySQL is using the latest version of TLS encryption Terraform MySQLServerMinTLSVersion.py
1679 CKV_AZURE_55 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Servers Terraform AzureDefenderOnServers.py
1680 CKV_AZURE_56 resource azurerm_function_app Ensure that function apps enables Authentication Terraform FunctionAppsEnableAuthentication.py
1681 CKV_AZURE_57 resource azurerm_app_service Ensure that CORS disallows every resource to access app services Terraform AppServiceDisallowCORS.py
1682 CKV_AZURE_57 resource azurerm_linux_web_app Ensure that CORS disallows every resource to access app services Terraform AppServiceDisallowCORS.py
1683 CKV_AZURE_57 resource azurerm_windows_web_app Ensure that CORS disallows every resource to access app services Terraform AppServiceDisallowCORS.py
1684 CKV_AZURE_58 resource azurerm_synapse_workspace Ensure that Azure Synapse workspaces enables managed virtual networks Terraform SynapseWorkspaceEnablesManagedVirtualNetworks.py
1685 CKV_AZURE_59 resource Microsoft.Storage/storageAccounts Ensure that Storage accounts disallow public access arm StorageAccountDisablePublicAccess.py
1686 CKV_AZURE_59 resource Microsoft.Storage/storageAccounts Ensure that Storage accounts disallow public access Bicep StorageAccountDisablePublicAccess.py
1687 CKV_AZURE_59 resource azurerm_storage_account Ensure that Storage accounts disallow public access Terraform StorageAccountDisablePublicAccess.py
1688 CKV_AZURE_61 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for App Service Terraform AzureDefenderOnAppServices.py
1689 CKV_AZURE_62 resource azurerm_function_app Ensure function apps are not accessible from all regions Terraform FunctionAppDisallowCORS.py
1690 CKV_AZURE_63 resource azurerm_app_service Ensure that App service enables HTTP logging Terraform AppServiceHttpLoggingEnabled.py
1691 CKV_AZURE_63 resource azurerm_linux_web_app Ensure that App service enables HTTP logging Terraform AppServiceHttpLoggingEnabled.py
1692 CKV_AZURE_63 resource azurerm_windows_web_app Ensure that App service enables HTTP logging Terraform AppServiceHttpLoggingEnabled.py
1693 CKV_AZURE_64 resource azurerm_storage_sync Ensure that Azure File Sync disables public network access Terraform StorageSyncPublicAccessDisabled.py
1694 CKV_AZURE_65 resource azurerm_app_service Ensure that App service enables detailed error messages Terraform AppServiceDetailedErrorMessagesEnabled.py
1695 CKV_AZURE_65 resource azurerm_linux_web_app Ensure that App service enables detailed error messages Terraform AppServiceDetailedErrorMessagesEnabled.py
1696 CKV_AZURE_65 resource azurerm_windows_web_app Ensure that App service enables detailed error messages Terraform AppServiceDetailedErrorMessagesEnabled.py
1697 CKV_AZURE_66 resource azurerm_app_service Ensure that App service enables failed request tracing Terraform AppServiceEnableFailedRequest.py
1698 CKV_AZURE_66 resource azurerm_linux_web_app Ensure that App service enables failed request tracing Terraform AppServiceEnableFailedRequest.py
1699 CKV_AZURE_66 resource azurerm_windows_web_app Ensure that App service enables failed request tracing Terraform AppServiceEnableFailedRequest.py
1700 CKV_AZURE_67 resource azurerm_function_app Ensure that ‘HTTP Version’ is the latest, if used to run the Function app Terraform FunctionAppHttpVersionLatest.py
1701 CKV_AZURE_67 resource azurerm_function_app_slot Ensure that ‘HTTP Version’ is the latest, if used to run the Function app Terraform FunctionAppHttpVersionLatest.py
1702 CKV_AZURE_68 resource azurerm_postgresql_server Ensure that PostgreSQL server disables public network access Terraform PostgreSQLServerPublicAccessDisabled.py
1703 CKV_AZURE_69 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Azure SQL database servers Terraform AzureDefenderOnSqlServers.py
1704 CKV_AZURE_70 resource azurerm_function_app Ensure that Function apps is only accessible over HTTPS Terraform FunctionAppsAccessibleOverHttps.py
1705 CKV_AZURE_71 resource azurerm_app_service Ensure that Managed identity provider is enabled for app services Terraform AppServiceIdentityProviderEnabled.py
1706 CKV_AZURE_71 resource azurerm_linux_web_app Ensure that Managed identity provider is enabled for app services Terraform AppServiceIdentityProviderEnabled.py
1707 CKV_AZURE_71 resource azurerm_windows_web_app Ensure that Managed identity provider is enabled for app services Terraform AppServiceIdentityProviderEnabled.py
1708 CKV_AZURE_72 resource azurerm_app_service Ensure that remote debugging is not enabled for app services Terraform AppServiceRemoteDebuggingNotEnabled.py
1709 CKV_AZURE_72 resource azurerm_linux_web_app Ensure that remote debugging is not enabled for app services Terraform AppServiceRemoteDebuggingNotEnabled.py
1710 CKV_AZURE_72 resource azurerm_windows_web_app Ensure that remote debugging is not enabled for app services Terraform AppServiceRemoteDebuggingNotEnabled.py
1711 CKV_AZURE_73 resource azurerm_automation_variable_bool Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1712 CKV_AZURE_73 resource azurerm_automation_variable_datetime Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1713 CKV_AZURE_73 resource azurerm_automation_variable_int Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1714 CKV_AZURE_73 resource azurerm_automation_variable_string Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1715 CKV_AZURE_74 resource azurerm_kusto_cluster Ensure that Azure Data Explorer (Kusto) uses disk encryption Terraform DataExplorerUsesDiskEncryption.py
1716 CKV_AZURE_75 resource azurerm_kusto_cluster Ensure that Azure Data Explorer uses double encryption Terraform AzureDataExplorerDoubleEncryptionEnabled.py
1717 CKV_AZURE_76 resource azurerm_batch_account Ensure that Azure Batch account uses key vault to encrypt data Terraform AzureBatchAccountUsesKeyVaultEncryption.py
1718 CKV_AZURE_77 resource azurerm_network_security_group Ensure that UDP Services are restricted from the Internet Terraform NSGRuleUDPAccessRestricted.py
1719 CKV_AZURE_77 resource azurerm_network_security_rule Ensure that UDP Services are restricted from the Internet Terraform NSGRuleUDPAccessRestricted.py
1720 CKV_AZURE_78 resource azurerm_app_service Ensure FTP deployments are disabled Terraform AppServiceFTPSState.py
1721 CKV_AZURE_78 resource azurerm_linux_web_app Ensure FTP deployments are disabled Terraform AppServiceFTPSState.py
1722 CKV_AZURE_78 resource azurerm_windows_web_app Ensure FTP deployments are disabled Terraform AppServiceFTPSState.py
1723 CKV_AZURE_79 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for SQL servers on machines Terraform AzureDefenderOnSqlServerVMS.py
1724 CKV_AZURE_80 resource azurerm_app_service Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app Terraform AppServiceDotnetFrameworkVersion.py
1725 CKV_AZURE_81 resource azurerm_app_service Ensure that ‘PHP version’ is the latest, if used to run the web app Terraform AppServicePHPVersion.py
1726 CKV_AZURE_82 resource azurerm_app_service Ensure that ‘Python version’ is the latest, if used to run the web app Terraform AppServicePythonVersion.py
1727 CKV_AZURE_83 resource azurerm_app_service Ensure that ‘Java version’ is the latest, if used to run the web app Terraform AppServiceJavaVersion.py
1728 CKV_AZURE_84 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Storage Terraform AzureDefenderOnStorage.py
1729 CKV_AZURE_85 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Kubernetes Terraform AzureDefenderOnKubernetes.py
1730 CKV_AZURE_86 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Container Registries Terraform AzureDefenderOnContainerRegistry.py
1731 CKV_AZURE_87 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Key Vault Terraform AzureDefenderOnKeyVaults.py
1732 CKV_AZURE_88 resource azurerm_app_service Ensure that app services use Azure Files Terraform AppServiceUsedAzureFiles.py
1733 CKV_AZURE_88 resource azurerm_linux_web_app Ensure that app services use Azure Files Terraform AppServiceUsedAzureFiles.py
1734 CKV_AZURE_88 resource azurerm_windows_web_app Ensure that app services use Azure Files Terraform AppServiceUsedAzureFiles.py
1735 CKV_AZURE_89 resource azurerm_redis_cache Ensure that Azure Cache for Redis disables public network access Terraform RedisCachePublicNetworkAccessEnabled.py
1736 CKV_AZURE_91 resource azurerm_redis_cache Ensure that only SSL are enabled for Cache for Redis Terraform RedisCacheEnableNonSSLPort.py
1737 CKV_AZURE_92 resource azurerm_linux_virtual_machine Ensure that Virtual Machines use managed disks Terraform VMStorageOsDisk.py
1738 CKV_AZURE_92 resource azurerm_windows_virtual_machine Ensure that Virtual Machines use managed disks Terraform VMStorageOsDisk.py
1739 CKV_AZURE_93 resource azurerm_managed_disk Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption Terraform AzureManagedDiskEncryptionSet.py
1740 CKV_AZURE_94 resource azurerm_mysql_flexible_server Ensure that My SQL server enables geo-redundant backups Terraform MySQLGeoBackupEnabled.py
1741 CKV_AZURE_94 resource azurerm_mysql_server Ensure that My SQL server enables geo-redundant backups Terraform MySQLGeoBackupEnabled.py
1742 CKV_AZURE_95 resource azurerm_virtual_machine_scale_set Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets Terraform VMScaleSetsAutoOSImagePatchingEnabled.py
1743 CKV_AZURE_96 resource azurerm_mysql_server Ensure that MySQL server enables infrastructure encryption Terraform MySQLEncryptionEnaled.py
1744 CKV_AZURE_97 resource azurerm_linux_virtual_machine_scale_set Ensure that Virtual machine scale sets have encryption at host enabled Terraform VMEncryptionAtHostEnabled.py
1745 CKV_AZURE_97 resource azurerm_windows_virtual_machine_scale_set Ensure that Virtual machine scale sets have encryption at host enabled Terraform VMEncryptionAtHostEnabled.py
1746 CKV_AZURE_98 resource azurerm_container_group Ensure that Azure Container group is deployed into virtual network Terraform AzureContainerGroupDeployedIntoVirtualNetwork.py
1747 CKV_AZURE_99 resource azurerm_cosmosdb_account Ensure Cosmos DB accounts have restricted access Terraform CosmosDBAccountsRestrictedAccess.py
1748 CKV_AZURE_100 resource azurerm_cosmosdb_account Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest Terraform CosmosDBHaveCMK.py
1749 CKV_AZURE_101 resource azurerm_cosmosdb_account Ensure that Azure Cosmos DB disables public network access Terraform CosmosDBDisablesPublicNetwork.py
1750 CKV_AZURE_102 resource azurerm_postgresql_server Ensure that PostgreSQL server enables geo-redundant backups Terraform PostgressSQLGeoBackupEnabled.py
1751 CKV_AZURE_103 resource azurerm_data_factory Ensure that Azure Data Factory uses Git repository for source control Terraform DataFactoryUsesGitRepository.py
1752 CKV_AZURE_104 resource azurerm_data_factory Ensure that Azure Data factory public network access is disabled Terraform DataFactoryNoPublicNetworkAccess.py
1753 CKV_AZURE_105 resource azurerm_data_lake_store Ensure that Data Lake Store accounts enables encryption Terraform DataLakeStoreEncryption.py
1754 CKV_AZURE_106 resource azurerm_eventgrid_domain Ensure that Azure Event Grid Domain public network access is disabled Terraform EventgridDomainNetworkAccess.py
1755 CKV_AZURE_107 resource azurerm_api_management Ensure that API management services use virtual networks Terraform APIServicesUseVirtualNetwork.py
1756 CKV_AZURE_108 resource azurerm_iothub Ensure that Azure IoT Hub disables public network access Terraform IoTNoPublicNetworkAccess.py
1757 CKV_AZURE_109 resource azurerm_key_vault Ensure that key vault allows firewall rules settings Terraform KeyVaultEnablesFirewallRulesSettings.py
1758 CKV_AZURE_110 resource azurerm_key_vault Ensure that key vault enables purge protection Terraform KeyVaultEnablesPurgeProtection.py
1759 CKV_AZURE_111 resource azurerm_key_vault Ensure that key vault enables soft delete Terraform KeyVaultEnablesSoftDelete.py
1760 CKV_AZURE_112 resource azurerm_key_vault_key Ensure that key vault key is backed by HSM Terraform KeyBackedByHSM.py
1761 CKV_AZURE_113 resource azurerm_mssql_server Ensure that SQL server disables public network access Terraform SQLServerPublicAccessDisabled.py
1762 CKV_AZURE_114 resource azurerm_key_vault_secret Ensure that key vault secrets have “content_type” set Terraform SecretContentType.py
1763 CKV_AZURE_115 resource azurerm_kubernetes_cluster Ensure that AKS enables private clusters Terraform AKSEnablesPrivateClusters.py
1764 CKV_AZURE_116 resource azurerm_kubernetes_cluster Ensure that AKS uses Azure Policies Add-on Terraform AKSUsesAzurePoliciesAddon.py
1765 CKV_AZURE_117 resource azurerm_kubernetes_cluster Ensure that AKS uses disk encryption set Terraform AKSUsesDiskEncryptionSet.py
1766 CKV_AZURE_118 resource azurerm_network_interface Ensure that Network Interfaces disable IP forwarding Terraform NetworkInterfaceEnableIPForwarding.py
1767 CKV_AZURE_119 resource azurerm_network_interface Ensure that Network Interfaces don’t use public IPs Terraform AzureNetworkInterfacePublicIPAddressId.yaml
1768 CKV_AZURE_120 resource azurerm_application_gateway Ensure that Application Gateway enables WAF Terraform ApplicationGatewayEnablesWAF.yaml
1769 CKV_AZURE_120 resource azurerm_web_application_firewall_policy Ensure that Application Gateway enables WAF Terraform ApplicationGatewayEnablesWAF.yaml
1770 CKV_AZURE_121 resource Microsoft.Network/frontDoors Ensure that Azure Front Door enables WAF arm AzureFrontDoorEnablesWAF.py
1771 CKV_AZURE_121 resource Microsoft.Network/frontDoors Ensure that Azure Front Door enables WAF Bicep AzureFrontDoorEnablesWAF.py
1772 CKV_AZURE_121 resource azurerm_frontdoor Ensure that Azure Front Door enables WAF Terraform AzureFrontDoorEnablesWAF.py
1773 CKV_AZURE_122 resource azurerm_web_application_firewall_policy Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes Terraform AppGWUseWAFMode.py
1774 CKV_AZURE_123 resource Microsoft.Network/FrontDoorWebApplicationFirewallPolicies Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes arm FrontdoorUseWAFMode.py
1775 CKV_AZURE_123 resource Microsoft.Network/FrontDoorWebApplicationFirewallPolicies Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes Bicep FrontdoorUseWAFMode.py
1776 CKV_AZURE_123 resource azurerm_frontdoor_firewall_policy Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes Terraform FrontdoorUseWAFMode.py
1777 CKV_AZURE_124 resource azurerm_search_service Ensure that Azure Cognitive Search disables public network access Terraform AzureSearchPublicNetworkAccessDisabled.py
1778 CKV_AZURE_125 resource azurerm_service_fabric_cluster Ensures that Service Fabric use three levels of protection available Terraform AzureServiceFabricClusterProtectionLevel.py
1779 CKV_AZURE_126 resource azurerm_service_fabric_cluster Ensures that Active Directory is used for authentication for Service Fabric Terraform ActiveDirectoryUsedAuthenticationServiceFabric.py
1780 CKV_AZURE_127 resource azurerm_mysql_server Ensure that My SQL server enables Threat detection policy Terraform MySQLTreatDetectionEnabled.py
1781 CKV_AZURE_128 resource azurerm_postgresql_server Ensure that PostgreSQL server enables Threat detection policy Terraform PostgresSQLTreatDetectionEnabled.py
1782 CKV_AZURE_129 resource azurerm_mariadb_server Ensure that MariaDB server enables geo-redundant backups Terraform MariaDBGeoBackupEnabled.py
1783 CKV_AZURE_130 resource azurerm_postgresql_server Ensure that PostgreSQL server enables infrastructure encryption Terraform PostgreSQLEncryptionEnabled.py
1784 CKV_AZURE_131 resource azurerm_security_center_contact Ensure that ‘Security contact emails’ is set Terraform SecurityCenterContactEmails.py
1785 CKV_AZURE_131 parameter secureString SecureString parameter should not have hardcoded default values arm SecureStringParameterNoHardcodedValue.py
1786 CKV_AZURE_131 parameter string SecureString parameter should not have hardcoded default values Bicep SecureStringParameterNoHardcodedValue.py
1787 CKV_AZURE_132 resource Microsoft.DocumentDB/databaseAccounts Ensure cosmosdb does not allow privileged escalation by restricting management plane changes arm CosmosDBDisableAccessKeyWrite.py
1788 CKV_AZURE_132 resource Microsoft.DocumentDB/databaseAccounts Ensure cosmosdb does not allow privileged escalation by restricting management plane changes Bicep CosmosDBDisableAccessKeyWrite.py
1789 CKV_AZURE_132 resource azurerm_cosmosdb_account Ensure cosmosdb does not allow privileged escalation by restricting management plane changes Terraform CosmosDBDisableAccessKeyWrite.py
1790 CKV_AZURE_133 resource azurerm_frontdoor_firewall_policy Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform FrontDoorWAFACLCVE202144228.py
1791 CKV_AZURE_134 resource azurerm_cognitive_account Ensure that Cognitive Services accounts disable public network access Terraform CognitiveServicesDisablesPublicNetwork.py
1792 CKV_AZURE_135 resource azurerm_web_application_firewall_policy Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform AppGatewayWAFACLCVE202144228.py
1793 CKV_AZURE_136 resource azurerm_postgresql_flexible_server Ensure that PostgreSQL Flexible server enables geo-redundant backups Terraform PostgreSQLFlexiServerGeoBackupEnabled.py
1794 CKV_AZURE_137 resource azurerm_container_registry Ensure ACR admin account is disabled Terraform ACRAdminAccountDisabled.py
1795 CKV_AZURE_138 resource azurerm_container_registry Ensures that ACR disables anonymous pulling of images Terraform ACRAnonymousPullDisabled.py
1796 CKV_AZURE_139 resource azurerm_container_registry Ensure ACR set to disable public networking Terraform ACRPublicNetworkAccessDisabled.py
1797 CKV_AZURE_140 resource azurerm_cosmosdb_account Ensure that Local Authentication is disabled on CosmosDB Terraform CosmosDBLocalAuthDisabled.py
1798 CKV_AZURE_141 resource azurerm_kubernetes_cluster Ensure AKS local admin account is disabled Terraform AKSLocalAdminDisabled.py
1799 CKV_AZURE_142 resource azurerm_machine_learning_compute_cluster Ensure Machine Learning Compute Cluster Local Authentication is disabled Terraform MLCCLADisabled.py
1800 CKV_AZURE_143 resource azurerm_kubernetes_cluster Ensure AKS cluster nodes do not have public IP addresses Terraform AKSNodePublicIpDisabled.py
1801 CKV_AZURE_144 resource azurerm_machine_learning_workspace Ensure that Public Access is disabled for Machine Learning Workspace Terraform MLPublicAccess.py
1802 CKV_AZURE_145 resource azurerm_function_app Ensure Function app is using the latest version of TLS encryption Terraform FunctionAppMinTLSVersion.py
1803 CKV_AZURE_146 resource azurerm_postgresql_configuration Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerLogRetentionEnabled.py
1804 CKV_AZURE_147 resource azurerm_postgresql_server Ensure PostgreSQL is using the latest version of TLS encryption Terraform PostgreSQLMinTLSVersion.py
1805 CKV_AZURE_148 resource azurerm_redis_cache Ensure Redis Cache is using the latest version of TLS encryption Terraform RedisCacheMinTLSVersion.py
1806 CKV_AZURE_149 resource azurerm_linux_virtual_machine Ensure that Virtual machine does not enable password authentication Terraform VMDisablePasswordAuthentication.py
1807 CKV_AZURE_149 resource azurerm_linux_virtual_machine_scale_set Ensure that Virtual machine does not enable password authentication Terraform VMDisablePasswordAuthentication.py
1808 CKV_AZURE_150 resource azurerm_machine_learning_compute_cluster Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0 Terraform MLComputeClusterMinNodes.py
1809 CKV_AZURE_151 resource azurerm_windows_virtual_machine Ensure Windows VM enables encryption Terraform WinVMEncryptionAtHost.py
1810 CKV_AZURE_152 resource azurerm_api_management Ensure Client Certificates are enforced for API management Terraform APIManagementCertsEnforced.py
1811 CKV_AZURE_153 resource azurerm_app_service_slot Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot Terraform AppServiceSlotHTTPSOnly.py
1812 CKV_AZURE_154 resource azurerm_app_service_slot Ensure the App service slot is using the latest version of TLS encryption Terraform AppServiceSlotMinTLS.py
1813 CKV_AZURE_155 resource azurerm_app_service_slot Ensure debugging is disabled for the App service slot Terraform AppServiceSlotDebugDisabled.py
1814 CKV_AZURE_156 resource azurerm_mssql_database_extended_auditing_policy Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs Terraform MSSQLServerAuditPolicyLogMonitor.py
1815 CKV_AZURE_157 resource azurerm_synapse_workspace Ensure that Synapse workspace has data_exfiltration_protection_enabled Terraform SynapseWorkspaceEnablesDataExfilProtection.py
1816 CKV_AZURE_158 resource azurerm_databricks_workspace Ensure that databricks workspace has not public Terraform DatabricksWorkspaceIsNotPublic.py
1817 CKV_AZURE_159 resource azurerm_function_app Ensure function app builtin logging is enabled Terraform FunctionAppEnableLogging.py
1818 CKV_AZURE_159 resource azurerm_function_app_slot Ensure function app builtin logging is enabled Terraform FunctionAppEnableLogging.py
1819 CKV_AZURE_160 resource azurerm_network_security_group Ensure that HTTP (port 80) access is restricted from the internet Terraform NSGRuleHTTPAccessRestricted.py
1820 CKV_AZURE_160 resource azurerm_network_security_rule Ensure that HTTP (port 80) access is restricted from the internet Terraform NSGRuleHTTPAccessRestricted.py
1821 CKV_AZURE_161 resource azurerm_spring_cloud_api_portal Ensures Spring Cloud API Portal is enabled on for HTTPS Terraform SpringCloudAPIPortalHTTPSOnly.py
1822 CKV_AZURE_162 resource azurerm_spring_cloud_api_portal Ensures Spring Cloud API Portal Public Access Is Disabled Terraform SpringCloudAPIPortalPublicAccessIsDisabled.py
1823 CKV_AZURE_163 resource azurerm_container_registry Enable vulnerability scanning for container images. Terraform ACRContainerScanEnabled.py
1824 CKV_AZURE_164 resource azurerm_container_registry Ensures that ACR uses signed/trusted images Terraform ACRUseSignedImages.py
1825 CKV_AZURE_165 resource azurerm_container_registry Ensure geo-replicated container registries to match multi-region container deployments. Terraform ACRGeoreplicated.py
1826 CKV_AZURE_166 resource azurerm_container_registry Ensure container image quarantine, scan, and mark images verified Terraform ACREnableImageQuarantine.py
1827 CKV_AZURE_167 resource azurerm_container_registry Ensure a retention policy is set to cleanup untagged manifests. Terraform ACREnableRetentionPolicy.py
1828 CKV_AZURE_168 resource azurerm_kubernetes_cluster Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. Terraform AKSMaxPodsMinimum.py
1829 CKV_AZURE_168 resource azurerm_kubernetes_cluster_node_pool Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. Terraform AKSMaxPodsMinimum.py
1830 CKV_AZURE_169 resource azurerm_kubernetes_cluster Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets Terraform AKSPoolTypeIsScaleSet.py
1831 CKV_AZURE_170 resource azurerm_kubernetes_cluster Ensure that AKS use the Paid Sku for its SLA Terraform AKSIsPaidSku.py
1832 CKV_AZURE_171 resource azurerm_kubernetes_cluster Ensure AKS cluster upgrade channel is chosen Terraform AKSUpgradeChannel.py
1833 CKV_AZURE_172 resource azurerm_kubernetes_cluster Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters Terraform AKSSecretStoreRotation.py
1834 CKV_AZURE_173 resource azurerm_api_management Ensure API management uses at least TLS 1.2 Terraform APIManagementMinTLS12.py
1835 CKV_AZURE_174 resource azurerm_api_management Ensure API management public access is disabled Terraform APIManagementPublicAccess.py
1836 CKV_AZURE_175 resource azurerm_web_pubsub Ensure Web PubSub uses a SKU with an SLA Terraform PubsubSKUSLA.py
1837 CKV_AZURE_176 resource azurerm_web_pubsub Ensure Web PubSub uses managed identities to access Azure resources Terraform PubsubSpecifyIdentity.py
1838 CKV_AZURE_177 resource azurerm_windows_virtual_machine Ensure Windows VM enables automatic updates Terraform WinVMAutomaticUpdates.py
1839 CKV_AZURE_177 resource azurerm_windows_virtual_machine_scale_set Ensure Windows VM enables automatic updates Terraform WinVMAutomaticUpdates.py
1840 CKV_AZURE_178 resource azurerm_linux_virtual_machine Ensure linux VM enables SSH with keys for secure communication Terraform LinuxVMUsesSSH.py
1841 CKV_AZURE_178 resource azurerm_linux_virtual_machine_scale_set Ensure linux VM enables SSH with keys for secure communication Terraform LinuxVMUsesSSH.py
1842 CKV_AZURE_179 resource azurerm_linux_virtual_machine Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1843 CKV_AZURE_179 resource azurerm_linux_virtual_machine_scale_set Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1844 CKV_AZURE_179 resource azurerm_windows_virtual_machine Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1845 CKV_AZURE_179 resource azurerm_windows_virtual_machine_scale_set Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1846 CKV_AZURE_180 resource azurerm_kusto_cluster Ensure that data explorer uses Sku with an SLA Terraform DataExplorerSKUHasSLA.py
1847 CKV_AZURE_181 resource azurerm_kusto_cluster Ensure that data explorer/Kusto uses managed identities to access Azure resources securely. Terraform DataExplorerServiceIdentity.py
1848 CKV_AZURE_182 resource azurerm_virtual_network Ensure that VNET has at least 2 connected DNS Endpoints Terraform VnetSingleDNSServer.py
1849 CKV_AZURE_182 resource azurerm_virtual_network_dns_servers Ensure that VNET has at least 2 connected DNS Endpoints Terraform VnetSingleDNSServer.py
1850 CKV_AZURE_183 resource azurerm_virtual_network Ensure that VNET uses local DNS addresses Terraform VnetLocalDNS.py
1851 CKV_AZURE_184 resource azurerm_app_configuration Ensure ‘local_auth_enabled’ is set to ‘False’ Terraform AppConfigLocalAuth.py
1852 CKV_AZURE_185 resource azurerm_app_configuration Ensure ‘Public Access’ is not Enabled for App configuration Terraform AppConfigPublicAccess.py
1853 CKV_AZURE_186 resource azurerm_app_configuration Ensure App configuration encryption block is set. Terraform AppConfigEncryption.py
1854 CKV_AZURE_187 resource azurerm_app_configuration Ensure App configuration purge protection is enabled Terraform AppConfigPurgeProtection.py
1855 CKV_AZURE_188 resource azurerm_app_configuration Ensure App configuration Sku is standard Terraform AppConfigSku.py
1856 CKV_AZURE_189 resource azurerm_key_vault Ensure that Azure Key Vault disables public network access Terraform KeyVaultDisablesPublicNetworkAccess.py
1857 CKV_AZURE_190 resource azurerm_storage_account Ensure that Storage blobs restrict public access Terraform StorageBlobRestrictPublicAccess.py
1858 CKV_AZURE_191 resource azurerm_eventgrid_topic Ensure that Managed identity provider is enabled for Azure Event Grid Topic Terraform EventgridTopicIdentityProviderEnabled.py
1859 CKV_AZURE_192 resource azurerm_eventgrid_topic Ensure that Azure Event Grid Topic local Authentication is disabled Terraform EventgridTopicLocalAuthentication.py
1860 CKV_AZURE_193 resource azurerm_eventgrid_topic Ensure public network access is disabled for Azure Event Grid Topic Terraform EventgridTopicNetworkAccess.py
1861 CKV_AZURE_194 resource azurerm_eventgrid_domain Ensure that Managed identity provider is enabled for Azure Event Grid Domain Terraform EventgridDomainIdentityProviderEnabled.py
1862 CKV_AZURE_195 resource azurerm_eventgrid_domain Ensure that Azure Event Grid Domain local Authentication is disabled Terraform EventgridDomainLocalAuthentication.py
1863 CKV_AZURE_196 resource azurerm_signalr_service Ensure that SignalR uses a Paid Sku for its SLA Terraform SignalRSKUSLA.py
1864 CKV_AZURE_197 resource azurerm_cdn_endpoint Ensure the Azure CDN disables the HTTP endpoint Terraform CDNDisableHttpEndpoints.py
1865 CKV_AZURE_198 resource azurerm_cdn_endpoint Ensure the Azure CDN enables the HTTPS endpoint Terraform CDNEnableHttpsEndpoints.py
1866 CKV_AZURE_199 resource azurerm_servicebus_namespace Ensure that Azure Service Bus uses double encryption Terraform AzureServicebusDoubleEncryptionEnabled.py
1867 CKV_AZURE_200 resource azurerm_cdn_endpoint_custom_domain Ensure the Azure CDN endpoint is using the latest version of TLS encryption Terraform CDNTLSProtocol12.py
1868 CKV_AZURE_201 resource azurerm_servicebus_namespace Ensure that Azure Service Bus uses a customer-managed key to encrypt data Terraform AzureServicebusHasCMK.py
1869 CKV_AZURE_202 resource azurerm_servicebus_namespace Ensure that Managed identity provider is enabled for Azure Service Bus Terraform AzureServicebusIdentityProviderEnabled.py
1870 CKV_AZURE_203 resource azurerm_servicebus_namespace Ensure Azure Service Bus Local Authentication is disabled Terraform AzureServicebusLocalAuthDisabled.py
1871 CKV_AZURE_204 resource azurerm_servicebus_namespace Ensure ‘public network access enabled’ is set to ‘False’ for Azure Service Bus Terraform AzureServicebusPublicAccessDisabled.py
1872 CKV_AZURE_205 resource azurerm_servicebus_namespace Ensure Azure Service Bus is using the latest version of TLS encryption Terraform AzureServicebusMinTLSVersion.py
1873 CKV_AZURE_206 resource azurerm_storage_account Ensure that Storage Accounts use replication Terraform StorageAccountsUseReplication.py
1874 CKV_AZURE_207 resource azurerm_search_service Ensure Azure Cognitive Search service uses managed identities to access Azure resources Terraform AzureSearchManagedIdentity.py
1875 CKV_AZURE_208 resource azurerm_search_service Ensure that Azure Cognitive Search maintains SLA for index updates Terraform AzureSearchSLAIndex.py
1876 CKV_AZURE_209 resource azurerm_search_service Ensure that Azure Cognitive Search maintains SLA for search index queries Terraform AzureSearchSLAQueryUpdates.py
1877 CKV_AZURE_210 resource azurerm_search_service Ensure Azure Cognitive Search service allowed IPS does not give public Access Terraform AzureSearchAllowedIPsNotGlobal.py
1878 CKV_AZURE_211 resource azurerm_service_plan Ensure App Service plan suitable for production use Terraform AppServiceSkuMinimum.py
1879 CKV_AZURE_212 resource azurerm_service_plan Ensure App Service has a minimum number of instances for failover Terraform AppServiceInstanceMinimum.py
1880 CKV_AZURE_213 resource azurerm_app_service Ensure that App Service configures health check Terraform AppServiceSetHealthCheck.py
1881 CKV_AZURE_213 resource azurerm_linux_web_app Ensure that App Service configures health check Terraform AppServiceSetHealthCheck.py
1882 CKV_AZURE_213 resource azurerm_windows_web_app Ensure that App Service configures health check Terraform AppServiceSetHealthCheck.py
1883 CKV_AZURE_214 resource azurerm_linux_web_app Ensure App Service is set to be always on Terraform AppServiceAlwaysOn.py
1884 CKV_AZURE_214 resource azurerm_windows_web_app Ensure App Service is set to be always on Terraform AppServiceAlwaysOn.py
1885 CKV_AZURE_215 resource azurerm_api_management_backend Ensure API management backend uses https Terraform APIManagementBackendHTTPS.py
1886 CKV_AZURE_216 resource Microsoft.Network/azureFirewalls Ensure DenyIntelMode is set to Deny for Azure Firewalls arm AzureFirewallDenyThreatIntelMode.py
1887 CKV_AZURE_216 resource Microsoft.Network/azureFirewalls Ensure DenyIntelMode is set to Deny for Azure Firewalls Bicep AzureFirewallDenyThreatIntelMode.py
1888 CKV_AZURE_216 resource azurerm_firewall Ensure DenyIntelMode is set to Deny for Azure Firewalls Terraform AzureFirewallDenyThreatIntelMode.py
1889 CKV_AZURE_217 resource azurerm_application_gateway Ensure Azure Application gateways listener that allow connection requests over HTTP Terraform AppGWUsesHttps.py
1890 CKV_AZURE_218 resource azurerm_application_gateway Ensure Application Gateway defines secure protocols for in transit communication Terraform AppGWDefinesSecureProtocols.py
1891 CKV_AZURE_219 resource azurerm_firewall Ensure Firewall defines a firewall policy Terraform AzureFirewallDefinesPolicy.py
1892 CKV_AZURE_220 resource azurerm_firewall_policy Ensure Firewall policy has IDPS mode as deny Terraform AzureFirewallPolicyIDPSDeny.py
1893 CKV2_AZURE_1 resource azurerm_storage_account Ensure storage for critical data are encrypted with Customer Managed Key Terraform StorageCriticalDataEncryptedCMK.yaml
1894 CKV2_AZURE_2 resource azurerm_mssql_server_security_alert_policy Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account Terraform VAisEnabledInStorageAccount.yaml
1895 CKV2_AZURE_2 resource azurerm_sql_server Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account Terraform VAisEnabledInStorageAccount.yaml
1896 CKV2_AZURE_3 resource azurerm_mssql_server Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1897 CKV2_AZURE_3 resource azurerm_mssql_server_security_alert_policy Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1898 CKV2_AZURE_3 resource azurerm_mssql_server_vulnerability_assessment Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1899 CKV2_AZURE_3 resource azurerm_sql_server Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1900 CKV2_AZURE_4 resource azurerm_mssql_server Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1901 CKV2_AZURE_4 resource azurerm_mssql_server_security_alert_policy Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1902 CKV2_AZURE_4 resource azurerm_mssql_server_vulnerability_assessment Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1903 CKV2_AZURE_4 resource azurerm_sql_server Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1904 CKV2_AZURE_5 resource azurerm_mssql_server Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1905 CKV2_AZURE_5 resource azurerm_mssql_server_security_alert_policy Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1906 CKV2_AZURE_5 resource azurerm_mssql_server_vulnerability_assessment Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1907 CKV2_AZURE_5 resource azurerm_sql_server Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1908 CKV2_AZURE_6 resource azurerm_sql_firewall_rule Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled Terraform AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1909 CKV2_AZURE_6 resource azurerm_sql_server Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled Terraform AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1910 CKV2_AZURE_7 resource azurerm_sql_server Ensure that Azure Active Directory Admin is configured Terraform AzureActiveDirectoryAdminIsConfigured.yaml
1911 CKV2_AZURE_8 resource azurerm_monitor_activity_log_alert Ensure the storage container storing the activity logs is not publicly accessible Terraform StorageContainerActivityLogsNotPublic.yaml
1912 CKV2_AZURE_8 resource azurerm_storage_account Ensure the storage container storing the activity logs is not publicly accessible Terraform StorageContainerActivityLogsNotPublic.yaml
1913 CKV2_AZURE_8 resource azurerm_storage_container Ensure the storage container storing the activity logs is not publicly accessible Terraform StorageContainerActivityLogsNotPublic.yaml
1914 CKV2_AZURE_9 resource azurerm_virtual_machine Ensure Virtual Machines are utilizing Managed Disks Terraform VirtualMachinesUtilizingManagedDisks.yaml
1915 CKV2_AZURE_10 resource azurerm_virtual_machine Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Terraform AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1916 CKV2_AZURE_10 resource azurerm_virtual_machine_extension Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Terraform AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1917 CKV2_AZURE_11 resource azurerm_kusto_cluster Ensure that Azure Data Explorer encryption at rest uses a customer-managed key Terraform DataExplorerEncryptionUsesCustomKey.yaml
1918 CKV2_AZURE_12 resource azurerm_virtual_machine Ensure that virtual machines are backed up using Azure Backup Terraform VMHasBackUpMachine.yaml
1919 CKV2_AZURE_13 resource azurerm_mssql_server_security_alert_policy Ensure that sql servers enables data security policy Terraform AzureMSSQLServerHasSecurityAlertPolicy.yaml
1920 CKV2_AZURE_13 resource azurerm_sql_server Ensure that sql servers enables data security policy Terraform AzureMSSQLServerHasSecurityAlertPolicy.yaml
1921 CKV2_AZURE_14 resource azurerm_managed_disk Ensure that Unattached disks are encrypted Terraform AzureUnattachedDisksAreEncrypted.yaml
1922 CKV2_AZURE_14 resource azurerm_virtual_machine Ensure that Unattached disks are encrypted Terraform AzureUnattachedDisksAreEncrypted.yaml
1923 CKV2_AZURE_15 resource azurerm_data_factory Ensure that Azure data factories are encrypted with a customer-managed key Terraform AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml
1924 CKV2_AZURE_16 resource azurerm_mysql_server Ensure that MySQL server enables customer-managed key for encryption Terraform MSQLenablesCustomerManagedKey.yaml
1925 CKV2_AZURE_16 resource azurerm_mysql_server_key Ensure that MySQL server enables customer-managed key for encryption Terraform MSQLenablesCustomerManagedKey.yaml
1926 CKV2_AZURE_17 resource azurerm_postgresql_server Ensure that PostgreSQL server enables customer-managed key for encryption Terraform PGSQLenablesCustomerManagedKey.yaml
1927 CKV2_AZURE_17 resource azurerm_postgresql_server_key Ensure that PostgreSQL server enables customer-managed key for encryption Terraform PGSQLenablesCustomerManagedKey.yaml
1928 CKV2_AZURE_18 resource azurerm_storage_account Ensure that Storage Accounts use customer-managed key for encryption Terraform AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml
1929 CKV2_AZURE_18 resource azurerm_storage_account_customer_managed_key Ensure that Storage Accounts use customer-managed key for encryption Terraform AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml
1930 CKV2_AZURE_19 resource azurerm_synapse_workspace Ensure that Azure Synapse workspaces have no IP firewall rules attached Terraform AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml
1931 CKV2_AZURE_20 resource azurerm_log_analytics_storage_insights Ensure Storage logging is enabled for Table service for read requests Terraform StorageLoggingIsEnabledForTableService.yaml
1932 CKV2_AZURE_20 resource azurerm_storage_account Ensure Storage logging is enabled for Table service for read requests Terraform StorageLoggingIsEnabledForTableService.yaml
1933 CKV2_AZURE_20 resource azurerm_storage_table Ensure Storage logging is enabled for Table service for read requests Terraform StorageLoggingIsEnabledForTableService.yaml
1934 CKV2_AZURE_21 resource azurerm_log_analytics_storage_insights Ensure Storage logging is enabled for Blob service for read requests Terraform StorageLoggingIsEnabledForBlobService.yaml
1935 CKV2_AZURE_21 resource azurerm_storage_account Ensure Storage logging is enabled for Blob service for read requests Terraform StorageLoggingIsEnabledForBlobService.yaml
1936 CKV2_AZURE_21 resource azurerm_storage_container Ensure Storage logging is enabled for Blob service for read requests Terraform StorageLoggingIsEnabledForBlobService.yaml
1937 CKV2_AZURE_22 resource azurerm_cognitive_account Ensure that Cognitive Services enables customer-managed key for encryption Terraform CognitiveServicesCustomerManagedKey.yaml
1938 CKV2_AZURE_22 resource azurerm_cognitive_account_customer_managed_key Ensure that Cognitive Services enables customer-managed key for encryption Terraform CognitiveServicesCustomerManagedKey.yaml
1939 CKV2_AZURE_23 resource Microsoft.AppPlatform/Spring Ensure Azure spring cloud is configured with Virtual network (Vnet) arm AzureSpringCloudConfigWithVnet.yaml
1940 CKV2_AZURE_23 resource azurerm_spring_cloud_service Ensure Azure spring cloud is configured with Virtual network (Vnet) Terraform AzureSpringCloudConfigWithVnet.yaml
1941 CKV2_AZURE_24 resource azurerm_automation_account Ensure Azure automation account does NOT have overly permissive network access Terraform AzureAutomationAccNotOverlyPermissiveNetAccess.yaml
1942 CKV2_AZURE_25 resource azurerm_mssql_database Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled Terraform AzureSqlDbEnableTransparentDataEncryption.yaml
1943 CKV2_AZURE_26 resource azurerm_postgresql_flexible_server_firewall_rule Ensure Azure PostgreSQL Flexible server is not configured with overly permissive network access Terraform AzurePostgreSQLFlexServerNotOverlyPermissive.yaml
1944 CKV2_AZURE_27 resource azurerm_mssql_server Ensure Azure AD authentication is enabled for Azure SQL (MSSQL) Terraform AzureConfigMSSQLwithAD.yaml
1945 CKV2_AZURE_28 resource azurerm_container_group Ensure Container Instance is configured with managed identity Terraform AzureContainerInstanceconfigManagedIdentity.yaml
1946 CKV2_AZURE_29 resource azurerm_kubernetes_cluster Ensure AKS cluster has Azure CNI networking enabled Terraform AzureAKSclusterAzureCNIEnabled.yaml
1947 CKV2_AZURE_30 resource azurerm_container_registry_webhook Ensure Azure Container Registry (ACR) has HTTPS enabled for webhook Terraform AzureACR_HTTPSwebhook.yaml
1948 CKV2_AZURE_31 resource azurerm_subnet Ensure VNET subnet is configured with a Network Security Group (NSG) Terraform AzureSubnetConfigWithNSG.yaml
1949 CKV2_AZURE_32 resource azurerm_key_vault Ensure private endpoint is configured to key vault Terraform AzureKeyVaultConfigPrivateEndpoint.yaml
1950 CKV2_AZURE_33 resource azurerm_storage_account Ensure storage account is configured with private endpoint Terraform AzureStorageAccConfigWithPrivateEndpoint.yaml
1951 CKV2_AZURE_34 resource azurerm_sql_firewall_rule Ensure Azure SQL server firewall is not overly permissive Terraform AzureSQLserverNotOverlyPermissive.yaml
1952 CKV2_AZURE_35 resource azurerm_recovery_services_vault Ensure Azure recovery services vault is configured with managed identity Terraform AzureRecoveryServicesvaultConfigManagedIdentity.yaml
1953 CKV2_AZURE_36 resource azurerm_automation_account Ensure Azure automation account is configured with managed identity Terraform AzureAutomationAccConfigManagedIdentity.yaml
1954 CKV2_AZURE_37 resource azurerm_mariadb_server Ensure Azure MariaDB server is using latest TLS (1.2) Terraform AzureMariaDBserverUsingTLS_1_2.yaml
1955 CKV2_AZURE_38 resource azurerm_storage_account Ensure soft-delete is enabled on Azure storage account Terraform AzureStorageAccountEnableSoftDelete.yaml
1956 CKV_AZUREPIPELINES_1 azure_pipelines jobs Ensure container job uses a non latest version tag Azure Pipelines ContainerLatestTag.py
1957 CKV_AZUREPIPELINES_1 azure_pipelines stages[].jobs[] Ensure container job uses a non latest version tag Azure Pipelines ContainerLatestTag.py
1958 CKV_AZUREPIPELINES_2 azure_pipelines jobs Ensure container job uses a version digest Azure Pipelines ContainerDigest.py
1959 CKV_AZUREPIPELINES_2 azure_pipelines stages[].jobs[] Ensure container job uses a version digest Azure Pipelines ContainerDigest.py
1960 CKV_AZUREPIPELINES_3 azure_pipelines jobs[].steps[] Ensure set variable is not marked as a secret Azure Pipelines SetSecretVariable.py
1961 CKV_AZUREPIPELINES_3 azure_pipelines stages[].jobs[].steps[] Ensure set variable is not marked as a secret Azure Pipelines SetSecretVariable.py
1962 CKV_AZUREPIPELINES_5 azure_pipelines *.container[] Detecting image usages in azure pipelines workflows Azure Pipelines DetectImagesUsage.py
1963 CKV_AZUREPIPELINES_5 azure_pipelines jobs[] Detecting image usages in azure pipelines workflows Azure Pipelines DetectImagesUsage.py
1964 CKV_AZUREPIPELINES_5 azure_pipelines stages[].jobs[] Detecting image usages in azure pipelines workflows Azure Pipelines DetectImagesUsage.py
1965 CKV_BCW_1 provider bridgecrew Ensure no hard coded API token exist in the provider Terraform credentials.py
1966 CKV_BITBUCKET_1 bitbucket_configuration * Merge requests should require at least 2 approvals bitbucket_configuration merge_requests_approvals.py
1967 CKV_BITBUCKETPIPELINES_1 bitbucket_pipelines [{image:image,startline:startline,endline:endline}] Ensure the pipeline image uses a non latest version tag bitbucket_pipelines latest_image.py
1968 CKV_BITBUCKETPIPELINES_1 bitbucket_pipelines pipelines..[][][][].step.{image: image, startline: startline, endline:endline} Ensure the pipeline image uses a non latest version tag bitbucket_pipelines latest_image.py
1969 CKV_BITBUCKETPIPELINES_1 bitbucket_pipelines pipelines.default[].step.{image: image, startline: startline, endline:endline} Ensure the pipeline image uses a non latest version tag bitbucket_pipelines latest_image.py
1970 CKV_CIRCLECIPIPELINES_1 circleci_pipelines jobs.*.docker[].{image: image, startline: startline, endline:endline} Ensure the pipeline image uses a non latest version tag circleci_pipelines latest_image.py
1971 CKV_CIRCLECIPIPELINES_2 circleci_pipelines jobs.*.docker[].{image: image, startline: startline, endline:endline} Ensure the pipeline image version is referenced via hash not arbitrary tag. circleci_pipelines image_version_not_hash.py
1972 CKV_CIRCLECIPIPELINES_3 circleci_pipelines orbs.{orbs: @} Ensure mutable development orbs are not used. circleci_pipelines prevent_development_orbs.py
1973 CKV_CIRCLECIPIPELINES_4 circleci_pipelines orbs.{orbs: @} Ensure unversioned volatile orbs are not used. circleci_pipelines prevent_volatile_orbs.py
1974 CKV_CIRCLECIPIPELINES_5 circleci_pipelines jobs.*.steps[] Suspicious use of netcat with IP address circleci_pipelines ReverseShellNetcat.py
1975 CKV_CIRCLECIPIPELINES_6 circleci_pipelines jobs.*.steps[] Ensure run commands are not vulnerable to shell injection circleci_pipelines ShellInjection.py
1976 CKV_CIRCLECIPIPELINES_7 circleci_pipelines jobs.*.steps[] Suspicious use of curl in run task circleci_pipelines SuspectCurlInScript.py
1977 CKV_CIRCLECIPIPELINES_8 circleci_pipelines executors.*.docker[].{image: image, startline: startline, endline:endline} Detecting image usages in circleci pipelines circleci_pipelines DetectImagesUsage.py
1978 CKV_CIRCLECIPIPELINES_8 circleci_pipelines jobs.*.docker[].{image: image, startline: startline, endline:endline} Detecting image usages in circleci pipelines circleci_pipelines DetectImagesUsage.py
1979 CKV_DIO_1 resource digitalocean_spaces_bucket Ensure the Spaces bucket has versioning enabled Terraform SpacesBucketVersioning.py
1980 CKV_DIO_2 resource digitalocean_droplet Ensure the droplet specifies an SSH key Terraform DropletSSHKeys.py
1981 CKV_DIO_3 resource digitalocean_spaces_bucket Ensure the Spaces bucket is private Terraform SpacesBucketPublicRead.py
1982 CKV_DIO_4 resource digitalocean_firewall Ensure the firewall ingress is not wide open Terraform FirewallIngressOpen.py
1983 CKV_DOCKER_1 dockerfile EXPOSE Ensure port 22 is not exposed dockerfile ExposePort22.py
1984 CKV_DOCKER_2 dockerfile * Ensure that HEALTHCHECK instructions have been added to container images dockerfile HealthcheckExists.py
1985 CKV_DOCKER_3 dockerfile * Ensure that a user for the container has been created dockerfile UserExists.py
1986 CKV_DOCKER_4 dockerfile ADD Ensure that COPY is used instead of ADD in Dockerfiles dockerfile AddExists.py
1987 CKV_DOCKER_5 dockerfile RUN Ensure update instructions are not use alone in the Dockerfile dockerfile UpdateNotAlone.py
1988 CKV_DOCKER_6 dockerfile MAINTAINER Ensure that LABEL maintainer is used instead of MAINTAINER (deprecated) dockerfile MaintainerExists.py
1989 CKV_DOCKER_7 dockerfile FROM Ensure the base image uses a non latest version tag dockerfile ReferenceLatestTag.py
1990 CKV_DOCKER_8 dockerfile USER Ensure the last USER is not root dockerfile RootUser.py
1991 CKV_DOCKER_9 dockerfile RUN Ensure that APT isn’t used dockerfile RunUsingAPT.py
1992 CKV_DOCKER_10 dockerfile WORKDIR Ensure that WORKDIR values are absolute paths dockerfile WorkdirIsAbsolute.py
1993 CKV_DOCKER_11 dockerfile FROM Ensure From Alias are unique for multistage builds. dockerfile AliasIsUnique.py
1994 CKV2_DOCKER_1 resource RUN Ensure that sudo isn’t used dockerfile RunUsingSudo.yaml
1995 CKV2_DOCKER_2 resource RUN Ensure that certificate validation isn’t disabled with curl dockerfile RunUnsafeCurl.yaml
1996 CKV2_DOCKER_3 resource RUN Ensure that certificate validation isn’t disabled with wget dockerfile RunUnsafeWget.yaml
1997 CKV2_DOCKER_4 resource RUN Ensure that certificate validation isn’t disabled with the pip ‘–trusted-host’ option dockerfile RunPipTrustedHost.yaml
1998 CKV2_DOCKER_5 resource ARG Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable dockerfile EnvPythonHttpsVerify.yaml
1999 CKV2_DOCKER_5 resource ENV Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable dockerfile EnvPythonHttpsVerify.yaml
2000 CKV2_DOCKER_5 resource RUN Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable dockerfile EnvPythonHttpsVerify.yaml
2001 CKV2_DOCKER_6 resource ARG Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable dockerfile EnvNodeTlsRejectUnauthorized.yaml
2002 CKV2_DOCKER_6 resource ENV Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable dockerfile EnvNodeTlsRejectUnauthorized.yaml
2003 CKV2_DOCKER_6 resource RUN Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable dockerfile EnvNodeTlsRejectUnauthorized.yaml
2004 CKV2_DOCKER_7 resource RUN Ensure that packages with untrusted or missing signatures are not used by apk via the ‘–allow-untrusted’ option dockerfile RunApkAllowUntrusted.yaml
2005 CKV2_DOCKER_8 resource RUN Ensure that packages with untrusted or missing signatures are not used by apt-get via the ‘–allow-unauthenticated’ option dockerfile RunAptGetAllowUnauthenticated.yaml
2006 CKV2_DOCKER_9 resource RUN Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the ‘–nogpgcheck’ option dockerfile RunYumNoGpgCheck.yaml
2007 CKV2_DOCKER_10 resource RUN Ensure that packages with untrusted or missing signatures are not used by rpm via the ‘–nodigest’, ‘–nosignature’, ‘–noverify’, or ‘–nofiledigest’ options dockerfile RunRpmNoSignature.yaml
2008 CKV2_DOCKER_11 resource RUN Ensure that the ‘–force-yes’ option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state dockerfile RunAptGetForceYes.yaml
2009 CKV2_DOCKER_12 resource ARG Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable dockerfile EnvNpmConfigStrictSsl.yaml
2010 CKV2_DOCKER_12 resource ENV Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable dockerfile EnvNpmConfigStrictSsl.yaml
2011 CKV2_DOCKER_12 resource RUN Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable dockerfile EnvNpmConfigStrictSsl.yaml
2012 CKV2_DOCKER_13 resource RUN Ensure that certificate validation isn’t disabled for npm or yarn by setting the option strict-ssl to false dockerfile RunNpmConfigSetStrictSsl.yaml
2013 CKV2_DOCKER_14 resource ARG Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value dockerfile EnvGitSslNoVerify.yaml
2014 CKV2_DOCKER_14 resource ENV Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value dockerfile EnvGitSslNoVerify.yaml
2015 CKV2_DOCKER_14 resource RUN Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value dockerfile EnvGitSslNoVerify.yaml
2016 CKV2_DOCKER_15 resource RUN Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the ‘sslverify’ configuration option dockerfile RunYumConfigManagerSslVerify.yaml
2017 CKV2_DOCKER_16 resource ARG Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable dockerfile EnvPipTrustedHost.yaml
2018 CKV2_DOCKER_16 resource ENV Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable dockerfile EnvPipTrustedHost.yaml
2019 CKV2_DOCKER_16 resource RUN Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable dockerfile EnvPipTrustedHost.yaml
2020 CKV_GCP_1 resource google_container_cluster Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters Terraform GKEClusterLogging.py
2021 CKV_GCP_2 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted ssh access Terraform GoogleComputeFirewallUnrestrictedIngress22.py
2022 CKV_GCP_3 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted rdp access Terraform GoogleComputeFirewallUnrestrictedIngress3389.py
2023 CKV_GCP_4 resource google_compute_ssl_policy Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites Terraform GoogleComputeSSLPolicy.py
2024 CKV_GCP_6 resource google_sql_database_instance Ensure all Cloud SQL database instance requires all incoming connections to use SSL Terraform GoogleCloudSqlDatabaseRequireSsl.py
2025 CKV_GCP_7 resource google_container_cluster Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters Terraform GKEDisableLegacyAuth.py
2026 CKV_GCP_8 resource google_container_cluster Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters Terraform GKEMonitoringEnabled.py
2027 CKV_GCP_9 resource google_container_node_pool Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters Terraform GKENodePoolAutoRepairEnabled.py
2028 CKV_GCP_10 resource google_container_node_pool Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters Terraform GKENodePoolAutoUpgradeEnabled.py
2029 CKV_GCP_11 resource google_sql_database_instance Ensure that Cloud SQL database Instances are not open to the world Terraform GoogleCloudSqlDatabasePubliclyAccessible.py
2030 CKV_GCP_12 resource google_container_cluster Ensure Network Policy is enabled on Kubernetes Engine Clusters Terraform GKENetworkPolicyEnabled.py
2031 CKV_GCP_13 resource google_container_cluster Ensure client certificate authentication to Kubernetes Engine Clusters is disabled Terraform GKEClientCertificateDisabled.py
2032 CKV_GCP_14 resource google_sql_database_instance Ensure all Cloud SQL database instance have backup configuration enabled Terraform GoogleCloudSqlBackupConfiguration.py
2033 CKV_GCP_15 resource google_bigquery_dataset Ensure that BigQuery datasets are not anonymously or publicly accessible Terraform GoogleBigQueryDatasetPublicACL.py
2034 CKV_GCP_16 resource google_dns_managed_zone Ensure that DNSSEC is enabled for Cloud DNS Terraform GoogleCloudDNSSECEnabled.py
2035 CKV_GCP_17 resource google_dns_managed_zone Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC Terraform GoogleCloudDNSKeySpecsRSASHA1.py
2036 CKV_GCP_18 resource google_container_cluster Ensure GKE Control Plane is not public Terraform GKEPublicControlPlane.py
2037 CKV_GCP_19 resource google_container_cluster Ensure GKE basic auth is disabled Terraform GKEBasicAuth.py
2038 CKV_GCP_20 resource google_container_cluster Ensure master authorized networks is set to enabled in GKE clusters Terraform GKEMasterAuthorizedNetworksEnabled.py
2039 CKV_GCP_21 resource google_container_cluster Ensure Kubernetes Clusters are configured with Labels Terraform GKEHasLabels.py
2040 CKV_GCP_22 resource google_container_node_pool Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image Terraform GKEUseCosImage.py
2041 CKV_GCP_23 resource google_container_cluster Ensure Kubernetes Cluster is created with Alias IP ranges enabled Terraform GKEAliasIpEnabled.py
2042 CKV_GCP_24 resource google_container_cluster Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Terraform GKEPodSecurityPolicyEnabled.py
2043 CKV_GCP_25 resource google_container_cluster Ensure Kubernetes Cluster is created with Private cluster enabled Terraform GKEPrivateClusterConfig.py
2044 CKV_GCP_26 resource google_compute_subnetwork Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network Terraform GoogleSubnetworkLoggingEnabled.py
2045 CKV_GCP_27 resource google_project Ensure that the default network does not exist in a project Terraform GoogleProjectDefaultNetwork.py
2046 CKV_GCP_28 resource google_storage_bucket_iam_binding Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform GoogleStorageBucketNotPublic.py
2047 CKV_GCP_28 resource google_storage_bucket_iam_member Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform GoogleStorageBucketNotPublic.py
2048 CKV_GCP_29 resource google_storage_bucket Ensure that Cloud Storage buckets have uniform bucket-level access enabled Terraform GoogleStorageBucketUniformAccess.py
2049 CKV_GCP_30 resource google_compute_instance Ensure that instances are not configured to use the default service account Terraform GoogleComputeDefaultServiceAccount.py
2050 CKV_GCP_30 resource google_compute_instance_from_template Ensure that instances are not configured to use the default service account Terraform GoogleComputeDefaultServiceAccount.py
2051 CKV_GCP_30 resource google_compute_instance_template Ensure that instances are not configured to use the default service account Terraform GoogleComputeDefaultServiceAccount.py
2052 CKV_GCP_31 resource google_compute_instance Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform GoogleComputeDefaultServiceAccountFullAccess.py
2053 CKV_GCP_31 resource google_compute_instance_from_template Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform GoogleComputeDefaultServiceAccountFullAccess.py
2054 CKV_GCP_31 resource google_compute_instance_template Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform GoogleComputeDefaultServiceAccountFullAccess.py
2055 CKV_GCP_32 resource google_compute_instance Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform GoogleComputeBlockProjectSSH.py
2056 CKV_GCP_32 resource google_compute_instance_from_template Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform GoogleComputeBlockProjectSSH.py
2057 CKV_GCP_32 resource google_compute_instance_template Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform GoogleComputeBlockProjectSSH.py
2058 CKV_GCP_33 resource google_compute_project_metadata Ensure oslogin is enabled for a Project Terraform GoogleComputeProjectOSLogin.py
2059 CKV_GCP_34 resource google_compute_instance Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform GoogleComputeInstanceOSLogin.py
2060 CKV_GCP_34 resource google_compute_instance_from_template Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform GoogleComputeInstanceOSLogin.py
2061 CKV_GCP_34 resource google_compute_instance_template Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform GoogleComputeInstanceOSLogin.py
2062 CKV_GCP_35 resource google_compute_instance Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform GoogleComputeSerialPorts.py
2063 CKV_GCP_35 resource google_compute_instance_from_template Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform GoogleComputeSerialPorts.py
2064 CKV_GCP_35 resource google_compute_instance_template Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform GoogleComputeSerialPorts.py
2065 CKV_GCP_36 resource google_compute_instance Ensure that IP forwarding is not enabled on Instances Terraform GoogleComputeIPForward.py
2066 CKV_GCP_36 resource google_compute_instance_from_template Ensure that IP forwarding is not enabled on Instances Terraform GoogleComputeIPForward.py
2067 CKV_GCP_36 resource google_compute_instance_template Ensure that IP forwarding is not enabled on Instances Terraform GoogleComputeIPForward.py
2068 CKV_GCP_37 resource google_compute_disk Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform GoogleComputeDiskEncryption.py
2069 CKV_GCP_38 resource google_compute_instance Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform GoogleComputeBootDiskEncryption.py
2070 CKV_GCP_39 resource google_compute_instance Ensure Compute instances are launched with Shielded VM enabled Terraform GoogleComputeShieldedVM.py
2071 CKV_GCP_39 resource google_compute_instance_from_template Ensure Compute instances are launched with Shielded VM enabled Terraform GoogleComputeShieldedVM.py
2072 CKV_GCP_39 resource google_compute_instance_template Ensure Compute instances are launched with Shielded VM enabled Terraform GoogleComputeShieldedVM.py
2073 CKV_GCP_40 resource google_compute_instance Ensure that Compute instances do not have public IP addresses Terraform GoogleComputeExternalIP.py
2074 CKV_GCP_40 resource google_compute_instance_from_template Ensure that Compute instances do not have public IP addresses Terraform GoogleComputeExternalIP.py
2075 CKV_GCP_40 resource google_compute_instance_template Ensure that Compute instances do not have public IP addresses Terraform GoogleComputeExternalIP.py
2076 CKV_GCP_41 resource google_project_iam_binding Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform GoogleRoleServiceAccountUser.py
2077 CKV_GCP_41 resource google_project_iam_member Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform GoogleRoleServiceAccountUser.py
2078 CKV_GCP_42 resource google_project_iam_member Ensure that Service Account has no Admin privileges Terraform GoogleProjectAdminServiceAccount.py
2079 CKV_GCP_43 resource google_kms_crypto_key Ensure KMS encryption keys are rotated within a period of 90 days Terraform GoogleKMSRotationPeriod.py
2080 CKV_GCP_44 resource google_folder_iam_binding Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level Terraform GoogleFolderImpersonationRole.py
2081 CKV_GCP_44 resource google_folder_iam_member Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level Terraform GoogleFolderImpersonationRole.py
2082 CKV_GCP_45 resource google_organization_iam_binding Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level Terraform GoogleOrgImpersonationRole.py
2083 CKV_GCP_45 resource google_organization_iam_member Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level Terraform GoogleOrgImpersonationRole.py
2084 CKV_GCP_46 resource google_project_iam_binding Ensure Default Service account is not used at a project level Terraform GoogleProjectMemberDefaultServiceAccount.py
2085 CKV_GCP_46 resource google_project_iam_member Ensure Default Service account is not used at a project level Terraform GoogleProjectMemberDefaultServiceAccount.py
2086 CKV_GCP_47 resource google_organization_iam_binding Ensure default service account is not used at an organization level Terraform GoogleOrgMemberDefaultServiceAccount.py
2087 CKV_GCP_47 resource google_organization_iam_member Ensure default service account is not used at an organization level Terraform GoogleOrgMemberDefaultServiceAccount.py
2088 CKV_GCP_48 resource google_folder_iam_binding Ensure Default Service account is not used at a folder level Terraform GoogleFolderMemberDefaultServiceAccount.py
2089 CKV_GCP_48 resource google_folder_iam_member Ensure Default Service account is not used at a folder level Terraform GoogleFolderMemberDefaultServiceAccount.py
2090 CKV_GCP_49 resource google_project_iam_binding Ensure roles do not impersonate or manage Service Accounts used at project level Terraform GoogleProjectImpersonationRole.py
2091 CKV_GCP_49 resource google_project_iam_member Ensure roles do not impersonate or manage Service Accounts used at project level Terraform GoogleProjectImpersonationRole.py
2092 CKV_GCP_50 resource google_sql_database_instance Ensure MySQL database ‘local_infile’ flag is set to ‘off’ Terraform GoogleCloudMySqlLocalInfileOff.py
2093 CKV_GCP_51 resource google_sql_database_instance Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogCheckpoints.py
2094 CKV_GCP_52 resource google_sql_database_instance Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogConnection.py
2095 CKV_GCP_53 resource google_sql_database_instance Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogDisconnection.py
2096 CKV_GCP_54 resource google_sql_database_instance Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogLockWaits.py
2097 CKV_GCP_55 resource google_sql_database_instance Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value Terraform GoogleCloudPostgreSqlLogMinMessage.py
2098 CKV_GCP_56 resource google_sql_database_instance Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’ Terraform GoogleCloudPostgreSqlLogTemp.py
2099 CKV_GCP_57 resource google_sql_database_instance Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’ Terraform GoogleCloudPostgreSqlLogMinDuration.py
2100 CKV_GCP_58 resource google_sql_database_instance Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’ Terraform GoogleCloudSqlServerCrossDBOwnershipChaining.py
2101 CKV_GCP_59 resource google_sql_database_instance Ensure SQL database ‘contained database authentication’ flag is set to ‘off’ Terraform GoogleCloudSqlServerContainedDBAuthentication.py
2102 CKV_GCP_60 resource google_sql_database_instance Ensure Cloud SQL database does not have public IP Terraform GoogleCloudSqlServerNoPublicIP.py
2103 CKV_GCP_61 resource google_container_cluster Enable VPC Flow Logs and Intranode Visibility Terraform GKEEnableVPCFlowLogs.py
2104 CKV_GCP_62 resource google_storage_bucket Bucket should log access Terraform CloudStorageLogging.py
2105 CKV_GCP_63 resource google_storage_bucket Bucket should not log to itself Terraform CloudStorageSelfLogging.py
2106 CKV_GCP_64 resource google_container_cluster Ensure clusters are created with Private Nodes Terraform GKEPrivateNodes.py
2107 CKV_GCP_65 resource google_container_cluster Manage Kubernetes RBAC users with Google Groups for GKE Terraform GKEKubernetesRBACGoogleGroups.py
2108 CKV_GCP_66 resource google_container_cluster Ensure use of Binary Authorization Terraform GKEBinaryAuthorization.py
2109 CKV_GCP_67 resource google_container_cluster Ensure legacy Compute Engine instance metadata APIs are Disabled Terraform GKELegacyInstanceMetadataDisabled.py
2110 CKV_GCP_68 resource google_container_cluster Ensure Secure Boot for Shielded GKE Nodes is Enabled Terraform GKESecureBootforShieldedNodes.py
2111 CKV_GCP_68 resource google_container_node_pool Ensure Secure Boot for Shielded GKE Nodes is Enabled Terraform GKESecureBootforShieldedNodes.py
2112 CKV_GCP_69 resource google_container_cluster Ensure the GKE Metadata Server is Enabled Terraform GKEMetadataServerIsEnabled.py
2113 CKV_GCP_69 resource google_container_node_pool Ensure the GKE Metadata Server is Enabled Terraform GKEMetadataServerIsEnabled.py
2114 CKV_GCP_70 resource google_container_cluster Ensure the GKE Release Channel is set Terraform GKEReleaseChannel.py
2115 CKV_GCP_71 resource google_container_cluster Ensure Shielded GKE Nodes are Enabled Terraform GKEEnableShieldedNodes.py
2116 CKV_GCP_72 resource google_container_cluster Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled Terraform GKEEnsureIntegrityMonitoring.py
2117 CKV_GCP_72 resource google_container_node_pool Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled Terraform GKEEnsureIntegrityMonitoring.py
2118 CKV_GCP_73 resource google_compute_security_policy Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform CloudArmorWAFACLCVE202144228.py
2119 CKV_GCP_74 resource google_compute_subnetwork Ensure that private_ip_google_access is enabled for Subnet Terraform GoogleSubnetworkPrivateGoogleEnabled.py
2120 CKV_GCP_75 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted FTP access Terraform GoogleComputeFirewallUnrestrictedIngress21.py
2121 CKV_GCP_76 resource google_compute_subnetwork Ensure that Private google access is enabled for IPV6 Terraform GoogleSubnetworkIPV6PrivateGoogleEnabled.py
2122 CKV_GCP_77 resource google_compute_firewall Ensure Google compute firewall ingress does not allow on ftp port Terraform GoogleComputeFirewallUnrestrictedIngress20.py
2123 CKV_GCP_78 resource google_storage_bucket Ensure Cloud storage has versioning enabled Terraform CloudStorageVersioningEnabled.py
2124 CKV_GCP_79 resource google_sql_database_instance Ensure SQL database is using latest Major version Terraform CloudSqlMajorVersion.py
2125 CKV_GCP_80 resource google_bigquery_table Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform BigQueryTableEncryptedWithCMK.py
2126 CKV_GCP_81 resource google_bigquery_dataset Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform BigQueryDatasetEncryptedWithCMK.py
2127 CKV_GCP_82 resource google_kms_crypto_key Ensure KMS keys are protected from deletion Terraform GoogleKMSPreventDestroy.py
2128 CKV_GCP_83 resource google_pubsub_topic Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform CloudPubSubEncryptedWithCMK.py
2129 CKV_GCP_84 resource google_artifact_registry_repository Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform ArtifactRegsitryEncryptedWithCMK.py
2130 CKV_GCP_85 resource google_bigtable_instance Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform BigTableInstanceEncryptedWithCMK.py
2131 CKV_GCP_86 resource google_cloudbuild_worker_pool Ensure Cloud build workers are private Terraform CloudBuildWorkersArePrivate.py
2132 CKV_GCP_87 resource google_data_fusion_instance Ensure Data fusion instances are private Terraform DataFusionPrivateInstance.py
2133 CKV_GCP_88 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted mysql access Terraform GoogleComputeFirewallUnrestrictedIngress3306.py
2134 CKV_GCP_89 resource google_notebooks_instance Ensure Vertex AI instances are private Terraform VertexAIPrivateInstance.py
2135 CKV_GCP_90 resource google_dataflow_job Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform DataflowJobEncryptedWithCMK.py
2136 CKV_GCP_91 resource google_dataproc_cluster Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK) Terraform DataprocClusterEncryptedWithCMK.py
2137 CKV_GCP_92 resource google_vertex_ai_dataset Ensure Vertex AI datasets uses a CMK (Customer Manager Key) Terraform VertexAIDatasetEncryptedWithCMK.py
2138 CKV_GCP_93 resource google_spanner_database Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK) Terraform SpannerDatabaseEncryptedWithCMK.py
2139 CKV_GCP_94 resource google_dataflow_job Ensure Dataflow jobs are private Terraform DataflowPrivateJob.py
2140 CKV_GCP_95 resource google_redis_instance Ensure Memorystore for Redis has AUTH enabled Terraform MemorystoreForRedisAuthEnabled.py
2141 CKV_GCP_96 resource google_vertex_ai_metadata_store Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key) Terraform VertexAIMetadataStoreEncryptedWithCMK.py
2142 CKV_GCP_97 resource google_redis_instance Ensure Memorystore for Redis uses intransit encryption Terraform MemorystoreForRedisInTransitEncryption.py
2143 CKV_GCP_98 resource google_dataproc_cluster_iam_binding Ensure that Dataproc clusters are not anonymously or publicly accessible Terraform DataprocPrivateCluster.py
2144 CKV_GCP_98 resource google_dataproc_cluster_iam_member Ensure that Dataproc clusters are not anonymously or publicly accessible Terraform DataprocPrivateCluster.py
2145 CKV_GCP_99 resource google_pubsub_topic_iam_binding Ensure that Pub/Sub Topics are not anonymously or publicly accessible Terraform PubSubPrivateTopic.py
2146 CKV_GCP_99 resource google_pubsub_topic_iam_member Ensure that Pub/Sub Topics are not anonymously or publicly accessible Terraform PubSubPrivateTopic.py
2147 CKV_GCP_100 resource google_bigquery_table_iam_binding Ensure that BigQuery Tables are not anonymously or publicly accessible Terraform BigQueryPrivateTable.py
2148 CKV_GCP_100 resource google_bigquery_table_iam_member Ensure that BigQuery Tables are not anonymously or publicly accessible Terraform BigQueryPrivateTable.py
2149 CKV_GCP_101 resource google_artifact_registry_repository_iam_binding Ensure that Artifact Registry repositories are not anonymously or publicly accessible Terraform ArtifactRegistryPrivateRepo.py
2150 CKV_GCP_101 resource google_artifact_registry_repository_iam_member Ensure that Artifact Registry repositories are not anonymously or publicly accessible Terraform ArtifactRegistryPrivateRepo.py
2151 CKV_GCP_102 resource google_cloud_run_service_iam_binding Ensure that GCP Cloud Run services are not anonymously or publicly accessible Terraform GCPCloudRunPrivateService.py
2152 CKV_GCP_102 resource google_cloud_run_service_iam_member Ensure that GCP Cloud Run services are not anonymously or publicly accessible Terraform GCPCloudRunPrivateService.py
2153 CKV_GCP_103 resource google_dataproc_cluster Ensure Dataproc Clusters do not have public IPs Terraform DataprocPublicIpCluster.py
2154 CKV_GCP_104 resource google_data_fusion_instance Ensure Datafusion has stack driver logging enabled Terraform DataFusionStackdriverLogs.py
2155 CKV_GCP_105 resource google_data_fusion_instance Ensure Datafusion has stack driver monitoring enabled Terraform DataFusionStackdriverMonitoring.py
2156 CKV_GCP_106 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted http port 80 access Terraform GoogleComputeFirewallUnrestrictedIngress80.py
2157 CKV_GCP_107 resource google_cloudfunctions2_function_iam_binding Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
2158 CKV_GCP_107 resource google_cloudfunctions2_function_iam_member Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
2159 CKV_GCP_107 resource google_cloudfunctions_function_iam_binding Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
2160 CKV_GCP_107 resource google_cloudfunctions_function_iam_member Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
2161 CKV_GCP_108 resource google_sql_database_instance Ensure hostnames are logged for GCP PostgreSQL databases Terraform GoogleCloudPostgreSqlLogHostname.py
2162 CKV_GCP_109 resource google_sql_database_instance Ensure the GCP PostgreSQL database log levels are set to ERROR or lower Terraform GoogleCloudPostgreSqlLogMinErrorStatement.py
2163 CKV_GCP_110 resource google_sql_database_instance Ensure pgAudit is enabled for your GCP PostgreSQL database Terraform GoogleCloudPostgreSqlEnablePgaudit.py
2164 CKV_GCP_111 resource google_sql_database_instance Ensure GCP PostgreSQL logs SQL statements Terraform GoogleCloudPostgreSqlLogStatement.py
2165 CKV_GCP_112 resource google_kms_crypto_key_iam_binding Esnure KMS policy should not allow public access Terraform GoogleKMSKeyIsPublic.py
2166 CKV_GCP_112 resource google_kms_crypto_key_iam_member Esnure KMS policy should not allow public access Terraform GoogleKMSKeyIsPublic.py
2167 CKV_GCP_112 resource google_kms_crypto_key_iam_policy Esnure KMS policy should not allow public access Terraform GoogleKMSKeyIsPublic.py
2168 CKV_GCP_113 data google_iam_policy Ensure IAM policy should not define public access Terraform GooglePolicyIsPrivate.py
2169 CKV_GCP_114 resource google_storage_bucket Ensure public access prevention is enforced on Cloud Storage bucket Terraform GoogleStoragePublicAccessPrevention.py
2170 CKV_GCP_115 resource google_organization_iam_binding Ensure basic roles are not used at organization level. Terraform GoogleOrgBasicRole.py
2171 CKV_GCP_115 resource google_organization_iam_member Ensure basic roles are not used at organization level. Terraform GoogleOrgBasicRole.py
2172 CKV_GCP_116 resource google_folder_iam_binding Ensure basic roles are not used at folder level. Terraform GoogleFolderBasicRole.py
2173 CKV_GCP_116 resource google_folder_iam_member Ensure basic roles are not used at folder level. Terraform GoogleFolderBasicRole.py
2174 CKV_GCP_117 resource google_project_iam_binding Ensure basic roles are not used at project level. Terraform GoogleProjectBasicRole.py
2175 CKV_GCP_117 resource google_project_iam_member Ensure basic roles are not used at project level. Terraform GoogleProjectBasicRole.py
2176 CKV2_GCP_1 resource google_project_default_service_accounts Ensure GKE clusters are not running using the Compute Engine default service account Terraform GKEClustersAreNotUsingDefaultServiceAccount.yaml
2177 CKV2_GCP_2 resource google_compute_network Ensure legacy networks do not exist for a project Terraform GCPProjectHasNoLegacyNetworks.yaml
2178 CKV2_GCP_3 resource google_service_account_key Ensure that there are only GCP-managed service account keys for each service account Terraform ServiceAccountHasGCPmanagedKey.yaml
2179 CKV2_GCP_4 resource google_logging_folder_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
2180 CKV2_GCP_4 resource google_logging_organization_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
2181 CKV2_GCP_4 resource google_logging_project_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
2182 CKV2_GCP_4 resource google_storage_bucket Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
2183 CKV2_GCP_5 resource google_project Ensure that Cloud Audit Logging is configured properly across all services and all users from a project Terraform GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
2184 CKV2_GCP_5 resource google_project_iam_audit_config Ensure that Cloud Audit Logging is configured properly across all services and all users from a project Terraform GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
2185 CKV2_GCP_6 resource google_kms_crypto_key Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2186 CKV2_GCP_6 resource google_kms_crypto_key_iam_binding Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2187 CKV2_GCP_6 resource google_kms_crypto_key_iam_member Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2188 CKV2_GCP_7 resource google_sql_database_instance Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges Terraform DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
2189 CKV2_GCP_7 resource google_sql_user Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges Terraform DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
2190 CKV2_GCP_8 resource google_kms_key_ring Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2191 CKV2_GCP_8 resource google_kms_key_ring_iam_binding Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2192 CKV2_GCP_8 resource google_kms_key_ring_iam_member Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2193 CKV2_GCP_9 resource google_container_registry Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2194 CKV2_GCP_9 resource google_storage_bucket_iam_binding Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2195 CKV2_GCP_9 resource google_storage_bucket_iam_member Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2196 CKV2_GCP_10 resource google_cloudfunctions_function Ensure GCP Cloud Function HTTP trigger is secured Terraform CloudFunctionSecureHTTPTrigger.yaml
2197 CKV2_GCP_11 resource google_project_services Ensure GCP GCR Container Vulnerability Scanning is enabled Terraform GCRContainerVulnerabilityScanningEnabled.yaml
2198 CKV2_GCP_12 resource google_compute_firewall Ensure GCP compute firewall ingress does not allow unrestricted access to all ports Terraform GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml
2199 CKV2_GCP_13 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_duration’ is set to ‘on’ Terraform GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml
2200 CKV2_GCP_14 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_executor_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml
2201 CKV2_GCP_15 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_parser_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml
2202 CKV2_GCP_16 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_planner_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml
2203 CKV2_GCP_17 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_statement_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml
2204 CKV2_GCP_18 resource google_compute_network Ensure GCP network defines a firewall and does not use the default firewall Terraform GCPNetworkDoesNotUseDefaultFirewall.yaml
2205 CKV2_GCP_19 resource google_container_cluster Ensure GCP Kubernetes engine clusters have ‘alpha cluster’ feature disabled Terraform GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml
2206 CKV2_GCP_20 resource google_sql_database_instance Ensure MySQL DB instance has point-in-time recovery backup configured Terraform GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml
2207 CKV_GHA_1 jobs jobs Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn’t true on environment variables github_actions AllowUnsecureCommandsOnJob.py
2208 CKV_GHA_1 jobs jobs.*.steps[] Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn’t true on environment variables github_actions AllowUnsecureCommandsOnJob.py
2209 CKV_GHA_2 jobs jobs Ensure run commands are not vulnerable to shell injection github_actions ShellInjection.py
2210 CKV_GHA_2 jobs jobs.*.steps[] Ensure run commands are not vulnerable to shell injection github_actions ShellInjection.py
2211 CKV_GHA_3 jobs jobs Suspicious use of curl with secrets github_actions SuspectCurlInScript.py
2212 CKV_GHA_3 jobs jobs.*.steps[] Suspicious use of curl with secrets github_actions SuspectCurlInScript.py
2213 CKV_GHA_4 jobs jobs Suspicious use of netcat with IP address github_actions ReverseShellNetcat.py
2214 CKV_GHA_4 jobs jobs.*.steps[] Suspicious use of netcat with IP address github_actions ReverseShellNetcat.py
2215 CKV_GHA_5 jobs jobs Found artifact build without evidence of cosign sign execution in pipeline github_actions CosignArtifacts.py
2216 CKV_GHA_6 jobs jobs Found artifact build without evidence of cosign sbom attestation in pipeline github_actions CosignSBOM.py
2217 CKV_GHA_7 jobs on The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. github_actions EmptyWorkflowDispatch.py
2218 CKV2_GHA_1 resource permissions Ensure top-level permissions are not set to write-all github_actions ReadOnlyTopLevelPermissions.yaml
2219 CKV_GIT_1 resource github_repository Ensure GitHub repository is Private Terraform PrivateRepo.py
2220 CKV_GIT_2 resource github_repository_webhook Ensure GitHub repository webhooks are using HTTPS Terraform WebhookInsecureSsl.py
2221 CKV_GIT_3 resource github_repository Ensure GitHub repository has vulnerability alerts enabled Terraform RepositoryEnableVulnerabilityAlerts.py
2222 CKV_GIT_4 resource github_actions_environment_secret Ensure GitHub Actions secrets are encrypted Terraform SecretsEncrypted.py
2223 CKV_GIT_4 resource github_actions_organization_secret Ensure GitHub Actions secrets are encrypted Terraform SecretsEncrypted.py
2224 CKV_GIT_4 resource github_actions_secret Ensure GitHub Actions secrets are encrypted Terraform SecretsEncrypted.py
2225 CKV_GIT_5 resource github_branch_protection GitHub pull requests should require at least 2 approvals Terraform BranchProtectionReviewNumTwo.py
2226 CKV_GIT_5 resource github_branch_protection_v3 GitHub pull requests should require at least 2 approvals Terraform BranchProtectionReviewNumTwo.py
2227 CKV_GIT_6 resource github_branch_protection Ensure GitHub branch protection rules requires signed commits Terraform BranchProtectionRequireSignedCommits.py
2228 CKV_GIT_6 resource github_branch_protection_v3 Ensure GitHub branch protection rules requires signed commits Terraform BranchProtectionRequireSignedCommits.py
2229 CKV2_GIT_1 resource github_repository Ensure each Repository has branch protection associated Terraform RepositoryHasBranchProtection.yaml
2230 CKV_GITHUB_1 github_configuration * Ensure GitHub organization security settings require 2FA github_configuration 2fa.py
2231 CKV_GITHUB_2 github_configuration * Ensure GitHub organization security settings require SSO github_configuration sso.py
2232 CKV_GITHUB_3 github_configuration * Ensure GitHub organization security settings has IP allow list enabled github_configuration ipallowlist.py
2233 CKV_GITHUB_4 github_configuration * Ensure GitHub branch protection rules requires signed commits github_configuration require_signatures.py
2234 CKV_GITHUB_5 github_configuration * Ensure GitHub branch protection rules does not allow force pushes github_configuration disallow_force_pushes.py
2235 CKV_GITHUB_6 github_configuration * Ensure GitHub organization webhooks are using HTTPS github_configuration webhooks_https_orgs.py
2236 CKV_GITHUB_7 github_configuration * Ensure GitHub repository webhooks are using HTTPS github_configuration webhooks_https_repos.py
2237 CKV_GITHUB_8 github_configuration * Ensure GitHub branch protection rules requires linear history github_configuration require_linear_history.py
2238 CKV_GITHUB_9 github_configuration * Ensure 2 admins are set for each repository github_configuration repository_collaborators.py
2239 CKV_GITHUB_10 github_configuration * Ensure branch protection rules are enforced on administrators github_configuration enforce_branch_protection_admins.py
2240 CKV_GITHUB_11 github_configuration * Ensure GitHub branch protection dismisses stale review on new commit github_configuration dismiss_stale_reviews.py
2241 CKV_GITHUB_12 github_configuration * Ensure GitHub branch protection restricts who can dismiss PR reviews github_configuration restrict_pr_review_dismissal.py
2242 CKV_GITHUB_13 github_configuration * Ensure GitHub branch protection requires CODEOWNER reviews github_configuration require_code_owner_reviews.py
2243 CKV_GITHUB_14 github_configuration * Ensure all checks have passed before the merge of new code github_configuration require_status_checks_pr.py
2244 CKV_GITHUB_15 github_configuration * Ensure inactive branches are reviewed and removed periodically github_configuration disallow_inactive_branch_60days.py
2245 CKV_GITHUB_16 github_configuration * Ensure GitHub branch protection requires conversation resolution github_configuration require_conversation_resolution.py
2246 CKV_GITHUB_17 github_configuration * Ensure GitHub branch protection requires push restrictions github_configuration require_push_restrictions.py
2247 CKV_GITHUB_18 github_configuration * Ensure GitHub branch protection rules does not allow deletions github_configuration disallow_branch_deletions.py
2248 CKV_GITHUB_19 github_configuration * Ensure any change to code receives approval of two strongly authenticated users github_configuration require_2approvals.py
2249 CKV_GITHUB_20 github_configuration * Ensure open git branches are up to date before they can be merged into codebase github_configuration require_updated_branch_pr.py
2250 CKV_GITHUB_21 github_configuration * Ensure public repository creation is limited to specific members github_configuration public_repository_creation_is_limited.py
2251 CKV_GITHUB_22 github_configuration * Ensure private repository creation is limited to specific members github_configuration private_repository_creation_is_limited.py
2252 CKV_GITHUB_23 github_configuration * Ensure internal repository creation is limited to specific members github_configuration internal_repository_creation_is_limited.py
2253 CKV_GITHUB_26 github_configuration * Ensure minimum admins are set for the organization github_configuration minimum_admins_in_org.py
2254 CKV_GITHUB_27 github_configuration * Ensure strict base permissions are set for repositories github_configuration require_strict_base_permissions_repository.py
2255 CKV_GITHUB_28 github_configuration * Ensure an organization’s identity is confirmed with a Verified badge Passed github_configuration require_verified_organization.py
2256 CKV_GITLAB_1 gitlab_configuration * Merge requests should require at least 2 approvals gitlab_configuration merge_requests_approvals.py
2257 CKV_GITLAB_2 gitlab_configuration * Ensure all Gitlab groups require two factor authentication gitlab_configuration two_factor_authentication.py
2258 CKV_GITLABCI_1 jobs *.script[] Suspicious use of curl with CI environment variables in script gitlab_ci SuspectCurlInScript.py
2259 CKV_GITLABCI_2 jobs *.rules Avoid creating rules that generate double pipelines gitlab_ci AvoidDoublePipelines.py
2260 CKV_GITLABCI_3 jobs *.image[] Detecting image usages in gitlab workflows gitlab_ci DetectImagesUsage.py
2261 CKV_GITLABCI_3 jobs *.services[] Detecting image usages in gitlab workflows gitlab_ci DetectImagesUsage.py
2262 CKV_GLB_1 resource gitlab_project Ensure at least two approving reviews are required to merge a GitLab MR Terraform RequireTwoApprovalsToMerge.py
2263 CKV_GLB_2 resource gitlab_branch_protection Ensure GitLab branch protection rules does not allow force pushes Terraform ForcePushDisabled.py
2264 CKV_GLB_3 resource gitlab_project Ensure GitLab prevent secrets is enabled Terraform PreventSecretsEnabled.py
2265 CKV_GLB_4 resource gitlab_project Ensure GitLab commits are signed Terraform RejectUnsignedCommits.py
2266 CKV_K8S_1 resource PodSecurityPolicy Do not admit containers wishing to share the host process ID namespace Kubernetes ShareHostPIDPSP.py
2267 CKV_K8S_1 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPIDPSP.py
2268 CKV_K8S_2 resource PodSecurityPolicy Do not admit privileged containers Kubernetes PrivilegedContainersPSP.py
2269 CKV_K8S_2 resource kubernetes_pod_security_policy Do not admit privileged containers Terraform PrivilegedContainerPSP.py
2270 CKV_K8S_3 resource PodSecurityPolicy Do not admit containers wishing to share the host IPC namespace Kubernetes ShareHostIPCPSP.py
2271 CKV_K8S_3 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPCPSP.py
2272 CKV_K8S_4 resource PodSecurityPolicy Do not admit containers wishing to share the host network namespace Kubernetes SharedHostNetworkNamespacePSP.py
2273 CKV_K8S_4 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host network namespace Terraform SharedHostNetworkNamespacePSP.py
2274 CKV_K8S_5 resource PodSecurityPolicy Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalationPSP.py
2275 CKV_K8S_5 resource kubernetes_pod_security_policy Containers should not run with allowPrivilegeEscalation Terraform AllowPrivilegeEscalationPSP.py
2276 CKV_K8S_6 resource PodSecurityPolicy Do not admit root containers Kubernetes RootContainersPSP.py
2277 CKV_K8S_6 resource kubernetes_pod_security_policy Do not admit root containers Terraform RootContainerPSP.py
2278 CKV_K8S_7 resource PodSecurityPolicy Do not admit containers with the NET_RAW capability Kubernetes DropCapabilitiesPSP.py
2279 CKV_K8S_7 resource kubernetes_pod_security_policy Do not admit containers with the NET_RAW capability Terraform DropCapabilitiesPSP.py
2280 CKV_K8S_8 resource DaemonSet Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2281 CKV_K8S_8 resource Deployment Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2282 CKV_K8S_8 resource DeploymentConfig Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2283 CKV_K8S_8 resource Pod Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2284 CKV_K8S_8 resource PodTemplate Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2285 CKV_K8S_8 resource ReplicaSet Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2286 CKV_K8S_8 resource ReplicationController Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2287 CKV_K8S_8 resource StatefulSet Liveness Probe Should be Configured Kubernetes LivenessProbe.py
2288 CKV_K8S_8 resource kubernetes_deployment Liveness Probe Should be Configured Terraform LivenessProbe.py
2289 CKV_K8S_8 resource kubernetes_deployment_v1 Liveness Probe Should be Configured Terraform LivenessProbe.py
2290 CKV_K8S_8 resource kubernetes_pod Liveness Probe Should be Configured Terraform LivenessProbe.py
2291 CKV_K8S_8 resource kubernetes_pod_v1 Liveness Probe Should be Configured Terraform LivenessProbe.py
2292 CKV_K8S_9 resource DaemonSet Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2293 CKV_K8S_9 resource Deployment Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2294 CKV_K8S_9 resource DeploymentConfig Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2295 CKV_K8S_9 resource Pod Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2296 CKV_K8S_9 resource PodTemplate Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2297 CKV_K8S_9 resource ReplicaSet Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2298 CKV_K8S_9 resource ReplicationController Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2299 CKV_K8S_9 resource StatefulSet Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
2300 CKV_K8S_9 resource kubernetes_deployment Readiness Probe Should be Configured Terraform ReadinessProbe.py
2301 CKV_K8S_9 resource kubernetes_deployment_v1 Readiness Probe Should be Configured Terraform ReadinessProbe.py
2302 CKV_K8S_9 resource kubernetes_pod Readiness Probe Should be Configured Terraform ReadinessProbe.py
2303 CKV_K8S_9 resource kubernetes_pod_v1 Readiness Probe Should be Configured Terraform ReadinessProbe.py
2304 CKV_K8S_10 resource CronJob CPU requests should be set Kubernetes CPURequests.py
2305 CKV_K8S_10 resource DaemonSet CPU requests should be set Kubernetes CPURequests.py
2306 CKV_K8S_10 resource Deployment CPU requests should be set Kubernetes CPURequests.py
2307 CKV_K8S_10 resource DeploymentConfig CPU requests should be set Kubernetes CPURequests.py
2308 CKV_K8S_10 resource Job CPU requests should be set Kubernetes CPURequests.py
2309 CKV_K8S_10 resource Pod CPU requests should be set Kubernetes CPURequests.py
2310 CKV_K8S_10 resource PodTemplate CPU requests should be set Kubernetes CPURequests.py
2311 CKV_K8S_10 resource ReplicaSet CPU requests should be set Kubernetes CPURequests.py
2312 CKV_K8S_10 resource ReplicationController CPU requests should be set Kubernetes CPURequests.py
2313 CKV_K8S_10 resource StatefulSet CPU requests should be set Kubernetes CPURequests.py
2314 CKV_K8S_10 resource kubernetes_deployment CPU requests should be set Terraform CPURequests.py
2315 CKV_K8S_10 resource kubernetes_deployment_v1 CPU requests should be set Terraform CPURequests.py
2316 CKV_K8S_10 resource kubernetes_pod CPU requests should be set Terraform CPURequests.py
2317 CKV_K8S_10 resource kubernetes_pod_v1 CPU requests should be set Terraform CPURequests.py
2318 CKV_K8S_11 resource CronJob CPU limits should be set Kubernetes CPULimits.py
2319 CKV_K8S_11 resource DaemonSet CPU limits should be set Kubernetes CPULimits.py
2320 CKV_K8S_11 resource Deployment CPU limits should be set Kubernetes CPULimits.py
2321 CKV_K8S_11 resource DeploymentConfig CPU limits should be set Kubernetes CPULimits.py
2322 CKV_K8S_11 resource Job CPU limits should be set Kubernetes CPULimits.py
2323 CKV_K8S_11 resource Pod CPU limits should be set Kubernetes CPULimits.py
2324 CKV_K8S_11 resource PodTemplate CPU limits should be set Kubernetes CPULimits.py
2325 CKV_K8S_11 resource ReplicaSet CPU limits should be set Kubernetes CPULimits.py
2326 CKV_K8S_11 resource ReplicationController CPU limits should be set Kubernetes CPULimits.py
2327 CKV_K8S_11 resource StatefulSet CPU limits should be set Kubernetes CPULimits.py
2328 CKV_K8S_11 resource kubernetes_deployment CPU Limits should be set Terraform CPULimits.py
2329 CKV_K8S_11 resource kubernetes_deployment_v1 CPU Limits should be set Terraform CPULimits.py
2330 CKV_K8S_11 resource kubernetes_pod CPU Limits should be set Terraform CPULimits.py
2331 CKV_K8S_11 resource kubernetes_pod_v1 CPU Limits should be set Terraform CPULimits.py
2332 CKV_K8S_12 resource CronJob Memory requests should be set Kubernetes MemoryRequests.py
2333 CKV_K8S_12 resource DaemonSet Memory requests should be set Kubernetes MemoryRequests.py
2334 CKV_K8S_12 resource Deployment Memory requests should be set Kubernetes MemoryRequests.py
2335 CKV_K8S_12 resource DeploymentConfig Memory requests should be set Kubernetes MemoryRequests.py
2336 CKV_K8S_12 resource Job Memory requests should be set Kubernetes MemoryRequests.py
2337 CKV_K8S_12 resource Pod Memory requests should be set Kubernetes MemoryRequests.py
2338 CKV_K8S_12 resource PodTemplate Memory requests should be set Kubernetes MemoryRequests.py
2339 CKV_K8S_12 resource ReplicaSet Memory requests should be set Kubernetes MemoryRequests.py
2340 CKV_K8S_12 resource ReplicationController Memory requests should be set Kubernetes MemoryRequests.py
2341 CKV_K8S_12 resource StatefulSet Memory requests should be set Kubernetes MemoryRequests.py
2342 CKV_K8S_12 resource kubernetes_deployment Memory Limits should be set Terraform MemoryLimits.py
2343 CKV_K8S_12 resource kubernetes_deployment_v1 Memory Limits should be set Terraform MemoryLimits.py
2344 CKV_K8S_12 resource kubernetes_pod Memory Limits should be set Terraform MemoryLimits.py
2345 CKV_K8S_12 resource kubernetes_pod_v1 Memory Limits should be set Terraform MemoryLimits.py
2346 CKV_K8S_13 resource CronJob Memory limits should be set Kubernetes MemoryLimits.py
2347 CKV_K8S_13 resource DaemonSet Memory limits should be set Kubernetes MemoryLimits.py
2348 CKV_K8S_13 resource Deployment Memory limits should be set Kubernetes MemoryLimits.py
2349 CKV_K8S_13 resource DeploymentConfig Memory limits should be set Kubernetes MemoryLimits.py
2350 CKV_K8S_13 resource Job Memory limits should be set Kubernetes MemoryLimits.py
2351 CKV_K8S_13 resource Pod Memory limits should be set Kubernetes MemoryLimits.py
2352 CKV_K8S_13 resource PodTemplate Memory limits should be set Kubernetes MemoryLimits.py
2353 CKV_K8S_13 resource ReplicaSet Memory limits should be set Kubernetes MemoryLimits.py
2354 CKV_K8S_13 resource ReplicationController Memory limits should be set Kubernetes MemoryLimits.py
2355 CKV_K8S_13 resource StatefulSet Memory limits should be set Kubernetes MemoryLimits.py
2356 CKV_K8S_13 resource kubernetes_deployment Memory requests should be set Terraform MemoryRequests.py
2357 CKV_K8S_13 resource kubernetes_deployment_v1 Memory requests should be set Terraform MemoryRequests.py
2358 CKV_K8S_13 resource kubernetes_pod Memory requests should be set Terraform MemoryRequests.py
2359 CKV_K8S_13 resource kubernetes_pod_v1 Memory requests should be set Terraform MemoryRequests.py
2360 CKV_K8S_14 resource CronJob Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2361 CKV_K8S_14 resource DaemonSet Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2362 CKV_K8S_14 resource Deployment Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2363 CKV_K8S_14 resource DeploymentConfig Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2364 CKV_K8S_14 resource Job Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2365 CKV_K8S_14 resource Pod Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2366 CKV_K8S_14 resource PodTemplate Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2367 CKV_K8S_14 resource ReplicaSet Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2368 CKV_K8S_14 resource ReplicationController Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2369 CKV_K8S_14 resource StatefulSet Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
2370 CKV_K8S_14 resource kubernetes_deployment Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
2371 CKV_K8S_14 resource kubernetes_deployment_v1 Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
2372 CKV_K8S_14 resource kubernetes_pod Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
2373 CKV_K8S_14 resource kubernetes_pod_v1 Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
2374 CKV_K8S_15 resource CronJob Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2375 CKV_K8S_15 resource DaemonSet Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2376 CKV_K8S_15 resource Deployment Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2377 CKV_K8S_15 resource DeploymentConfig Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2378 CKV_K8S_15 resource Job Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2379 CKV_K8S_15 resource Pod Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2380 CKV_K8S_15 resource PodTemplate Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2381 CKV_K8S_15 resource ReplicaSet Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2382 CKV_K8S_15 resource ReplicationController Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2383 CKV_K8S_15 resource StatefulSet Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
2384 CKV_K8S_15 resource kubernetes_deployment Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
2385 CKV_K8S_15 resource kubernetes_deployment_v1 Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
2386 CKV_K8S_15 resource kubernetes_pod Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
2387 CKV_K8S_15 resource kubernetes_pod_v1 Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
2388 CKV_K8S_16 resource CronJob Container should not be privileged Kubernetes PrivilegedContainers.py
2389 CKV_K8S_16 resource DaemonSet Container should not be privileged Kubernetes PrivilegedContainers.py
2390 CKV_K8S_16 resource Deployment Container should not be privileged Kubernetes PrivilegedContainers.py
2391 CKV_K8S_16 resource DeploymentConfig Container should not be privileged Kubernetes PrivilegedContainers.py
2392 CKV_K8S_16 resource Job Container should not be privileged Kubernetes PrivilegedContainers.py
2393 CKV_K8S_16 resource Pod Container should not be privileged Kubernetes PrivilegedContainers.py
2394 CKV_K8S_16 resource PodTemplate Container should not be privileged Kubernetes PrivilegedContainers.py
2395 CKV_K8S_16 resource ReplicaSet Container should not be privileged Kubernetes PrivilegedContainers.py
2396 CKV_K8S_16 resource ReplicationController Container should not be privileged Kubernetes PrivilegedContainers.py
2397 CKV_K8S_16 resource StatefulSet Container should not be privileged Kubernetes PrivilegedContainers.py
2398 CKV_K8S_16 resource kubernetes_deployment Do not admit privileged containers Terraform PrivilegedContainer.py
2399 CKV_K8S_16 resource kubernetes_deployment_v1 Do not admit privileged containers Terraform PrivilegedContainer.py
2400 CKV_K8S_16 resource kubernetes_pod Do not admit privileged containers Terraform PrivilegedContainer.py
2401 CKV_K8S_16 resource kubernetes_pod_v1 Do not admit privileged containers Terraform PrivilegedContainer.py
2402 CKV_K8S_17 resource CronJob Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2403 CKV_K8S_17 resource DaemonSet Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2404 CKV_K8S_17 resource Deployment Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2405 CKV_K8S_17 resource Job Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2406 CKV_K8S_17 resource Pod Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2407 CKV_K8S_17 resource ReplicaSet Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2408 CKV_K8S_17 resource ReplicationController Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2409 CKV_K8S_17 resource StatefulSet Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
2410 CKV_K8S_17 resource kubernetes_deployment Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
2411 CKV_K8S_17 resource kubernetes_deployment_v1 Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
2412 CKV_K8S_17 resource kubernetes_pod Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
2413 CKV_K8S_17 resource kubernetes_pod_v1 Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
2414 CKV_K8S_18 resource CronJob Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2415 CKV_K8S_18 resource DaemonSet Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2416 CKV_K8S_18 resource Deployment Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2417 CKV_K8S_18 resource Job Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2418 CKV_K8S_18 resource Pod Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2419 CKV_K8S_18 resource ReplicaSet Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2420 CKV_K8S_18 resource ReplicationController Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2421 CKV_K8S_18 resource StatefulSet Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
2422 CKV_K8S_18 resource kubernetes_deployment Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
2423 CKV_K8S_18 resource kubernetes_deployment_v1 Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
2424 CKV_K8S_18 resource kubernetes_pod Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
2425 CKV_K8S_18 resource kubernetes_pod_v1 Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
2426 CKV_K8S_19 resource CronJob Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py