cloudformation resource scans (auto generated)

  Id Type Entity Policy IaC
0 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation
1 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation
2 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation
3 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation
4 CKV_AWS_7 resource AWS::KMS::Key Ensure rotation for customer created CMKs is enabled Cloudformation
5 CKV_AWS_8 resource AWS::AutoScaling::LaunchConfiguration Ensure all data stored in the Launch configuration EBS is securely encrypted Cloudformation
6 CKV_AWS_16 resource AWS::RDS::DBInstance Ensure all data stored in the RDS is securely encrypted at rest Cloudformation
7 CKV_AWS_17 resource AWS::RDS::DBInstance Ensure all data stored in RDS is not publicly accessible Cloudformation
8 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation
9 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation
10 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation
11 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation
12 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation
13 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation
14 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation
15 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
16 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
17 CKV_AWS_25 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation
18 CKV_AWS_25 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation
19 CKV_AWS_26 resource AWS::SNS::Topic Ensure all data stored in the SNS topic is encrypted Cloudformation
20 CKV_AWS_27 resource AWS::SQS::Queue Ensure all data stored in the SQS queue is encrypted Cloudformation
21 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation
22 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation
23 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation
24 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation
25 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation
26 CKV_AWS_33 resource AWS::KMS::Key Ensure KMS key policy does not contain wildcard (*) principal Cloudformation
27 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation
28 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation
29 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation
30 CKV_AWS_40 resource AWS::IAM::Policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Cloudformation
31 CKV_AWS_42 resource AWS::EFS::FileSystem Ensure EFS is securely encrypted Cloudformation
32 CKV_AWS_43 resource AWS::Kinesis::Stream Ensure Kinesis Stream is securely encrypted Cloudformation
33 CKV_AWS_44 resource AWS::Neptune::DBCluster Ensure Neptune storage is securely encrypted Cloudformation
34 CKV_AWS_45 resource AWS::Lambda::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation
35 CKV_AWS_45 resource AWS::Serverless::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation
36 CKV_AWS_46 resource AWS::EC2::Instance Ensure no hard-coded secrets exist in EC2 user data Cloudformation
37 CKV_AWS_47 resource AWS::DAX::Cluster Ensure DAX is encrypted at rest (default is unencrypted) Cloudformation
38 CKV_AWS_51 resource AWS::ECR::Repository Ensure ECR Image Tags are immutable Cloudformation
39 CKV_AWS_53 resource AWS::S3::Bucket Ensure S3 bucket has block public ACLS enabled Cloudformation
40 CKV_AWS_54 resource AWS::S3::Bucket Ensure S3 bucket has block public policy enabled Cloudformation
41 CKV_AWS_55 resource AWS::S3::Bucket Ensure S3 bucket has ignore public ACLs enabled Cloudformation
42 CKV_AWS_56 resource AWS::S3::Bucket Ensure S3 bucket has ‘restrict_public_bucket’ enabled Cloudformation
43 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation
44 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation
45 CKV_AWS_59 resource AWS::ApiGateway::Method Ensure there is no open access to back-end resources through API Cloudformation
46 CKV_AWS_60 resource AWS::IAM::Role Ensure IAM role allows only specific services or principals to assume it Cloudformation
47 CKV_AWS_61 resource AWS::IAM::Role Ensure AWS IAM policy does not allow assume role permission across all services Cloudformation
48 CKV_AWS_62 resource AWS::IAM::Group Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation
49 CKV_AWS_62 resource AWS::IAM::Policy Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation
50 CKV_AWS_62 resource AWS::IAM::Role Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation
51 CKV_AWS_62 resource AWS::IAM::User Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation
52 CKV_AWS_63 resource AWS::IAM::Group Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation
53 CKV_AWS_63 resource AWS::IAM::Policy Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation
54 CKV_AWS_63 resource AWS::IAM::Role Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation
55 CKV_AWS_63 resource AWS::IAM::User Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation
56 CKV_AWS_64 resource AWS::Redshift::Cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Cloudformation
57 CKV_AWS_65 resource AWS::ECS::Cluster Ensure container insights are enabled on ECS cluster Cloudformation
58 CKV_AWS_66 resource AWS::Logs::LogGroup Ensure that CloudWatch Log Group specifies retention days Cloudformation
59 CKV_AWS_67 resource AWS::CloudTrail::Trail Ensure CloudTrail is enabled in all Regions Cloudformation
60 CKV_AWS_68 resource AWS::CloudFront::Distribution CloudFront Distribution should have WAF enabled Cloudformation
61 CKV_AWS_69 resource AWS::AmazonMQ::Broker Ensure Amazon MQ Broker should not have public access Cloudformation
62 CKV_AWS_71 resource AWS::Redshift::Cluster Ensure Redshift Cluster logging is enabled Cloudformation
63 CKV_AWS_73 resource AWS::ApiGateway::Stage Ensure API Gateway has X-Ray Tracing enabled Cloudformation
64 CKV_AWS_73 resource AWS::Serverless::Api Ensure API Gateway has X-Ray Tracing enabled Cloudformation
65 CKV_AWS_74 resource AWS::DocDB::DBCluster Ensure DocDB is encrypted at rest (default is unencrypted) Cloudformation
66 CKV_AWS_76 resource AWS::ApiGateway::Stage Ensure API Gateway has Access Logging enabled Cloudformation
67 CKV_AWS_76 resource AWS::Serverless::Api Ensure API Gateway has Access Logging enabled Cloudformation
68 CKV_AWS_78 resource AWS::CodeBuild::Project Ensure that CodeBuild Project encryption is not disabled Cloudformation
69 CKV_AWS_79 resource AWS::EC2::LaunchTemplate Ensure Instance Metadata Service Version 1 is not enabled Cloudformation
70 CKV_AWS_82 resource AWS::Athena::WorkGroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Cloudformation
71 CKV_AWS_83 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain enforces HTTPS Cloudformation
72 CKV_AWS_84 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain Logging is enabled Cloudformation
73 CKV_AWS_85 resource AWS::DocDB::DBCluster Ensure DocDB Logging is enabled Cloudformation
74 CKV_AWS_86 resource AWS::CloudFront::Distribution Ensure Cloudfront distribution has Access Logging enabled Cloudformation
75 CKV_AWS_87 resource AWS::Redshift::Cluster Redshift cluster should not be publicly accessible Cloudformation
76 CKV_AWS_88 resource AWS::EC2::Instance EC2 instance should not have public IP. Cloudformation
77 CKV_AWS_88 resource AWS::EC2::LaunchTemplate EC2 instance should not have public IP. Cloudformation
78 CKV_AWS_89 resource AWS::DMS::ReplicationInstance DMS replication instance should not be publicly accessible Cloudformation
79 CKV_AWS_90 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB TLS is not disabled Cloudformation
80 CKV_AWS_91 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure the ELBv2 (Application/Network) has access logging enabled Cloudformation
81 CKV_AWS_92 resource AWS::ElasticLoadBalancing::LoadBalancer Ensure the ELB has access logging enabled Cloudformation
82 CKV_AWS_94 resource AWS::Glue::DataCatalogEncryptionSettings Ensure Glue Data Catalog Encryption is enabled Cloudformation
83 CKV_AWS_95 resource AWS::ApiGatewayV2::Stage Ensure API Gateway V2 has Access Logging enabled Cloudformation
84 CKV_AWS_95 resource AWS::Serverless::HttpApi Ensure API Gateway V2 has Access Logging enabled Cloudformation
85 CKV_AWS_96 resource AWS::RDS::DBCluster Ensure all data stored in Aurora is securely encrypted at rest Cloudformation
86 CKV_AWS_97 resource AWS::ECS::TaskDefinition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Cloudformation
87 CKV_AWS_99 resource AWS::Glue::SecurityConfiguration Ensure Glue Security Configuration Encryption is enabled Cloudformation
88 CKV_AWS_100 resource AWS::EKS::Nodegroup Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 Cloudformation
89 CKV_AWS_101 resource AWS::Neptune::DBCluster Ensure Neptune logging is enabled Cloudformation
90 CKV_AWS_103 resource AWS::ElasticLoadBalancingV2::Listener Ensure that Load Balancer Listener is using at least TLS v1.2 Cloudformation
91 CKV_AWS_104 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB has audit logs enabled Cloudformation
92 CKV_AWS_105 resource AWS::Redshift::ClusterParameterGroup Ensure Redshift uses SSL Cloudformation
93 CKV_AWS_107 resource AWS::IAM::Group Ensure IAM policies does not allow credentials exposure Cloudformation
94 CKV_AWS_107 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow credentials exposure Cloudformation
95 CKV_AWS_107 resource AWS::IAM::Policy Ensure IAM policies does not allow credentials exposure Cloudformation
96 CKV_AWS_107 resource AWS::IAM::Role Ensure IAM policies does not allow credentials exposure Cloudformation
97 CKV_AWS_107 resource AWS::IAM::User Ensure IAM policies does not allow credentials exposure Cloudformation
98 CKV_AWS_108 resource AWS::IAM::Group Ensure IAM policies does not allow data exfiltration Cloudformation
99 CKV_AWS_108 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow data exfiltration Cloudformation
100 CKV_AWS_108 resource AWS::IAM::Policy Ensure IAM policies does not allow data exfiltration Cloudformation
101 CKV_AWS_108 resource AWS::IAM::Role Ensure IAM policies does not allow data exfiltration Cloudformation
102 CKV_AWS_108 resource AWS::IAM::User Ensure IAM policies does not allow data exfiltration Cloudformation
103 CKV_AWS_109 resource AWS::IAM::Group Ensure IAM policies does not allow permissions management without constraints Cloudformation
104 CKV_AWS_109 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow permissions management without constraints Cloudformation
105 CKV_AWS_109 resource AWS::IAM::Policy Ensure IAM policies does not allow permissions management without constraints Cloudformation
106 CKV_AWS_109 resource AWS::IAM::Role Ensure IAM policies does not allow permissions management without constraints Cloudformation
107 CKV_AWS_109 resource AWS::IAM::User Ensure IAM policies does not allow permissions management without constraints Cloudformation
108 CKV_AWS_110 resource AWS::IAM::Group Ensure IAM policies does not allow privilege escalation Cloudformation
109 CKV_AWS_110 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow privilege escalation Cloudformation
110 CKV_AWS_110 resource AWS::IAM::Policy Ensure IAM policies does not allow privilege escalation Cloudformation
111 CKV_AWS_110 resource AWS::IAM::Role Ensure IAM policies does not allow privilege escalation Cloudformation
112 CKV_AWS_110 resource AWS::IAM::User Ensure IAM policies does not allow privilege escalation Cloudformation
113 CKV_AWS_111 resource AWS::IAM::Group Ensure IAM policies does not allow write access without constraints Cloudformation
114 CKV_AWS_111 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow write access without constraints Cloudformation
115 CKV_AWS_111 resource AWS::IAM::Policy Ensure IAM policies does not allow write access without constraints Cloudformation
116 CKV_AWS_111 resource AWS::IAM::Role Ensure IAM policies does not allow write access without constraints Cloudformation
117 CKV_AWS_111 resource AWS::IAM::User Ensure IAM policies does not allow write access without constraints Cloudformation
118 CKV_AWS_115 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Cloudformation
119 CKV_AWS_115 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Cloudformation
120 CKV_AWS_116 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Cloudformation
121 CKV_AWS_116 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Cloudformation
122 CKV_AWS_117 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured inside a VPC Cloudformation
123 CKV_AWS_117 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured inside a VPC Cloudformation
124 CKV_AWS_118 resource AWS::RDS::DBInstance Ensure that enhanced monitoring is enabled for Amazon RDS instances Cloudformation
125 CKV_AWS_119 resource AWS::DynamoDB::Table Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK Cloudformation
126 CKV_AWS_120 resource AWS::ApiGateway::Stage Ensure API Gateway caching is enabled Cloudformation
127 CKV_AWS_120 resource AWS::Serverless::Api Ensure API Gateway caching is enabled Cloudformation
128 CKV_AWS_123 resource AWS::EC2::VPCEndpointService Ensure that VPC Endpoint Service is configured for Manual Acceptance Cloudformation
129 CKV_AWS_131 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure that ALB drops HTTP headers Cloudformation
130 CKV_AWS_136 resource AWS::ECR::Repository Ensure that ECR repositories are encrypted using KMS Cloudformation
131 CKV_AWS_149 resource AWS::SecretsManager::Secret Ensure that Secrets Manager secret is encrypted using KMS CMK Cloudformation
132 CKV_AWS_154 resource AWS::Redshift::Cluster Ensure Redshift is not deployed outside of a VPC Cloudformation
133 CKV_AWS_155 resource AWS::WorkSpaces::Workspace Ensure that Workspace user volumes are encrypted Cloudformation
134 CKV_AWS_156 resource AWS::WorkSpaces::Workspace Ensure that Workspace root volumes are encrypted Cloudformation
135 CKV_AWS_157 resource AWS::RDS::DBInstance Ensure that RDS instances have Multi-AZ enabled Cloudformation
136 CKV_AWS_158 resource AWS::Logs::LogGroup Ensure that CloudWatch Log Group is encrypted by KMS Cloudformation
137 CKV_AWS_160 resource AWS::Timestream::Database Ensure that Timestream database is encrypted with KMS CMK Cloudformation
138 CKV_AWS_161 resource AWS::RDS::DBInstance Ensure RDS database has IAM authentication enabled Cloudformation
139 CKV_AWS_162 resource AWS::RDS::DBCluster Ensure RDS cluster has IAM authentication enabled Cloudformation
140 CKV_AWS_163 resource AWS::ECR::Repository Ensure ECR image scanning on push is enabled Cloudformation
141 CKV_AWS_164 resource AWS::Transfer::Server Ensure Transfer Server is not exposed publicly. Cloudformation
142 CKV_AWS_165 resource AWS::DynamoDB::GlobalTable Ensure Dynamodb global table point in time recovery (backup) is enabled Cloudformation
143 CKV_AWS_166 resource AWS::Backup::BackupVault Ensure Backup Vault is encrypted at rest using KMS CMK Cloudformation
144 CKV_AWS_170 resource AWS::QLDB::Ledger Ensure QLDB ledger permissions mode is set to STANDARD Cloudformation
145 CKV_AWS_172 resource AWS::QLDB::Ledger Ensure QLDB ledger has deletion protection enabled Cloudformation
146 CKV_AWS_173 resource AWS::Lambda::Function Check encryption settings for Lambda environmental variable Cloudformation
147 CKV_AWS_173 resource AWS::Serverless::Function Check encryption settings for Lambda environmental variable Cloudformation
148 CKV_AWS_174 resource AWS::CloudFront::Distribution Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 Cloudformation
149 CKV_AWS_192 resource AWS::WAFv2::WebACL Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Cloudformation
150 CKV_AWS_193 resource AWS::AppSync::GraphQLApi Ensure AppSync has Logging enabled Cloudformation
151 CKV_AWS_194 resource AWS::AppSync::GraphQLApi Ensure AppSync has Field-Level logs enabled Cloudformation
152 CKV_AWS_195 resource AWS::Glue::Crawler Ensure Glue component has a security configuration associated Cloudformation
153 CKV_AWS_195 resource AWS::Glue::DevEndpoint Ensure Glue component has a security configuration associated Cloudformation
154 CKV_AWS_195 resource AWS::Glue::Job Ensure Glue component has a security configuration associated Cloudformation
155 CKV_AWS_258 resource AWS::Lambda::Url Ensure that Lambda function URLs AuthType is not None Cloudformation
156 CKV_AWS_260 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Cloudformation
157 CKV_AWS_260 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Cloudformation
158 CKV2_AWS_33 resource AWS::AppSync::GraphQLApi Ensure AppSync is protected by WAF Cloudformation