Bridgecrew.io
  • About Bridgecrew by Prisma Cloud
Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Try Bridgecrew
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • GitHub Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
  • 5.Policy Index
    • all resource scans
    • ansible resource scans
    • argo_workflows resource scans
    • arm resource scans
    • azure_pipelines resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • circleci_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans (auto generated)
    • terraform resource scans
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Azure Pipelines configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Terraform Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Ansible configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Pipelines configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CSV
    • CycloneDX BOM
    • GitLab SAST
    • JUnit XML
    • SARIF
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 5.policy index
  • serverless resource scans
Edit on GitHub

serverless resource scans (auto generated)

  Id Type Entity Policy IaC Resource Link
0 CKV_AWS_1 resource serverless_aws Ensure IAM policies that allow full “-” administrative privileges are not created serverless AdminPolicyDocument.py
1 CKV_AWS_41 resource serverless_aws Ensure no hard coded AWS access key and secret key exists in provider serverless AWSCredentials.py
2 CKV_AWS_49 resource serverless_aws Ensure no IAM policies documents allow “*” as a statement’s actions serverless StarActionPolicyDocument.py

  Id Type Entity Policy IaC Resource Link
0 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation ALBListenerHTTPS.py
1 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation EBSEncryption.py
2 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation ElasticsearchEncryption.py
3 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation ElasticsearchNodeToNodeEncryption.py
4 CKV_AWS_7 resource AWS::KMS::Key Ensure rotation for customer created CMKs is enabled Cloudformation KMSRotation.py
5 CKV_AWS_8 resource AWS::AutoScaling::LaunchConfiguration Ensure all data stored in the Launch configuration EBS is securely encrypted Cloudformation LaunchConfigurationEBSEncryption.py
6 CKV_AWS_16 resource AWS::RDS::DBInstance Ensure all data stored in the RDS is securely encrypted at rest Cloudformation RDSEncryption.py
7 CKV_AWS_17 resource AWS::RDS::DBInstance Ensure all data stored in RDS is not publicly accessible Cloudformation RDSPubliclyAccessible.py
8 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation S3AccessLogs.py
9 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation S3Encryption.py
10 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation S3PublicACLRead.py
11 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation S3Versioning.py
12 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation SecurityGroupRuleDescription.py
13 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation SecurityGroupRuleDescription.py
14 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation SecurityGroupRuleDescription.py
15 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation SecurityGroupUnrestrictedIngress22.py
16 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation SecurityGroupUnrestrictedIngress22.py
17 CKV_AWS_25 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation SecurityGroupUnrestrictedIngress3389.py
18 CKV_AWS_25 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation SecurityGroupUnrestrictedIngress3389.py
19 CKV_AWS_26 resource AWS::SNS::Topic Ensure all data stored in the SNS topic is encrypted Cloudformation SNSTopicEncryption.py
20 CKV_AWS_27 resource AWS::SQS::Queue Ensure all data stored in the SQS queue is encrypted Cloudformation SQSQueueEncryption.py
21 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation DynamodbRecovery.py
22 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation ElasticacheReplicationGroupEncryptionAtRest.py
23 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation ElasticacheReplicationGroupEncryptionAtTransit.py
24 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
25 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation ECRPolicy.py
26 CKV_AWS_33 resource AWS::KMS::Key Ensure KMS key policy does not contain wildcard (*) principal Cloudformation KMSKeyWildCardPrincipal.py
27 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation CloudfrontDistributionEncryption.py
28 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation CloudtrailEncryption.py
29 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation CloudtrailLogValidation.py
30 CKV_AWS_40 resource AWS::IAM::Policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Cloudformation IAMPolicyAttachedToGroupOrRoles.py
31 CKV_AWS_42 resource AWS::EFS::FileSystem Ensure EFS is securely encrypted Cloudformation EFSEncryptionEnabled.py
32 CKV_AWS_43 resource AWS::Kinesis::Stream Ensure Kinesis Stream is securely encrypted Cloudformation KinesisStreamEncryptionType.py
33 CKV_AWS_44 resource AWS::Neptune::DBCluster Ensure Neptune storage is securely encrypted Cloudformation NeptuneClusterStorageEncrypted.py
34 CKV_AWS_45 resource AWS::Lambda::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation LambdaEnvironmentCredentials.py
35 CKV_AWS_45 resource AWS::Serverless::Function Ensure no hard-coded secrets exist in lambda environment Cloudformation LambdaEnvironmentCredentials.py
36 CKV_AWS_46 resource AWS::EC2::Instance Ensure no hard-coded secrets exist in EC2 user data Cloudformation EC2Credentials.py
37 CKV_AWS_47 resource AWS::DAX::Cluster Ensure DAX is encrypted at rest (default is unencrypted) Cloudformation DAXEncryption.py
38 CKV_AWS_51 resource AWS::ECR::Repository Ensure ECR Image Tags are immutable Cloudformation ECRImmutableTags.py
39 CKV_AWS_53 resource AWS::S3::Bucket Ensure S3 bucket has block public ACLS enabled Cloudformation S3BlockPublicACLs.py
40 CKV_AWS_54 resource AWS::S3::Bucket Ensure S3 bucket has block public policy enabled Cloudformation S3BlockPublicPolicy.py
41 CKV_AWS_55 resource AWS::S3::Bucket Ensure S3 bucket has ignore public ACLs enabled Cloudformation S3IgnorePublicACLs.py
42 CKV_AWS_56 resource AWS::S3::Bucket Ensure S3 bucket has ‘restrict_public_bucket’ enabled Cloudformation S3RestrictPublicBuckets.py
43 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation S3PublicACLWrite.py
44 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation EKSSecretsEncryption.py
45 CKV_AWS_59 resource AWS::ApiGateway::Method Ensure there is no open access to back-end resources through API Cloudformation APIGatewayAuthorization.py
46 CKV_AWS_60 resource AWS::IAM::Role Ensure IAM role allows only specific services or principals to assume it Cloudformation IAMRoleAllowsPublicAssume.py
47 CKV_AWS_61 resource AWS::IAM::Role Ensure AWS IAM policy does not allow assume role permission across all services Cloudformation IAMRoleAllowAssumeFromAccount.py
48 CKV_AWS_62 resource AWS::IAM::Group Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
49 CKV_AWS_62 resource AWS::IAM::Policy Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
50 CKV_AWS_62 resource AWS::IAM::Role Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
51 CKV_AWS_62 resource AWS::IAM::User Ensure no IAM policies that allow full “-” administrative privileges are not created Cloudformation IAMAdminPolicyDocument.py
52 CKV_AWS_63 resource AWS::IAM::Group Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
53 CKV_AWS_63 resource AWS::IAM::Policy Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
54 CKV_AWS_63 resource AWS::IAM::Role Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
55 CKV_AWS_63 resource AWS::IAM::User Ensure no IAM policies documents allow “*” as a statement’s actions Cloudformation IAMStarActionPolicyDocument.py
56 CKV_AWS_64 resource AWS::Redshift::Cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Cloudformation RedshiftClusterEncryption.py
57 CKV_AWS_65 resource AWS::ECS::Cluster Ensure container insights are enabled on ECS cluster Cloudformation ECSClusterContainerInsights.py
58 CKV_AWS_66 resource AWS::Logs::LogGroup Ensure that CloudWatch Log Group specifies retention days Cloudformation CloudWatchLogGroupRetention.py
59 CKV_AWS_67 resource AWS::CloudTrail::Trail Ensure CloudTrail is enabled in all Regions Cloudformation CloudtrailMultiRegion.py
60 CKV_AWS_68 resource AWS::CloudFront::Distribution CloudFront Distribution should have WAF enabled Cloudformation WAFEnabled.py
61 CKV_AWS_69 resource AWS::AmazonMQ::Broker Ensure Amazon MQ Broker should not have public access Cloudformation AmazonMQBrokerPublicAccess.py
62 CKV_AWS_71 resource AWS::Redshift::Cluster Ensure Redshift Cluster logging is enabled Cloudformation RedshiftClusterLogging.py
63 CKV_AWS_73 resource AWS::ApiGateway::Stage Ensure API Gateway has X-Ray Tracing enabled Cloudformation APIGatewayXray.py
64 CKV_AWS_73 resource AWS::Serverless::Api Ensure API Gateway has X-Ray Tracing enabled Cloudformation APIGatewayXray.py
65 CKV_AWS_74 resource AWS::DocDB::DBCluster Ensure DocDB is encrypted at rest (default is unencrypted) Cloudformation DocDBEncryption.py
66 CKV_AWS_76 resource AWS::ApiGateway::Stage Ensure API Gateway has Access Logging enabled Cloudformation APIGatewayAccessLogging.py
67 CKV_AWS_76 resource AWS::Serverless::Api Ensure API Gateway has Access Logging enabled Cloudformation APIGatewayAccessLogging.py
68 CKV_AWS_78 resource AWS::CodeBuild::Project Ensure that CodeBuild Project encryption is not disabled Cloudformation CodeBuildProjectEncryption.py
69 CKV_AWS_79 resource AWS::EC2::LaunchTemplate Ensure Instance Metadata Service Version 1 is not enabled Cloudformation IMDSv1Disabled.py
70 CKV_AWS_82 resource AWS::Athena::WorkGroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Cloudformation AthenaWorkgroupConfiguration.py
71 CKV_AWS_83 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain enforces HTTPS Cloudformation ElasticsearchDomainEnforceHTTPS.py
72 CKV_AWS_84 resource AWS::Elasticsearch::Domain Ensure Elasticsearch Domain Logging is enabled Cloudformation ElasticsearchDomainLogging.py
73 CKV_AWS_85 resource AWS::DocDB::DBCluster Ensure DocDB Logging is enabled Cloudformation DocDBLogging.py
74 CKV_AWS_86 resource AWS::CloudFront::Distribution Ensure Cloudfront distribution has Access Logging enabled Cloudformation CloudfrontDistributionLogging.py
75 CKV_AWS_87 resource AWS::Redshift::Cluster Redshift cluster should not be publicly accessible Cloudformation RedshiftClusterPubliclyAccessible.py
76 CKV_AWS_88 resource AWS::EC2::Instance EC2 instance should not have public IP. Cloudformation EC2PublicIP.py
77 CKV_AWS_88 resource AWS::EC2::LaunchTemplate EC2 instance should not have public IP. Cloudformation EC2PublicIP.py
78 CKV_AWS_89 resource AWS::DMS::ReplicationInstance DMS replication instance should not be publicly accessible Cloudformation DMSReplicationInstancePubliclyAccessible.py
79 CKV_AWS_90 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB TLS is not disabled Cloudformation DocDBTLS.py
80 CKV_AWS_91 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure the ELBv2 (Application/Network) has access logging enabled Cloudformation ELBv2AccessLogs.py
81 CKV_AWS_92 resource AWS::ElasticLoadBalancing::LoadBalancer Ensure the ELB has access logging enabled Cloudformation ELBAccessLogs.py
82 CKV_AWS_94 resource AWS::Glue::DataCatalogEncryptionSettings Ensure Glue Data Catalog Encryption is enabled Cloudformation GlueDataCatalogEncryption.py
83 CKV_AWS_95 resource AWS::ApiGatewayV2::Stage Ensure API Gateway V2 has Access Logging enabled Cloudformation APIGatewayV2AccessLogging.py
84 CKV_AWS_95 resource AWS::Serverless::HttpApi Ensure API Gateway V2 has Access Logging enabled Cloudformation APIGatewayV2AccessLogging.py
85 CKV_AWS_96 resource AWS::RDS::DBCluster Ensure all data stored in Aurora is securely encrypted at rest Cloudformation AuroraEncryption.py
86 CKV_AWS_97 resource AWS::ECS::TaskDefinition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Cloudformation ECSTaskDefinitionEFSVolumeEncryption.py
87 CKV_AWS_99 resource AWS::Glue::SecurityConfiguration Ensure Glue Security Configuration Encryption is enabled Cloudformation GlueSecurityConfiguration.py
88 CKV_AWS_100 resource AWS::EKS::Nodegroup Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 Cloudformation EKSNodeGroupRemoteAccess.py
89 CKV_AWS_101 resource AWS::Neptune::DBCluster Ensure Neptune logging is enabled Cloudformation NeptuneClusterLogging.py
90 CKV_AWS_103 resource AWS::ElasticLoadBalancingV2::Listener Ensure that Load Balancer Listener is using at least TLS v1.2 Cloudformation ALBListenerTLS12.py
91 CKV_AWS_104 resource AWS::DocDB::DBClusterParameterGroup Ensure DocDB has audit logs enabled Cloudformation DocDBAuditLogs.py
92 CKV_AWS_105 resource AWS::Redshift::ClusterParameterGroup Ensure Redshift uses SSL Cloudformation RedShiftSSL.py
93 CKV_AWS_107 resource AWS::IAM::Group Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
94 CKV_AWS_107 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
95 CKV_AWS_107 resource AWS::IAM::Policy Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
96 CKV_AWS_107 resource AWS::IAM::Role Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
97 CKV_AWS_107 resource AWS::IAM::User Ensure IAM policies does not allow credentials exposure Cloudformation IAMCredentialsExposure.py
98 CKV_AWS_108 resource AWS::IAM::Group Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
99 CKV_AWS_108 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
100 CKV_AWS_108 resource AWS::IAM::Policy Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
101 CKV_AWS_108 resource AWS::IAM::Role Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
102 CKV_AWS_108 resource AWS::IAM::User Ensure IAM policies does not allow data exfiltration Cloudformation IAMDataExfiltration.py
103 CKV_AWS_109 resource AWS::IAM::Group Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
104 CKV_AWS_109 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
105 CKV_AWS_109 resource AWS::IAM::Policy Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
106 CKV_AWS_109 resource AWS::IAM::Role Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
107 CKV_AWS_109 resource AWS::IAM::User Ensure IAM policies does not allow permissions management without constraints Cloudformation IAMPermissionsManagement.py
108 CKV_AWS_110 resource AWS::IAM::Group Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
109 CKV_AWS_110 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
110 CKV_AWS_110 resource AWS::IAM::Policy Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
111 CKV_AWS_110 resource AWS::IAM::Role Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
112 CKV_AWS_110 resource AWS::IAM::User Ensure IAM policies does not allow privilege escalation Cloudformation IAMPrivilegeEscalation.py
113 CKV_AWS_111 resource AWS::IAM::Group Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
114 CKV_AWS_111 resource AWS::IAM::ManagedPolicy Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
115 CKV_AWS_111 resource AWS::IAM::Policy Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
116 CKV_AWS_111 resource AWS::IAM::Role Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
117 CKV_AWS_111 resource AWS::IAM::User Ensure IAM policies does not allow write access without constraints Cloudformation IAMWriteAccess.py
118 CKV_AWS_115 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Cloudformation LambdaFunctionLevelConcurrentExecutionLimit.py
119 CKV_AWS_115 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Cloudformation LambdaFunctionLevelConcurrentExecutionLimit.py
120 CKV_AWS_116 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Cloudformation LambdaDLQConfigured.py
121 CKV_AWS_116 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Cloudformation LambdaDLQConfigured.py
122 CKV_AWS_117 resource AWS::Lambda::Function Ensure that AWS Lambda function is configured inside a VPC Cloudformation LambdaInVPC.py
123 CKV_AWS_117 resource AWS::Serverless::Function Ensure that AWS Lambda function is configured inside a VPC Cloudformation LambdaInVPC.py
124 CKV_AWS_118 resource AWS::RDS::DBInstance Ensure that enhanced monitoring is enabled for Amazon RDS instances Cloudformation RDSEnhancedMonitorEnabled.py
125 CKV_AWS_119 resource AWS::DynamoDB::Table Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK Cloudformation DynamoDBTablesEncrypted.py
126 CKV_AWS_120 resource AWS::ApiGateway::Stage Ensure API Gateway caching is enabled Cloudformation APIGatewayCacheEnable.py
127 CKV_AWS_120 resource AWS::Serverless::Api Ensure API Gateway caching is enabled Cloudformation APIGatewayCacheEnable.py
128 CKV_AWS_123 resource AWS::EC2::VPCEndpointService Ensure that VPC Endpoint Service is configured for Manual Acceptance Cloudformation VPCEndpointAcceptanceConfigured.py
129 CKV_AWS_131 resource AWS::ElasticLoadBalancingV2::LoadBalancer Ensure that ALB drops HTTP headers Cloudformation ALBDropHttpHeaders.py
130 CKV_AWS_136 resource AWS::ECR::Repository Ensure that ECR repositories are encrypted using KMS Cloudformation ECRRepositoryEncrypted.py
131 CKV_AWS_149 resource AWS::SecretsManager::Secret Ensure that Secrets Manager secret is encrypted using KMS CMK Cloudformation SecretManagerSecretEncrypted.py
132 CKV_AWS_154 resource AWS::Redshift::Cluster Ensure Redshift is not deployed outside of a VPC Cloudformation RedshiftInEc2ClassicMode.py
133 CKV_AWS_155 resource AWS::WorkSpaces::Workspace Ensure that Workspace user volumes are encrypted Cloudformation WorkspaceUserVolumeEncrypted.py
134 CKV_AWS_156 resource AWS::WorkSpaces::Workspace Ensure that Workspace root volumes are encrypted Cloudformation WorkspaceRootVolumeEncrypted.py
135 CKV_AWS_157 resource AWS::RDS::DBInstance Ensure that RDS instances have Multi-AZ enabled Cloudformation RDSMultiAZEnabled.py
136 CKV_AWS_158 resource AWS::Logs::LogGroup Ensure that CloudWatch Log Group is encrypted by KMS Cloudformation CloudWatchLogGroupKMSKey.py
137 CKV_AWS_160 resource AWS::Timestream::Database Ensure that Timestream database is encrypted with KMS CMK Cloudformation TimestreamDatabaseKMSKey.py
138 CKV_AWS_161 resource AWS::RDS::DBInstance Ensure RDS database has IAM authentication enabled Cloudformation RDSIAMAuthentication.py
139 CKV_AWS_162 resource AWS::RDS::DBCluster Ensure RDS cluster has IAM authentication enabled Cloudformation RDSClusterIAMAuthentication.py
140 CKV_AWS_163 resource AWS::ECR::Repository Ensure ECR image scanning on push is enabled Cloudformation ECRImageScanning.py
141 CKV_AWS_164 resource AWS::Transfer::Server Ensure Transfer Server is not exposed publicly. Cloudformation TransferServerIsPublic.py
142 CKV_AWS_165 resource AWS::DynamoDB::GlobalTable Ensure Dynamodb global table point in time recovery (backup) is enabled Cloudformation DynamodbGlobalTableRecovery.py
143 CKV_AWS_166 resource AWS::Backup::BackupVault Ensure Backup Vault is encrypted at rest using KMS CMK Cloudformation BackupVaultEncrypted.py
144 CKV_AWS_170 resource AWS::QLDB::Ledger Ensure QLDB ledger permissions mode is set to STANDARD Cloudformation QLDBLedgerPermissionsMode.py
145 CKV_AWS_172 resource AWS::QLDB::Ledger Ensure QLDB ledger has deletion protection enabled Cloudformation QLDBLedgerDeletionProtection.py
146 CKV_AWS_173 resource AWS::Lambda::Function Check encryption settings for Lambda environmental variable Cloudformation LambdaEnvironmentEncryptionSettings.py
147 CKV_AWS_173 resource AWS::Serverless::Function Check encryption settings for Lambda environmental variable Cloudformation LambdaEnvironmentEncryptionSettings.py
148 CKV_AWS_174 resource AWS::CloudFront::Distribution Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 Cloudformation CloudFrontTLS12.py
149 CKV_AWS_192 resource AWS::WAFv2::WebACL Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Cloudformation WAFACLCVE202144228.py
150 CKV_AWS_193 resource AWS::AppSync::GraphQLApi Ensure AppSync has Logging enabled Cloudformation AppSyncLogging.py
151 CKV_AWS_194 resource AWS::AppSync::GraphQLApi Ensure AppSync has Field-Level logs enabled Cloudformation AppSyncFieldLevelLogs.py
152 CKV_AWS_195 resource AWS::Glue::Crawler Ensure Glue component has a security configuration associated Cloudformation GlueSecurityConfigurationEnabled.py
153 CKV_AWS_195 resource AWS::Glue::DevEndpoint Ensure Glue component has a security configuration associated Cloudformation GlueSecurityConfigurationEnabled.py
154 CKV_AWS_195 resource AWS::Glue::Job Ensure Glue component has a security configuration associated Cloudformation GlueSecurityConfigurationEnabled.py
155 CKV_AWS_197 resource AWS::AmazonMQ::Broker Ensure MQ Broker Audit logging is enabled Cloudformation MQBrokerAuditLogging.py
156 CKV_AWS_258 resource AWS::Lambda::Url Ensure that Lambda function URLs AuthType is not None Cloudformation LambdaFunctionURLAuth.py
157 CKV_AWS_260 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Cloudformation SecurityGroupUnrestrictedIngress80.py
158 CKV_AWS_260 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Cloudformation SecurityGroupUnrestrictedIngress80.py
159 CKV2_AWS_33 resource AWS::AppSync::GraphQLApi Ensure AppSync is protected by WAF Cloudformation AppSyncProtectedByWAF.yaml

Powered By

  • Slack Community
  • About Bridgecrew
  • Platform
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy