0 |
CKV_AWS_2 |
resource |
AWS::ElasticLoadBalancingV2::Listener |
Ensure ALB protocol is HTTPS |
Cloudformation |
1 |
CKV_AWS_3 |
resource |
AWS::EC2::Volume |
Ensure all data stored in the EBS is securely encrypted |
Cloudformation |
2 |
CKV_AWS_5 |
resource |
AWS::Elasticsearch::Domain |
Ensure all data stored in the Elasticsearch is securely encrypted at rest |
Cloudformation |
3 |
CKV_AWS_6 |
resource |
AWS::Elasticsearch::Domain |
Ensure all Elasticsearch has node-to-node encryption enabled |
Cloudformation |
4 |
CKV_AWS_7 |
resource |
AWS::KMS::Key |
Ensure rotation for customer created CMKs is enabled |
Cloudformation |
5 |
CKV_AWS_8 |
resource |
AWS::AutoScaling::LaunchConfiguration |
Ensure all data stored in the Launch configuration EBS is securely encrypted |
Cloudformation |
6 |
CKV_AWS_16 |
resource |
AWS::RDS::DBInstance |
Ensure all data stored in the RDS is securely encrypted at rest |
Cloudformation |
7 |
CKV_AWS_17 |
resource |
AWS::RDS::DBInstance |
Ensure all data stored in RDS is not publicly accessible |
Cloudformation |
8 |
CKV_AWS_18 |
resource |
AWS::S3::Bucket |
Ensure the S3 bucket has access logging enabled |
Cloudformation |
9 |
CKV_AWS_19 |
resource |
AWS::S3::Bucket |
Ensure the S3 bucket has server-side-encryption enabled |
Cloudformation |
10 |
CKV_AWS_20 |
resource |
AWS::S3::Bucket |
Ensure the S3 bucket does not allow READ permissions to everyone |
Cloudformation |
11 |
CKV_AWS_21 |
resource |
AWS::S3::Bucket |
Ensure the S3 bucket has versioning enabled |
Cloudformation |
12 |
CKV_AWS_23 |
resource |
AWS::EC2::SecurityGroup |
Ensure every security groups rule has a description |
Cloudformation |
13 |
CKV_AWS_23 |
resource |
AWS::EC2::SecurityGroupEgress |
Ensure every security groups rule has a description |
Cloudformation |
14 |
CKV_AWS_23 |
resource |
AWS::EC2::SecurityGroupIngress |
Ensure every security groups rule has a description |
Cloudformation |
15 |
CKV_AWS_24 |
resource |
AWS::EC2::SecurityGroup |
Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 |
Cloudformation |
16 |
CKV_AWS_24 |
resource |
AWS::EC2::SecurityGroupIngress |
Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 |
Cloudformation |
17 |
CKV_AWS_25 |
resource |
AWS::EC2::SecurityGroup |
Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 |
Cloudformation |
18 |
CKV_AWS_25 |
resource |
AWS::EC2::SecurityGroupIngress |
Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 |
Cloudformation |
19 |
CKV_AWS_26 |
resource |
AWS::SNS::Topic |
Ensure all data stored in the SNS topic is encrypted |
Cloudformation |
20 |
CKV_AWS_27 |
resource |
AWS::SQS::Queue |
Ensure all data stored in the SQS queue is encrypted |
Cloudformation |
21 |
CKV_AWS_28 |
resource |
AWS::DynamoDB::Table |
Ensure Dynamodb point in time recovery (backup) is enabled |
Cloudformation |
22 |
CKV_AWS_29 |
resource |
AWS::ElastiCache::ReplicationGroup |
Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest |
Cloudformation |
23 |
CKV_AWS_30 |
resource |
AWS::ElastiCache::ReplicationGroup |
Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit |
Cloudformation |
24 |
CKV_AWS_31 |
resource |
AWS::ElastiCache::ReplicationGroup |
Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token |
Cloudformation |
25 |
CKV_AWS_32 |
resource |
AWS::ECR::Repository |
Ensure ECR policy is not set to public |
Cloudformation |
26 |
CKV_AWS_33 |
resource |
AWS::KMS::Key |
Ensure KMS key policy does not contain wildcard (*) principal |
Cloudformation |
27 |
CKV_AWS_34 |
resource |
AWS::CloudFront::Distribution |
Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS |
Cloudformation |
28 |
CKV_AWS_35 |
resource |
AWS::CloudTrail::Trail |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
Cloudformation |
29 |
CKV_AWS_36 |
resource |
AWS::CloudTrail::Trail |
Ensure CloudTrail log file validation is enabled |
Cloudformation |
30 |
CKV_AWS_40 |
resource |
AWS::IAM::Policy |
Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) |
Cloudformation |
31 |
CKV_AWS_42 |
resource |
AWS::EFS::FileSystem |
Ensure EFS is securely encrypted |
Cloudformation |
32 |
CKV_AWS_43 |
resource |
AWS::Kinesis::Stream |
Ensure Kinesis Stream is securely encrypted |
Cloudformation |
33 |
CKV_AWS_44 |
resource |
AWS::Neptune::DBCluster |
Ensure Neptune storage is securely encrypted |
Cloudformation |
34 |
CKV_AWS_45 |
resource |
AWS::Lambda::Function |
Ensure no hard-coded secrets exist in lambda environment |
Cloudformation |
35 |
CKV_AWS_45 |
resource |
AWS::Serverless::Function |
Ensure no hard-coded secrets exist in lambda environment |
Cloudformation |
36 |
CKV_AWS_46 |
resource |
AWS::EC2::Instance |
Ensure no hard-coded secrets exist in EC2 user data |
Cloudformation |
37 |
CKV_AWS_47 |
resource |
AWS::DAX::Cluster |
Ensure DAX is encrypted at rest (default is unencrypted) |
Cloudformation |
38 |
CKV_AWS_51 |
resource |
AWS::ECR::Repository |
Ensure ECR Image Tags are immutable |
Cloudformation |
39 |
CKV_AWS_53 |
resource |
AWS::S3::Bucket |
Ensure S3 bucket has block public ACLS enabled |
Cloudformation |
40 |
CKV_AWS_54 |
resource |
AWS::S3::Bucket |
Ensure S3 bucket has block public policy enabled |
Cloudformation |
41 |
CKV_AWS_55 |
resource |
AWS::S3::Bucket |
Ensure S3 bucket has ignore public ACLs enabled |
Cloudformation |
42 |
CKV_AWS_56 |
resource |
AWS::S3::Bucket |
Ensure S3 bucket has ‘restrict_public_bucket’ enabled |
Cloudformation |
43 |
CKV_AWS_57 |
resource |
AWS::S3::Bucket |
Ensure the S3 bucket does not allow WRITE permissions to everyone |
Cloudformation |
44 |
CKV_AWS_58 |
resource |
AWS::EKS::Cluster |
Ensure EKS Cluster has Secrets Encryption Enabled |
Cloudformation |
45 |
CKV_AWS_59 |
resource |
AWS::ApiGateway::Method |
Ensure there is no open access to back-end resources through API |
Cloudformation |
46 |
CKV_AWS_60 |
resource |
AWS::IAM::Role |
Ensure IAM role allows only specific services or principals to assume it |
Cloudformation |
47 |
CKV_AWS_61 |
resource |
AWS::IAM::Role |
Ensure AWS IAM policy does not allow assume role permission across all services |
Cloudformation |
48 |
CKV_AWS_62 |
resource |
AWS::IAM::Group |
Ensure no IAM policies that allow full “-” administrative privileges are not created |
Cloudformation |
49 |
CKV_AWS_62 |
resource |
AWS::IAM::Policy |
Ensure no IAM policies that allow full “-” administrative privileges are not created |
Cloudformation |
50 |
CKV_AWS_62 |
resource |
AWS::IAM::Role |
Ensure no IAM policies that allow full “-” administrative privileges are not created |
Cloudformation |
51 |
CKV_AWS_62 |
resource |
AWS::IAM::User |
Ensure no IAM policies that allow full “-” administrative privileges are not created |
Cloudformation |
52 |
CKV_AWS_63 |
resource |
AWS::IAM::Group |
Ensure no IAM policies documents allow “*” as a statement’s actions |
Cloudformation |
53 |
CKV_AWS_63 |
resource |
AWS::IAM::Policy |
Ensure no IAM policies documents allow “*” as a statement’s actions |
Cloudformation |
54 |
CKV_AWS_63 |
resource |
AWS::IAM::Role |
Ensure no IAM policies documents allow “*” as a statement’s actions |
Cloudformation |
55 |
CKV_AWS_63 |
resource |
AWS::IAM::User |
Ensure no IAM policies documents allow “*” as a statement’s actions |
Cloudformation |
56 |
CKV_AWS_64 |
resource |
AWS::Redshift::Cluster |
Ensure all data stored in the Redshift cluster is securely encrypted at rest |
Cloudformation |
57 |
CKV_AWS_65 |
resource |
AWS::ECS::Cluster |
Ensure container insights are enabled on ECS cluster |
Cloudformation |
58 |
CKV_AWS_66 |
resource |
AWS::Logs::LogGroup |
Ensure that CloudWatch Log Group specifies retention days |
Cloudformation |
59 |
CKV_AWS_67 |
resource |
AWS::CloudTrail::Trail |
Ensure CloudTrail is enabled in all Regions |
Cloudformation |
60 |
CKV_AWS_68 |
resource |
AWS::CloudFront::Distribution |
CloudFront Distribution should have WAF enabled |
Cloudformation |
61 |
CKV_AWS_69 |
resource |
AWS::AmazonMQ::Broker |
Ensure Amazon MQ Broker should not have public access |
Cloudformation |
62 |
CKV_AWS_71 |
resource |
AWS::Redshift::Cluster |
Ensure Redshift Cluster logging is enabled |
Cloudformation |
63 |
CKV_AWS_73 |
resource |
AWS::ApiGateway::Stage |
Ensure API Gateway has X-Ray Tracing enabled |
Cloudformation |
64 |
CKV_AWS_73 |
resource |
AWS::Serverless::Api |
Ensure API Gateway has X-Ray Tracing enabled |
Cloudformation |
65 |
CKV_AWS_74 |
resource |
AWS::DocDB::DBCluster |
Ensure DocDB is encrypted at rest (default is unencrypted) |
Cloudformation |
66 |
CKV_AWS_76 |
resource |
AWS::ApiGateway::Stage |
Ensure API Gateway has Access Logging enabled |
Cloudformation |
67 |
CKV_AWS_76 |
resource |
AWS::Serverless::Api |
Ensure API Gateway has Access Logging enabled |
Cloudformation |
68 |
CKV_AWS_78 |
resource |
AWS::CodeBuild::Project |
Ensure that CodeBuild Project encryption is not disabled |
Cloudformation |
69 |
CKV_AWS_79 |
resource |
AWS::EC2::LaunchTemplate |
Ensure Instance Metadata Service Version 1 is not enabled |
Cloudformation |
70 |
CKV_AWS_82 |
resource |
AWS::Athena::WorkGroup |
Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption |
Cloudformation |
71 |
CKV_AWS_83 |
resource |
AWS::Elasticsearch::Domain |
Ensure Elasticsearch Domain enforces HTTPS |
Cloudformation |
72 |
CKV_AWS_84 |
resource |
AWS::Elasticsearch::Domain |
Ensure Elasticsearch Domain Logging is enabled |
Cloudformation |
73 |
CKV_AWS_85 |
resource |
AWS::DocDB::DBCluster |
Ensure DocDB Logging is enabled |
Cloudformation |
74 |
CKV_AWS_86 |
resource |
AWS::CloudFront::Distribution |
Ensure Cloudfront distribution has Access Logging enabled |
Cloudformation |
75 |
CKV_AWS_87 |
resource |
AWS::Redshift::Cluster |
Redshift cluster should not be publicly accessible |
Cloudformation |
76 |
CKV_AWS_88 |
resource |
AWS::EC2::Instance |
EC2 instance should not have public IP. |
Cloudformation |
77 |
CKV_AWS_88 |
resource |
AWS::EC2::LaunchTemplate |
EC2 instance should not have public IP. |
Cloudformation |
78 |
CKV_AWS_89 |
resource |
AWS::DMS::ReplicationInstance |
DMS replication instance should not be publicly accessible |
Cloudformation |
79 |
CKV_AWS_90 |
resource |
AWS::DocDB::DBClusterParameterGroup |
Ensure DocDB TLS is not disabled |
Cloudformation |
80 |
CKV_AWS_91 |
resource |
AWS::ElasticLoadBalancingV2::LoadBalancer |
Ensure the ELBv2 (Application/Network) has access logging enabled |
Cloudformation |
81 |
CKV_AWS_92 |
resource |
AWS::ElasticLoadBalancing::LoadBalancer |
Ensure the ELB has access logging enabled |
Cloudformation |
82 |
CKV_AWS_94 |
resource |
AWS::Glue::DataCatalogEncryptionSettings |
Ensure Glue Data Catalog Encryption is enabled |
Cloudformation |
83 |
CKV_AWS_95 |
resource |
AWS::ApiGatewayV2::Stage |
Ensure API Gateway V2 has Access Logging enabled |
Cloudformation |
84 |
CKV_AWS_95 |
resource |
AWS::Serverless::HttpApi |
Ensure API Gateway V2 has Access Logging enabled |
Cloudformation |
85 |
CKV_AWS_96 |
resource |
AWS::RDS::DBCluster |
Ensure all data stored in Aurora is securely encrypted at rest |
Cloudformation |
86 |
CKV_AWS_97 |
resource |
AWS::ECS::TaskDefinition |
Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions |
Cloudformation |
87 |
CKV_AWS_99 |
resource |
AWS::Glue::SecurityConfiguration |
Ensure Glue Security Configuration Encryption is enabled |
Cloudformation |
88 |
CKV_AWS_100 |
resource |
AWS::EKS::Nodegroup |
Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 |
Cloudformation |
89 |
CKV_AWS_101 |
resource |
AWS::Neptune::DBCluster |
Ensure Neptune logging is enabled |
Cloudformation |
90 |
CKV_AWS_103 |
resource |
AWS::ElasticLoadBalancingV2::Listener |
Ensure that Load Balancer Listener is using at least TLS v1.2 |
Cloudformation |
91 |
CKV_AWS_104 |
resource |
AWS::DocDB::DBClusterParameterGroup |
Ensure DocDB has audit logs enabled |
Cloudformation |
92 |
CKV_AWS_105 |
resource |
AWS::Redshift::ClusterParameterGroup |
Ensure Redshift uses SSL |
Cloudformation |
93 |
CKV_AWS_107 |
resource |
AWS::IAM::Group |
Ensure IAM policies does not allow credentials exposure |
Cloudformation |
94 |
CKV_AWS_107 |
resource |
AWS::IAM::ManagedPolicy |
Ensure IAM policies does not allow credentials exposure |
Cloudformation |
95 |
CKV_AWS_107 |
resource |
AWS::IAM::Policy |
Ensure IAM policies does not allow credentials exposure |
Cloudformation |
96 |
CKV_AWS_107 |
resource |
AWS::IAM::Role |
Ensure IAM policies does not allow credentials exposure |
Cloudformation |
97 |
CKV_AWS_107 |
resource |
AWS::IAM::User |
Ensure IAM policies does not allow credentials exposure |
Cloudformation |
98 |
CKV_AWS_108 |
resource |
AWS::IAM::Group |
Ensure IAM policies does not allow data exfiltration |
Cloudformation |
99 |
CKV_AWS_108 |
resource |
AWS::IAM::ManagedPolicy |
Ensure IAM policies does not allow data exfiltration |
Cloudformation |
100 |
CKV_AWS_108 |
resource |
AWS::IAM::Policy |
Ensure IAM policies does not allow data exfiltration |
Cloudformation |
101 |
CKV_AWS_108 |
resource |
AWS::IAM::Role |
Ensure IAM policies does not allow data exfiltration |
Cloudformation |
102 |
CKV_AWS_108 |
resource |
AWS::IAM::User |
Ensure IAM policies does not allow data exfiltration |
Cloudformation |
103 |
CKV_AWS_109 |
resource |
AWS::IAM::Group |
Ensure IAM policies does not allow permissions management without constraints |
Cloudformation |
104 |
CKV_AWS_109 |
resource |
AWS::IAM::ManagedPolicy |
Ensure IAM policies does not allow permissions management without constraints |
Cloudformation |
105 |
CKV_AWS_109 |
resource |
AWS::IAM::Policy |
Ensure IAM policies does not allow permissions management without constraints |
Cloudformation |
106 |
CKV_AWS_109 |
resource |
AWS::IAM::Role |
Ensure IAM policies does not allow permissions management without constraints |
Cloudformation |
107 |
CKV_AWS_109 |
resource |
AWS::IAM::User |
Ensure IAM policies does not allow permissions management without constraints |
Cloudformation |
108 |
CKV_AWS_110 |
resource |
AWS::IAM::Group |
Ensure IAM policies does not allow privilege escalation |
Cloudformation |
109 |
CKV_AWS_110 |
resource |
AWS::IAM::ManagedPolicy |
Ensure IAM policies does not allow privilege escalation |
Cloudformation |
110 |
CKV_AWS_110 |
resource |
AWS::IAM::Policy |
Ensure IAM policies does not allow privilege escalation |
Cloudformation |
111 |
CKV_AWS_110 |
resource |
AWS::IAM::Role |
Ensure IAM policies does not allow privilege escalation |
Cloudformation |
112 |
CKV_AWS_110 |
resource |
AWS::IAM::User |
Ensure IAM policies does not allow privilege escalation |
Cloudformation |
113 |
CKV_AWS_111 |
resource |
AWS::IAM::Group |
Ensure IAM policies does not allow write access without constraints |
Cloudformation |
114 |
CKV_AWS_111 |
resource |
AWS::IAM::ManagedPolicy |
Ensure IAM policies does not allow write access without constraints |
Cloudformation |
115 |
CKV_AWS_111 |
resource |
AWS::IAM::Policy |
Ensure IAM policies does not allow write access without constraints |
Cloudformation |
116 |
CKV_AWS_111 |
resource |
AWS::IAM::Role |
Ensure IAM policies does not allow write access without constraints |
Cloudformation |
117 |
CKV_AWS_111 |
resource |
AWS::IAM::User |
Ensure IAM policies does not allow write access without constraints |
Cloudformation |
118 |
CKV_AWS_115 |
resource |
AWS::Lambda::Function |
Ensure that AWS Lambda function is configured for function-level concurrent execution limit |
Cloudformation |
119 |
CKV_AWS_115 |
resource |
AWS::Serverless::Function |
Ensure that AWS Lambda function is configured for function-level concurrent execution limit |
Cloudformation |
120 |
CKV_AWS_116 |
resource |
AWS::Lambda::Function |
Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) |
Cloudformation |
121 |
CKV_AWS_116 |
resource |
AWS::Serverless::Function |
Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) |
Cloudformation |
122 |
CKV_AWS_117 |
resource |
AWS::Lambda::Function |
Ensure that AWS Lambda function is configured inside a VPC |
Cloudformation |
123 |
CKV_AWS_117 |
resource |
AWS::Serverless::Function |
Ensure that AWS Lambda function is configured inside a VPC |
Cloudformation |
124 |
CKV_AWS_118 |
resource |
AWS::RDS::DBInstance |
Ensure that enhanced monitoring is enabled for Amazon RDS instances |
Cloudformation |
125 |
CKV_AWS_119 |
resource |
AWS::DynamoDB::Table |
Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK |
Cloudformation |
126 |
CKV_AWS_120 |
resource |
AWS::ApiGateway::Stage |
Ensure API Gateway caching is enabled |
Cloudformation |
127 |
CKV_AWS_120 |
resource |
AWS::Serverless::Api |
Ensure API Gateway caching is enabled |
Cloudformation |
128 |
CKV_AWS_123 |
resource |
AWS::EC2::VPCEndpointService |
Ensure that VPC Endpoint Service is configured for Manual Acceptance |
Cloudformation |
129 |
CKV_AWS_131 |
resource |
AWS::ElasticLoadBalancingV2::LoadBalancer |
Ensure that ALB drops HTTP headers |
Cloudformation |
130 |
CKV_AWS_136 |
resource |
AWS::ECR::Repository |
Ensure that ECR repositories are encrypted using KMS |
Cloudformation |
131 |
CKV_AWS_149 |
resource |
AWS::SecretsManager::Secret |
Ensure that Secrets Manager secret is encrypted using KMS CMK |
Cloudformation |
132 |
CKV_AWS_154 |
resource |
AWS::Redshift::Cluster |
Ensure Redshift is not deployed outside of a VPC |
Cloudformation |
133 |
CKV_AWS_155 |
resource |
AWS::WorkSpaces::Workspace |
Ensure that Workspace user volumes are encrypted |
Cloudformation |
134 |
CKV_AWS_156 |
resource |
AWS::WorkSpaces::Workspace |
Ensure that Workspace root volumes are encrypted |
Cloudformation |
135 |
CKV_AWS_157 |
resource |
AWS::RDS::DBInstance |
Ensure that RDS instances have Multi-AZ enabled |
Cloudformation |
136 |
CKV_AWS_158 |
resource |
AWS::Logs::LogGroup |
Ensure that CloudWatch Log Group is encrypted by KMS |
Cloudformation |
137 |
CKV_AWS_160 |
resource |
AWS::Timestream::Database |
Ensure that Timestream database is encrypted with KMS CMK |
Cloudformation |
138 |
CKV_AWS_161 |
resource |
AWS::RDS::DBInstance |
Ensure RDS database has IAM authentication enabled |
Cloudformation |
139 |
CKV_AWS_162 |
resource |
AWS::RDS::DBCluster |
Ensure RDS cluster has IAM authentication enabled |
Cloudformation |
140 |
CKV_AWS_163 |
resource |
AWS::ECR::Repository |
Ensure ECR image scanning on push is enabled |
Cloudformation |
141 |
CKV_AWS_164 |
resource |
AWS::Transfer::Server |
Ensure Transfer Server is not exposed publicly. |
Cloudformation |
142 |
CKV_AWS_165 |
resource |
AWS::DynamoDB::GlobalTable |
Ensure Dynamodb global table point in time recovery (backup) is enabled |
Cloudformation |
143 |
CKV_AWS_166 |
resource |
AWS::Backup::BackupVault |
Ensure Backup Vault is encrypted at rest using KMS CMK |
Cloudformation |
144 |
CKV_AWS_170 |
resource |
AWS::QLDB::Ledger |
Ensure QLDB ledger permissions mode is set to STANDARD |
Cloudformation |
145 |
CKV_AWS_172 |
resource |
AWS::QLDB::Ledger |
Ensure QLDB ledger has deletion protection enabled |
Cloudformation |
146 |
CKV_AWS_173 |
resource |
AWS::Lambda::Function |
Check encryption settings for Lambda environmental variable |
Cloudformation |
147 |
CKV_AWS_173 |
resource |
AWS::Serverless::Function |
Check encryption settings for Lambda environmental variable |
Cloudformation |
148 |
CKV_AWS_174 |
resource |
AWS::CloudFront::Distribution |
Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 |
Cloudformation |
149 |
CKV_AWS_192 |
resource |
AWS::WAFv2::WebACL |
Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell |
Cloudformation |
150 |
CKV_AWS_193 |
resource |
AWS::AppSync::GraphQLApi |
Ensure AppSync has Logging enabled |
Cloudformation |
151 |
CKV_AWS_194 |
resource |
AWS::AppSync::GraphQLApi |
Ensure AppSync has Field-Level logs enabled |
Cloudformation |
152 |
CKV_AWS_195 |
resource |
AWS::Glue::Crawler |
Ensure Glue component has a security configuration associated |
Cloudformation |
153 |
CKV_AWS_195 |
resource |
AWS::Glue::DevEndpoint |
Ensure Glue component has a security configuration associated |
Cloudformation |
154 |
CKV_AWS_195 |
resource |
AWS::Glue::Job |
Ensure Glue component has a security configuration associated |
Cloudformation |
155 |
CKV_AWS_258 |
resource |
AWS::Lambda::Url |
Ensure that Lambda function URLs AuthType is not None |
Cloudformation |
156 |
CKV_AWS_260 |
resource |
AWS::EC2::SecurityGroup |
Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 |
Cloudformation |
157 |
CKV_AWS_260 |
resource |
AWS::EC2::SecurityGroupIngress |
Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 |
Cloudformation |
158 |
CKV2_AWS_33 |
resource |
AWS::AppSync::GraphQLApi |
Ensure AppSync is protected by WAF |
Cloudformation |