cloudformation resource scans (auto generated)

  Id Type Entity Policy IaC
0 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation
1 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation
2 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation
3 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation
4 CKV_AWS_7 resource AWS::KMS::Key Ensure rotation for customer created CMKs is enabled Cloudformation
5 CKV_AWS_8 resource AWS::AutoScaling::LaunchConfiguration Ensure all data stored in the Launch configuration EBS is securely encrypted Cloudformation
6 CKV_AWS_16 resource AWS::RDS::DBInstance Ensure all data stored in the RDS is securely encrypted at rest Cloudformation
7 CKV_AWS_17 resource AWS::RDS::DBInstance Ensure all data stored in RDS is not publicly accessible Cloudformation
8 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation
9 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation
10 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation
11 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation
12 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation
13 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation
14 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation
15 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
16 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
17 CKV_AWS_25 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation
18 CKV_AWS_25 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation
19 CKV_AWS_26 resource AWS::SNS::Topic Ensure all data stored in the SNS topic is encrypted Cloudformation
20 CKV_AWS_27 resource AWS::SQS::Queue Ensure all data stored in the SQS queue is encrypted Cloudformation
21 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation
22 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation
23 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation
24 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation
25 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation
26 CKV_AWS_33 resource AWS::KMS::Key Ensure KMS key policy does not contain wildcard (*) principal Cloudformation
27 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation
28 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation
29 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation
30 CKV_AWS_40 resource AWS::IAM::Policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Cloudformation
31 CKV_AWS_42 resource AWS::EFS::FileSystem Ensure EFS is securely encrypted Cloudformation
32 CKV_AWS_43 resource AWS::Kinesis::Stream Ensure Kinesis Stream is securely encrypted Cloudformation
33 CKV_AWS_44 resource AWS::Neptune::DBCluster Ensure Neptune storage is securely encrypted Cloudformation
34 CKV_AWS_45 resource AWS::Lambda::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation
35 CKV_AWS_46 resource AWS::EC2::Instance Ensure no hard-coded secrets exist in EC2 user data Cloudformation
36 CKV_AWS_47 resource AWS::DAX::Cluster Ensure DAX is encrypted at rest (default is unencrypted) Cloudformation
37 CKV_AWS_51 resource AWS::ECR::Repository Ensure ECR Image Tags are immutable Cloudformation
38 CKV_AWS_53 resource AWS::S3::Bucket Ensure S3 bucket has block public ACLS enabled Cloudformation
39 CKV_AWS_54 resource AWS::S3::Bucket Ensure S3 bucket has block public policy enabled Cloudformation
40 CKV_AWS_55 resource AWS::S3::Bucket Ensure S3 bucket has ignore public ACLs enabled Cloudformation
41 CKV_AWS_56 resource AWS::S3::Bucket Ensure S3 bucket has ‘restrict_public_bucket’ enabled Cloudformation
42 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation
43 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation
44 CKV_AWS_59 resource AWS::ApiGateway::Method Ensure there is no open access to back-end resources through API Cloudformation
45 CKV_AWS_60 resource AWS::IAM::Role Ensure IAM role allows only specific services or principals to assume it Cloudformation
46 CKV_AWS_61 resource AWS::IAM::Role Ensure IAM role allows only specific principals in account to assume it Cloudformation
47 CKV_AWS_64 resource AWS::Redshift::Cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Cloudformation
48 CKV_AWS_65 resource AWS::ECS::Cluster Ensure container insights are enabled on ECS cluster Cloudformation
49 CKV_AWS_66 resource AWS::Logs::LogGroup Ensure cloudwatch log groups specify retention days Cloudformation
50 CKV_AWS_67 resource AWS::CloudTrail::Trail Ensure CloudTrail is enabled in all Regions Cloudformation
51 CKV_AWS_68 resource AWS::CloudFront::Distribution CloudFront Distribution should have WAF enabled Cloudformation
52 CKV_AWS_73 resource AWS::ApiGateway::Stage Ensure API Gateway has X-Ray Tracing enabled Cloudformation
53 CKV_AWS_74 resource AWS::DocDB::DBCluster Ensure DocDB is encrypted at rest (default is unencrypted) Cloudformation
54 CKV_AWS_76 resource AWS::ApiGateway::Stage Ensure API Gateway has Access Logging enabled Cloudformation
55 CKV_AWS_78 resource AWS::CodeBuild::Project Ensure that CodeBuild Project encryption is not disabled Cloudformation
56 CKV_AWS_79 resource AWS::EC2::LaunchTemplate Ensure Instance Metadata Service Version 1 is not enabled Cloudformation
57 CKV_AWS_82 resource AWS::Athena::WorkGroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Cloudformation
58 CKV_AWS_83 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain enforces HTTPS Cloudformation
59 CKV_AWS_84 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain Logging is enabled Cloudformation
60 CKV_AWS_85 resource AWS::DocDB::DBCluster Ensure DocDB Logging is enabled Cloudformation
61 CKV_AWS_86 resource AWS::CloudFront::Distribution Ensure Cloudfront distribution has Access Logging enabled Cloudformation
62 CKV_AWS_88 resource AWS::EC2::LaunchTemplate EC2 instance should not have public IP. Cloudformation
63 CKV_AWS_88 resource AWS::EC2::Instance EC2 instance should not have public IP. Cloudformation
64 CKV_AWS_89 resource AWS::DMS::ReplicationInstance DMS replication instance should not be publicly accessible Cloudformation
65 CKV_AWS_90 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB TLS is not disabled Cloudformation
66 CKV_AWS_91 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure the ELBv2 (Application/Network) has access logging enabled Cloudformation
67 CKV_AWS_92 resource AWS::ElasticLoadBalancing::LoadBalancer Ensure the ELB has access logging enabled Cloudformation
68 CKV_AWS_94 resource AWS::Glue::DataCatalogEncryptionSettings Ensure Glue Data Catalog Encryption is enabled Cloudformation
69 CKV_AWS_95 resource AWS::ApiGatewayV2::Stage Ensure API Gateway V2 has Access Logging enabled Cloudformation
70 CKV_AWS_96 resource AWS::RDS::DBCluster Ensure all data stored in Aurrora is securely encrypted at rest Cloudformation
71 CKV_AWS_97 resource AWS::ECS::TaskDefinition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Cloudformation
72 CKV_AWS_99 resource AWS::Glue::SecurityConfiguration Ensure Glue Security Configuration Encryption is enabled Cloudformation
73 CKV_AWS_100 resource AWS::EKS::Nodegroup Ensure Amazon EKS Node group has implict SSH access from 0.0.0.0/0 Cloudformation
74 CKV_AWS_101 resource AWS::Neptune::DBCluster Ensure Neptune logging is enabled Cloudformation
75 CKV_AWS_104 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB has audit logs enabled Cloudformation
76 CKV_AWS_107 resource AWS::IAM::Policy Ensure IAM policies does not allow credentials exposure Cloudformation
77 CKV_AWS_107 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow credentials exposure Cloudformation
78 CKV_AWS_107 resource AWS::IAM::Group Ensure IAM policies does not allow credentials exposure Cloudformation
79 CKV_AWS_107 resource AWS::IAM::Role Ensure IAM policies does not allow credentials exposure Cloudformation
80 CKV_AWS_107 resource AWS::IAM::User Ensure IAM policies does not allow credentials exposure Cloudformation
81 CKV_AWS_108 resource AWS::IAM::Policy Ensure IAM policies does not allow data exfiltration Cloudformation
82 CKV_AWS_108 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow data exfiltration Cloudformation
83 CKV_AWS_108 resource AWS::IAM::Group Ensure IAM policies does not allow data exfiltration Cloudformation
84 CKV_AWS_108 resource AWS::IAM::Role Ensure IAM policies does not allow data exfiltration Cloudformation
85 CKV_AWS_108 resource AWS::IAM::User Ensure IAM policies does not allow data exfiltration Cloudformation
86 CKV_AWS_109 resource AWS::IAM::Policy Ensure IAM policies does not allow permissions management without constraints Cloudformation
87 CKV_AWS_109 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow permissions management without constraints Cloudformation
88 CKV_AWS_109 resource AWS::IAM::Group Ensure IAM policies does not allow permissions management without constraints Cloudformation
89 CKV_AWS_109 resource AWS::IAM::Role Ensure IAM policies does not allow permissions management without constraints Cloudformation
90 CKV_AWS_109 resource AWS::IAM::User Ensure IAM policies does not allow permissions management without constraints Cloudformation
91 CKV_AWS_110 resource AWS::IAM::Policy Ensure IAM policies does not allow privilege escalation Cloudformation
92 CKV_AWS_110 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow privilege escalation Cloudformation
93 CKV_AWS_110 resource AWS::IAM::Group Ensure IAM policies does not allow privilege escalation Cloudformation
94 CKV_AWS_110 resource AWS::IAM::Role Ensure IAM policies does not allow privilege escalation Cloudformation
95 CKV_AWS_110 resource AWS::IAM::User Ensure IAM policies does not allow privilege escalation Cloudformation
96 CKV_AWS_111 resource AWS::IAM::Policy Ensure IAM policies does not allow write access without constraints Cloudformation
97 CKV_AWS_111 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow write access without constraints Cloudformation
98 CKV_AWS_111 resource AWS::IAM::Group Ensure IAM policies does not allow write access without constraints Cloudformation
99 CKV_AWS_111 resource AWS::IAM::Role Ensure IAM policies does not allow write access without constraints Cloudformation
100 CKV_AWS_111 resource AWS::IAM::User Ensure IAM policies does not allow write access without constraints Cloudformation
101 CKV_AWS_157 resource AWS::RDS::DBInstance Ensure that RDS instances have Multi-AZ enabled Cloudformation