image/svg+xml Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • GitHub Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
    • OpenAI
  • 5.Policy Index
    • all resource scans
    • ansible resource scans
    • argo_workflows resource scans
    • arm resource scans
    • azure_pipelines resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • circleci_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans
    • terraform resource scans (auto generated)
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Azure Pipelines configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Terraform Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Ansible configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Pipelines configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CSV
    • CycloneDX BOM
    • GitLab SAST
    • JUnit XML
    • SARIF
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 5.policy index
  • terraform resource scans
Edit on GitHub

terraform resource scans (auto generated)

  Id Type Entity Policy IaC Resource Link
0 CKV2_ADO_1 resource azuredevops_branch_policy_min_reviewers Ensure at least two approving reviews for PRs Terraform ADORepositoryHasMinTwoReviewers.yaml
1 CKV2_ADO_1 resource azuredevops_git_repository Ensure at least two approving reviews for PRs Terraform ADORepositoryHasMinTwoReviewers.yaml
2 CKV_ALI_1 resource alicloud_oss_bucket Alibaba Cloud OSS bucket accessible to public Terraform OSSBucketPublic.py
3 CKV_ALI_2 resource alicloud_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
4 CKV_ALI_3 resource alicloud_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
5 CKV_ALI_4 resource alicloud_actiontrail_trail Ensure Action Trail Logging for all regions Terraform ActionTrailLogAllRegions.py
6 CKV_ALI_5 resource alicloud_actiontrail_trail Ensure Action Trail Logging for all events Terraform ActionTrailLogAllEvents.py
7 CKV_ALI_6 resource alicloud_oss_bucket Ensure OSS bucket is encrypted with Customer Master Key Terraform OSSBucketEncryptedWithCMK.py
8 CKV_ALI_7 resource alicloud_disk Ensure disk is encrypted Terraform DiskIsEncrypted.py
9 CKV_ALI_8 resource alicloud_disk Ensure Disk is encrypted with Customer Master Key Terraform DiskEncryptedWithCMK.py
10 CKV_ALI_9 resource alicloud_db_instance Ensure database instance is not public Terraform RDSIsPublic.py
11 CKV_ALI_10 resource alicloud_oss_bucket Ensure OSS bucket has versioning enabled Terraform OSSBucketVersioning.py
12 CKV_ALI_11 resource alicloud_oss_bucket Ensure OSS bucket has transfer Acceleration enabled Terraform OSSBucketTransferAcceleration.py
13 CKV_ALI_12 resource alicloud_oss_bucket Ensure the OSS bucket has access logging enabled Terraform OSSBucketAccessLogs.py
14 CKV_ALI_13 resource alicloud_ram_account_password_policy Ensure RAM password policy requires minimum length of 14 or greater Terraform RAMPasswordPolicyLength.py
15 CKV_ALI_14 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one number Terraform RAMPasswordPolicyNumber.py
16 CKV_ALI_15 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one symbol Terraform RAMPasswordPolicySymbol.py
17 CKV_ALI_16 resource alicloud_ram_account_password_policy Ensure RAM password policy expires passwords within 90 days or less Terraform RAMPasswordPolicyExpiration.py
18 CKV_ALI_17 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one lowercase letter Terraform RAMPasswordPolicyLowercaseLetter.py
19 CKV_ALI_18 resource alicloud_ram_account_password_policy Ensure RAM password policy prevents password reuse Terraform RAMPasswordPolicyReuse.py
20 CKV_ALI_19 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one uppercase letter Terraform RAMPasswordPolicyUppcaseLetter.py
21 CKV_ALI_20 resource alicloud_db_instance Ensure RDS instance uses SSL Terraform RDSInstanceSSL.py
22 CKV_ALI_21 resource alicloud_api_gateway_api Ensure API Gateway API Protocol HTTPS Terraform APIGatewayProtocolHTTPS.py
23 CKV_ALI_22 resource alicloud_db_instance Ensure Transparent Data Encryption is Enabled on instance Terraform RDSTransparentDataEncryptionEnabled.py
24 CKV_ALI_23 resource alicloud_ram_account_password_policy Ensure Ram Account Password Policy Max Login Attempts not > 5 Terraform RAMPasswordPolicyMaxLogin.py
25 CKV_ALI_24 resource alicloud_ram_security_preference Ensure RAM enforces MFA Terraform RAMSecurityEnforceMFA.py
26 CKV_ALI_25 resource alicloud_db_instance Ensure RDS Instance SQL Collector Retention Period should be greater than 180 Terraform RDSRetention.py
27 CKV_ALI_26 resource alicloud_cs_kubernetes Ensure Kubernetes installs plugin Terway or Flannel to support standard policies Terraform K8sEnableNetworkPolicies.py
28 CKV_ALI_27 resource alicloud_kms_key Ensure KMS Key Rotation is enabled Terraform KMSKeyRotationIsEnabled.py
29 CKV_ALI_28 resource alicloud_kms_key Ensure KMS Keys are enabled Terraform KMSKeyIsEnabled.py
30 CKV_ALI_29 resource alicloud_alb_acl_entry_attachment Alibaba ALB ACL does not restrict Access Terraform ALBACLIsUnrestricted.py
31 CKV_ALI_30 resource alicloud_db_instance Ensure RDS instance auto upgrades for minor versions Terraform RDSInstanceAutoUpgrade.py
32 CKV_ALI_31 resource alicloud_cs_kubernetes_node_pool Ensure K8s nodepools are set to auto repair Terraform K8sNodePoolAutoRepair.py
33 CKV_ALI_32 resource alicloud_ecs_launch_template Ensure launch template data disks are encrypted Terraform LaunchTemplateDisksAreEncrypted.py
34 CKV_ALI_33 resource alicloud_slb_tls_cipher_policy Alibaba Cloud Cypher Policy are secure Terraform TLSPoliciesAreSecure.py
35 CKV_ALI_35 resource alicloud_db_instance Ensure RDS instance has log_duration enabled Terraform RDSInstanceLogsEnabled.py
36 CKV_ALI_36 resource alicloud_db_instance Ensure RDS instance has log_disconnections enabled Terraform RDSInstanceLogDisconnections.py
37 CKV_ALI_37 resource alicloud_db_instance Ensure RDS instance has log_connections enabled Terraform RDSInstanceLogConnections.py
38 CKV_ALI_38 resource alicloud_log_audit Ensure log audit is enabled for RDS Terraform LogAuditRDSEnabled.py
39 CKV_ALI_41 resource alicloud_mongodb_instance Ensure MongoDB is deployed inside a VPC Terraform MongoDBInsideVPC.py
40 CKV_ALI_42 resource alicloud_mongodb_instance Ensure Mongodb instance uses SSL Terraform MongoDBInstanceSSL.py
41 CKV_ALI_43 resource alicloud_mongodb_instance Ensure MongoDB instance is not public Terraform MongoDBIsPublic.py
42 CKV_ALI_44 resource alicloud_mongodb_instance Ensure MongoDB has Transparent Data Encryption Enabled Terraform MongoDBTransparentDataEncryptionEnabled.py
43 CKV_AWS_1 data aws_iam_policy_document Ensure IAM policies that allow full “-” administrative privileges are not created Terraform AdminPolicyDocument.py
44 CKV_AWS_2 resource aws_alb_listener Ensure ALB protocol is HTTPS Terraform ALBListenerHTTPS.py
45 CKV_AWS_2 resource aws_lb_listener Ensure ALB protocol is HTTPS Terraform ALBListenerHTTPS.py
46 CKV_AWS_3 resource aws_ebs_volume Ensure all data stored in the EBS is securely encrypted Terraform EBSEncryption.py
47 CKV_AWS_5 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform ElasticsearchEncryption.py
48 CKV_AWS_5 resource aws_opensearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform ElasticsearchEncryption.py
49 CKV_AWS_6 resource aws_elasticsearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform ElasticsearchNodeToNodeEncryption.py
50 CKV_AWS_6 resource aws_opensearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform ElasticsearchNodeToNodeEncryption.py
51 CKV_AWS_7 resource aws_kms_key Ensure rotation for customer created CMKs is enabled Terraform KMSRotation.py
52 CKV_AWS_8 resource aws_instance Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted Terraform LaunchConfigurationEBSEncryption.py
53 CKV_AWS_8 resource aws_launch_configuration Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted Terraform LaunchConfigurationEBSEncryption.py
54 CKV_AWS_9 resource aws_iam_account_password_policy Ensure IAM password policy expires passwords within 90 days or less Terraform PasswordPolicyExpiration.py
55 CKV_AWS_10 resource aws_iam_account_password_policy Ensure IAM password policy requires minimum length of 14 or greater Terraform PasswordPolicyLength.py
56 CKV_AWS_11 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one lowercase letter Terraform PasswordPolicyLowercaseLetter.py
57 CKV_AWS_12 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one number Terraform PasswordPolicyNumber.py
58 CKV_AWS_13 resource aws_iam_account_password_policy Ensure IAM password policy prevents password reuse Terraform PasswordPolicyReuse.py
59 CKV_AWS_14 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one symbol Terraform PasswordPolicySymbol.py
60 CKV_AWS_15 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one uppercase letter Terraform PasswordPolicyUppercaseLetter.py
61 CKV_AWS_16 resource aws_db_instance Ensure all data stored in the RDS is securely encrypted at rest Terraform RDSEncryption.py
62 CKV_AWS_17 resource aws_db_instance Ensure all data stored in RDS is not publicly accessible Terraform RDSPubliclyAccessible.py
63 CKV_AWS_17 resource aws_rds_cluster_instance Ensure all data stored in RDS is not publicly accessible Terraform RDSPubliclyAccessible.py
64 CKV_AWS_18 resource aws_s3_bucket Ensure the S3 bucket has access logging enabled Terraform S3BucketLogging.yaml
65 CKV_AWS_19 resource aws_s3_bucket Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform S3BucketEncryption.yaml
66 CKV_AWS_19 resource aws_s3_bucket_server_side_encryption_configuration Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform S3BucketEncryption.yaml
67 CKV_AWS_20 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public READ access. Terraform S3PublicACLRead.yaml
68 CKV_AWS_20 resource aws_s3_bucket_acl S3 Bucket has an ACL defined which allows public READ access. Terraform S3PublicACLRead.yaml
69 CKV_AWS_21 resource aws_s3_bucket Ensure all data stored in the S3 bucket have versioning enabled Terraform S3BucketVersioning.yaml
70 CKV_AWS_21 resource aws_s3_bucket_versioning Ensure all data stored in the S3 bucket have versioning enabled Terraform S3BucketVersioning.yaml
71 CKV_AWS_22 resource aws_sagemaker_notebook_instance Ensure SageMaker Notebook is encrypted at rest using KMS CMK Terraform SagemakerNotebookEncryption.py
72 CKV_AWS_23 resource aws_db_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
73 CKV_AWS_23 resource aws_elasticache_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
74 CKV_AWS_23 resource aws_redshift_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
75 CKV_AWS_23 resource aws_security_group Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
76 CKV_AWS_23 resource aws_security_group_rule Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
77 CKV_AWS_23 resource aws_vpc_security_group_egress_rule Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
78 CKV_AWS_23 resource aws_vpc_security_group_ingress_rule Ensure every security groups rule has a description Terraform SecurityGroupRuleDescription.py
79 CKV_AWS_24 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
80 CKV_AWS_24 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
81 CKV_AWS_24 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform SecurityGroupUnrestrictedIngress22.py
82 CKV_AWS_25 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
83 CKV_AWS_25 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
84 CKV_AWS_25 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform SecurityGroupUnrestrictedIngress3389.py
85 CKV_AWS_26 resource aws_sns_topic Ensure all data stored in the SNS topic is encrypted Terraform SNSTopicEncryption.py
86 CKV_AWS_27 resource aws_sqs_queue Ensure all data stored in the SQS queue is encrypted Terraform SQSQueueEncryption.py
87 CKV_AWS_28 resource aws_dynamodb_table Ensure Dynamodb point in time recovery (backup) is enabled Terraform DynamodbRecovery.py
88 CKV_AWS_29 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Terraform ElasticacheReplicationGroupEncryptionAtRest.py
89 CKV_AWS_30 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Terraform ElasticacheReplicationGroupEncryptionAtTransit.py
90 CKV_AWS_31 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Terraform ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
91 CKV_AWS_32 resource aws_ecr_repository_policy Ensure ECR policy is not set to public Terraform ECRPolicy.py
92 CKV_AWS_33 resource aws_kms_key Ensure KMS key policy does not contain wildcard (*) principal Terraform KMSKeyWildcardPrincipal.py
93 CKV_AWS_34 resource aws_cloudfront_distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Terraform CloudfrontDistributionEncryption.py
94 CKV_AWS_35 resource aws_cloudtrail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Terraform CloudtrailEncryptionWithCMK.py
95 CKV_AWS_36 resource aws_cloudtrail Ensure CloudTrail log file validation is enabled Terraform CloudtrailLogValidation.py
96 CKV_AWS_37 resource aws_eks_cluster Ensure Amazon EKS control plane logging enabled for all log types Terraform EKSControlPlaneLogging.py
97 CKV_AWS_38 resource aws_eks_cluster Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 Terraform EKSPublicAccessCIDR.py
98 CKV_AWS_39 resource aws_eks_cluster Ensure Amazon EKS public endpoint disabled Terraform EKSPublicAccess.py
99 CKV_AWS_40 resource aws_iam_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform IAMPolicyAttachedToGroupOrRoles.py
100 CKV_AWS_40 resource aws_iam_user_policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform IAMPolicyAttachedToGroupOrRoles.py
101 CKV_AWS_40 resource aws_iam_user_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform IAMPolicyAttachedToGroupOrRoles.py
102 CKV_AWS_41 provider aws Ensure no hard coded AWS access key and secret key exists in provider Terraform credentials.py
103 CKV_AWS_42 resource aws_efs_file_system Ensure EFS is securely encrypted Terraform EFSEncryptionEnabled.py
104 CKV_AWS_43 resource aws_kinesis_stream Ensure Kinesis Stream is securely encrypted Terraform KinesisStreamEncryptionType.py
105 CKV_AWS_44 resource aws_neptune_cluster Ensure Neptune storage is securely encrypted Terraform NeptuneClusterStorageEncrypted.py
106 CKV_AWS_45 resource aws_lambda_function Ensure no hard-coded secrets exist in lambda environment Terraform LambdaEnvironmentCredentials.py
107 CKV_AWS_46 resource aws_instance Ensure no hard-coded secrets exist in EC2 user data Terraform EC2Credentials.py
108 CKV_AWS_46 resource aws_launch_configuration Ensure no hard-coded secrets exist in EC2 user data Terraform EC2Credentials.py
109 CKV_AWS_46 resource aws_launch_template Ensure no hard-coded secrets exist in EC2 user data Terraform EC2Credentials.py
110 CKV_AWS_47 resource aws_dax_cluster Ensure DAX is encrypted at rest (default is unencrypted) Terraform DAXEncryption.py
111 CKV_AWS_48 resource aws_mq_broker Ensure MQ Broker logging is enabled Terraform MQBrokerLogging.py
112 CKV_AWS_49 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s actions Terraform StarActionPolicyDocument.py
113 CKV_AWS_50 resource aws_lambda_function X-ray tracing is enabled for Lambda Terraform LambdaXrayEnabled.py
114 CKV_AWS_51 resource aws_ecr_repository Ensure ECR Image Tags are immutable Terraform ECRImmutableTags.py
115 CKV_AWS_53 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public ACLS enabled Terraform S3BlockPublicACLs.py
116 CKV_AWS_54 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public policy enabled Terraform S3BlockPublicPolicy.py
117 CKV_AWS_55 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ignore public ACLs enabled Terraform S3IgnorePublicACLs.py
118 CKV_AWS_56 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ‘restrict_public_bucket’ enabled Terraform S3RestrictPublicBuckets.py
119 CKV_AWS_57 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public WRITE access. Terraform S3PublicACLWrite.yaml
120 CKV_AWS_57 resource aws_s3_bucket_acl S3 Bucket has an ACL defined which allows public WRITE access. Terraform S3PublicACLWrite.yaml
121 CKV_AWS_58 resource aws_eks_cluster Ensure EKS Cluster has Secrets Encryption Enabled Terraform EKSSecretsEncryption.py
122 CKV_AWS_59 resource aws_api_gateway_method Ensure there is no open access to back-end resources through API Terraform APIGatewayAuthorization.py
123 CKV_AWS_60 resource aws_iam_role Ensure IAM role allows only specific services or principals to assume it Terraform IAMRoleAllowsPublicAssume.py
124 CKV_AWS_61 resource aws_iam_role Ensure AWS IAM policy does not allow assume role permission across all services Terraform IAMRoleAllowAssumeFromAccount.py
125 CKV_AWS_62 resource aws_iam_group_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
126 CKV_AWS_62 resource aws_iam_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
127 CKV_AWS_62 resource aws_iam_role_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
128 CKV_AWS_62 resource aws_iam_user_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
129 CKV_AWS_62 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform IAMAdminPolicyDocument.py
130 CKV_AWS_63 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
131 CKV_AWS_63 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
132 CKV_AWS_63 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
133 CKV_AWS_63 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
134 CKV_AWS_63 resource aws_ssoadmin_permission_set_inline_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform IAMStarActionPolicyDocument.py
135 CKV_AWS_64 resource aws_redshift_cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Terraform RedshiftClusterEncryption.py
136 CKV_AWS_65 resource aws_ecs_cluster Ensure container insights are enabled on ECS cluster Terraform ECSClusterContainerInsights.py
137 CKV_AWS_66 resource aws_cloudwatch_log_group Ensure that CloudWatch Log Group specifies retention days Terraform CloudWatchLogGroupRetention.py
138 CKV_AWS_67 resource aws_cloudtrail Ensure CloudTrail is enabled in all Regions Terraform CloudtrailMultiRegion.py
139 CKV_AWS_68 resource aws_cloudfront_distribution CloudFront Distribution should have WAF enabled Terraform WAFEnabled.py
140 CKV_AWS_69 resource aws_mq_broker Ensure MQ Broker is not publicly exposed Terraform MQBrokerNotPubliclyExposed.py
141 CKV_AWS_70 resource aws_s3_bucket Ensure S3 bucket does not allow an action with any Principal Terraform S3AllowsAnyPrincipal.py
142 CKV_AWS_70 resource aws_s3_bucket_policy Ensure S3 bucket does not allow an action with any Principal Terraform S3AllowsAnyPrincipal.py
143 CKV_AWS_71 resource aws_redshift_cluster Ensure Redshift Cluster logging is enabled Terraform RedshiftClusterLogging.py
144 CKV_AWS_72 resource aws_sqs_queue_policy Ensure SQS policy does not allow ALL (*) actions. Terraform SQSPolicy.py
145 CKV_AWS_73 resource aws_api_gateway_stage Ensure API Gateway has X-Ray Tracing enabled Terraform APIGatewayXray.py
146 CKV_AWS_74 resource aws_docdb_cluster Ensure DocDB is encrypted at rest (default is unencrypted) Terraform DocDBEncryption.py
147 CKV_AWS_75 resource aws_globalaccelerator_accelerator Ensure Global Accelerator accelerator has flow logs enabled Terraform GlobalAcceleratorAcceleratorFlowLogs.py
148 CKV_AWS_76 resource aws_api_gateway_stage Ensure API Gateway has Access Logging enabled Terraform APIGatewayAccessLogging.py
149 CKV_AWS_76 resource aws_apigatewayv2_stage Ensure API Gateway has Access Logging enabled Terraform APIGatewayAccessLogging.py
150 CKV_AWS_77 resource aws_athena_database Ensure Athena Database is encrypted at rest (default is unencrypted) Terraform AthenaDatabaseEncryption.py
151 CKV_AWS_78 resource aws_codebuild_project Ensure that CodeBuild Project encryption is not disabled Terraform CodeBuildProjectEncryption.py
152 CKV_AWS_79 resource aws_instance Ensure Instance Metadata Service Version 1 is not enabled Terraform IMDSv1Disabled.py
153 CKV_AWS_79 resource aws_launch_configuration Ensure Instance Metadata Service Version 1 is not enabled Terraform IMDSv1Disabled.py
154 CKV_AWS_79 resource aws_launch_template Ensure Instance Metadata Service Version 1 is not enabled Terraform IMDSv1Disabled.py
155 CKV_AWS_80 resource aws_msk_cluster Ensure MSK Cluster logging is enabled Terraform MSKClusterLogging.py
156 CKV_AWS_81 resource aws_msk_cluster Ensure MSK Cluster encryption in rest and transit is enabled Terraform MSKClusterEncryption.py
157 CKV_AWS_82 resource aws_athena_workgroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Terraform AthenaWorkgroupConfiguration.py
158 CKV_AWS_83 resource aws_elasticsearch_domain Ensure Elasticsearch Domain enforces HTTPS Terraform ElasticsearchDomainEnforceHTTPS.py
159 CKV_AWS_83 resource aws_opensearch_domain Ensure Elasticsearch Domain enforces HTTPS Terraform ElasticsearchDomainEnforceHTTPS.py
160 CKV_AWS_84 resource aws_elasticsearch_domain Ensure Elasticsearch Domain Logging is enabled Terraform ElasticsearchDomainLogging.py
161 CKV_AWS_84 resource aws_opensearch_domain Ensure Elasticsearch Domain Logging is enabled Terraform ElasticsearchDomainLogging.py
162 CKV_AWS_85 resource aws_docdb_cluster Ensure DocDB Logging is enabled Terraform DocDBLogging.py
163 CKV_AWS_86 resource aws_cloudfront_distribution Ensure Cloudfront distribution has Access Logging enabled Terraform CloudfrontDistributionLogging.py
164 CKV_AWS_87 resource aws_redshift_cluster Redshift cluster should not be publicly accessible Terraform RedshitClusterPubliclyAvailable.py
165 CKV_AWS_88 resource aws_instance EC2 instance should not have public IP. Terraform EC2PublicIP.py
166 CKV_AWS_88 resource aws_launch_template EC2 instance should not have public IP. Terraform EC2PublicIP.py
167 CKV_AWS_89 resource aws_dms_replication_instance DMS replication instance should not be publicly accessible Terraform DMSReplicationInstancePubliclyAccessible.py
168 CKV_AWS_90 resource aws_docdb_cluster_parameter_group Ensure DocDB TLS is not disabled Terraform DocDBTLS.py
169 CKV_AWS_91 resource aws_alb Ensure the ELBv2 (Application/Network) has access logging enabled Terraform ELBv2AccessLogs.py
170 CKV_AWS_91 resource aws_lb Ensure the ELBv2 (Application/Network) has access logging enabled Terraform ELBv2AccessLogs.py
171 CKV_AWS_92 resource aws_elb Ensure the ELB has access logging enabled Terraform ELBAccessLogs.py
172 CKV_AWS_93 resource aws_s3_bucket Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) Terraform S3ProtectAgainstPolicyLockout.py
173 CKV_AWS_93 resource aws_s3_bucket_policy Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) Terraform S3ProtectAgainstPolicyLockout.py
174 CKV_AWS_94 resource aws_glue_data_catalog_encryption_settings Ensure Glue Data Catalog Encryption is enabled Terraform GlueDataCatalogEncryption.py
175 CKV_AWS_96 resource aws_rds_cluster Ensure all data stored in Aurora is securely encrypted at rest Terraform AuroraEncryption.py
176 CKV_AWS_97 resource aws_ecs_task_definition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Terraform ECSTaskDefinitionEFSVolumeEncryption.py
177 CKV_AWS_98 resource aws_sagemaker_endpoint_configuration Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest Terraform SagemakerEndpointConfigurationEncryption.py
178 CKV_AWS_99 resource aws_glue_security_configuration Ensure Glue Security Configuration Encryption is enabled Terraform GlueSecurityConfiguration.py
179 CKV_AWS_100 resource aws_eks_node_group Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 Terraform EKSNodeGroupRemoteAccess.py
180 CKV_AWS_101 resource aws_neptune_cluster Ensure Neptune logging is enabled Terraform NeptuneClusterLogging.py
181 CKV_AWS_102 resource aws_neptune_cluster_instance Ensure Neptune Cluster instance is not publicly available Terraform NeptuneClusterInstancePublic.py
182 CKV_AWS_103 resource aws_alb_listener Ensure that load balancer is using at least TLS 1.2 Terraform AppLoadBalancerTLS12.yaml
183 CKV_AWS_103 resource aws_lb Ensure that load balancer is using at least TLS 1.2 Terraform AppLoadBalancerTLS12.yaml
184 CKV_AWS_103 resource aws_lb_listener Ensure that load balancer is using at least TLS 1.2 Terraform AppLoadBalancerTLS12.yaml
185 CKV_AWS_104 resource aws_docdb_cluster_parameter_group Ensure DocDB has audit logs enabled Terraform DocDBAuditLogs.py
186 CKV_AWS_105 resource aws_redshift_parameter_group Ensure Redshift uses SSL Terraform RedShiftSSL.py
187 CKV_AWS_106 resource aws_ebs_encryption_by_default Ensure EBS default encryption is enabled Terraform EBSDefaultEncryption.py
188 CKV_AWS_107 data aws_iam_policy_document Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
189 CKV_AWS_108 data aws_iam_policy_document Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
190 CKV_AWS_109 data aws_iam_policy_document Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
191 CKV_AWS_110 data aws_iam_policy_document Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
192 CKV_AWS_111 data aws_iam_policy_document Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
193 CKV_AWS_112 resource aws_ssm_document Ensure Session Manager data is encrypted in transit Terraform SSMSessionManagerDocumentEncryption.py
194 CKV_AWS_113 resource aws_ssm_document Ensure Session Manager logs are enabled and encrypted Terraform SSMSessionManagerDocumentLogging.py
195 CKV_AWS_114 resource aws_emr_cluster Ensure that EMR clusters with Kerberos have Kerberos Realm set Terraform EMRClusterKerberosAttributes.py
196 CKV_AWS_115 resource aws_lambda_function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Terraform LambdaFunctionLevelConcurrentExecutionLimit.py
197 CKV_AWS_116 resource aws_lambda_function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Terraform LambdaDLQConfigured.py
198 CKV_AWS_117 resource aws_lambda_function Ensure that AWS Lambda function is configured inside a VPC Terraform LambdaInVPC.py
199 CKV_AWS_118 resource aws_db_instance Ensure that enhanced monitoring is enabled for Amazon RDS instances Terraform RDSEnhancedMonitorEnabled.py
200 CKV_AWS_118 resource aws_rds_cluster_instance Ensure that enhanced monitoring is enabled for Amazon RDS instances Terraform RDSEnhancedMonitorEnabled.py
201 CKV_AWS_119 resource aws_dynamodb_table Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK Terraform DynamoDBTablesEncrypted.py
202 CKV_AWS_120 resource aws_api_gateway_stage Ensure API Gateway caching is enabled Terraform APIGatewayCacheEnable.py
203 CKV_AWS_121 resource aws_config_configuration_aggregator Ensure AWS Config is enabled in all regions Terraform ConfigConfgurationAggregatorAllRegions.py
204 CKV_AWS_122 resource aws_sagemaker_notebook_instance Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance Terraform SageMakerInternetAccessDisabled.py
205 CKV_AWS_123 resource aws_vpc_endpoint_service Ensure that VPC Endpoint Service is configured for Manual Acceptance Terraform VPCEndpointAcceptanceConfigured.py
206 CKV_AWS_124 resource aws_cloudformation_stack Ensure that CloudFormation stacks are sending event notifications to an SNS topic Terraform CloudformationStackNotificationArns.py
207 CKV_AWS_126 resource aws_instance Ensure that detailed monitoring is enabled for EC2 instances Terraform EC2DetailedMonitoringEnabled.py
208 CKV_AWS_127 resource aws_elb Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager Terraform ELBUsesSSL.py
209 CKV_AWS_129 resource aws_db_instance Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled Terraform DBInstanceLogging.py
210 CKV_AWS_130 resource aws_subnet Ensure VPC subnets do not assign public IP by default Terraform SubnetPublicIP.py
211 CKV_AWS_131 resource aws_alb Ensure that ALB drops HTTP headers Terraform ALBDropHttpHeaders.py
212 CKV_AWS_131 resource aws_lb Ensure that ALB drops HTTP headers Terraform ALBDropHttpHeaders.py
213 CKV_AWS_133 resource aws_db_instance Ensure that RDS instances has backup policy Terraform DBInstanceBackupRetentionPeriod.py
214 CKV_AWS_133 resource aws_rds_cluster Ensure that RDS instances has backup policy Terraform DBInstanceBackupRetentionPeriod.py
215 CKV_AWS_134 resource aws_elasticache_cluster Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on Terraform ElasticCacheAutomaticBackup.py
216 CKV_AWS_135 resource aws_instance Ensure that EC2 is EBS optimized Terraform EC2EBSOptimized.py
217 CKV_AWS_136 resource aws_ecr_repository Ensure that ECR repositories are encrypted using KMS Terraform ECRRepositoryEncrypted.py
218 CKV_AWS_137 resource aws_elasticsearch_domain Ensure that Elasticsearch is configured inside a VPC Terraform ElasticsearchInVPC.py
219 CKV_AWS_137 resource aws_opensearch_domain Ensure that Elasticsearch is configured inside a VPC Terraform ElasticsearchInVPC.py
220 CKV_AWS_138 resource aws_elb Ensure that ELB is cross-zone-load-balancing enabled Terraform ELBCrossZoneEnable.py
221 CKV_AWS_139 resource aws_rds_cluster Ensure that RDS clusters have deletion protection enabled Terraform RDSDeletionProtection.py
222 CKV_AWS_140 resource aws_rds_global_cluster Ensure that RDS global clusters are encrypted Terraform RDSClusterEncrypted.py
223 CKV_AWS_141 resource aws_redshift_cluster Ensured that redshift cluster allowing version upgrade by default Terraform RedshiftClusterAllowVersionUpgrade.py
224 CKV_AWS_142 resource aws_redshift_cluster Ensure that Redshift cluster is encrypted by KMS Terraform RedshiftClusterKMSKey.py
225 CKV_AWS_143 resource aws_s3_bucket Ensure that S3 bucket has lock configuration enabled by default Terraform S3BucketObjectLock.py
226 CKV_AWS_144 resource aws_s3_bucket Ensure that S3 bucket has cross-region replication enabled Terraform S3BucketReplicationConfiguration.yaml
227 CKV_AWS_144 resource aws_s3_bucket_replication_configuration Ensure that S3 bucket has cross-region replication enabled Terraform S3BucketReplicationConfiguration.yaml
228 CKV_AWS_145 resource aws_s3_bucket Ensure that S3 buckets are encrypted with KMS by default Terraform S3KMSEncryptedByDefault.yaml
229 CKV_AWS_145 resource aws_s3_bucket_server_side_encryption_configuration Ensure that S3 buckets are encrypted with KMS by default Terraform S3KMSEncryptedByDefault.yaml
230 CKV_AWS_146 resource aws_db_cluster_snapshot Ensure that RDS database cluster snapshot is encrypted Terraform RDSClusterSnapshotEncrypted.py
231 CKV_AWS_147 resource aws_codebuild_project Ensure that CodeBuild projects are encrypted using CMK Terraform CodebuildUsesCMK.py
232 CKV_AWS_148 resource aws_default_vpc Ensure no default VPC is planned to be provisioned Terraform VPCDefaultNetwork.py
233 CKV_AWS_149 resource aws_secretsmanager_secret Ensure that Secrets Manager secret is encrypted using KMS CMK Terraform SecretManagerSecretEncrypted.py
234 CKV_AWS_150 resource aws_alb Ensure that Load Balancer has deletion protection enabled Terraform LBDeletionProtection.py
235 CKV_AWS_150 resource aws_lb Ensure that Load Balancer has deletion protection enabled Terraform LBDeletionProtection.py
236 CKV_AWS_152 resource aws_alb Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled Terraform LBCrossZone.py
237 CKV_AWS_152 resource aws_lb Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled Terraform LBCrossZone.py
238 CKV_AWS_153 resource aws_autoscaling_group Autoscaling groups should supply tags to launch configurations Terraform AutoScalingTagging.py
239 CKV_AWS_154 resource aws_redshift_cluster Ensure Redshift is not deployed outside of a VPC Terraform RedshiftInEc2ClassicMode.py
240 CKV_AWS_155 resource aws_workspaces_workspace Ensure that Workspace user volumes are encrypted Terraform WorkspaceUserVolumeEncrypted.py
241 CKV_AWS_156 resource aws_workspaces_workspace Ensure that Workspace root volumes are encrypted Terraform WorkspaceRootVolumeEncrypted.py
242 CKV_AWS_157 resource aws_db_instance Ensure that RDS instances have Multi-AZ enabled Terraform RDSMultiAZEnabled.py
243 CKV_AWS_158 resource aws_cloudwatch_log_group Ensure that CloudWatch Log Group is encrypted by KMS Terraform CloudWatchLogGroupKMSKey.py
244 CKV_AWS_159 resource aws_athena_workgroup Ensure that Athena Workgroup is encrypted Terraform AthenaWorkgroupEncryption.py
245 CKV_AWS_160 resource aws_timestreamwrite_database Ensure that Timestream database is encrypted with KMS CMK Terraform TimestreamDatabaseKMSKey.py
246 CKV_AWS_161 resource aws_db_instance Ensure RDS database has IAM authentication enabled Terraform RDSIAMAuthentication.py
247 CKV_AWS_162 resource aws_rds_cluster Ensure RDS cluster has IAM authentication enabled Terraform RDSClusterIAMAuthentication.py
248 CKV_AWS_163 resource aws_ecr_repository Ensure ECR image scanning on push is enabled Terraform ECRImageScanning.py
249 CKV_AWS_164 resource aws_transfer_server Ensure Transfer Server is not exposed publicly. Terraform TransferServerIsPublic.py
250 CKV_AWS_165 resource aws_dynamodb_global_table Ensure Dynamodb point in time recovery (backup) is enabled for global tables Terraform DynamoDBGlobalTableRecovery.py
251 CKV_AWS_166 resource aws_backup_vault Ensure Backup Vault is encrypted at rest using KMS CMK Terraform BackupVaultEncrypted.py
252 CKV_AWS_167 resource aws_glacier_vault Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it Terraform GlacierVaultAnyPrincipal.py
253 CKV_AWS_168 resource aws_sqs_queue Ensure SQS queue policy is not public by only allowing specific services or principals to access it Terraform SQSQueuePolicyAnyPrincipal.py
254 CKV_AWS_168 resource aws_sqs_queue_policy Ensure SQS queue policy is not public by only allowing specific services or principals to access it Terraform SQSQueuePolicyAnyPrincipal.py
255 CKV_AWS_169 resource aws_sns_topic_policy Ensure SNS topic policy is not public by only allowing specific services or principals to access it Terraform SNSTopicPolicyAnyPrincipal.py
256 CKV_AWS_170 resource aws_qldb_ledger Ensure QLDB ledger permissions mode is set to STANDARD Terraform QLDBLedgerPermissionsMode.py
257 CKV_AWS_171 resource aws_emr_security_configuration Ensure Cluster security configuration encryption is using SSE-KMS Terraform EMRClusterIsEncryptedKMS.py
258 CKV_AWS_172 resource aws_qldb_ledger Ensure QLDB ledger has deletion protection enabled Terraform QLDBLedgerDeletionProtection.py
259 CKV_AWS_173 resource aws_lambda_function Check encryption settings for Lambda environmental variable Terraform LambdaEnvironmentEncryptionSettings.py
260 CKV_AWS_174 resource aws_cloudfront_distribution Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 Terraform CloudfrontTLS12.py
261 CKV_AWS_175 resource aws_waf_web_acl Ensure WAF has associated rules Terraform WAFHasAnyRules.py
262 CKV_AWS_175 resource aws_wafregional_web_acl Ensure WAF has associated rules Terraform WAFHasAnyRules.py
263 CKV_AWS_175 resource aws_wafv2_web_acl Ensure WAF has associated rules Terraform WAFHasAnyRules.py
264 CKV_AWS_176 resource aws_waf_web_acl Ensure Logging is enabled for WAF Web Access Control Lists Terraform WAFHasLogs.py
265 CKV_AWS_176 resource aws_wafregional_web_acl Ensure Logging is enabled for WAF Web Access Control Lists Terraform WAFHasLogs.py
266 CKV_AWS_177 resource aws_kinesis_video_stream Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK) Terraform KinesisVideoEncryptedWithCMK.py
267 CKV_AWS_178 resource aws_fsx_ontap_file_system Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK) Terraform FSXOntapFSEncryptedWithCMK.py
268 CKV_AWS_179 resource aws_fsx_windows_file_system Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK) Terraform FSXWindowsFSEncryptedWithCMK.py
269 CKV_AWS_180 resource aws_imagebuilder_component Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK) Terraform ImagebuilderComponentEncryptedWithCMK.py
270 CKV_AWS_181 resource aws_s3_object_copy Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK) Terraform S3ObjectCopyEncryptedWithCMK.py
271 CKV_AWS_182 resource aws_docdb_cluster Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK) Terraform DocDBEncryptedWithCMK.py
272 CKV_AWS_183 resource aws_ebs_snapshot_copy Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK) Terraform EBSSnapshotCopyEncryptedWithCMK.py
273 CKV_AWS_184 resource aws_efs_file_system Ensure resource is encrypted by KMS using a customer managed Key (CMK) Terraform EFSFileSystemEncryptedWithCMK.py
274 CKV_AWS_185 resource aws_kinesis_stream Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK) Terraform KinesisStreamEncryptedWithCMK.py
275 CKV_AWS_186 resource aws_s3_bucket_object Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK) Terraform S3BucketObjectEncryptedWithCMK.py
276 CKV_AWS_187 resource aws_sagemaker_domain Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK) Terraform SagemakerDomainEncryptedWithCMK.py
277 CKV_AWS_188 resource aws_redshift_cluster Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK) Terraform RedshiftClusterEncryptedWithCMK.py
278 CKV_AWS_189 resource aws_ebs_volume Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) Terraform EBSVolumeEncryptedWithCMK.py
279 CKV_AWS_190 resource aws_fsx_lustre_file_system Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK) Terraform LustreFSEncryptedWithCMK.py
280 CKV_AWS_191 resource aws_elasticache_replication_group Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK) Terraform ElasticacheReplicationGroupEncryptedWithCMK.py
281 CKV_AWS_192 resource aws_wafv2_web_acl Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform WAFACLCVE202144228.py
282 CKV_AWS_193 resource aws_appsync_graphql_api Ensure AppSync has Logging enabled Terraform AppSyncLogging.py
283 CKV_AWS_194 resource aws_appsync_graphql_api Ensure AppSync has Field-Level logs enabled Terraform AppSyncFieldLevelLogs.py
284 CKV_AWS_195 resource aws_glue_crawler Ensure Glue component has a security configuration associated Terraform GlueSecurityConfigurationEnabled.py
285 CKV_AWS_195 resource aws_glue_dev_endpoint Ensure Glue component has a security configuration associated Terraform GlueSecurityConfigurationEnabled.py
286 CKV_AWS_195 resource aws_glue_job Ensure Glue component has a security configuration associated Terraform GlueSecurityConfigurationEnabled.py
287 CKV_AWS_196 resource aws_elasticache_security_group Ensure no aws_elasticache_security_group resources exist Terraform ElasticacheHasSecurityGroup.py
288 CKV_AWS_197 resource aws_mq_broker Ensure MQ Broker Audit logging is enabled Terraform MQBrokerAuditLogging.py
289 CKV_AWS_198 resource aws_db_security_group Ensure no aws_db_security_group resources exist Terraform RDSHasSecurityGroup.py
290 CKV_AWS_199 resource aws_imagebuilder_distribution_configuration Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK) Terraform ImagebuilderDistributionConfigurationEncryptedWithCMK.py
291 CKV_AWS_200 resource aws_imagebuilder_image_recipe Ensure that Image Recipe EBS Disk are encrypted with CMK Terraform ImagebuilderImageRecipeEBSEncrypted.py
292 CKV_AWS_201 resource aws_memorydb_cluster Ensure MemoryDB is encrypted at rest using KMS CMKs Terraform MemoryDBEncryptionWithCMK.py
293 CKV_AWS_202 resource aws_memorydb_cluster Ensure MemoryDB data is encrypted in transit Terraform MemoryDBClusterIntransitEncryption.py
294 CKV_AWS_203 resource aws_fsx_openzfs_file_system Ensure resource is encrypted by KMS using a customer managed Key (CMK) Terraform FSXOpenZFSFileSystemEncryptedWithCMK.py
295 CKV_AWS_204 resource aws_ami Ensure AMIs are encrypted using KMS CMKs Terraform AMIEncryption.py
296 CKV_AWS_205 resource aws_ami_launch_permission Ensure to Limit AMI launch Permissions Terraform AMILaunchIsShared.py
297 CKV_AWS_206 resource aws_api_gateway_domain_name Ensure API Gateway Domain uses a modern security Policy Terraform APIGatewayDomainNameTLS.py
298 CKV_AWS_207 resource aws_mq_broker Ensure MQ Broker minor version updates are enabled Terraform MQBrokerMinorAutoUpgrade.py
299 CKV_AWS_208 resource aws_mq_broker Ensure MQBroker version is current Terraform MQBrokerVersion.py
300 CKV_AWS_208 resource aws_mq_configuration Ensure MQBroker version is current Terraform MQBrokerVersion.py
301 CKV_AWS_209 resource aws_mq_broker Ensure MQ broker encrypted by KMS using a customer managed Key (CMK) Terraform MQBrokerEncryptedWithCMK.py
302 CKV_AWS_210 resource aws_batch_job_definition Batch job does not define a privileged container Terraform BatchJobIsNotPrivileged.py
303 CKV_AWS_211 resource aws_db_instance Ensure RDS uses a modern CaCert Terraform RDSCACertIsRecent.py
304 CKV_AWS_212 resource aws_dms_replication_instance Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) Terraform DMSReplicationInstanceEncryptedWithCMK.py
305 CKV_AWS_213 resource aws_load_balancer_policy Ensure ELB Policy uses only secure protocols Terraform ELBPolicyUsesSecureProtocols.py
306 CKV_AWS_214 resource aws_appsync_api_cache Ensure Appsync API Cache is encrypted at rest Terraform AppsyncAPICacheEncryptionAtRest.py
307 CKV_AWS_215 resource aws_appsync_api_cache Ensure Appsync API Cache is encrypted in transit Terraform AppsyncAPICacheEncryptionInTransit.py
308 CKV_AWS_216 resource aws_cloudfront_distribution Ensure Cloudfront distribution is enabled Terraform CloudfrontDistributionEnabled.py
309 CKV_AWS_217 resource aws_api_gateway_deployment Ensure Create before destroy for API deployments Terraform APIGatewayDeploymentCreateBeforeDestroy.py
310 CKV_AWS_218 resource aws_cloudsearch_domain Ensure that Cloudsearch is using latest TLS Terraform CloudsearchDomainTLS.py
311 CKV_AWS_219 resource aws_codepipeline Ensure Code Pipeline Artifact store is using a KMS CMK Terraform CodePipelineArtifactsEncrypted.py
312 CKV_AWS_220 resource aws_cloudsearch_domain Ensure that Cloudsearch is using https Terraform CloudsearchDomainEnforceHttps.py
313 CKV_AWS_221 resource aws_codeartifact_domain Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK) Terraform CodeArtifactDomainEncryptedWithCMK.py
314 CKV_AWS_222 resource aws_dms_replication_instance Ensure DMS instance gets all minor upgrade automatically Terraform DMSReplicationInstanceMinorUpgrade.py
315 CKV_AWS_223 resource aws_ecs_cluster Ensure ECS Cluster enables logging of ECS Exec Terraform ECSClusterLoggingEnabled.py
316 CKV_AWS_224 resource aws_ecs_cluster Ensure ECS Cluster logging uses CMK Terraform ECSClusterLoggingEncryptedWithCMK.py
317 CKV_AWS_225 resource aws_api_gateway_method_settings Ensure API Gateway method setting caching is enabled Terraform APIGatewayMethodSettingsCacheEnabled.py
318 CKV_AWS_226 resource aws_db_instance Ensure DB instance gets all minor upgrades automatically Terraform DBInstanceMinorUpgrade.py
319 CKV_AWS_226 resource aws_rds_cluster_instance Ensure DB instance gets all minor upgrades automatically Terraform DBInstanceMinorUpgrade.py
320 CKV_AWS_227 resource aws_kms_key Ensure KMS key is enabled Terraform KMSKeyIsEnabled.py
321 CKV_AWS_228 resource aws_elasticsearch_domain Verify Elasticsearch domain is using an up to date TLS policy Terraform ElasticsearchTLSPolicy.py
322 CKV_AWS_228 resource aws_opensearch_domain Verify Elasticsearch domain is using an up to date TLS policy Terraform ElasticsearchTLSPolicy.py
323 CKV_AWS_229 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 Terraform NetworkACLUnrestrictedIngress21.py
324 CKV_AWS_229 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 Terraform NetworkACLUnrestrictedIngress21.py
325 CKV_AWS_230 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 Terraform NetworkACLUnrestrictedIngress20.py
326 CKV_AWS_230 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 Terraform NetworkACLUnrestrictedIngress20.py
327 CKV_AWS_231 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 Terraform NetworkACLUnrestrictedIngress3389.py
328 CKV_AWS_231 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 Terraform NetworkACLUnrestrictedIngress3389.py
329 CKV_AWS_232 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 Terraform NetworkACLUnrestrictedIngress22.py
330 CKV_AWS_232 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 Terraform NetworkACLUnrestrictedIngress22.py
331 CKV_AWS_233 resource aws_acm_certificate Ensure Create before destroy for ACM certificates Terraform ACMCertCreateBeforeDestroy.py
332 CKV_AWS_234 resource aws_acm_certificate Verify logging preference for ACM certificates Terraform ACMCertSetLoggingPreference.py
333 CKV_AWS_235 resource aws_ami_copy Ensure that copied AMIs are encrypted Terraform AMICopyIsEncrypted.py
334 CKV_AWS_236 resource aws_ami_copy Ensure AMI copying uses a CMK Terraform AMICopyUsesCMK.py
335 CKV_AWS_237 resource aws_api_gateway_rest_api Ensure Create before destroy for API GATEWAY Terraform APIGatewayCreateBeforeDestroy.py
336 CKV_AWS_238 resource aws_guardduty_detector Ensure that Guard Duty detector is enabled Terraform GuarddutyDetectorEnabled.py
337 CKV_AWS_239 resource aws_dax_cluster Ensure DAX cluster endpoint is using TLS Terraform DAXEndpointTLS.py
338 CKV_AWS_240 resource aws_kinesis_firehose_delivery_stream Ensure Kinesis Firehose delivery stream is encrypted Terraform KinesisFirehoseDeliveryStreamSSE.py
339 CKV_AWS_241 resource aws_kinesis_firehose_delivery_stream Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK Terraform KinesisFirehoseDeliveryStreamUsesCMK.py
340 CKV_AWS_242 resource aws_mwaa_environment Ensure MWAA environment has scheduler logs enabled Terraform MWAASchedulerLogsEnabled.py
341 CKV_AWS_243 resource aws_mwaa_environment Ensure MWAA environment has worker logs enabled Terraform MWAAWorkerLogsEnabled.py
342 CKV_AWS_244 resource aws_mwaa_environment Ensure MWAA environment has webserver logs enabled Terraform MWAAWebserverLogsEnabled.py
343 CKV_AWS_245 resource aws_db_instance_automated_backups_replication Ensure replicated backups are encrypted at rest using KMS CMKs Terraform RDSInstanceAutoBackupEncryptionWithCMK.py
344 CKV_AWS_246 resource aws_rds_cluster_activity_stream Ensure RDS Cluster activity streams are encrypted using KMS CMKs Terraform RDSClusterActivityStreamEncryptedWithCMK.py
345 CKV_AWS_247 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is encrypted with a CMK Terraform ElasticsearchEncryptionWithCMK.py
346 CKV_AWS_247 resource aws_opensearch_domain Ensure all data stored in the Elasticsearch is encrypted with a CMK Terraform ElasticsearchEncryptionWithCMK.py
347 CKV_AWS_248 resource aws_elasticsearch_domain Ensure that Elasticsearch is not using the default Security Group Terraform ElasticsearchDefaultSG.py
348 CKV_AWS_248 resource aws_opensearch_domain Ensure that Elasticsearch is not using the default Security Group Terraform ElasticsearchDefaultSG.py
349 CKV_AWS_249 resource aws_ecs_task_definition Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions Terraform ECSTaskDefinitionRoleCheck.py
350 CKV_AWS_250 resource aws_db_instance Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) Terraform RDSPostgreSQLLogFDWExtension.py
351 CKV_AWS_250 resource aws_rds_cluster Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) Terraform RDSPostgreSQLLogFDWExtension.py
352 CKV_AWS_251 resource aws_cloudtrail Ensure CloudTrail logging is enabled Terraform CloudtrailEnableLogging.py
353 CKV_AWS_252 resource aws_cloudtrail Ensure CloudTrail defines an SNS Topic Terraform CloudtrailDefinesSNSTopic.py
354 CKV_AWS_253 resource aws_dlm_lifecycle_policy Ensure DLM cross region events are encrypted Terraform DLMEventsCrossRegionEncryption.py
355 CKV_AWS_254 resource aws_dlm_lifecycle_policy Ensure DLM cross region events are encrypted with Customer Managed Key Terraform DLMEventsCrossRegionEncryptionWithCMK.py
356 CKV_AWS_255 resource aws_dlm_lifecycle_policy Ensure DLM cross region schedules are encrypted Terraform DLMScheduleCrossRegionEncryption.py
357 CKV_AWS_256 resource aws_dlm_lifecycle_policy Ensure DLM cross region schedules are encrypted using a Customer Managed Key Terraform DLMScheduleCrossRegionEncryptionWithCMK.py
358 CKV_AWS_257 resource aws_codecommit_approval_rule_template Ensure codecommit branch changes have at least 2 approvals Terraform CodecommitApprovalsRulesRequireMin2.py
359 CKV_AWS_258 resource aws_lambda_function_url Ensure that Lambda function URLs AuthType is not None Terraform LambdaFunctionURLAuth.py
360 CKV_AWS_259 resource aws_cloudfront_response_headers_policy Ensure CloudFront response header policy enforces Strict Transport Security Terraform CloudFrontResponseHeaderStrictTransportSecurity.py
361 CKV_AWS_260 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform SecurityGroupUnrestrictedIngress80.py
362 CKV_AWS_260 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform SecurityGroupUnrestrictedIngress80.py
363 CKV_AWS_260 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform SecurityGroupUnrestrictedIngress80.py
364 CKV_AWS_261 resource aws_alb_target_group Ensure HTTP HTTPS Target group defines Healthcheck Terraform LBTargetGroupsDefinesHealthcheck.py
365 CKV_AWS_261 resource aws_lb_target_group Ensure HTTP HTTPS Target group defines Healthcheck Terraform LBTargetGroupsDefinesHealthcheck.py
366 CKV_AWS_262 resource aws_kendra_index Ensure Kendra index Server side encryption uses CMK Terraform KendraIndexSSEUsesCMK.py
367 CKV_AWS_263 resource aws_appflow_flow Ensure App Flow flow uses CMK Terraform AppFlowUsesCMK.py
368 CKV_AWS_264 resource aws_appflow_connector_profile Ensure App Flow connector profile uses CMK Terraform AppFlowConnectorProfileUsesCMK.py
369 CKV_AWS_265 resource aws_keyspaces_table Ensure Keyspaces Table uses CMK Terraform KeyspacesTableUsesCMK.py
370 CKV_AWS_266 resource aws_db_snapshot_copy Ensure App Flow connector profile uses CMK Terraform DBSnapshotCopyUsesCMK.py
371 CKV_AWS_267 resource aws_comprehend_entity_recognizer Ensure that Comprehend Entity Recognizer’s model is encrypted by KMS using a customer managed Key (CMK) Terraform ComprehendEntityRecognizerModelUsesCMK.py
372 CKV_AWS_268 resource aws_comprehend_entity_recognizer Ensure that Comprehend Entity Recognizer’s volume is encrypted by KMS using a customer managed Key (CMK) Terraform ComprehendEntityRecognizerVolumeUsesCMK.py
373 CKV_AWS_269 resource aws_connect_instance_storage_config Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK Terraform ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py
374 CKV_AWS_270 resource aws_connect_instance_storage_config Ensure Connect Instance S3 Storage Config uses CMK Terraform ConnectInstanceS3StorageConfigUsesCMK.py
375 CKV_AWS_271 resource aws_dynamodb_table_replica Ensure DynamoDB table replica KMS encryption uses CMK Terraform DynamoDBTableReplicaKMSUsesCMK.py
376 CKV_AWS_272 resource aws_lambda_function Ensure AWS Lambda function is configured to validate code-signing Terraform LambdaCodeSigningConfigured.py
377 CKV_AWS_273 resource aws_iam_user Ensure access is controlled through SSO and not AWS IAM defined users Terraform IAMUserNotUsedForAccess.py
378 CKV_AWS_274 resource aws_iam_group_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
379 CKV_AWS_274 resource aws_iam_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
380 CKV_AWS_274 resource aws_iam_role Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
381 CKV_AWS_274 resource aws_iam_role_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
382 CKV_AWS_274 resource aws_iam_user_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
383 CKV_AWS_274 resource aws_ssoadmin_managed_policy_attachment Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
384 CKV_AWS_275 data aws_iam_policy Disallow policies from using the AWS AdministratorAccess policy Terraform IAMManagedAdminPolicy.py
385 CKV_AWS_276 resource aws_api_gateway_method_settings Ensure Data Trace is not enabled in API Gateway Method Settings Terraform APIGatewayMethodSettingsDataTrace.py
386 CKV_AWS_277 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 Terraform SecurityGroupUnrestrictedIngressAny.py
387 CKV_AWS_277 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 Terraform SecurityGroupUnrestrictedIngressAny.py
388 CKV_AWS_277 resource aws_vpc_security_group_ingress_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 Terraform SecurityGroupUnrestrictedIngressAny.py
389 CKV_AWS_278 resource aws_memorydb_snapshot Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK) Terraform MemoryDBSnapshotEncryptionWithCMK.py
390 CKV_AWS_279 resource aws_neptune_cluster_snapshot Ensure Neptune snapshot is securely encrypted Terraform NeptuneClusterSnapshotEncrypted.py
391 CKV_AWS_280 resource aws_neptune_cluster_snapshot Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK) Terraform NeptuneClusterSnapshotEncryptedWithCMK.py
392 CKV_AWS_281 resource aws_redshift_snapshot_copy_grant Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK) Terraform RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py
393 CKV_AWS_282 resource aws_redshiftserverless_namespace Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK) Terraform RedshiftServerlessNamespaceKMSKey.py
394 CKV_AWS_283 data aws_iam_policy_document Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource Terraform IAMPublicActionsPolicy.py
395 CKV_AWS_284 resource aws_sfn_state_machine Ensure State Machine has X-Ray tracing enabled Terraform StateMachineXray.py
396 CKV_AWS_285 resource aws_sfn_state_machine Ensure State Machine has execution history logging enabled Terraform StateMachineLoggingExecutionHistory.py
397 CKV_AWS_286 resource aws_iam_group_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
398 CKV_AWS_286 resource aws_iam_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
399 CKV_AWS_286 resource aws_iam_role_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
400 CKV_AWS_286 resource aws_iam_user_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
401 CKV_AWS_286 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow privilege escalation Terraform IAMPrivilegeEscalation.py
402 CKV_AWS_287 resource aws_iam_group_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
403 CKV_AWS_287 resource aws_iam_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
404 CKV_AWS_287 resource aws_iam_role_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
405 CKV_AWS_287 resource aws_iam_user_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
406 CKV_AWS_287 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow credentials exposure Terraform IAMCredentialsExposure.py
407 CKV_AWS_288 resource aws_iam_group_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
408 CKV_AWS_288 resource aws_iam_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
409 CKV_AWS_288 resource aws_iam_role_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
410 CKV_AWS_288 resource aws_iam_user_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
411 CKV_AWS_288 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow data exfiltration Terraform IAMDataExfiltration.py
412 CKV_AWS_289 resource aws_iam_group_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
413 CKV_AWS_289 resource aws_iam_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
414 CKV_AWS_289 resource aws_iam_role_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
415 CKV_AWS_289 resource aws_iam_user_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
416 CKV_AWS_289 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform IAMPermissionsManagement.py
417 CKV_AWS_290 resource aws_iam_group_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
418 CKV_AWS_290 resource aws_iam_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
419 CKV_AWS_290 resource aws_iam_role_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
420 CKV_AWS_290 resource aws_iam_user_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
421 CKV_AWS_290 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies does not allow write access without constraints Terraform IAMWriteAccess.py
422 CKV_AWS_291 resource aws_msk_cluster Ensure MSK nodes are private Terraform MSKClusterNodesArePrivate.py
423 CKV_AWS_292 resource aws_docdb_global_cluster Ensure DocDB Global Cluster is encrypted at rest (default is unencrypted) Terraform DocDBGlobalClusterEncryption.py
424 CKV_AWS_293 resource aws_db_instance Ensure that AWS database instances have deletion protection enabled Terraform RDSInstanceDeletionProtection.py
425 CKV_AWS_294 resource aws_cloudtrail_event_data_store Ensure Cloud Trail Event Data Store uses CMK Terraform CloudtrailEventDataStoreUsesCMK.py
426 CKV_AWS_295 resource aws_datasync_location_object_storage Ensure DataSync Location Object Storage doesn’t expose secrets Terraform DatasyncLocationExposesSecrets.py
427 CKV_AWS_296 resource aws_dms_endpoint Ensure DMS endpoint uses Customer Managed Key (CMK) Terraform DMSEndpointUsesCMK.py
428 CKV_AWS_297 resource aws_scheduler_schedule Ensure EventBridge Scheduler Schedule uses Customer Managed Key (CMK) Terraform SchedulerScheduleUsesCMK.py
429 CKV_AWS_298 resource aws_dms_s3_endpoint Ensure DMS S3 uses Customer Managed Key (CMK) Terraform DMSS3UsesCMK.py
430 CKV_AWS_299 resource aws_dms_s3_endpoint Ensure DMS S3 defines in-transit encryption Terraform DMSS3DefinesIntransitEncryption.py
431 CKV_AWS_300 resource aws_s3_bucket_lifecycle_configuration Ensure S3 lifecycle configuration sets period for aborting failed uploads Terraform S3AbortIncompleteUploads.py
432 CKV_AWS_301 resource aws_lambda_permission Ensure that AWS Lambda function is not publicly accessible Terraform LambdaFunctionIsNotPublic.py
433 CKV_AWS_302 resource aws_db_snapshot Ensure DB Snapshots are not Public Terraform DBSnapshotsArePrivate.py
434 CKV_AWS_303 resource aws_ssm_document Ensure SSM documents are not Public Terraform SSMDocumentsArePrivate.py
435 CKV_AWS_304 resource aws_secretsmanager_secret_rotation Ensure Secrets Manager secrets should be rotated within 90 days Terraform SecretManagerSecret90days.py
436 CKV_AWS_305 resource aws_cloudfront_distribution Ensure Cloudfront distribution has a default root object configured Terraform CloudfrontDistributionDefaultRoot.py
437 CKV_AWS_306 resource aws_sagemaker_notebook_instance Ensure SageMaker notebook instances should be launched into a custom VPC Terraform SagemakerNotebookInCustomVPC.py
438 CKV_AWS_307 resource aws_sagemaker_notebook_instance Ensure SageMaker Users should not have root access to SageMaker notebook instances Terraform SagemakerNotebookRoot.py
439 CKV_AWS_308 resource aws_api_gateway_method_settings Ensure API Gateway method setting caching is set to encrypted Terraform APIGatewayMethodSettingsCacheEncrypted.py
440 CKV_AWS_309 resource aws_apigatewayv2_route Ensure API GatewayV2 routes specify an authorization type Terraform APIGatewayV2RouteDefinesAuthorizationType.py
441 CKV_AWS_310 resource aws_cloudfront_distribution Ensure CloudFront distributions should have origin failover configured Terraform CloudfrontDistributionOriginFailover.py
442 CKV_AWS_311 resource aws_codebuild_project Ensure that CodeBuild S3 logs are encrypted Terraform CodebuildS3LogsEncrypted.py
443 CKV_AWS_312 resource aws_elastic_beanstalk_environment Ensure Elastic Beanstalk environments have enhanced health reporting enabled Terraform ElasticBeanstalkUseEnhancedHealthChecks.py
444 CKV_AWS_313 resource aws_rds_cluster Ensure RDS cluster configured to copy tags to snapshots Terraform RDSClusterCopyTags.py
445 CKV_AWS_314 resource aws_codebuild_project Ensure CodeBuild project environments have a logging configuration Terraform CodebuildHasLogs.py
446 CKV_AWS_315 resource aws_autoscaling_group Ensure EC2 Auto Scaling groups use EC2 launch templates Terraform AutoScalingLaunchTemplate.py
447 CKV_AWS_316 resource aws_codebuild_project Ensure CodeBuild project environments do not have privileged mode enabled Terraform CodeBuildPrivilegedMode.py
448 CKV_AWS_317 resource aws_elasticsearch_domain Ensure Elasticsearch Domain Audit Logging is enabled Terraform ElasticsearchDomainAuditLogging.py
449 CKV_AWS_317 resource aws_opensearch_domain Ensure Elasticsearch Domain Audit Logging is enabled Terraform ElasticsearchDomainAuditLogging.py
450 CKV_AWS_318 resource aws_elasticsearch_domain Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA Terraform ElasticsearchDomainHA.py
451 CKV_AWS_318 resource aws_opensearch_domain Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA Terraform ElasticsearchDomainHA.py
452 CKV_AWS_319 resource aws_cloudwatch_metric_alarm Ensure that CloudWatch alarm actions are enabled Terraform CloudWatchAlarmsEnabled.py
453 CKV_AWS_320 resource aws_redshift_cluster Ensure Redshift clusters do not use the default database name Terraform RedshiftClusterDatabaseName.py
454 CKV_AWS_321 resource aws_redshift_cluster Ensure Redshift clusters use enhanced VPC routing Terraform RedshiftClusterUseEnhancedVPCRouting.py
455 CKV_AWS_322 resource aws_elasticache_cluster Ensure ElastiCache for Redis cache clusters have auto minor version upgrades enabled Terraform ElasticCacheAutomaticMinorUpgrades.py
456 CKV_AWS_323 resource aws_elasticache_cluster Ensure ElastiCache clusters do not use the default subnet group Terraform ElastiCacheHasCustomSubnet.py
457 CKV_AWS_324 resource aws_rds_cluster Ensure that RDS Cluster log capture is enabled Terraform RDSClusterLogging.py
458 CKV_AWS_325 resource aws_rds_cluster Ensure that RDS Cluster audit logging is enabled for MySQL engine Terraform RDSClusterAuditLogging.py
459 CKV_AWS_326 resource aws_rds_cluster Ensure that RDS Aurora Clusters have backtracking enabled Terraform RDSClusterAuroraBacktrack.py
460 CKV_AWS_327 resource aws_rds_cluster Ensure RDS Clusters are encrypted using KMS CMKs Terraform RDSClusterEncryptedWithCMK.py
461 CKV_AWS_328 resource aws_alb Ensure that ALB is configured with defensive or strictest desync mitigation mode Terraform ALBDesyncMode.py
462 CKV_AWS_328 resource aws_elb Ensure that ALB is configured with defensive or strictest desync mitigation mode Terraform ALBDesyncMode.py
463 CKV_AWS_328 resource aws_lb Ensure that ALB is configured with defensive or strictest desync mitigation mode Terraform ALBDesyncMode.py
464 CKV_AWS_329 resource aws_efs_access_point EFS access points should enforce a root directory Terraform EFSAccessPointRoot.py
465 CKV_AWS_330 resource aws_efs_access_point EFS access points should enforce a user identity Terraform EFSAccessUserIdentity.py
466 CKV_AWS_331 resource aws_ec2_transit_gateway Ensure Transit Gateways do not automatically accept VPC attachment requests Terraform Ec2TransitGatewayAutoAccept.py
467 CKV_AWS_332 resource aws_ecs_service Ensure ECS Fargate services run on the latest Fargate platform version Terraform ECSServiceFargateLatest.py
468 CKV_AWS_333 resource aws_ecs_service Ensure ECS services do not have public IP addresses assigned to them automatically Terraform ECSServicePublicIP.py
469 CKV_AWS_334 resource aws_ecs_task_definition Ensure ECS containers should run as non-privileged Terraform ECSContainerPrivilege.py
470 CKV_AWS_335 resource aws_ecs_task_definition Ensure ECS task definitions should not share the host’s process namespace Terraform ECSContainerHostProcess.py
471 CKV_AWS_336 resource aws_ecs_task_definition Ensure ECS containers are limited to read-only access to root filesystems Terraform ECSContainerReadOnlyRoot.py
472 CKV_AWS_337 resource aws_ssm_parameter Ensure SSM parameters are using KMS CMK Terraform SSMParameterUsesCMK.py
473 CKV_AWS_338 resource aws_cloudwatch_log_group Ensure CloudWatch log groups retains logs for at least 1 year Terraform CloudWatchLogGroupRetentionYear.py
474 CKV_AWS_339 resource aws_eks_cluster Ensure EKS clusters run on a supported Kubernetes version Terraform EKSPlatformVersion.py
475 CKV_AWS_340 resource aws_elastic_beanstalk_environment Ensure Elastic Beanstalk managed platform updates are enabled Terraform ElasticBeanstalkUseManagedUpdates.py
476 CKV_AWS_341 resource aws_launch_configuration Ensure Launch template should not have a metadata response hop limit greater than 1 Terraform LaunchTemplateMetadataHop.py
477 CKV_AWS_341 resource aws_launch_template Ensure Launch template should not have a metadata response hop limit greater than 1 Terraform LaunchTemplateMetadataHop.py
478 CKV_AWS_342 resource aws_waf_rule_group Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
479 CKV_AWS_342 resource aws_waf_web_acl Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
480 CKV_AWS_342 resource aws_wafregional_rule_group Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
481 CKV_AWS_342 resource aws_wafregional_web_acl Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
482 CKV_AWS_342 resource aws_wafv2_rule_group Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
483 CKV_AWS_342 resource aws_wafv2_web_acl Ensure WAF rule has any actions Terraform WAFRuleHasAnyActions.py
484 CKV_AWS_343 resource aws_redshift_cluster Ensure Amazon Redshift clusters should have automatic snapshots enabled Terraform RedshiftClusterAutoSnap.py
485 CKV_AWS_344 resource aws_networkfirewall_firewall Ensure that Network firewalls have deletion protection enabled Terraform NetworkFirewallDeletionProtection.py
486 CKV_AWS_345 resource aws_networkfirewall_firewall Ensure that Network firewall encryption is via a CMK Terraform NetworkFirewallUsesCMK.py
487 CKV_AWS_345 resource aws_networkfirewall_rule_group Ensure that Network firewall encryption is via a CMK Terraform NetworkFirewallUsesCMK.py
488 CKV_AWS_346 resource aws_networkfirewall_firewall_policy Ensure Network Firewall Policy defines an encryption configuration that uses a customer managed Key (CMK) Terraform NetworkFirewallPolicyDefinesCMK.py
489 CKV_AWS_347 resource aws_neptune_cluster Ensure Neptune is encrypted by KMS using a customer managed Key (CMK) Terraform NeptuneClusterEncryptedWithCMK.py
490 CKV_AWS_348 resource aws_iam_access_key Ensure IAM root user doesnt have Access keys Terraform IAMUserRootAccessKeys.py
491 CKV_AWS_349 resource aws_emr_security_configuration Ensure EMR Cluster security configuration encrypts local disks Terraform EMRClusterConfEncryptsLocalDisk.py
492 CKV_AWS_350 resource aws_emr_security_configuration Ensure EMR Cluster security configuration encrypts ebs disks Terraform EMRClusterConfEncryptsEBS.py
493 CKV_AWS_351 resource aws_emr_security_configuration Ensure EMR Cluster security configuration encrypts InTransit Terraform EMRClusterConfEncryptsInTransit.py
494 CKV_AWS_352 resource aws_network_acl_rule Ensure NACL ingress does not allow all Ports Terraform NetworkACLUnrestricted.py
495 CKV_AWS_353 resource aws_db_instance Ensure that RDS instances have performance insights enabled Terraform RDSInstancePerformanceInsights.py
496 CKV_AWS_353 resource aws_rds_cluster_instance Ensure that RDS instances have performance insights enabled Terraform RDSInstancePerformanceInsights.py
497 CKV_AWS_354 resource aws_db_instance Ensure RDS Performance Insights are encrypted using KMS CMKs Terraform RDSInstancePerfInsightsEncryptionWithCMK.py
498 CKV_AWS_354 resource aws_rds_cluster_instance Ensure RDS Performance Insights are encrypted using KMS CMKs Terraform RDSInstancePerfInsightsEncryptionWithCMK.py
499 CKV_AWS_355 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
500 CKV_AWS_355 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
501 CKV_AWS_355 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
502 CKV_AWS_355 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
503 CKV_AWS_355 resource aws_ssoadmin_permission_set_inline_policy Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform IAMStarResourcePolicyDocument.py
504 CKV_AWS_356 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions Terraform ResourcePolicyDocument.py
505 CKV2_AWS_1 resource aws_network_acl Ensure that all NACL are attached to subnets Terraform SubnetHasACL.yaml
506 CKV2_AWS_1 resource aws_subnet Ensure that all NACL are attached to subnets Terraform SubnetHasACL.yaml
507 CKV2_AWS_2 resource aws_ebs_volume Ensure that only encrypted EBS volumes are attached to EC2 instances Terraform EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
508 CKV2_AWS_2 resource aws_volume_attachment Ensure that only encrypted EBS volumes are attached to EC2 instances Terraform EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
509 CKV2_AWS_3 resource aws_guardduty_detector Ensure GuardDuty is enabled to specific org/region Terraform GuardDutyIsEnabled.yaml
510 CKV2_AWS_3 resource aws_guardduty_organization_configuration Ensure GuardDuty is enabled to specific org/region Terraform GuardDutyIsEnabled.yaml
511 CKV2_AWS_4 resource aws_api_gateway_method_settings Ensure API Gateway stage have logging level defined as appropriate Terraform APIGWLoggingLevelsDefinedProperly.yaml
512 CKV2_AWS_4 resource aws_api_gateway_stage Ensure API Gateway stage have logging level defined as appropriate Terraform APIGWLoggingLevelsDefinedProperly.yaml
513 CKV2_AWS_5 resource aws_security_group Ensure that Security Groups are attached to another resource Terraform SGAttachedToResource.yaml
514 CKV2_AWS_6 resource aws_s3_bucket Ensure that S3 bucket has a Public Access block Terraform S3BucketHasPublicAccessBlock.yaml
515 CKV2_AWS_6 resource aws_s3_bucket_public_access_block Ensure that S3 bucket has a Public Access block Terraform S3BucketHasPublicAccessBlock.yaml
516 CKV2_AWS_7 resource aws_emr_cluster Ensure that Amazon EMR clusters’ security groups are not open to the world Terraform AMRClustersNotOpenToInternet.yaml
517 CKV2_AWS_7 resource aws_security_group Ensure that Amazon EMR clusters’ security groups are not open to the world Terraform AMRClustersNotOpenToInternet.yaml
518 CKV2_AWS_8 resource aws_rds_cluster Ensure that RDS clusters has backup plan of AWS Backup Terraform RDSClusterHasBackupPlan.yaml
519 CKV2_AWS_9 resource aws_backup_selection Ensure that EBS are added in the backup plans of AWS Backup Terraform EBSAddedBackup.yaml
520 CKV2_AWS_10 resource aws_cloudtrail Ensure CloudTrail trails are integrated with CloudWatch Logs Terraform CloudtrailHasCloudwatch.yaml
521 CKV2_AWS_11 resource aws_vpc Ensure VPC flow logging is enabled in all VPCs Terraform VPCHasFlowLog.yaml
522 CKV2_AWS_12 resource aws_default_security_group Ensure the default security group of every VPC restricts all traffic Terraform VPCHasRestrictedSG.yaml
523 CKV2_AWS_12 resource aws_vpc Ensure the default security group of every VPC restricts all traffic Terraform VPCHasRestrictedSG.yaml
524 CKV2_AWS_14 resource aws_iam_group Ensure that IAM groups includes at least one IAM user Terraform IAMGroupHasAtLeastOneUser.yaml
525 CKV2_AWS_14 resource aws_iam_group_membership Ensure that IAM groups includes at least one IAM user Terraform IAMGroupHasAtLeastOneUser.yaml
526 CKV2_AWS_15 resource aws_autoscaling_group Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform AutoScallingEnabledELB.yaml
527 CKV2_AWS_15 resource aws_elb Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform AutoScallingEnabledELB.yaml
528 CKV2_AWS_15 resource aws_lb_target_group Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform AutoScallingEnabledELB.yaml
529 CKV2_AWS_16 resource aws_appautoscaling_target Ensure that Auto Scaling is enabled on your DynamoDB tables Terraform AutoScalingEnableOnDynamoDBTables.yaml
530 CKV2_AWS_16 resource aws_dynamodb_table Ensure that Auto Scaling is enabled on your DynamoDB tables Terraform AutoScalingEnableOnDynamoDBTables.yaml
531 CKV2_AWS_18 resource aws_backup_selection Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup Terraform EFSAddedBackup.yaml
532 CKV2_AWS_19 resource aws_eip Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances Terraform EIPAllocatedToVPCAttachedEC2.yaml
533 CKV2_AWS_19 resource aws_eip_association Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances Terraform EIPAllocatedToVPCAttachedEC2.yaml
534 CKV2_AWS_20 resource aws_alb Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
535 CKV2_AWS_20 resource aws_alb_listener Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
536 CKV2_AWS_20 resource aws_lb Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
537 CKV2_AWS_20 resource aws_lb_listener Ensure that ALB redirects HTTP requests into HTTPS ones Terraform ALBRedirectsHTTPToHTTPS.yaml
538 CKV2_AWS_21 resource aws_iam_group_membership Ensure that all IAM users are members of at least one IAM group. Terraform IAMUsersAreMembersAtLeastOneGroup.yaml
539 CKV2_AWS_22 resource aws_iam_user Ensure an IAM User does not have access to the console Terraform IAMUserHasNoConsoleAccess.yaml
540 CKV2_AWS_23 resource aws_route53_record Route53 A Record has Attached Resource Terraform Route53ARecordAttachedResource.yaml
541 CKV2_AWS_27 resource aws_rds_cluster Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled Terraform PostgresRDSHasQueryLoggingEnabled.yaml
542 CKV2_AWS_27 resource aws_rds_cluster_parameter_group Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled Terraform PostgresRDSHasQueryLoggingEnabled.yaml
543 CKV2_AWS_28 resource aws_alb Ensure public facing ALB are protected by WAF Terraform ALBProtectedByWAF.yaml
544 CKV2_AWS_28 resource aws_lb Ensure public facing ALB are protected by WAF Terraform ALBProtectedByWAF.yaml
545 CKV2_AWS_29 resource aws_api_gateway_rest_api Ensure public API gateway are protected by WAF Terraform APIProtectedByWAF.yaml
546 CKV2_AWS_29 resource aws_api_gateway_stage Ensure public API gateway are protected by WAF Terraform APIProtectedByWAF.yaml
547 CKV2_AWS_30 resource aws_db_instance Ensure Postgres RDS as aws_db_instance has Query Logging enabled Terraform PostgresDBHasQueryLoggingEnabled.yaml
548 CKV2_AWS_30 resource aws_db_parameter_group Ensure Postgres RDS as aws_db_instance has Query Logging enabled Terraform PostgresDBHasQueryLoggingEnabled.yaml
549 CKV2_AWS_31 resource aws_wafv2_web_acl Ensure WAF2 has a Logging Configuration Terraform WAF2HasLogs.yaml
550 CKV2_AWS_32 resource aws_cloudfront_distribution Ensure CloudFront distribution has a response headers policy attached Terraform CloudFrontHasResponseHeadersPolicy.yaml
551 CKV2_AWS_33 resource aws_appsync_graphql_api Ensure AppSync is protected by WAF Terraform AppSyncProtectedByWAF.yaml
552 CKV2_AWS_34 resource aws_ssm_parameter AWS SSM Parameter should be Encrypted Terraform AWSSSMParameterShouldBeEncrypted.yaml
553 CKV2_AWS_35 resource aws_route AWS NAT Gateways should be utilized for the default route Terraform AWSNATGatewaysshouldbeutilized.yaml
554 CKV2_AWS_35 resource aws_route_table AWS NAT Gateways should be utilized for the default route Terraform AWSNATGatewaysshouldbeutilized.yaml
555 CKV2_AWS_36 resource aws_ssm_parameter Ensure terraform is not sending SSM secrets to untrusted domains over HTTP Terraform HTTPNotSendingPasswords.yaml
556 CKV2_AWS_36 resource data.http Ensure terraform is not sending SSM secrets to untrusted domains over HTTP Terraform HTTPNotSendingPasswords.yaml
557 CKV2_AWS_37 resource aws Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
558 CKV2_AWS_37 resource aws_accessanalyzer_analyzer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
559 CKV2_AWS_37 resource aws_acm_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
560 CKV2_AWS_37 resource aws_acm_certificate_validation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
561 CKV2_AWS_37 resource aws_acmpca_certificate_authority Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
562 CKV2_AWS_37 resource aws_ami Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
563 CKV2_AWS_37 resource aws_ami_copy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
564 CKV2_AWS_37 resource aws_ami_from_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
565 CKV2_AWS_37 resource aws_ami_launch_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
566 CKV2_AWS_37 resource aws_api_gateway_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
567 CKV2_AWS_37 resource aws_api_gateway_api_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
568 CKV2_AWS_37 resource aws_api_gateway_authorizer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
569 CKV2_AWS_37 resource aws_api_gateway_base_path_mapping Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
570 CKV2_AWS_37 resource aws_api_gateway_client_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
571 CKV2_AWS_37 resource aws_api_gateway_deployment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
572 CKV2_AWS_37 resource aws_api_gateway_documentation_part Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
573 CKV2_AWS_37 resource aws_api_gateway_documentation_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
574 CKV2_AWS_37 resource aws_api_gateway_domain_name Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
575 CKV2_AWS_37 resource aws_api_gateway_gateway_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
576 CKV2_AWS_37 resource aws_api_gateway_integration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
577 CKV2_AWS_37 resource aws_api_gateway_integration_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
578 CKV2_AWS_37 resource aws_api_gateway_method Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
579 CKV2_AWS_37 resource aws_api_gateway_method_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
580 CKV2_AWS_37 resource aws_api_gateway_method_settings Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
581 CKV2_AWS_37 resource aws_api_gateway_model Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
582 CKV2_AWS_37 resource aws_api_gateway_request_validator Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
583 CKV2_AWS_37 resource aws_api_gateway_resource Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
584 CKV2_AWS_37 resource aws_api_gateway_rest_api Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
585 CKV2_AWS_37 resource aws_api_gateway_stage Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
586 CKV2_AWS_37 resource aws_api_gateway_usage_plan Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
587 CKV2_AWS_37 resource aws_api_gateway_usage_plan_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
588 CKV2_AWS_37 resource aws_api_gateway_vpc_link Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
589 CKV2_AWS_37 resource aws_apigatewayv2_api Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
590 CKV2_AWS_37 resource aws_apigatewayv2_api_mapping Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
591 CKV2_AWS_37 resource aws_apigatewayv2_authorizer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
592 CKV2_AWS_37 resource aws_apigatewayv2_deployment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
593 CKV2_AWS_37 resource aws_apigatewayv2_domain_name Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
594 CKV2_AWS_37 resource aws_apigatewayv2_integration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
595 CKV2_AWS_37 resource aws_apigatewayv2_integration_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
596 CKV2_AWS_37 resource aws_apigatewayv2_model Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
597 CKV2_AWS_37 resource aws_apigatewayv2_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
598 CKV2_AWS_37 resource aws_apigatewayv2_route_response Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
599 CKV2_AWS_37 resource aws_apigatewayv2_stage Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
600 CKV2_AWS_37 resource aws_apigatewayv2_vpc_link Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
601 CKV2_AWS_37 resource aws_app_cookie_stickiness_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
602 CKV2_AWS_37 resource aws_appautoscaling_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
603 CKV2_AWS_37 resource aws_appautoscaling_scheduled_action Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
604 CKV2_AWS_37 resource aws_appautoscaling_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
605 CKV2_AWS_37 resource aws_appmesh_mesh Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
606 CKV2_AWS_37 resource aws_appmesh_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
607 CKV2_AWS_37 resource aws_appmesh_virtual_node Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
608 CKV2_AWS_37 resource aws_appmesh_virtual_router Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
609 CKV2_AWS_37 resource aws_appmesh_virtual_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
610 CKV2_AWS_37 resource aws_appsync_api_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
611 CKV2_AWS_37 resource aws_appsync_datasource Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
612 CKV2_AWS_37 resource aws_appsync_function Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
613 CKV2_AWS_37 resource aws_appsync_graphql_api Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
614 CKV2_AWS_37 resource aws_appsync_resolver Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
615 CKV2_AWS_37 resource aws_athena_database Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
616 CKV2_AWS_37 resource aws_athena_named_query Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
617 CKV2_AWS_37 resource aws_athena_workgroup Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
618 CKV2_AWS_37 resource aws_autoscaling_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
619 CKV2_AWS_37 resource aws_autoscaling_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
620 CKV2_AWS_37 resource aws_autoscaling_lifecycle_hook Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
621 CKV2_AWS_37 resource aws_autoscaling_notification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
622 CKV2_AWS_37 resource aws_autoscaling_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
623 CKV2_AWS_37 resource aws_autoscaling_schedule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
624 CKV2_AWS_37 resource aws_backup_plan Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
625 CKV2_AWS_37 resource aws_backup_selection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
626 CKV2_AWS_37 resource aws_backup_vault Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
627 CKV2_AWS_37 resource aws_batch_compute_environment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
628 CKV2_AWS_37 resource aws_batch_job_definition Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
629 CKV2_AWS_37 resource aws_batch_job_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
630 CKV2_AWS_37 resource aws_budgets_budget Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
631 CKV2_AWS_37 resource aws_cloud9_environment_ec2 Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
632 CKV2_AWS_37 resource aws_cloudformation_stack Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
633 CKV2_AWS_37 resource aws_cloudformation_stack_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
634 CKV2_AWS_37 resource aws_cloudformation_stack_set_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
635 CKV2_AWS_37 resource aws_cloudfront_distribution Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
636 CKV2_AWS_37 resource aws_cloudfront_origin_access_identity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
637 CKV2_AWS_37 resource aws_cloudfront_public_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
638 CKV2_AWS_37 resource aws_cloudhsm_v2_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
639 CKV2_AWS_37 resource aws_cloudhsm_v2_hsm Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
640 CKV2_AWS_37 resource aws_cloudtrail Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
641 CKV2_AWS_37 resource aws_cloudwatch_dashboard Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
642 CKV2_AWS_37 resource aws_cloudwatch_event_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
643 CKV2_AWS_37 resource aws_cloudwatch_event_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
644 CKV2_AWS_37 resource aws_cloudwatch_event_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
645 CKV2_AWS_37 resource aws_cloudwatch_log_destination Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
646 CKV2_AWS_37 resource aws_cloudwatch_log_destination_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
647 CKV2_AWS_37 resource aws_cloudwatch_log_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
648 CKV2_AWS_37 resource aws_cloudwatch_log_metric_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
649 CKV2_AWS_37 resource aws_cloudwatch_log_resource_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
650 CKV2_AWS_37 resource aws_cloudwatch_log_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
651 CKV2_AWS_37 resource aws_cloudwatch_log_subscription_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
652 CKV2_AWS_37 resource aws_cloudwatch_metric_alarm Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
653 CKV2_AWS_37 resource aws_codebuild_project Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
654 CKV2_AWS_37 resource aws_codebuild_source_credential Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
655 CKV2_AWS_37 resource aws_codebuild_webhook Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
656 CKV2_AWS_37 resource aws_codecommit_repository Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
657 CKV2_AWS_37 resource aws_codecommit_trigger Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
658 CKV2_AWS_37 resource aws_codedeploy_app Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
659 CKV2_AWS_37 resource aws_codedeploy_deployment_config Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
660 CKV2_AWS_37 resource aws_codedeploy_deployment_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
661 CKV2_AWS_37 resource aws_codepipeline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
662 CKV2_AWS_37 resource aws_codepipeline_webhook Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
663 CKV2_AWS_37 resource aws_codestarnotifications_notification_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
664 CKV2_AWS_37 resource aws_cognito_identity_pool Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
665 CKV2_AWS_37 resource aws_cognito_identity_pool_roles_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
666 CKV2_AWS_37 resource aws_cognito_identity_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
667 CKV2_AWS_37 resource aws_cognito_resource_server Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
668 CKV2_AWS_37 resource aws_cognito_user_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
669 CKV2_AWS_37 resource aws_cognito_user_pool Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
670 CKV2_AWS_37 resource aws_cognito_user_pool_client Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
671 CKV2_AWS_37 resource aws_cognito_user_pool_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
672 CKV2_AWS_37 resource aws_config_aggregate_authorization Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
673 CKV2_AWS_37 resource aws_config_config_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
674 CKV2_AWS_37 resource aws_config_configuration_aggregator Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
675 CKV2_AWS_37 resource aws_config_configuration_recorder Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
676 CKV2_AWS_37 resource aws_config_configuration_recorder_status Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
677 CKV2_AWS_37 resource aws_config_delivery_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
678 CKV2_AWS_37 resource aws_config_organization_custom_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
679 CKV2_AWS_37 resource aws_config_organization_managed_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
680 CKV2_AWS_37 resource aws_cur_report_definition Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
681 CKV2_AWS_37 resource aws_customer_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
682 CKV2_AWS_37 resource aws_datapipeline_pipeline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
683 CKV2_AWS_37 resource aws_datasync_agent Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
684 CKV2_AWS_37 resource aws_datasync_location_efs Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
685 CKV2_AWS_37 resource aws_datasync_location_nfs Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
686 CKV2_AWS_37 resource aws_datasync_location_s3 Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
687 CKV2_AWS_37 resource aws_datasync_location_smb Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
688 CKV2_AWS_37 resource aws_datasync_task Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
689 CKV2_AWS_37 resource aws_dax_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
690 CKV2_AWS_37 resource aws_dax_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
691 CKV2_AWS_37 resource aws_dax_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
692 CKV2_AWS_37 resource aws_db_cluster_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
693 CKV2_AWS_37 resource aws_db_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
694 CKV2_AWS_37 resource aws_db_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
695 CKV2_AWS_37 resource aws_db_instance_role_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
696 CKV2_AWS_37 resource aws_db_option_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
697 CKV2_AWS_37 resource aws_db_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
698 CKV2_AWS_37 resource aws_db_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
699 CKV2_AWS_37 resource aws_db_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
700 CKV2_AWS_37 resource aws_db_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
701 CKV2_AWS_37 resource aws_default_network_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
702 CKV2_AWS_37 resource aws_default_route_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
703 CKV2_AWS_37 resource aws_default_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
704 CKV2_AWS_37 resource aws_default_subnet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
705 CKV2_AWS_37 resource aws_default_vpc Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
706 CKV2_AWS_37 resource aws_default_vpc_dhcp_options Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
707 CKV2_AWS_37 resource aws_devicefarm_project Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
708 CKV2_AWS_37 resource aws_directory_service_conditional_forwarder Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
709 CKV2_AWS_37 resource aws_directory_service_directory Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
710 CKV2_AWS_37 resource aws_directory_service_log_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
711 CKV2_AWS_37 resource aws_dlm_lifecycle_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
712 CKV2_AWS_37 resource aws_dms_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
713 CKV2_AWS_37 resource aws_dms_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
714 CKV2_AWS_37 resource aws_dms_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
715 CKV2_AWS_37 resource aws_dms_replication_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
716 CKV2_AWS_37 resource aws_dms_replication_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
717 CKV2_AWS_37 resource aws_dms_replication_task Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
718 CKV2_AWS_37 resource aws_docdb_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
719 CKV2_AWS_37 resource aws_docdb_cluster_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
720 CKV2_AWS_37 resource aws_docdb_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
721 CKV2_AWS_37 resource aws_docdb_cluster_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
722 CKV2_AWS_37 resource aws_docdb_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
723 CKV2_AWS_37 resource aws_dx_bgp_peer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
724 CKV2_AWS_37 resource aws_dx_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
725 CKV2_AWS_37 resource aws_dx_connection_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
726 CKV2_AWS_37 resource aws_dx_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
727 CKV2_AWS_37 resource aws_dx_gateway_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
728 CKV2_AWS_37 resource aws_dx_gateway_association_proposal Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
729 CKV2_AWS_37 resource aws_dx_hosted_private_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
730 CKV2_AWS_37 resource aws_dx_hosted_private_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
731 CKV2_AWS_37 resource aws_dx_hosted_public_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
732 CKV2_AWS_37 resource aws_dx_hosted_public_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
733 CKV2_AWS_37 resource aws_dx_hosted_transit_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
734 CKV2_AWS_37 resource aws_dx_hosted_transit_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
735 CKV2_AWS_37 resource aws_dx_lag Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
736 CKV2_AWS_37 resource aws_dx_private_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
737 CKV2_AWS_37 resource aws_dx_public_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
738 CKV2_AWS_37 resource aws_dx_transit_virtual_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
739 CKV2_AWS_37 resource aws_dynamodb_global_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
740 CKV2_AWS_37 resource aws_dynamodb_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
741 CKV2_AWS_37 resource aws_dynamodb_table_item Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
742 CKV2_AWS_37 resource aws_ebs_default_kms_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
743 CKV2_AWS_37 resource aws_ebs_encryption_by_default Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
744 CKV2_AWS_37 resource aws_ebs_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
745 CKV2_AWS_37 resource aws_ebs_snapshot_copy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
746 CKV2_AWS_37 resource aws_ebs_volume Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
747 CKV2_AWS_37 resource aws_ec2_availability_zone_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
748 CKV2_AWS_37 resource aws_ec2_capacity_reservation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
749 CKV2_AWS_37 resource aws_ec2_client_vpn_authorization_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
750 CKV2_AWS_37 resource aws_ec2_client_vpn_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
751 CKV2_AWS_37 resource aws_ec2_client_vpn_network_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
752 CKV2_AWS_37 resource aws_ec2_client_vpn_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
753 CKV2_AWS_37 resource aws_ec2_fleet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
754 CKV2_AWS_37 resource aws_ec2_local_gateway_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
755 CKV2_AWS_37 resource aws_ec2_local_gateway_route_table_vpc_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
756 CKV2_AWS_37 resource aws_ec2_tag Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
757 CKV2_AWS_37 resource aws_ec2_traffic_mirror_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
758 CKV2_AWS_37 resource aws_ec2_traffic_mirror_filter_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
759 CKV2_AWS_37 resource aws_ec2_traffic_mirror_session Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
760 CKV2_AWS_37 resource aws_ec2_traffic_mirror_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
761 CKV2_AWS_37 resource aws_ec2_transit_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
762 CKV2_AWS_37 resource aws_ec2_transit_gateway_peering_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
763 CKV2_AWS_37 resource aws_ec2_transit_gateway_peering_attachment_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
764 CKV2_AWS_37 resource aws_ec2_transit_gateway_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
765 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
766 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
767 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table_propagation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
768 CKV2_AWS_37 resource aws_ec2_transit_gateway_vpc_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
769 CKV2_AWS_37 resource aws_ec2_transit_gateway_vpc_attachment_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
770 CKV2_AWS_37 resource aws_ecr_lifecycle_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
771 CKV2_AWS_37 resource aws_ecr_repository Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
772 CKV2_AWS_37 resource aws_ecr_repository_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
773 CKV2_AWS_37 resource aws_ecs_capacity_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
774 CKV2_AWS_37 resource aws_ecs_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
775 CKV2_AWS_37 resource aws_ecs_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
776 CKV2_AWS_37 resource aws_ecs_task_definition Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
777 CKV2_AWS_37 resource aws_efs_access_point Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
778 CKV2_AWS_37 resource aws_efs_file_system Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
779 CKV2_AWS_37 resource aws_efs_file_system_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
780 CKV2_AWS_37 resource aws_efs_mount_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
781 CKV2_AWS_37 resource aws_egress_only_internet_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
782 CKV2_AWS_37 resource aws_eip Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
783 CKV2_AWS_37 resource aws_eip_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
784 CKV2_AWS_37 resource aws_eks_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
785 CKV2_AWS_37 resource aws_eks_fargate_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
786 CKV2_AWS_37 resource aws_eks_node_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
787 CKV2_AWS_37 resource aws_elastic_beanstalk_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
788 CKV2_AWS_37 resource aws_elastic_beanstalk_application_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
789 CKV2_AWS_37 resource aws_elastic_beanstalk_configuration_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
790 CKV2_AWS_37 resource aws_elastic_beanstalk_environment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
791 CKV2_AWS_37 resource aws_elasticache_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
792 CKV2_AWS_37 resource aws_elasticache_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
793 CKV2_AWS_37 resource aws_elasticache_replication_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
794 CKV2_AWS_37 resource aws_elasticache_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
795 CKV2_AWS_37 resource aws_elasticache_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
796 CKV2_AWS_37 resource aws_elasticsearch_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
797 CKV2_AWS_37 resource aws_elasticsearch_domain_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
798 CKV2_AWS_37 resource aws_elastictranscoder_pipeline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
799 CKV2_AWS_37 resource aws_elastictranscoder_preset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
800 CKV2_AWS_37 resource aws_elb Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
801 CKV2_AWS_37 resource aws_elb_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
802 CKV2_AWS_37 resource aws_emr_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
803 CKV2_AWS_37 resource aws_emr_instance_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
804 CKV2_AWS_37 resource aws_emr_security_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
805 CKV2_AWS_37 resource aws_flow_log Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
806 CKV2_AWS_37 resource aws_fms_admin_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
807 CKV2_AWS_37 resource aws_fsx_lustre_file_system Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
808 CKV2_AWS_37 resource aws_fsx_windows_file_system Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
809 CKV2_AWS_37 resource aws_gamelift_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
810 CKV2_AWS_37 resource aws_gamelift_build Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
811 CKV2_AWS_37 resource aws_gamelift_fleet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
812 CKV2_AWS_37 resource aws_gamelift_game_session_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
813 CKV2_AWS_37 resource aws_glacier_vault Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
814 CKV2_AWS_37 resource aws_glacier_vault_lock Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
815 CKV2_AWS_37 resource aws_globalaccelerator_accelerator Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
816 CKV2_AWS_37 resource aws_globalaccelerator_endpoint_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
817 CKV2_AWS_37 resource aws_globalaccelerator_listener Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
818 CKV2_AWS_37 resource aws_glue_catalog_database Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
819 CKV2_AWS_37 resource aws_glue_catalog_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
820 CKV2_AWS_37 resource aws_glue_classifier Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
821 CKV2_AWS_37 resource aws_glue_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
822 CKV2_AWS_37 resource aws_glue_crawler Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
823 CKV2_AWS_37 resource aws_glue_job Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
824 CKV2_AWS_37 resource aws_glue_security_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
825 CKV2_AWS_37 resource aws_glue_trigger Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
826 CKV2_AWS_37 resource aws_glue_workflow Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
827 CKV2_AWS_37 resource aws_guardduty_detector Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
828 CKV2_AWS_37 resource aws_guardduty_invite_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
829 CKV2_AWS_37 resource aws_guardduty_ipset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
830 CKV2_AWS_37 resource aws_guardduty_member Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
831 CKV2_AWS_37 resource aws_guardduty_organization_admin_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
832 CKV2_AWS_37 resource aws_guardduty_organization_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
833 CKV2_AWS_37 resource aws_guardduty_threatintelset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
834 CKV2_AWS_37 resource aws_iam_access_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
835 CKV2_AWS_37 resource aws_iam_account_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
836 CKV2_AWS_37 resource aws_iam_account_password_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
837 CKV2_AWS_37 resource aws_iam_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
838 CKV2_AWS_37 resource aws_iam_group_membership Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
839 CKV2_AWS_37 resource aws_iam_group_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
840 CKV2_AWS_37 resource aws_iam_group_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
841 CKV2_AWS_37 resource aws_iam_instance_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
842 CKV2_AWS_37 resource aws_iam_openid_connect_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
843 CKV2_AWS_37 resource aws_iam_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
844 CKV2_AWS_37 resource aws_iam_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
845 CKV2_AWS_37 resource aws_iam_policy_document Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
846 CKV2_AWS_37 resource aws_iam_role Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
847 CKV2_AWS_37 resource aws_iam_role_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
848 CKV2_AWS_37 resource aws_iam_role_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
849 CKV2_AWS_37 resource aws_iam_saml_provider Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
850 CKV2_AWS_37 resource aws_iam_server_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
851 CKV2_AWS_37 resource aws_iam_service_linked_role Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
852 CKV2_AWS_37 resource aws_iam_user Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
853 CKV2_AWS_37 resource aws_iam_user_group_membership Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
854 CKV2_AWS_37 resource aws_iam_user_login_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
855 CKV2_AWS_37 resource aws_iam_user_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
856 CKV2_AWS_37 resource aws_iam_user_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
857 CKV2_AWS_37 resource aws_iam_user_ssh_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
858 CKV2_AWS_37 resource aws_inspector_assessment_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
859 CKV2_AWS_37 resource aws_inspector_assessment_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
860 CKV2_AWS_37 resource aws_inspector_resource_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
861 CKV2_AWS_37 resource aws_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
862 CKV2_AWS_37 resource aws_internet_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
863 CKV2_AWS_37 resource aws_iot_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
864 CKV2_AWS_37 resource aws_iot_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
865 CKV2_AWS_37 resource aws_iot_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
866 CKV2_AWS_37 resource aws_iot_role_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
867 CKV2_AWS_37 resource aws_iot_thing Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
868 CKV2_AWS_37 resource aws_iot_thing_principal_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
869 CKV2_AWS_37 resource aws_iot_thing_type Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
870 CKV2_AWS_37 resource aws_iot_topic_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
871 CKV2_AWS_37 resource aws_key_pair Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
872 CKV2_AWS_37 resource aws_kinesis_analytics_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
873 CKV2_AWS_37 resource aws_kinesis_firehose_delivery_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
874 CKV2_AWS_37 resource aws_kinesis_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
875 CKV2_AWS_37 resource aws_kinesis_video_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
876 CKV2_AWS_37 resource aws_kms_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
877 CKV2_AWS_37 resource aws_kms_ciphertext Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
878 CKV2_AWS_37 resource aws_kms_external_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
879 CKV2_AWS_37 resource aws_kms_grant Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
880 CKV2_AWS_37 resource aws_kms_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
881 CKV2_AWS_37 resource aws_lambda_alias Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
882 CKV2_AWS_37 resource aws_lambda_event_source_mapping Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
883 CKV2_AWS_37 resource aws_lambda_function Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
884 CKV2_AWS_37 resource aws_lambda_function_event_invoke_config Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
885 CKV2_AWS_37 resource aws_lambda_layer_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
886 CKV2_AWS_37 resource aws_lambda_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
887 CKV2_AWS_37 resource aws_lambda_provisioned_concurrency_config Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
888 CKV2_AWS_37 resource aws_launch_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
889 CKV2_AWS_37 resource aws_launch_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
890 CKV2_AWS_37 resource aws_lb Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
891 CKV2_AWS_37 resource aws_lb_cookie_stickiness_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
892 CKV2_AWS_37 resource aws_lb_listener Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
893 CKV2_AWS_37 resource aws_lb_listener_certificate Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
894 CKV2_AWS_37 resource aws_lb_listener_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
895 CKV2_AWS_37 resource aws_lb_ssl_negotiation_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
896 CKV2_AWS_37 resource aws_lb_target_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
897 CKV2_AWS_37 resource aws_lb_target_group_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
898 CKV2_AWS_37 resource aws_licensemanager_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
899 CKV2_AWS_37 resource aws_licensemanager_license_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
900 CKV2_AWS_37 resource aws_lightsail_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
901 CKV2_AWS_37 resource aws_lightsail_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
902 CKV2_AWS_37 resource aws_lightsail_key_pair Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
903 CKV2_AWS_37 resource aws_lightsail_static_ip Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
904 CKV2_AWS_37 resource aws_lightsail_static_ip_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
905 CKV2_AWS_37 resource aws_load_balancer_backend_server_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
906 CKV2_AWS_37 resource aws_load_balancer_listener_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
907 CKV2_AWS_37 resource aws_load_balancer_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
908 CKV2_AWS_37 resource aws_macie_member_account_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
909 CKV2_AWS_37 resource aws_macie_s3_bucket_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
910 CKV2_AWS_37 resource aws_main_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
911 CKV2_AWS_37 resource aws_media_convert_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
912 CKV2_AWS_37 resource aws_media_package_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
913 CKV2_AWS_37 resource aws_media_store_container Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
914 CKV2_AWS_37 resource aws_media_store_container_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
915 CKV2_AWS_37 resource aws_mq_broker Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
916 CKV2_AWS_37 resource aws_mq_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
917 CKV2_AWS_37 resource aws_msk_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
918 CKV2_AWS_37 resource aws_msk_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
919 CKV2_AWS_37 resource aws_nat_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
920 CKV2_AWS_37 resource aws_neptune_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
921 CKV2_AWS_37 resource aws_neptune_cluster_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
922 CKV2_AWS_37 resource aws_neptune_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
923 CKV2_AWS_37 resource aws_neptune_cluster_snapshot Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
924 CKV2_AWS_37 resource aws_neptune_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
925 CKV2_AWS_37 resource aws_neptune_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
926 CKV2_AWS_37 resource aws_neptune_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
927 CKV2_AWS_37 resource aws_network_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
928 CKV2_AWS_37 resource aws_network_acl_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
929 CKV2_AWS_37 resource aws_network_interface Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
930 CKV2_AWS_37 resource aws_network_interface_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
931 CKV2_AWS_37 resource aws_network_interface_sg_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
932 CKV2_AWS_37 resource aws_opsworks_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
933 CKV2_AWS_37 resource aws_opsworks_custom_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
934 CKV2_AWS_37 resource aws_opsworks_ganglia_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
935 CKV2_AWS_37 resource aws_opsworks_haproxy_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
936 CKV2_AWS_37 resource aws_opsworks_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
937 CKV2_AWS_37 resource aws_opsworks_java_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
938 CKV2_AWS_37 resource aws_opsworks_memcached_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
939 CKV2_AWS_37 resource aws_opsworks_mysql_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
940 CKV2_AWS_37 resource aws_opsworks_nodejs_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
941 CKV2_AWS_37 resource aws_opsworks_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
942 CKV2_AWS_37 resource aws_opsworks_php_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
943 CKV2_AWS_37 resource aws_opsworks_rails_app_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
944 CKV2_AWS_37 resource aws_opsworks_rds_db_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
945 CKV2_AWS_37 resource aws_opsworks_stack Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
946 CKV2_AWS_37 resource aws_opsworks_static_web_layer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
947 CKV2_AWS_37 resource aws_opsworks_user_profile Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
948 CKV2_AWS_37 resource aws_organizations_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
949 CKV2_AWS_37 resource aws_organizations_organization Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
950 CKV2_AWS_37 resource aws_organizations_organizational_unit Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
951 CKV2_AWS_37 resource aws_organizations_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
952 CKV2_AWS_37 resource aws_organizations_policy_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
953 CKV2_AWS_37 resource aws_pinpoint_adm_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
954 CKV2_AWS_37 resource aws_pinpoint_apns_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
955 CKV2_AWS_37 resource aws_pinpoint_apns_sandbox_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
956 CKV2_AWS_37 resource aws_pinpoint_apns_voip_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
957 CKV2_AWS_37 resource aws_pinpoint_apns_voip_sandbox_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
958 CKV2_AWS_37 resource aws_pinpoint_app Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
959 CKV2_AWS_37 resource aws_pinpoint_baidu_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
960 CKV2_AWS_37 resource aws_pinpoint_email_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
961 CKV2_AWS_37 resource aws_pinpoint_event_stream Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
962 CKV2_AWS_37 resource aws_pinpoint_gcm_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
963 CKV2_AWS_37 resource aws_pinpoint_sms_channel Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
964 CKV2_AWS_37 resource aws_placement_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
965 CKV2_AWS_37 resource aws_proxy_protocol_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
966 CKV2_AWS_37 resource aws_qldb_ledger Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
967 CKV2_AWS_37 resource aws_quicksight_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
968 CKV2_AWS_37 resource aws_quicksight_user Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
969 CKV2_AWS_37 resource aws_ram_principal_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
970 CKV2_AWS_37 resource aws_ram_resource_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
971 CKV2_AWS_37 resource aws_ram_resource_share Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
972 CKV2_AWS_37 resource aws_ram_resource_share_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
973 CKV2_AWS_37 resource aws_rds_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
974 CKV2_AWS_37 resource aws_rds_cluster_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
975 CKV2_AWS_37 resource aws_rds_cluster_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
976 CKV2_AWS_37 resource aws_rds_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
977 CKV2_AWS_37 resource aws_rds_global_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
978 CKV2_AWS_37 resource aws_redshift_cluster Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
979 CKV2_AWS_37 resource aws_redshift_event_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
980 CKV2_AWS_37 resource aws_redshift_parameter_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
981 CKV2_AWS_37 resource aws_redshift_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
982 CKV2_AWS_37 resource aws_redshift_snapshot_copy_grant Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
983 CKV2_AWS_37 resource aws_redshift_snapshot_schedule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
984 CKV2_AWS_37 resource aws_redshift_snapshot_schedule_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
985 CKV2_AWS_37 resource aws_redshift_subnet_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
986 CKV2_AWS_37 resource aws_resourcegroups_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
987 CKV2_AWS_37 resource aws_root Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
988 CKV2_AWS_37 resource aws_root_access_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
989 CKV2_AWS_37 resource aws_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
990 CKV2_AWS_37 resource aws_route53_delegation_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
991 CKV2_AWS_37 resource aws_route53_health_check Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
992 CKV2_AWS_37 resource aws_route53_query_log Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
993 CKV2_AWS_37 resource aws_route53_record Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
994 CKV2_AWS_37 resource aws_route53_resolver_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
995 CKV2_AWS_37 resource aws_route53_resolver_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
996 CKV2_AWS_37 resource aws_route53_resolver_rule_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
997 CKV2_AWS_37 resource aws_route53_vpc_association_authorization Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
998 CKV2_AWS_37 resource aws_route53_zone Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
999 CKV2_AWS_37 resource aws_route53_zone_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1000 CKV2_AWS_37 resource aws_route_table Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1001 CKV2_AWS_37 resource aws_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1002 CKV2_AWS_37 resource aws_s3_access_point Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1003 CKV2_AWS_37 resource aws_s3_account_public_access_block Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1004 CKV2_AWS_37 resource aws_s3_bucket Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1005 CKV2_AWS_37 resource aws_s3_bucket_analytics_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1006 CKV2_AWS_37 resource aws_s3_bucket_inventory Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1007 CKV2_AWS_37 resource aws_s3_bucket_metric Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1008 CKV2_AWS_37 resource aws_s3_bucket_notification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1009 CKV2_AWS_37 resource aws_s3_bucket_object Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1010 CKV2_AWS_37 resource aws_s3_bucket_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1011 CKV2_AWS_37 resource aws_s3_bucket_public_access_block Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1012 CKV2_AWS_37 resource aws_sagemaker_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1013 CKV2_AWS_37 resource aws_sagemaker_endpoint_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1014 CKV2_AWS_37 resource aws_sagemaker_model Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1015 CKV2_AWS_37 resource aws_sagemaker_notebook_instance Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1016 CKV2_AWS_37 resource aws_sagemaker_notebook_instance_lifecycle_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1017 CKV2_AWS_37 resource aws_secretsmanager_secret Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1018 CKV2_AWS_37 resource aws_secretsmanager_secret_rotation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1019 CKV2_AWS_37 resource aws_secretsmanager_secret_version Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1020 CKV2_AWS_37 resource aws_security_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1021 CKV2_AWS_37 resource aws_security_group_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1022 CKV2_AWS_37 resource aws_securityhub_account Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1023 CKV2_AWS_37 resource aws_securityhub_member Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1024 CKV2_AWS_37 resource aws_securityhub_product_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1025 CKV2_AWS_37 resource aws_securityhub_standards_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1026 CKV2_AWS_37 resource aws_service_discovery_http_namespace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1027 CKV2_AWS_37 resource aws_service_discovery_private_dns_namespace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1028 CKV2_AWS_37 resource aws_service_discovery_public_dns_namespace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1029 CKV2_AWS_37 resource aws_service_discovery_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1030 CKV2_AWS_37 resource aws_servicecatalog_portfolio Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1031 CKV2_AWS_37 resource aws_servicequotas_service_quota Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1032 CKV2_AWS_37 resource aws_ses_active_receipt_rule_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1033 CKV2_AWS_37 resource aws_ses_configuration_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1034 CKV2_AWS_37 resource aws_ses_domain_dkim Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1035 CKV2_AWS_37 resource aws_ses_domain_identity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1036 CKV2_AWS_37 resource aws_ses_domain_identity_verification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1037 CKV2_AWS_37 resource aws_ses_domain_mail_from Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1038 CKV2_AWS_37 resource aws_ses_email_identity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1039 CKV2_AWS_37 resource aws_ses_event_destination Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1040 CKV2_AWS_37 resource aws_ses_identity_notification_topic Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1041 CKV2_AWS_37 resource aws_ses_identity_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1042 CKV2_AWS_37 resource aws_ses_receipt_filter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1043 CKV2_AWS_37 resource aws_ses_receipt_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1044 CKV2_AWS_37 resource aws_ses_receipt_rule_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1045 CKV2_AWS_37 resource aws_ses_template Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1046 CKV2_AWS_37 resource aws_sfn_activity Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1047 CKV2_AWS_37 resource aws_sfn_state_machine Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1048 CKV2_AWS_37 resource aws_shield_protection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1049 CKV2_AWS_37 resource aws_simpledb_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1050 CKV2_AWS_37 resource aws_snapshot_create_volume_permission Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1051 CKV2_AWS_37 resource aws_sns_platform_application Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1052 CKV2_AWS_37 resource aws_sns_sms_preferences Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1053 CKV2_AWS_37 resource aws_sns_topic Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1054 CKV2_AWS_37 resource aws_sns_topic_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1055 CKV2_AWS_37 resource aws_sns_topic_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1056 CKV2_AWS_37 resource aws_spot_datafeed_subscription Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1057 CKV2_AWS_37 resource aws_spot_fleet_request Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1058 CKV2_AWS_37 resource aws_spot_instance_request Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1059 CKV2_AWS_37 resource aws_sqs_queue Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1060 CKV2_AWS_37 resource aws_sqs_queue_policy Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1061 CKV2_AWS_37 resource aws_ssm_activation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1062 CKV2_AWS_37 resource aws_ssm_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1063 CKV2_AWS_37 resource aws_ssm_document Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1064 CKV2_AWS_37 resource aws_ssm_maintenance_window Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1065 CKV2_AWS_37 resource aws_ssm_maintenance_window_target Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1066 CKV2_AWS_37 resource aws_ssm_maintenance_window_task Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1067 CKV2_AWS_37 resource aws_ssm_parameter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1068 CKV2_AWS_37 resource aws_ssm_patch_baseline Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1069 CKV2_AWS_37 resource aws_ssm_patch_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1070 CKV2_AWS_37 resource aws_ssm_resource_data_sync Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1071 CKV2_AWS_37 resource aws_storagegateway_cache Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1072 CKV2_AWS_37 resource aws_storagegateway_cached_iscsi_volume Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1073 CKV2_AWS_37 resource aws_storagegateway_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1074 CKV2_AWS_37 resource aws_storagegateway_nfs_file_share Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1075 CKV2_AWS_37 resource aws_storagegateway_smb_file_share Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1076 CKV2_AWS_37 resource aws_storagegateway_upload_buffer Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1077 CKV2_AWS_37 resource aws_storagegateway_working_storage Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1078 CKV2_AWS_37 resource aws_subnet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1079 CKV2_AWS_37 resource aws_swf_domain Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1080 CKV2_AWS_37 resource aws_transfer_server Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1081 CKV2_AWS_37 resource aws_transfer_ssh_key Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1082 CKV2_AWS_37 resource aws_transfer_user Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1083 CKV2_AWS_37 resource aws_volume_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1084 CKV2_AWS_37 resource aws_vpc Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1085 CKV2_AWS_37 resource aws_vpc_dhcp_options Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1086 CKV2_AWS_37 resource aws_vpc_dhcp_options_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1087 CKV2_AWS_37 resource aws_vpc_endpoint Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1088 CKV2_AWS_37 resource aws_vpc_endpoint_connection_notification Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1089 CKV2_AWS_37 resource aws_vpc_endpoint_route_table_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1090 CKV2_AWS_37 resource aws_vpc_endpoint_service Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1091 CKV2_AWS_37 resource aws_vpc_endpoint_service_allowed_principal Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1092 CKV2_AWS_37 resource aws_vpc_endpoint_subnet_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1093 CKV2_AWS_37 resource aws_vpc_ipv4_cidr_block_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1094 CKV2_AWS_37 resource aws_vpc_peering_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1095 CKV2_AWS_37 resource aws_vpc_peering_connection_accepter Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1096 CKV2_AWS_37 resource aws_vpc_peering_connection_options Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1097 CKV2_AWS_37 resource aws_vpn_connection Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1098 CKV2_AWS_37 resource aws_vpn_connection_route Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1099 CKV2_AWS_37 resource aws_vpn_gateway Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1100 CKV2_AWS_37 resource aws_vpn_gateway_attachment Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1101 CKV2_AWS_37 resource aws_vpn_gateway_route_propagation Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1102 CKV2_AWS_37 resource aws_waf_byte_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1103 CKV2_AWS_37 resource aws_waf_geo_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1104 CKV2_AWS_37 resource aws_waf_ipset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1105 CKV2_AWS_37 resource aws_waf_rate_based_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1106 CKV2_AWS_37 resource aws_waf_regex_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1107 CKV2_AWS_37 resource aws_waf_regex_pattern_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1108 CKV2_AWS_37 resource aws_waf_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1109 CKV2_AWS_37 resource aws_waf_rule_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1110 CKV2_AWS_37 resource aws_waf_size_constraint_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1111 CKV2_AWS_37 resource aws_waf_sql_injection_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1112 CKV2_AWS_37 resource aws_waf_web_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1113 CKV2_AWS_37 resource aws_waf_xss_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1114 CKV2_AWS_37 resource aws_wafregional_byte_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1115 CKV2_AWS_37 resource aws_wafregional_geo_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1116 CKV2_AWS_37 resource aws_wafregional_ipset Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1117 CKV2_AWS_37 resource aws_wafregional_rate_based_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1118 CKV2_AWS_37 resource aws_wafregional_regex_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1119 CKV2_AWS_37 resource aws_wafregional_regex_pattern_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1120 CKV2_AWS_37 resource aws_wafregional_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1121 CKV2_AWS_37 resource aws_wafregional_rule_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1122 CKV2_AWS_37 resource aws_wafregional_size_constraint_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1123 CKV2_AWS_37 resource aws_wafregional_sql_injection_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1124 CKV2_AWS_37 resource aws_wafregional_web_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1125 CKV2_AWS_37 resource aws_wafregional_web_acl_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1126 CKV2_AWS_37 resource aws_wafregional_xss_match_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1127 CKV2_AWS_37 resource aws_wafv2_ip_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1128 CKV2_AWS_37 resource aws_wafv2_regex_pattern_set Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1129 CKV2_AWS_37 resource aws_wafv2_rule_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1130 CKV2_AWS_37 resource aws_wafv2_web_acl Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1131 CKV2_AWS_37 resource aws_wafv2_web_acl_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1132 CKV2_AWS_37 resource aws_wafv2_web_acl_logging_configuration Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1133 CKV2_AWS_37 resource aws_worklink_fleet Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1134 CKV2_AWS_37 resource aws_worklink_website_certificate_authority_association Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1135 CKV2_AWS_37 resource aws_workspaces_directory Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1136 CKV2_AWS_37 resource aws_workspaces_ip_group Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1137 CKV2_AWS_37 resource aws_workspaces_workspace Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1138 CKV2_AWS_37 resource aws_xray_sampling_rule Ensure Codecommit associates an approval rule Terraform CodecommitApprovalRulesAttached.yaml
1139 CKV2_AWS_38 resource aws_route53_zone Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones Terraform Route53ZoneEnableDNSSECSigning.yaml
1140 CKV2_AWS_39 resource aws_route53_zone Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones Terraform Route53ZoneHasMatchingQueryLog.yaml
1141 CKV2_AWS_40 resource aws_iam_group_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1142 CKV2_AWS_40 resource aws_iam_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1143 CKV2_AWS_40 resource aws_iam_role_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1144 CKV2_AWS_40 resource aws_iam_user_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1145 CKV2_AWS_40 resource aws_ssoadmin_permission_set_inline_policy Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1146 CKV2_AWS_40 resource data.aws_iam_policy_document Ensure AWS IAM policy does not allow full IAM privileges Terraform IAMPolicyNotAllowFullIAMAccess.yaml
1147 CKV2_AWS_41 resource aws_instance Ensure an IAM role is attached to EC2 instance Terraform EC2InstanceHasIAMRoleAttached.yaml
1148 CKV2_AWS_42 resource aws_cloudfront_distribution Ensure AWS CloudFront distribution uses custom SSL certificate Terraform CloudFrontHasCustomSSLCertificate.yaml
1149 CKV2_AWS_43 resource aws_s3_bucket_acl Ensure S3 Bucket does not allow access to all Authenticated users Terraform S3NotAllowAccessToAllAuthenticatedUsers.yaml
1150 CKV2_AWS_44 resource aws_route Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic Terraform VPCPeeringRouteTableOverlyPermissive.yaml
1151 CKV2_AWS_44 resource aws_route_table Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic Terraform VPCPeeringRouteTableOverlyPermissive.yaml
1152 CKV2_AWS_45 resource aws_config_configuration_recorder Ensure AWS Config recorder is enabled to record all supported resources Terraform AWSConfigRecorderEnabled.yaml
1153 CKV2_AWS_45 resource aws_config_configuration_recorder_status Ensure AWS Config recorder is enabled to record all supported resources Terraform AWSConfigRecorderEnabled.yaml
1154 CKV2_AWS_46 resource aws_cloudfront_distribution Ensure AWS Cloudfront Distribution with S3 have Origin Access set to enabled Terraform CLoudFrontS3OriginConfigWithOAI.yaml
1155 CKV2_AWS_47 resource aws_cloudfront_distribution Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability Terraform CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1156 CKV2_AWS_47 resource aws_wafv2_web_acl Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability Terraform CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1157 CKV2_AWS_48 resource aws_config_configuration_recorder Ensure AWS Config must record all possible resources Terraform ConfigRecorderRecordsAllGlobalResources.yaml
1158 CKV2_AWS_49 resource aws_dms_endpoint Ensure AWS Database Migration Service endpoints have SSL configured Terraform DMSEndpointHaveSSLConfigured.yaml
1159 CKV2_AWS_50 resource aws_elasticache_replication_group Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled Terraform ElastiCacheRedisConfiguredAutomaticFailOver.yaml
1160 CKV2_AWS_51 resource aws_api_gateway_stage Ensure AWS API Gateway endpoints uses client certificate authentication Terraform APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1161 CKV2_AWS_51 resource aws_apigatewayv2_api Ensure AWS API Gateway endpoints uses client certificate authentication Terraform APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1162 CKV2_AWS_51 resource aws_apigatewayv2_stage Ensure AWS API Gateway endpoints uses client certificate authentication Terraform APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1163 CKV2_AWS_52 resource aws_elasticsearch_domain Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled Terraform OpenSearchDomainHasFineGrainedControl.yaml
1164 CKV2_AWS_52 resource aws_opensearch_domain Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled Terraform OpenSearchDomainHasFineGrainedControl.yaml
1165 CKV2_AWS_53 resource aws_api_gateway_method Ensure AWS API gateway request is validated Terraform APIGatewayRequestParameterValidationEnabled.yaml
1166 CKV2_AWS_54 resource aws_cloudfront_distribution Ensure AWS CloudFront distribution is using secure SSL protocols for HTTPS communication Terraform CloudFrontUsesSecureProtocolsForHTTPS.yaml
1167 CKV2_AWS_55 resource aws_emr_cluster Ensure AWS EMR cluster is configured with security configuration Terraform EMRClusterHasSecurityConfiguration.yaml
1168 CKV2_AWS_56 resource aws_iam_group_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1169 CKV2_AWS_56 resource aws_iam_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1170 CKV2_AWS_56 resource aws_iam_role Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1171 CKV2_AWS_56 resource aws_iam_role_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1172 CKV2_AWS_56 resource aws_iam_user_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1173 CKV2_AWS_56 resource aws_ssoadmin_managed_policy_attachment Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1174 CKV2_AWS_56 resource data.aws_iam_policy Ensure AWS Managed IAMFullAccess IAM policy is not used. Terraform IAMManagedIAMFullAccessPolicy.yaml
1175 CKV2_AWS_57 resource aws_secretsmanager_secret Ensure Secrets Manager secrets should have automatic rotation enabled Terraform SecretsAreRotated.yaml
1176 CKV2_AWS_58 resource aws_neptune_cluster Ensure AWS Neptune cluster deletion protection is enabled Terraform NeptuneDeletionProtectionEnabled.yaml
1177 CKV2_AWS_59 resource aws_elasticsearch_domain Ensure ElasticSearch/OpenSearch has dedicated master node enabled Terraform ElasticSearchDedicatedMasterEnabled.yaml
1178 CKV2_AWS_59 resource aws_opensearch_domain Ensure ElasticSearch/OpenSearch has dedicated master node enabled Terraform ElasticSearchDedicatedMasterEnabled.yaml
1179 CKV2_AWS_60 resource aws_db_instance Ensure RDS instance with copy tags to snapshots is enabled Terraform RDSEnableCopyTagsToSnapshot.yaml
1180 CKV2_AWS_61 resource aws_s3_bucket Ensure that an S3 bucket has a lifecycle configuration Terraform S3BucketLifecycle.yaml
1181 CKV2_AWS_62 resource aws_s3_bucket Ensure S3 buckets should have event notifications enabled Terraform S3BucketEventNotifications.yaml
1182 CKV2_AWS_63 resource aws_networkfirewall_firewall Ensure Network firewall has logging configuration defined Terraform NetworkFirewallHasLogging.yaml
1183 CKV_AZURE_1 resource azurerm_linux_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform AzureInstancePassword.py
1184 CKV_AZURE_1 resource azurerm_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform AzureInstancePassword.py
1185 CKV_AZURE_2 resource azurerm_managed_disk Ensure Azure managed disk has encryption enabled Terraform AzureManagedDiskEncryption.py
1186 CKV_AZURE_3 resource azurerm_storage_account Ensure that ‘enable_https_traffic_only’ is enabled Terraform StorageAccountsTransportEncryption.py
1187 CKV_AZURE_4 resource azurerm_kubernetes_cluster Ensure AKS logging to Azure Monitoring is Configured Terraform AKSLoggingEnabled.py
1188 CKV_AZURE_5 resource azurerm_kubernetes_cluster Ensure RBAC is enabled on AKS clusters Terraform AKSRbacEnabled.py
1189 CKV_AZURE_6 resource azurerm_kubernetes_cluster Ensure AKS has an API Server Authorized IP Ranges enabled Terraform AKSApiServerAuthorizedIpRanges.py
1190 CKV_AZURE_7 resource azurerm_kubernetes_cluster Ensure AKS cluster has Network Policy configured Terraform AKSNetworkPolicy.py
1191 CKV_AZURE_8 resource azurerm_kubernetes_cluster Ensure Kubernetes Dashboard is disabled Terraform AKSDashboardDisabled.py
1192 CKV_AZURE_9 resource azurerm_network_security_group Ensure that RDP access is restricted from the internet Terraform NSGRuleRDPAccessRestricted.py
1193 CKV_AZURE_9 resource azurerm_network_security_rule Ensure that RDP access is restricted from the internet Terraform NSGRuleRDPAccessRestricted.py
1194 CKV_AZURE_10 resource azurerm_network_security_group Ensure that SSH access is restricted from the internet Terraform NSGRuleSSHAccessRestricted.py
1195 CKV_AZURE_10 resource azurerm_network_security_rule Ensure that SSH access is restricted from the internet Terraform NSGRuleSSHAccessRestricted.py
1196 CKV_AZURE_11 resource azurerm_mariadb_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1197 CKV_AZURE_11 resource azurerm_mysql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1198 CKV_AZURE_11 resource azurerm_postgresql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1199 CKV_AZURE_11 resource azurerm_sql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform SQLServerNoPublicAccess.py
1200 CKV_AZURE_12 resource azurerm_network_watcher_flow_log Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Terraform NetworkWatcherFlowLogPeriod.py
1201 CKV_AZURE_13 resource azurerm_app_service Ensure App Service Authentication is set on Azure App Service Terraform AppServiceAuthentication.py
1202 CKV_AZURE_13 resource azurerm_linux_web_app Ensure App Service Authentication is set on Azure App Service Terraform AppServiceAuthentication.py
1203 CKV_AZURE_13 resource azurerm_windows_web_app Ensure App Service Authentication is set on Azure App Service Terraform AppServiceAuthentication.py
1204 CKV_AZURE_14 resource azurerm_app_service Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform AppServiceHTTPSOnly.py
1205 CKV_AZURE_14 resource azurerm_linux_web_app Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform AppServiceHTTPSOnly.py
1206 CKV_AZURE_14 resource azurerm_windows_web_app Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform AppServiceHTTPSOnly.py
1207 CKV_AZURE_15 resource azurerm_app_service Ensure web app is using the latest version of TLS encryption Terraform AppServiceMinTLSVersion.py
1208 CKV_AZURE_15 resource azurerm_linux_web_app Ensure web app is using the latest version of TLS encryption Terraform AppServiceMinTLSVersion.py
1209 CKV_AZURE_15 resource azurerm_windows_web_app Ensure web app is using the latest version of TLS encryption Terraform AppServiceMinTLSVersion.py
1210 CKV_AZURE_16 resource azurerm_app_service Ensure that Register with Azure Active Directory is enabled on App Service Terraform AppServiceIdentity.py
1211 CKV_AZURE_16 resource azurerm_linux_web_app Ensure that Register with Azure Active Directory is enabled on App Service Terraform AppServiceIdentity.py
1212 CKV_AZURE_16 resource azurerm_windows_web_app Ensure that Register with Azure Active Directory is enabled on App Service Terraform AppServiceIdentity.py
1213 CKV_AZURE_17 resource azurerm_app_service Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform AppServiceClientCertificate.py
1214 CKV_AZURE_17 resource azurerm_linux_web_app Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform AppServiceClientCertificate.py
1215 CKV_AZURE_17 resource azurerm_windows_web_app Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform AppServiceClientCertificate.py
1216 CKV_AZURE_18 resource azurerm_app_service Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform AppServiceHttps20Enabled.py
1217 CKV_AZURE_18 resource azurerm_linux_web_app Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform AppServiceHttps20Enabled.py
1218 CKV_AZURE_18 resource azurerm_windows_web_app Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform AppServiceHttps20Enabled.py
1219 CKV_AZURE_19 resource azurerm_security_center_subscription_pricing Ensure that standard pricing tier is selected Terraform SecurityCenterStandardPricing.py
1220 CKV_AZURE_20 resource azurerm_security_center_contact Ensure that security contact ‘Phone number’ is set Terraform SecurityCenterContactPhone.py
1221 CKV_AZURE_21 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform SecurityCenterContactEmailAlert.py
1222 CKV_AZURE_22 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform SecurityCenterContactEmailAlertAdmins.py
1223 CKV_AZURE_23 resource azurerm_mssql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform SQLServerAuditingEnabled.yaml
1224 CKV_AZURE_23 resource azurerm_mssql_server_extended_auditing_policy Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform SQLServerAuditingEnabled.yaml
1225 CKV_AZURE_23 resource azurerm_sql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform SQLServerAuditingEnabled.yaml
1226 CKV_AZURE_24 resource azurerm_mssql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform SQLServerAuditingRetention90Days.yaml
1227 CKV_AZURE_24 resource azurerm_mssql_server_extended_auditing_policy Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform SQLServerAuditingRetention90Days.yaml
1228 CKV_AZURE_24 resource azurerm_sql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform SQLServerAuditingRetention90Days.yaml
1229 CKV_AZURE_25 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Threat Detection types’ is set to ‘All’ Terraform SQLServerThreatDetectionTypes.py
1230 CKV_AZURE_26 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Send Alerts To’ is enabled for MSSQL servers Terraform SQLServerEmailAlertsEnabled.py
1231 CKV_AZURE_27 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers Terraform SQLServerEmailAlertsToAdminsEnabled.py
1232 CKV_AZURE_28 resource azurerm_mysql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server Terraform MySQLServerSSLEnforcementEnabled.py
1233 CKV_AZURE_29 resource azurerm_postgresql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server Terraform PostgreSQLServerSSLEnforcementEnabled.py
1234 CKV_AZURE_30 resource azurerm_postgresql_configuration Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerLogCheckpointsEnabled.py
1235 CKV_AZURE_31 resource azurerm_postgresql_configuration Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerLogConnectionsEnabled.py
1236 CKV_AZURE_32 resource azurerm_postgresql_configuration Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerConnectionThrottlingEnabled.py
1237 CKV_AZURE_33 resource azurerm_storage_account Ensure Storage logging is enabled for Queue service for read, write and delete requests Terraform StorageAccountLoggingQueueServiceEnabled.py
1238 CKV_AZURE_34 resource azurerm_storage_container Ensure that ‘Public access level’ is set to Private for blob containers Terraform StorageBlobServiceContainerPrivateAccess.py
1239 CKV_AZURE_35 resource azurerm_storage_account Ensure default network access rule for Storage Accounts is set to deny Terraform StorageAccountDefaultNetworkAccessDeny.py
1240 CKV_AZURE_35 resource azurerm_storage_account_network_rules Ensure default network access rule for Storage Accounts is set to deny Terraform StorageAccountDefaultNetworkAccessDeny.py
1241 CKV_AZURE_36 resource azurerm_storage_account Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform StorageAccountAzureServicesAccessEnabled.py
1242 CKV_AZURE_36 resource azurerm_storage_account_network_rules Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform StorageAccountAzureServicesAccessEnabled.py
1243 CKV_AZURE_37 resource azurerm_monitor_log_profile Ensure that Activity Log Retention is set 365 days or greater Terraform MonitorLogProfileRetentionDays.py
1244 CKV_AZURE_38 resource azurerm_monitor_log_profile Ensure audit profile captures all the activities Terraform MonitorLogProfileCategories.py
1245 CKV_AZURE_39 resource azurerm_role_definition Ensure that no custom subscription owner roles are created Terraform CutsomRoleDefinitionSubscriptionOwner.py
1246 CKV_AZURE_40 resource azurerm_key_vault_key Ensure that the expiration date is set on all keys Terraform KeyExpirationDate.py
1247 CKV_AZURE_41 resource azurerm_key_vault_secret Ensure that the expiration date is set on all secrets Terraform SecretExpirationDate.py
1248 CKV_AZURE_42 resource azurerm_key_vault Ensure the key vault is recoverable Terraform KeyvaultRecoveryEnabled.py
1249 CKV_AZURE_43 resource azurerm_storage_account Ensure Storage Accounts adhere to the naming rules Terraform StorageAccountName.py
1250 CKV_AZURE_44 resource azurerm_storage_account Ensure Storage Account is using the latest version of TLS encryption Terraform StorageAccountMinimumTlsVersion.py
1251 CKV_AZURE_45 resource azurerm_virtual_machine Ensure that no sensitive credentials are exposed in VM custom_data Terraform VMCredsInCustomData.py
1252 CKV_AZURE_47 resource azurerm_mariadb_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers Terraform MariaDBSSLEnforcementEnabled.py
1253 CKV_AZURE_48 resource azurerm_mariadb_server Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers Terraform MariaDBPublicAccessDisabled.py
1254 CKV_AZURE_49 resource azurerm_linux_virtual_machine_scale_set Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) Terraform AzureScaleSetPassword.py
1255 CKV_AZURE_50 resource azurerm_linux_virtual_machine Ensure Virtual Machine Extensions are not Installed Terraform AzureInstanceExtensions.py
1256 CKV_AZURE_50 resource azurerm_windows_virtual_machine Ensure Virtual Machine Extensions are not Installed Terraform AzureInstanceExtensions.py
1257 CKV_AZURE_52 resource azurerm_mssql_server Ensure MSSQL is using the latest version of TLS encryption Terraform MSSQLServerMinTLSVersion.py
1258 CKV_AZURE_53 resource azurerm_mysql_server Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers Terraform MySQLPublicAccessDisabled.py
1259 CKV_AZURE_54 resource azurerm_mysql_server Ensure MySQL is using the latest version of TLS encryption Terraform MySQLServerMinTLSVersion.py
1260 CKV_AZURE_55 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Servers Terraform AzureDefenderOnServers.py
1261 CKV_AZURE_56 resource azurerm_function_app Ensure that function apps enables Authentication Terraform FunctionAppsEnableAuthentication.py
1262 CKV_AZURE_57 resource azurerm_app_service Ensure that CORS disallows every resource to access app services Terraform AppServiceDisallowCORS.py
1263 CKV_AZURE_57 resource azurerm_linux_web_app Ensure that CORS disallows every resource to access app services Terraform AppServiceDisallowCORS.py
1264 CKV_AZURE_57 resource azurerm_windows_web_app Ensure that CORS disallows every resource to access app services Terraform AppServiceDisallowCORS.py
1265 CKV_AZURE_58 resource azurerm_synapse_workspace Ensure that Azure Synapse workspaces enables managed virtual networks Terraform SynapseWorkspaceEnablesManagedVirtualNetworks.py
1266 CKV_AZURE_59 resource azurerm_storage_account Ensure that Storage accounts disallow public access Terraform StorageAccountDisablePublicAccess.py
1267 CKV_AZURE_61 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for App Service Terraform AzureDefenderOnAppServices.py
1268 CKV_AZURE_62 resource azurerm_function_app Ensure function apps are not accessible from all regions Terraform FunctionAppDisallowCORS.py
1269 CKV_AZURE_63 resource azurerm_app_service Ensure that App service enables HTTP logging Terraform AppServiceHttpLoggingEnabled.py
1270 CKV_AZURE_63 resource azurerm_linux_web_app Ensure that App service enables HTTP logging Terraform AppServiceHttpLoggingEnabled.py
1271 CKV_AZURE_63 resource azurerm_windows_web_app Ensure that App service enables HTTP logging Terraform AppServiceHttpLoggingEnabled.py
1272 CKV_AZURE_64 resource azurerm_storage_sync Ensure that Azure File Sync disables public network access Terraform StorageSyncPublicAccessDisabled.py
1273 CKV_AZURE_65 resource azurerm_app_service Ensure that App service enables detailed error messages Terraform AppServiceDetailedErrorMessagesEnabled.py
1274 CKV_AZURE_65 resource azurerm_linux_web_app Ensure that App service enables detailed error messages Terraform AppServiceDetailedErrorMessagesEnabled.py
1275 CKV_AZURE_65 resource azurerm_windows_web_app Ensure that App service enables detailed error messages Terraform AppServiceDetailedErrorMessagesEnabled.py
1276 CKV_AZURE_66 resource azurerm_app_service Ensure that App service enables failed request tracing Terraform AppServiceEnableFailedRequest.py
1277 CKV_AZURE_66 resource azurerm_linux_web_app Ensure that App service enables failed request tracing Terraform AppServiceEnableFailedRequest.py
1278 CKV_AZURE_66 resource azurerm_windows_web_app Ensure that App service enables failed request tracing Terraform AppServiceEnableFailedRequest.py
1279 CKV_AZURE_67 resource azurerm_function_app Ensure that ‘HTTP Version’ is the latest, if used to run the Function app Terraform FunctionAppHttpVersionLatest.py
1280 CKV_AZURE_67 resource azurerm_function_app_slot Ensure that ‘HTTP Version’ is the latest, if used to run the Function app Terraform FunctionAppHttpVersionLatest.py
1281 CKV_AZURE_68 resource azurerm_postgresql_server Ensure that PostgreSQL server disables public network access Terraform PostgreSQLServerPublicAccessDisabled.py
1282 CKV_AZURE_69 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Azure SQL database servers Terraform AzureDefenderOnSqlServers.py
1283 CKV_AZURE_70 resource azurerm_function_app Ensure that Function apps is only accessible over HTTPS Terraform FunctionAppsAccessibleOverHttps.py
1284 CKV_AZURE_71 resource azurerm_app_service Ensure that Managed identity provider is enabled for app services Terraform AppServiceIdentityProviderEnabled.py
1285 CKV_AZURE_71 resource azurerm_linux_web_app Ensure that Managed identity provider is enabled for app services Terraform AppServiceIdentityProviderEnabled.py
1286 CKV_AZURE_71 resource azurerm_windows_web_app Ensure that Managed identity provider is enabled for app services Terraform AppServiceIdentityProviderEnabled.py
1287 CKV_AZURE_72 resource azurerm_app_service Ensure that remote debugging is not enabled for app services Terraform AppServiceRemoteDebuggingNotEnabled.py
1288 CKV_AZURE_72 resource azurerm_linux_web_app Ensure that remote debugging is not enabled for app services Terraform AppServiceRemoteDebuggingNotEnabled.py
1289 CKV_AZURE_72 resource azurerm_windows_web_app Ensure that remote debugging is not enabled for app services Terraform AppServiceRemoteDebuggingNotEnabled.py
1290 CKV_AZURE_73 resource azurerm_automation_variable_bool Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1291 CKV_AZURE_73 resource azurerm_automation_variable_datetime Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1292 CKV_AZURE_73 resource azurerm_automation_variable_int Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1293 CKV_AZURE_73 resource azurerm_automation_variable_string Ensure that Automation account variables are encrypted Terraform AutomationEncrypted.py
1294 CKV_AZURE_74 resource azurerm_kusto_cluster Ensure that Azure Data Explorer (Kusto) uses disk encryption Terraform DataExplorerUsesDiskEncryption.py
1295 CKV_AZURE_75 resource azurerm_kusto_cluster Ensure that Azure Data Explorer uses double encryption Terraform AzureDataExplorerDoubleEncryptionEnabled.py
1296 CKV_AZURE_76 resource azurerm_batch_account Ensure that Azure Batch account uses key vault to encrypt data Terraform AzureBatchAccountUsesKeyVaultEncryption.py
1297 CKV_AZURE_77 resource azurerm_network_security_group Ensure that UDP Services are restricted from the Internet Terraform NSGRuleUDPAccessRestricted.py
1298 CKV_AZURE_77 resource azurerm_network_security_rule Ensure that UDP Services are restricted from the Internet Terraform NSGRuleUDPAccessRestricted.py
1299 CKV_AZURE_78 resource azurerm_app_service Ensure FTP deployments are disabled Terraform AppServiceFTPSState.py
1300 CKV_AZURE_78 resource azurerm_linux_web_app Ensure FTP deployments are disabled Terraform AppServiceFTPSState.py
1301 CKV_AZURE_78 resource azurerm_windows_web_app Ensure FTP deployments are disabled Terraform AppServiceFTPSState.py
1302 CKV_AZURE_79 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for SQL servers on machines Terraform AzureDefenderOnSqlServerVMS.py
1303 CKV_AZURE_80 resource azurerm_app_service Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app Terraform AppServiceDotnetFrameworkVersion.py
1304 CKV_AZURE_81 resource azurerm_app_service Ensure that ‘PHP version’ is the latest, if used to run the web app Terraform AppServicePHPVersion.py
1305 CKV_AZURE_82 resource azurerm_app_service Ensure that ‘Python version’ is the latest, if used to run the web app Terraform AppServicePythonVersion.py
1306 CKV_AZURE_83 resource azurerm_app_service Ensure that ‘Java version’ is the latest, if used to run the web app Terraform AppServiceJavaVersion.py
1307 CKV_AZURE_84 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Storage Terraform AzureDefenderOnStorage.py
1308 CKV_AZURE_85 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Kubernetes Terraform AzureDefenderOnKubernetes.py
1309 CKV_AZURE_86 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Container Registries Terraform AzureDefenderOnContainerRegistry.py
1310 CKV_AZURE_87 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Key Vault Terraform AzureDefenderOnKeyVaults.py
1311 CKV_AZURE_88 resource azurerm_app_service Ensure that app services use Azure Files Terraform AppServiceUsedAzureFiles.py
1312 CKV_AZURE_88 resource azurerm_linux_web_app Ensure that app services use Azure Files Terraform AppServiceUsedAzureFiles.py
1313 CKV_AZURE_88 resource azurerm_windows_web_app Ensure that app services use Azure Files Terraform AppServiceUsedAzureFiles.py
1314 CKV_AZURE_89 resource azurerm_redis_cache Ensure that Azure Cache for Redis disables public network access Terraform RedisCachePublicNetworkAccessEnabled.py
1315 CKV_AZURE_91 resource azurerm_redis_cache Ensure that only SSL are enabled for Cache for Redis Terraform RedisCacheEnableNonSSLPort.py
1316 CKV_AZURE_92 resource azurerm_linux_virtual_machine Ensure that Virtual Machines use managed disks Terraform VMStorageOsDisk.py
1317 CKV_AZURE_92 resource azurerm_windows_virtual_machine Ensure that Virtual Machines use managed disks Terraform VMStorageOsDisk.py
1318 CKV_AZURE_93 resource azurerm_managed_disk Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption Terraform AzureManagedDiskEncryptionSet.py
1319 CKV_AZURE_94 resource azurerm_mysql_flexible_server Ensure that My SQL server enables geo-redundant backups Terraform MySQLGeoBackupEnabled.py
1320 CKV_AZURE_94 resource azurerm_mysql_server Ensure that My SQL server enables geo-redundant backups Terraform MySQLGeoBackupEnabled.py
1321 CKV_AZURE_95 resource azurerm_virtual_machine_scale_set Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets Terraform VMScaleSetsAutoOSImagePatchingEnabled.py
1322 CKV_AZURE_96 resource azurerm_mysql_server Ensure that MySQL server enables infrastructure encryption Terraform MySQLEncryptionEnaled.py
1323 CKV_AZURE_97 resource azurerm_linux_virtual_machine_scale_set Ensure that Virtual machine scale sets have encryption at host enabled Terraform VMEncryptionAtHostEnabled.py
1324 CKV_AZURE_97 resource azurerm_windows_virtual_machine_scale_set Ensure that Virtual machine scale sets have encryption at host enabled Terraform VMEncryptionAtHostEnabled.py
1325 CKV_AZURE_98 resource azurerm_container_group Ensure that Azure Container group is deployed into virtual network Terraform AzureContainerGroupDeployedIntoVirtualNetwork.py
1326 CKV_AZURE_99 resource azurerm_cosmosdb_account Ensure Cosmos DB accounts have restricted access Terraform CosmosDBAccountsRestrictedAccess.py
1327 CKV_AZURE_100 resource azurerm_cosmosdb_account Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest Terraform CosmosDBHaveCMK.py
1328 CKV_AZURE_101 resource azurerm_cosmosdb_account Ensure that Azure Cosmos DB disables public network access Terraform CosmosDBDisablesPublicNetwork.py
1329 CKV_AZURE_102 resource azurerm_postgresql_server Ensure that PostgreSQL server enables geo-redundant backups Terraform PostgressSQLGeoBackupEnabled.py
1330 CKV_AZURE_103 resource azurerm_data_factory Ensure that Azure Data Factory uses Git repository for source control Terraform DataFactoryUsesGitRepository.py
1331 CKV_AZURE_104 resource azurerm_data_factory Ensure that Azure Data factory public network access is disabled Terraform DataFactoryNoPublicNetworkAccess.py
1332 CKV_AZURE_105 resource azurerm_data_lake_store Ensure that Data Lake Store accounts enables encryption Terraform DataLakeStoreEncryption.py
1333 CKV_AZURE_106 resource azurerm_eventgrid_domain Ensure that Azure Event Grid Domain public network access is disabled Terraform EventgridDomainNetworkAccess.py
1334 CKV_AZURE_107 resource azurerm_api_management Ensure that API management services use virtual networks Terraform APIServicesUseVirtualNetwork.py
1335 CKV_AZURE_108 resource azurerm_iothub Ensure that Azure IoT Hub disables public network access Terraform IoTNoPublicNetworkAccess.py
1336 CKV_AZURE_109 resource azurerm_key_vault Ensure that key vault allows firewall rules settings Terraform KeyVaultEnablesFirewallRulesSettings.py
1337 CKV_AZURE_110 resource azurerm_key_vault Ensure that key vault enables purge protection Terraform KeyVaultEnablesPurgeProtection.py
1338 CKV_AZURE_111 resource azurerm_key_vault Ensure that key vault enables soft delete Terraform KeyVaultEnablesSoftDelete.py
1339 CKV_AZURE_112 resource azurerm_key_vault_key Ensure that key vault key is backed by HSM Terraform KeyBackedByHSM.py
1340 CKV_AZURE_113 resource azurerm_mssql_server Ensure that SQL server disables public network access Terraform SQLServerPublicAccessDisabled.py
1341 CKV_AZURE_114 resource azurerm_key_vault_secret Ensure that key vault secrets have “content_type” set Terraform SecretContentType.py
1342 CKV_AZURE_115 resource azurerm_kubernetes_cluster Ensure that AKS enables private clusters Terraform AKSEnablesPrivateClusters.py
1343 CKV_AZURE_116 resource azurerm_kubernetes_cluster Ensure that AKS uses Azure Policies Add-on Terraform AKSUsesAzurePoliciesAddon.py
1344 CKV_AZURE_117 resource azurerm_kubernetes_cluster Ensure that AKS uses disk encryption set Terraform AKSUsesDiskEncryptionSet.py
1345 CKV_AZURE_118 resource azurerm_network_interface Ensure that Network Interfaces disable IP forwarding Terraform NetworkInterfaceEnableIPForwarding.py
1346 CKV_AZURE_119 resource azurerm_network_interface Ensure that Network Interfaces don’t use public IPs Terraform AzureNetworkInterfacePublicIPAddressId.yaml
1347 CKV_AZURE_120 resource azurerm_application_gateway Ensure that Application Gateway enables WAF Terraform ApplicationGatewayEnablesWAF.yaml
1348 CKV_AZURE_120 resource azurerm_web_application_firewall_policy Ensure that Application Gateway enables WAF Terraform ApplicationGatewayEnablesWAF.yaml
1349 CKV_AZURE_121 resource azurerm_frontdoor Ensure that Azure Front Door enables WAF Terraform AzureFrontDoorEnablesWAF.py
1350 CKV_AZURE_122 resource azurerm_web_application_firewall_policy Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes Terraform AppGWUseWAFMode.py
1351 CKV_AZURE_123 resource azurerm_frontdoor_firewall_policy Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes Terraform FrontdoorUseWAFMode.py
1352 CKV_AZURE_124 resource azurerm_search_service Ensure that Azure Cognitive Search disables public network access Terraform AzureSearchPublicNetworkAccessDisabled.py
1353 CKV_AZURE_125 resource azurerm_service_fabric_cluster Ensures that Service Fabric use three levels of protection available Terraform AzureServiceFabricClusterProtectionLevel.py
1354 CKV_AZURE_126 resource azurerm_service_fabric_cluster Ensures that Active Directory is used for authentication for Service Fabric Terraform ActiveDirectoryUsedAuthenticationServiceFabric.py
1355 CKV_AZURE_127 resource azurerm_mysql_server Ensure that My SQL server enables Threat detection policy Terraform MySQLTreatDetectionEnabled.py
1356 CKV_AZURE_128 resource azurerm_postgresql_server Ensure that PostgreSQL server enables Threat detection policy Terraform PostgresSQLTreatDetectionEnabled.py
1357 CKV_AZURE_129 resource azurerm_mariadb_server Ensure that MariaDB server enables geo-redundant backups Terraform MariaDBGeoBackupEnabled.py
1358 CKV_AZURE_130 resource azurerm_postgresql_server Ensure that PostgreSQL server enables infrastructure encryption Terraform PostgreSQLEncryptionEnabled.py
1359 CKV_AZURE_131 resource azurerm_security_center_contact Ensure that ‘Security contact emails’ is set Terraform SecurityCenterContactEmails.py
1360 CKV_AZURE_132 resource azurerm_cosmosdb_account Ensure cosmosdb does not allow privileged escalation by restricting management plane changes Terraform CosmosDBDisableAccessKeyWrite.py
1361 CKV_AZURE_133 resource azurerm_frontdoor_firewall_policy Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform FrontDoorWAFACLCVE202144228.py
1362 CKV_AZURE_134 resource azurerm_cognitive_account Ensure that Cognitive Services accounts disable public network access Terraform CognitiveServicesDisablesPublicNetwork.py
1363 CKV_AZURE_135 resource azurerm_web_application_firewall_policy Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform AppGatewayWAFACLCVE202144228.py
1364 CKV_AZURE_136 resource azurerm_postgresql_flexible_server Ensure that PostgreSQL Flexible server enables geo-redundant backups Terraform PostgreSQLFlexiServerGeoBackupEnabled.py
1365 CKV_AZURE_137 resource azurerm_container_registry Ensure ACR admin account is disabled Terraform ACRAdminAccountDisabled.py
1366 CKV_AZURE_138 resource azurerm_container_registry Ensures that ACR disables anonymous pulling of images Terraform ACRAnonymousPullDisabled.py
1367 CKV_AZURE_139 resource azurerm_container_registry Ensure ACR set to disable public networking Terraform ACRPublicNetworkAccessDisabled.py
1368 CKV_AZURE_140 resource azurerm_cosmosdb_account Ensure that Local Authentication is disabled on CosmosDB Terraform CosmosDBLocalAuthDisabled.py
1369 CKV_AZURE_141 resource azurerm_kubernetes_cluster Ensure AKS local admin account is disabled Terraform AKSLocalAdminDisabled.py
1370 CKV_AZURE_142 resource azurerm_machine_learning_compute_cluster Ensure Machine Learning Compute Cluster Local Authentication is disabled Terraform MLCCLADisabled.py
1371 CKV_AZURE_143 resource azurerm_kubernetes_cluster Ensure AKS cluster nodes do not have public IP addresses Terraform AKSNodePublicIpDisabled.py
1372 CKV_AZURE_144 resource azurerm_machine_learning_workspace Ensure that Public Access is disabled for Machine Learning Workspace Terraform MLPublicAccess.py
1373 CKV_AZURE_145 resource azurerm_function_app Ensure Function app is using the latest version of TLS encryption Terraform FunctionAppMinTLSVersion.py
1374 CKV_AZURE_146 resource azurerm_postgresql_configuration Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server Terraform PostgreSQLServerLogRetentionEnabled.py
1375 CKV_AZURE_147 resource azurerm_postgresql_server Ensure PostgreSQL is using the latest version of TLS encryption Terraform PostgreSQLMinTLSVersion.py
1376 CKV_AZURE_148 resource azurerm_redis_cache Ensure Redis Cache is using the latest version of TLS encryption Terraform RedisCacheMinTLSVersion.py
1377 CKV_AZURE_149 resource azurerm_linux_virtual_machine Ensure that Virtual machine does not enable password authentication Terraform VMDisablePasswordAuthentication.py
1378 CKV_AZURE_149 resource azurerm_linux_virtual_machine_scale_set Ensure that Virtual machine does not enable password authentication Terraform VMDisablePasswordAuthentication.py
1379 CKV_AZURE_150 resource azurerm_machine_learning_compute_cluster Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0 Terraform MLComputeClusterMinNodes.py
1380 CKV_AZURE_151 resource azurerm_windows_virtual_machine Ensure Windows VM enables encryption Terraform WinVMEncryptionAtHost.py
1381 CKV_AZURE_152 resource azurerm_api_management Ensure Client Certificates are enforced for API management Terraform APIManagementCertsEnforced.py
1382 CKV_AZURE_153 resource azurerm_app_service_slot Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot Terraform AppServiceSlotHTTPSOnly.py
1383 CKV_AZURE_154 resource azurerm_app_service_slot Ensure the App service slot is using the latest version of TLS encryption Terraform AppServiceSlotMinTLS.py
1384 CKV_AZURE_155 resource azurerm_app_service_slot Ensure debugging is disabled for the App service slot Terraform AppServiceSlotDebugDisabled.py
1385 CKV_AZURE_156 resource azurerm_mssql_database_extended_auditing_policy Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs Terraform MSSQLServerAuditPolicyLogMonitor.py
1386 CKV_AZURE_157 resource azurerm_synapse_workspace Ensure that Synapse workspace has data_exfiltration_protection_enabled Terraform SynapseWorkspaceEnablesDataExfilProtection.py
1387 CKV_AZURE_158 resource azurerm_databricks_workspace Ensure that databricks workspace has not public Terraform DatabricksWorkspaceIsNotPublic.py
1388 CKV_AZURE_159 resource azurerm_function_app Ensure function app builtin logging is enabled Terraform FunctionAppEnableLogging.py
1389 CKV_AZURE_159 resource azurerm_function_app_slot Ensure function app builtin logging is enabled Terraform FunctionAppEnableLogging.py
1390 CKV_AZURE_160 resource azurerm_network_security_group Ensure that HTTP (port 80) access is restricted from the internet Terraform NSGRuleHTTPAccessRestricted.py
1391 CKV_AZURE_160 resource azurerm_network_security_rule Ensure that HTTP (port 80) access is restricted from the internet Terraform NSGRuleHTTPAccessRestricted.py
1392 CKV_AZURE_161 resource azurerm_spring_cloud_api_portal Ensures Spring Cloud API Portal is enabled on for HTTPS Terraform SpringCloudAPIPortalHTTPSOnly.py
1393 CKV_AZURE_162 resource azurerm_spring_cloud_api_portal Ensures Spring Cloud API Portal Public Access Is Disabled Terraform SpringCloudAPIPortalPublicAccessIsDisabled.py
1394 CKV_AZURE_163 resource azurerm_container_registry Enable vulnerability scanning for container images. Terraform ACRContainerScanEnabled.py
1395 CKV_AZURE_164 resource azurerm_container_registry Ensures that ACR uses signed/trusted images Terraform ACRUseSignedImages.py
1396 CKV_AZURE_165 resource azurerm_container_registry Ensure geo-replicated container registries to match multi-region container deployments. Terraform ACRGeoreplicated.py
1397 CKV_AZURE_166 resource azurerm_container_registry Ensure container image quarantine, scan, and mark images verified Terraform ACREnableImageQuarantine.py
1398 CKV_AZURE_167 resource azurerm_container_registry Ensure a retention policy is set to cleanup untagged manifests. Terraform ACREnableRetentionPolicy.py
1399 CKV_AZURE_168 resource azurerm_kubernetes_cluster Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. Terraform AKSMaxPodsMinimum.py
1400 CKV_AZURE_168 resource azurerm_kubernetes_cluster_node_pool Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. Terraform AKSMaxPodsMinimum.py
1401 CKV_AZURE_169 resource azurerm_kubernetes_cluster Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets Terraform AKSPoolTypeIsScaleSet.py
1402 CKV_AZURE_170 resource azurerm_kubernetes_cluster Ensure that AKS use the Paid Sku for its SLA Terraform AKSIsPaidSku.py
1403 CKV_AZURE_171 resource azurerm_kubernetes_cluster Ensure AKS cluster upgrade channel is chosen Terraform AKSUpgradeChannel.py
1404 CKV_AZURE_172 resource azurerm_kubernetes_cluster Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters Terraform AKSSecretStoreRotation.py
1405 CKV_AZURE_173 resource azurerm_api_management Ensure API management uses at least TLS 1.2 Terraform APIManagementMinTLS12.py
1406 CKV_AZURE_174 resource azurerm_api_management Ensure API management public access is disabled Terraform APIManagementPublicAccess.py
1407 CKV_AZURE_175 resource azurerm_web_pubsub Ensure Web PubSub uses a SKU with an SLA Terraform PubsubSKUSLA.py
1408 CKV_AZURE_176 resource azurerm_web_pubsub Ensure Web PubSub uses managed identities to access Azure resources Terraform PubsubSpecifyIdentity.py
1409 CKV_AZURE_177 resource azurerm_windows_virtual_machine Ensure Windows VM enables automatic updates Terraform WinVMAutomaticUpdates.py
1410 CKV_AZURE_177 resource azurerm_windows_virtual_machine_scale_set Ensure Windows VM enables automatic updates Terraform WinVMAutomaticUpdates.py
1411 CKV_AZURE_178 resource azurerm_linux_virtual_machine Ensure linux VM enables SSH with keys for secure communication Terraform LinuxVMUsesSSH.py
1412 CKV_AZURE_178 resource azurerm_linux_virtual_machine_scale_set Ensure linux VM enables SSH with keys for secure communication Terraform LinuxVMUsesSSH.py
1413 CKV_AZURE_179 resource azurerm_linux_virtual_machine Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1414 CKV_AZURE_179 resource azurerm_linux_virtual_machine_scale_set Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1415 CKV_AZURE_179 resource azurerm_windows_virtual_machine Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1416 CKV_AZURE_179 resource azurerm_windows_virtual_machine_scale_set Ensure VM agent is installed Terraform VMAgentIsInstalled.py
1417 CKV_AZURE_180 resource azurerm_kusto_cluster Ensure that data explorer uses Sku with an SLA Terraform DataExplorerSKUHasSLA.py
1418 CKV_AZURE_181 resource azurerm_kusto_cluster Ensure that data explorer/Kusto uses managed identities to access Azure resources securely. Terraform DataExplorerServiceIdentity.py
1419 CKV_AZURE_182 resource azurerm_virtual_network Ensure that VNET has at least 2 connected DNS Endpoints Terraform VnetSingleDNSServer.py
1420 CKV_AZURE_182 resource azurerm_virtual_network_dns_servers Ensure that VNET has at least 2 connected DNS Endpoints Terraform VnetSingleDNSServer.py
1421 CKV_AZURE_183 resource azurerm_virtual_network Ensure that VNET uses local DNS addresses Terraform VnetLocalDNS.py
1422 CKV_AZURE_184 resource azurerm_app_configuration Ensure ‘local_auth_enabled’ is set to ‘False’ Terraform AppConfigLocalAuth.py
1423 CKV_AZURE_185 resource azurerm_app_configuration Ensure ‘Public Access’ is not Enabled for App configuration Terraform AppConfigPublicAccess.py
1424 CKV_AZURE_186 resource azurerm_app_configuration Ensure App configuration encryption block is set. Terraform AppConfigEncryption.py
1425 CKV_AZURE_187 resource azurerm_app_configuration Ensure App configuration purge protection is enabled Terraform AppConfigPurgeProtection.py
1426 CKV_AZURE_188 resource azurerm_app_configuration Ensure App configuration Sku is standard Terraform AppConfigSku.py
1427 CKV_AZURE_189 resource azurerm_key_vault Ensure that Azure Key Vault disables public network access Terraform KeyVaultDisablesPublicNetworkAccess.py
1428 CKV_AZURE_190 resource azurerm_storage_account Ensure that Storage blobs restrict public access Terraform StorageBlobRestrictPublicAccess.py
1429 CKV_AZURE_191 resource azurerm_eventgrid_topic Ensure that Managed identity provider is enabled for Azure Event Grid Topic Terraform EventgridTopicIdentityProviderEnabled.py
1430 CKV_AZURE_192 resource azurerm_eventgrid_topic Ensure that Azure Event Grid Topic local Authentication is disabled Terraform EventgridTopicLocalAuthentication.py
1431 CKV_AZURE_193 resource azurerm_eventgrid_topic Ensure public network access is disabled for Azure Event Grid Topic Terraform EventgridTopicNetworkAccess.py
1432 CKV_AZURE_194 resource azurerm_eventgrid_domain Ensure that Managed identity provider is enabled for Azure Event Grid Domain Terraform EventgridDomainIdentityProviderEnabled.py
1433 CKV_AZURE_195 resource azurerm_eventgrid_domain Ensure that Azure Event Grid Domain local Authentication is disabled Terraform EventgridDomainLocalAuthentication.py
1434 CKV_AZURE_196 resource azurerm_signalr_service Ensure that SignalR uses a Paid Sku for its SLA Terraform SignalRSKUSLA.py
1435 CKV_AZURE_197 resource azurerm_cdn_endpoint Ensure the Azure CDN disables the HTTP endpoint Terraform CDNDisableHttpEndpoints.py
1436 CKV_AZURE_198 resource azurerm_cdn_endpoint Ensure the Azure CDN enables the HTTPS endpoint Terraform CDNEnableHttpsEndpoints.py
1437 CKV_AZURE_199 resource azurerm_servicebus_namespace Ensure that Azure Service Bus uses double encryption Terraform AzureServicebusDoubleEncryptionEnabled.py
1438 CKV_AZURE_200 resource azurerm_cdn_endpoint_custom_domain Ensure the Azure CDN endpoint is using the latest version of TLS encryption Terraform CDNTLSProtocol12.py
1439 CKV_AZURE_201 resource azurerm_servicebus_namespace Ensure that Azure Service Bus uses a customer-managed key to encrypt data Terraform AzureServicebusHasCMK.py
1440 CKV_AZURE_202 resource azurerm_servicebus_namespace Ensure that Managed identity provider is enabled for Azure Service Bus Terraform AzureServicebusIdentityProviderEnabled.py
1441 CKV_AZURE_203 resource azurerm_servicebus_namespace Ensure Azure Service Bus Local Authentication is disabled Terraform AzureServicebusLocalAuthDisabled.py
1442 CKV_AZURE_204 resource azurerm_servicebus_namespace Ensure ‘public network access enabled’ is set to ‘False’ for Azure Service Bus Terraform AzureServicebusPublicAccessDisabled.py
1443 CKV_AZURE_205 resource azurerm_servicebus_namespace Ensure Azure Service Bus is using the latest version of TLS encryption Terraform AzureServicebusMinTLSVersion.py
1444 CKV_AZURE_206 resource azurerm_storage_account Ensure that Storage Accounts use replication Terraform StorageAccountsUseReplication.py
1445 CKV_AZURE_207 resource azurerm_search_service Ensure Azure Cognitive Search service uses managed identities to access Azure resources Terraform AzureSearchManagedIdentity.py
1446 CKV_AZURE_208 resource azurerm_search_service Ensure that Azure Cognitive Search maintains SLA for index updates Terraform AzureSearchSLAIndex.py
1447 CKV_AZURE_209 resource azurerm_search_service Ensure that Azure Cognitive Search maintains SLA for search index queries Terraform AzureSearchSLAQueryUpdates.py
1448 CKV_AZURE_210 resource azurerm_search_service Ensure Azure Cognitive Search service allowed IPS does not give public Access Terraform AzureSearchAllowedIPsNotGlobal.py
1449 CKV_AZURE_211 resource azurerm_service_plan Ensure App Service plan suitable for production use Terraform AppServiceSkuMinimum.py
1450 CKV_AZURE_212 resource azurerm_service_plan Ensure App Service has a minimum number of instances for failover Terraform AppServiceInstanceMinimum.py
1451 CKV_AZURE_213 resource azurerm_app_service Ensure that App Service configures health check Terraform AppServiceSetHealthCheck.py
1452 CKV_AZURE_213 resource azurerm_linux_web_app Ensure that App Service configures health check Terraform AppServiceSetHealthCheck.py
1453 CKV_AZURE_213 resource azurerm_windows_web_app Ensure that App Service configures health check Terraform AppServiceSetHealthCheck.py
1454 CKV_AZURE_214 resource azurerm_linux_web_app Ensure App Service is set to be always on Terraform AppServiceAlwaysOn.py
1455 CKV_AZURE_214 resource azurerm_windows_web_app Ensure App Service is set to be always on Terraform AppServiceAlwaysOn.py
1456 CKV_AZURE_215 resource azurerm_api_management_backend Ensure API management backend uses https Terraform APIManagementBackendHTTPS.py
1457 CKV_AZURE_216 resource azurerm_firewall Ensure DenyIntelMode is set to Deny for Azure Firewalls Terraform AzureFirewallDenyThreatIntelMode.py
1458 CKV_AZURE_217 resource azurerm_application_gateway Ensure Azure Application gateways listener that allow connection requests over HTTP Terraform AppGWUsesHttps.py
1459 CKV_AZURE_218 resource azurerm_application_gateway Ensure Application Gateway defines secure protocols for in transit communication Terraform AppGWDefinesSecureProtocols.py
1460 CKV_AZURE_219 resource azurerm_firewall Ensure Firewall defines a firewall policy Terraform AzureFirewallDefinesPolicy.py
1461 CKV_AZURE_220 resource azurerm_firewall_policy Ensure Firewall policy has IDPS mode as deny Terraform AzureFirewallPolicyIDPSDeny.py
1462 CKV2_AZURE_1 resource azurerm_storage_account Ensure storage for critical data are encrypted with Customer Managed Key Terraform StorageCriticalDataEncryptedCMK.yaml
1463 CKV2_AZURE_2 resource azurerm_mssql_server_security_alert_policy Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account Terraform VAisEnabledInStorageAccount.yaml
1464 CKV2_AZURE_2 resource azurerm_sql_server Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account Terraform VAisEnabledInStorageAccount.yaml
1465 CKV2_AZURE_3 resource azurerm_mssql_server Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1466 CKV2_AZURE_3 resource azurerm_mssql_server_security_alert_policy Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1467 CKV2_AZURE_3 resource azurerm_mssql_server_vulnerability_assessment Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1468 CKV2_AZURE_3 resource azurerm_sql_server Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform VAsetPeriodicScansOnSQL.yaml
1469 CKV2_AZURE_4 resource azurerm_mssql_server Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1470 CKV2_AZURE_4 resource azurerm_mssql_server_security_alert_policy Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1471 CKV2_AZURE_4 resource azurerm_mssql_server_vulnerability_assessment Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1472 CKV2_AZURE_4 resource azurerm_sql_server Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform VAconfiguredToSendReports.yaml
1473 CKV2_AZURE_5 resource azurerm_mssql_server Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1474 CKV2_AZURE_5 resource azurerm_mssql_server_security_alert_policy Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1475 CKV2_AZURE_5 resource azurerm_mssql_server_vulnerability_assessment Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1476 CKV2_AZURE_5 resource azurerm_sql_server Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform VAconfiguredToSendReportsToAdmins.yaml
1477 CKV2_AZURE_6 resource azurerm_sql_firewall_rule Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled Terraform AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1478 CKV2_AZURE_6 resource azurerm_sql_server Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled Terraform AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1479 CKV2_AZURE_7 resource azurerm_sql_server Ensure that Azure Active Directory Admin is configured Terraform AzureActiveDirectoryAdminIsConfigured.yaml
1480 CKV2_AZURE_8 resource azurerm_monitor_activity_log_alert Ensure the storage container storing the activity logs is not publicly accessible Terraform StorageContainerActivityLogsNotPublic.yaml
1481 CKV2_AZURE_8 resource azurerm_storage_account Ensure the storage container storing the activity logs is not publicly accessible Terraform StorageContainerActivityLogsNotPublic.yaml
1482 CKV2_AZURE_8 resource azurerm_storage_container Ensure the storage container storing the activity logs is not publicly accessible Terraform StorageContainerActivityLogsNotPublic.yaml
1483 CKV2_AZURE_9 resource azurerm_virtual_machine Ensure Virtual Machines are utilizing Managed Disks Terraform VirtualMachinesUtilizingManagedDisks.yaml
1484 CKV2_AZURE_10 resource azurerm_virtual_machine Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Terraform AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1485 CKV2_AZURE_10 resource azurerm_virtual_machine_extension Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Terraform AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1486 CKV2_AZURE_11 resource azurerm_kusto_cluster Ensure that Azure Data Explorer encryption at rest uses a customer-managed key Terraform DataExplorerEncryptionUsesCustomKey.yaml
1487 CKV2_AZURE_12 resource azurerm_virtual_machine Ensure that virtual machines are backed up using Azure Backup Terraform VMHasBackUpMachine.yaml
1488 CKV2_AZURE_13 resource azurerm_mssql_server_security_alert_policy Ensure that sql servers enables data security policy Terraform AzureMSSQLServerHasSecurityAlertPolicy.yaml
1489 CKV2_AZURE_13 resource azurerm_sql_server Ensure that sql servers enables data security policy Terraform AzureMSSQLServerHasSecurityAlertPolicy.yaml
1490 CKV2_AZURE_14 resource azurerm_managed_disk Ensure that Unattached disks are encrypted Terraform AzureUnattachedDisksAreEncrypted.yaml
1491 CKV2_AZURE_14 resource azurerm_virtual_machine Ensure that Unattached disks are encrypted Terraform AzureUnattachedDisksAreEncrypted.yaml
1492 CKV2_AZURE_15 resource azurerm_data_factory Ensure that Azure data factories are encrypted with a customer-managed key Terraform AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml
1493 CKV2_AZURE_16 resource azurerm_mysql_server Ensure that MySQL server enables customer-managed key for encryption Terraform MSQLenablesCustomerManagedKey.yaml
1494 CKV2_AZURE_16 resource azurerm_mysql_server_key Ensure that MySQL server enables customer-managed key for encryption Terraform MSQLenablesCustomerManagedKey.yaml
1495 CKV2_AZURE_17 resource azurerm_postgresql_server Ensure that PostgreSQL server enables customer-managed key for encryption Terraform PGSQLenablesCustomerManagedKey.yaml
1496 CKV2_AZURE_17 resource azurerm_postgresql_server_key Ensure that PostgreSQL server enables customer-managed key for encryption Terraform PGSQLenablesCustomerManagedKey.yaml
1497 CKV2_AZURE_18 resource azurerm_storage_account Ensure that Storage Accounts use customer-managed key for encryption Terraform AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml
1498 CKV2_AZURE_18 resource azurerm_storage_account_customer_managed_key Ensure that Storage Accounts use customer-managed key for encryption Terraform AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml
1499 CKV2_AZURE_19 resource azurerm_synapse_workspace Ensure that Azure Synapse workspaces have no IP firewall rules attached Terraform AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml
1500 CKV2_AZURE_20 resource azurerm_log_analytics_storage_insights Ensure Storage logging is enabled for Table service for read requests Terraform StorageLoggingIsEnabledForTableService.yaml
1501 CKV2_AZURE_20 resource azurerm_storage_account Ensure Storage logging is enabled for Table service for read requests Terraform StorageLoggingIsEnabledForTableService.yaml
1502 CKV2_AZURE_20 resource azurerm_storage_table Ensure Storage logging is enabled for Table service for read requests Terraform StorageLoggingIsEnabledForTableService.yaml
1503 CKV2_AZURE_21 resource azurerm_log_analytics_storage_insights Ensure Storage logging is enabled for Blob service for read requests Terraform StorageLoggingIsEnabledForBlobService.yaml
1504 CKV2_AZURE_21 resource azurerm_storage_account Ensure Storage logging is enabled for Blob service for read requests Terraform StorageLoggingIsEnabledForBlobService.yaml
1505 CKV2_AZURE_21 resource azurerm_storage_container Ensure Storage logging is enabled for Blob service for read requests Terraform StorageLoggingIsEnabledForBlobService.yaml
1506 CKV2_AZURE_22 resource azurerm_cognitive_account Ensure that Cognitive Services enables customer-managed key for encryption Terraform CognitiveServicesCustomerManagedKey.yaml
1507 CKV2_AZURE_22 resource azurerm_cognitive_account_customer_managed_key Ensure that Cognitive Services enables customer-managed key for encryption Terraform CognitiveServicesCustomerManagedKey.yaml
1508 CKV2_AZURE_23 resource azurerm_spring_cloud_service Ensure Azure spring cloud is configured with Virtual network (Vnet) Terraform AzureSpringCloudConfigWithVnet.yaml
1509 CKV2_AZURE_24 resource azurerm_automation_account Ensure Azure automation account does NOT have overly permissive network access Terraform AzureAutomationAccNotOverlyPermissiveNetAccess.yaml
1510 CKV2_AZURE_25 resource azurerm_mssql_database Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled Terraform AzureSqlDbEnableTransparentDataEncryption.yaml
1511 CKV2_AZURE_26 resource azurerm_postgresql_flexible_server_firewall_rule Ensure Azure PostgreSQL Flexible server is not configured with overly permissive network access Terraform AzurePostgreSQLFlexServerNotOverlyPermissive.yaml
1512 CKV2_AZURE_27 resource azurerm_mssql_server Ensure Azure AD authentication is enabled for Azure SQL (MSSQL) Terraform AzureConfigMSSQLwithAD.yaml
1513 CKV2_AZURE_28 resource azurerm_container_group Ensure Container Instance is configured with managed identity Terraform AzureContainerInstanceconfigManagedIdentity.yaml
1514 CKV2_AZURE_29 resource azurerm_kubernetes_cluster Ensure AKS cluster has Azure CNI networking enabled Terraform AzureAKSclusterAzureCNIEnabled.yaml
1515 CKV2_AZURE_30 resource azurerm_container_registry_webhook Ensure Azure Container Registry (ACR) has HTTPS enabled for webhook Terraform AzureACR_HTTPSwebhook.yaml
1516 CKV2_AZURE_31 resource azurerm_subnet Ensure VNET subnet is configured with a Network Security Group (NSG) Terraform AzureSubnetConfigWithNSG.yaml
1517 CKV2_AZURE_32 resource azurerm_key_vault Ensure private endpoint is configured to key vault Terraform AzureKeyVaultConfigPrivateEndpoint.yaml
1518 CKV2_AZURE_33 resource azurerm_storage_account Ensure storage account is configured with private endpoint Terraform AzureStorageAccConfigWithPrivateEndpoint.yaml
1519 CKV2_AZURE_34 resource azurerm_sql_firewall_rule Ensure Azure SQL server firewall is not overly permissive Terraform AzureSQLserverNotOverlyPermissive.yaml
1520 CKV2_AZURE_35 resource azurerm_recovery_services_vault Ensure Azure recovery services vault is configured with managed identity Terraform AzureRecoveryServicesvaultConfigManagedIdentity.yaml
1521 CKV2_AZURE_36 resource azurerm_automation_account Ensure Azure automation account is configured with managed identity Terraform AzureAutomationAccConfigManagedIdentity.yaml
1522 CKV2_AZURE_37 resource azurerm_mariadb_server Ensure Azure MariaDB server is using latest TLS (1.2) Terraform AzureMariaDBserverUsingTLS_1_2.yaml
1523 CKV2_AZURE_38 resource azurerm_storage_account Ensure soft-delete is enabled on Azure storage account Terraform AzureStorageAccountEnableSoftDelete.yaml
1524 CKV_BCW_1 provider bridgecrew Ensure no hard coded API token exist in the provider Terraform credentials.py
1525 CKV_DIO_1 resource digitalocean_spaces_bucket Ensure the Spaces bucket has versioning enabled Terraform SpacesBucketVersioning.py
1526 CKV_DIO_2 resource digitalocean_droplet Ensure the droplet specifies an SSH key Terraform DropletSSHKeys.py
1527 CKV_DIO_3 resource digitalocean_spaces_bucket Ensure the Spaces bucket is private Terraform SpacesBucketPublicRead.py
1528 CKV_DIO_4 resource digitalocean_firewall Ensure the firewall ingress is not wide open Terraform FirewallIngressOpen.py
1529 CKV_GCP_1 resource google_container_cluster Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters Terraform GKEClusterLogging.py
1530 CKV_GCP_2 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted ssh access Terraform GoogleComputeFirewallUnrestrictedIngress22.py
1531 CKV_GCP_3 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted rdp access Terraform GoogleComputeFirewallUnrestrictedIngress3389.py
1532 CKV_GCP_4 resource google_compute_ssl_policy Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites Terraform GoogleComputeSSLPolicy.py
1533 CKV_GCP_6 resource google_sql_database_instance Ensure all Cloud SQL database instance requires all incoming connections to use SSL Terraform GoogleCloudSqlDatabaseRequireSsl.py
1534 CKV_GCP_7 resource google_container_cluster Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters Terraform GKEDisableLegacyAuth.py
1535 CKV_GCP_8 resource google_container_cluster Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters Terraform GKEMonitoringEnabled.py
1536 CKV_GCP_9 resource google_container_node_pool Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters Terraform GKENodePoolAutoRepairEnabled.py
1537 CKV_GCP_10 resource google_container_node_pool Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters Terraform GKENodePoolAutoUpgradeEnabled.py
1538 CKV_GCP_11 resource google_sql_database_instance Ensure that Cloud SQL database Instances are not open to the world Terraform GoogleCloudSqlDatabasePubliclyAccessible.py
1539 CKV_GCP_12 resource google_container_cluster Ensure Network Policy is enabled on Kubernetes Engine Clusters Terraform GKENetworkPolicyEnabled.py
1540 CKV_GCP_13 resource google_container_cluster Ensure client certificate authentication to Kubernetes Engine Clusters is disabled Terraform GKEClientCertificateDisabled.py
1541 CKV_GCP_14 resource google_sql_database_instance Ensure all Cloud SQL database instance have backup configuration enabled Terraform GoogleCloudSqlBackupConfiguration.py
1542 CKV_GCP_15 resource google_bigquery_dataset Ensure that BigQuery datasets are not anonymously or publicly accessible Terraform GoogleBigQueryDatasetPublicACL.py
1543 CKV_GCP_16 resource google_dns_managed_zone Ensure that DNSSEC is enabled for Cloud DNS Terraform GoogleCloudDNSSECEnabled.py
1544 CKV_GCP_17 resource google_dns_managed_zone Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC Terraform GoogleCloudDNSKeySpecsRSASHA1.py
1545 CKV_GCP_18 resource google_container_cluster Ensure GKE Control Plane is not public Terraform GKEPublicControlPlane.py
1546 CKV_GCP_19 resource google_container_cluster Ensure GKE basic auth is disabled Terraform GKEBasicAuth.py
1547 CKV_GCP_20 resource google_container_cluster Ensure master authorized networks is set to enabled in GKE clusters Terraform GKEMasterAuthorizedNetworksEnabled.py
1548 CKV_GCP_21 resource google_container_cluster Ensure Kubernetes Clusters are configured with Labels Terraform GKEHasLabels.py
1549 CKV_GCP_22 resource google_container_node_pool Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image Terraform GKEUseCosImage.py
1550 CKV_GCP_23 resource google_container_cluster Ensure Kubernetes Cluster is created with Alias IP ranges enabled Terraform GKEAliasIpEnabled.py
1551 CKV_GCP_24 resource google_container_cluster Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Terraform GKEPodSecurityPolicyEnabled.py
1552 CKV_GCP_25 resource google_container_cluster Ensure Kubernetes Cluster is created with Private cluster enabled Terraform GKEPrivateClusterConfig.py
1553 CKV_GCP_26 resource google_compute_subnetwork Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network Terraform GoogleSubnetworkLoggingEnabled.py
1554 CKV_GCP_27 resource google_project Ensure that the default network does not exist in a project Terraform GoogleProjectDefaultNetwork.py
1555 CKV_GCP_28 resource google_storage_bucket_iam_binding Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform GoogleStorageBucketNotPublic.py
1556 CKV_GCP_28 resource google_storage_bucket_iam_member Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform GoogleStorageBucketNotPublic.py
1557 CKV_GCP_29 resource google_storage_bucket Ensure that Cloud Storage buckets have uniform bucket-level access enabled Terraform GoogleStorageBucketUniformAccess.py
1558 CKV_GCP_30 resource google_compute_instance Ensure that instances are not configured to use the default service account Terraform GoogleComputeDefaultServiceAccount.py
1559 CKV_GCP_30 resource google_compute_instance_from_template Ensure that instances are not configured to use the default service account Terraform GoogleComputeDefaultServiceAccount.py
1560 CKV_GCP_30 resource google_compute_instance_template Ensure that instances are not configured to use the default service account Terraform GoogleComputeDefaultServiceAccount.py
1561 CKV_GCP_31 resource google_compute_instance Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform GoogleComputeDefaultServiceAccountFullAccess.py
1562 CKV_GCP_31 resource google_compute_instance_from_template Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform GoogleComputeDefaultServiceAccountFullAccess.py
1563 CKV_GCP_31 resource google_compute_instance_template Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform GoogleComputeDefaultServiceAccountFullAccess.py
1564 CKV_GCP_32 resource google_compute_instance Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform GoogleComputeBlockProjectSSH.py
1565 CKV_GCP_32 resource google_compute_instance_from_template Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform GoogleComputeBlockProjectSSH.py
1566 CKV_GCP_32 resource google_compute_instance_template Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform GoogleComputeBlockProjectSSH.py
1567 CKV_GCP_33 resource google_compute_project_metadata Ensure oslogin is enabled for a Project Terraform GoogleComputeProjectOSLogin.py
1568 CKV_GCP_34 resource google_compute_instance Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform GoogleComputeInstanceOSLogin.py
1569 CKV_GCP_34 resource google_compute_instance_from_template Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform GoogleComputeInstanceOSLogin.py
1570 CKV_GCP_34 resource google_compute_instance_template Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform GoogleComputeInstanceOSLogin.py
1571 CKV_GCP_35 resource google_compute_instance Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform GoogleComputeSerialPorts.py
1572 CKV_GCP_35 resource google_compute_instance_from_template Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform GoogleComputeSerialPorts.py
1573 CKV_GCP_35 resource google_compute_instance_template Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform GoogleComputeSerialPorts.py
1574 CKV_GCP_36 resource google_compute_instance Ensure that IP forwarding is not enabled on Instances Terraform GoogleComputeIPForward.py
1575 CKV_GCP_36 resource google_compute_instance_from_template Ensure that IP forwarding is not enabled on Instances Terraform GoogleComputeIPForward.py
1576 CKV_GCP_36 resource google_compute_instance_template Ensure that IP forwarding is not enabled on Instances Terraform GoogleComputeIPForward.py
1577 CKV_GCP_37 resource google_compute_disk Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform GoogleComputeDiskEncryption.py
1578 CKV_GCP_38 resource google_compute_instance Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform GoogleComputeBootDiskEncryption.py
1579 CKV_GCP_39 resource google_compute_instance Ensure Compute instances are launched with Shielded VM enabled Terraform GoogleComputeShieldedVM.py
1580 CKV_GCP_39 resource google_compute_instance_from_template Ensure Compute instances are launched with Shielded VM enabled Terraform GoogleComputeShieldedVM.py
1581 CKV_GCP_39 resource google_compute_instance_template Ensure Compute instances are launched with Shielded VM enabled Terraform GoogleComputeShieldedVM.py
1582 CKV_GCP_40 resource google_compute_instance Ensure that Compute instances do not have public IP addresses Terraform GoogleComputeExternalIP.py
1583 CKV_GCP_40 resource google_compute_instance_from_template Ensure that Compute instances do not have public IP addresses Terraform GoogleComputeExternalIP.py
1584 CKV_GCP_40 resource google_compute_instance_template Ensure that Compute instances do not have public IP addresses Terraform GoogleComputeExternalIP.py
1585 CKV_GCP_41 resource google_project_iam_binding Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform GoogleRoleServiceAccountUser.py
1586 CKV_GCP_41 resource google_project_iam_member Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform GoogleRoleServiceAccountUser.py
1587 CKV_GCP_42 resource google_project_iam_member Ensure that Service Account has no Admin privileges Terraform GoogleProjectAdminServiceAccount.py
1588 CKV_GCP_43 resource google_kms_crypto_key Ensure KMS encryption keys are rotated within a period of 90 days Terraform GoogleKMSRotationPeriod.py
1589 CKV_GCP_44 resource google_folder_iam_binding Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level Terraform GoogleFolderImpersonationRole.py
1590 CKV_GCP_44 resource google_folder_iam_member Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level Terraform GoogleFolderImpersonationRole.py
1591 CKV_GCP_45 resource google_organization_iam_binding Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level Terraform GoogleOrgImpersonationRole.py
1592 CKV_GCP_45 resource google_organization_iam_member Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level Terraform GoogleOrgImpersonationRole.py
1593 CKV_GCP_46 resource google_project_iam_binding Ensure Default Service account is not used at a project level Terraform GoogleProjectMemberDefaultServiceAccount.py
1594 CKV_GCP_46 resource google_project_iam_member Ensure Default Service account is not used at a project level Terraform GoogleProjectMemberDefaultServiceAccount.py
1595 CKV_GCP_47 resource google_organization_iam_binding Ensure default service account is not used at an organization level Terraform GoogleOrgMemberDefaultServiceAccount.py
1596 CKV_GCP_47 resource google_organization_iam_member Ensure default service account is not used at an organization level Terraform GoogleOrgMemberDefaultServiceAccount.py
1597 CKV_GCP_48 resource google_folder_iam_binding Ensure Default Service account is not used at a folder level Terraform GoogleFolderMemberDefaultServiceAccount.py
1598 CKV_GCP_48 resource google_folder_iam_member Ensure Default Service account is not used at a folder level Terraform GoogleFolderMemberDefaultServiceAccount.py
1599 CKV_GCP_49 resource google_project_iam_binding Ensure roles do not impersonate or manage Service Accounts used at project level Terraform GoogleProjectImpersonationRole.py
1600 CKV_GCP_49 resource google_project_iam_member Ensure roles do not impersonate or manage Service Accounts used at project level Terraform GoogleProjectImpersonationRole.py
1601 CKV_GCP_50 resource google_sql_database_instance Ensure MySQL database ‘local_infile’ flag is set to ‘off’ Terraform GoogleCloudMySqlLocalInfileOff.py
1602 CKV_GCP_51 resource google_sql_database_instance Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogCheckpoints.py
1603 CKV_GCP_52 resource google_sql_database_instance Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogConnection.py
1604 CKV_GCP_53 resource google_sql_database_instance Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogDisconnection.py
1605 CKV_GCP_54 resource google_sql_database_instance Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’ Terraform GoogleCloudPostgreSqlLogLockWaits.py
1606 CKV_GCP_55 resource google_sql_database_instance Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value Terraform GoogleCloudPostgreSqlLogMinMessage.py
1607 CKV_GCP_56 resource google_sql_database_instance Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’ Terraform GoogleCloudPostgreSqlLogTemp.py
1608 CKV_GCP_57 resource google_sql_database_instance Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’ Terraform GoogleCloudPostgreSqlLogMinDuration.py
1609 CKV_GCP_58 resource google_sql_database_instance Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’ Terraform GoogleCloudSqlServerCrossDBOwnershipChaining.py
1610 CKV_GCP_59 resource google_sql_database_instance Ensure SQL database ‘contained database authentication’ flag is set to ‘off’ Terraform GoogleCloudSqlServerContainedDBAuthentication.py
1611 CKV_GCP_60 resource google_sql_database_instance Ensure Cloud SQL database does not have public IP Terraform GoogleCloudSqlServerNoPublicIP.py
1612 CKV_GCP_61 resource google_container_cluster Enable VPC Flow Logs and Intranode Visibility Terraform GKEEnableVPCFlowLogs.py
1613 CKV_GCP_62 resource google_storage_bucket Bucket should log access Terraform CloudStorageLogging.py
1614 CKV_GCP_63 resource google_storage_bucket Bucket should not log to itself Terraform CloudStorageSelfLogging.py
1615 CKV_GCP_64 resource google_container_cluster Ensure clusters are created with Private Nodes Terraform GKEPrivateNodes.py
1616 CKV_GCP_65 resource google_container_cluster Manage Kubernetes RBAC users with Google Groups for GKE Terraform GKEKubernetesRBACGoogleGroups.py
1617 CKV_GCP_66 resource google_container_cluster Ensure use of Binary Authorization Terraform GKEBinaryAuthorization.py
1618 CKV_GCP_67 resource google_container_cluster Ensure legacy Compute Engine instance metadata APIs are Disabled Terraform GKELegacyInstanceMetadataDisabled.py
1619 CKV_GCP_68 resource google_container_cluster Ensure Secure Boot for Shielded GKE Nodes is Enabled Terraform GKESecureBootforShieldedNodes.py
1620 CKV_GCP_68 resource google_container_node_pool Ensure Secure Boot for Shielded GKE Nodes is Enabled Terraform GKESecureBootforShieldedNodes.py
1621 CKV_GCP_69 resource google_container_cluster Ensure the GKE Metadata Server is Enabled Terraform GKEMetadataServerIsEnabled.py
1622 CKV_GCP_69 resource google_container_node_pool Ensure the GKE Metadata Server is Enabled Terraform GKEMetadataServerIsEnabled.py
1623 CKV_GCP_70 resource google_container_cluster Ensure the GKE Release Channel is set Terraform GKEReleaseChannel.py
1624 CKV_GCP_71 resource google_container_cluster Ensure Shielded GKE Nodes are Enabled Terraform GKEEnableShieldedNodes.py
1625 CKV_GCP_72 resource google_container_cluster Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled Terraform GKEEnsureIntegrityMonitoring.py
1626 CKV_GCP_72 resource google_container_node_pool Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled Terraform GKEEnsureIntegrityMonitoring.py
1627 CKV_GCP_73 resource google_compute_security_policy Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform CloudArmorWAFACLCVE202144228.py
1628 CKV_GCP_74 resource google_compute_subnetwork Ensure that private_ip_google_access is enabled for Subnet Terraform GoogleSubnetworkPrivateGoogleEnabled.py
1629 CKV_GCP_75 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted FTP access Terraform GoogleComputeFirewallUnrestrictedIngress21.py
1630 CKV_GCP_76 resource google_compute_subnetwork Ensure that Private google access is enabled for IPV6 Terraform GoogleSubnetworkIPV6PrivateGoogleEnabled.py
1631 CKV_GCP_77 resource google_compute_firewall Ensure Google compute firewall ingress does not allow on ftp port Terraform GoogleComputeFirewallUnrestrictedIngress20.py
1632 CKV_GCP_78 resource google_storage_bucket Ensure Cloud storage has versioning enabled Terraform CloudStorageVersioningEnabled.py
1633 CKV_GCP_79 resource google_sql_database_instance Ensure SQL database is using latest Major version Terraform CloudSqlMajorVersion.py
1634 CKV_GCP_80 resource google_bigquery_table Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform BigQueryTableEncryptedWithCMK.py
1635 CKV_GCP_81 resource google_bigquery_dataset Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform BigQueryDatasetEncryptedWithCMK.py
1636 CKV_GCP_82 resource google_kms_crypto_key Ensure KMS keys are protected from deletion Terraform GoogleKMSPreventDestroy.py
1637 CKV_GCP_83 resource google_pubsub_topic Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform CloudPubSubEncryptedWithCMK.py
1638 CKV_GCP_84 resource google_artifact_registry_repository Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform ArtifactRegsitryEncryptedWithCMK.py
1639 CKV_GCP_85 resource google_bigtable_instance Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform BigTableInstanceEncryptedWithCMK.py
1640 CKV_GCP_86 resource google_cloudbuild_worker_pool Ensure Cloud build workers are private Terraform CloudBuildWorkersArePrivate.py
1641 CKV_GCP_87 resource google_data_fusion_instance Ensure Data fusion instances are private Terraform DataFusionPrivateInstance.py
1642 CKV_GCP_88 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted mysql access Terraform GoogleComputeFirewallUnrestrictedIngress3306.py
1643 CKV_GCP_89 resource google_notebooks_instance Ensure Vertex AI instances are private Terraform VertexAIPrivateInstance.py
1644 CKV_GCP_90 resource google_dataflow_job Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform DataflowJobEncryptedWithCMK.py
1645 CKV_GCP_91 resource google_dataproc_cluster Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK) Terraform DataprocClusterEncryptedWithCMK.py
1646 CKV_GCP_92 resource google_vertex_ai_dataset Ensure Vertex AI datasets uses a CMK (Customer Manager Key) Terraform VertexAIDatasetEncryptedWithCMK.py
1647 CKV_GCP_93 resource google_spanner_database Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK) Terraform SpannerDatabaseEncryptedWithCMK.py
1648 CKV_GCP_94 resource google_dataflow_job Ensure Dataflow jobs are private Terraform DataflowPrivateJob.py
1649 CKV_GCP_95 resource google_redis_instance Ensure Memorystore for Redis has AUTH enabled Terraform MemorystoreForRedisAuthEnabled.py
1650 CKV_GCP_96 resource google_vertex_ai_metadata_store Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key) Terraform VertexAIMetadataStoreEncryptedWithCMK.py
1651 CKV_GCP_97 resource google_redis_instance Ensure Memorystore for Redis uses intransit encryption Terraform MemorystoreForRedisInTransitEncryption.py
1652 CKV_GCP_98 resource google_dataproc_cluster_iam_binding Ensure that Dataproc clusters are not anonymously or publicly accessible Terraform DataprocPrivateCluster.py
1653 CKV_GCP_98 resource google_dataproc_cluster_iam_member Ensure that Dataproc clusters are not anonymously or publicly accessible Terraform DataprocPrivateCluster.py
1654 CKV_GCP_99 resource google_pubsub_topic_iam_binding Ensure that Pub/Sub Topics are not anonymously or publicly accessible Terraform PubSubPrivateTopic.py
1655 CKV_GCP_99 resource google_pubsub_topic_iam_member Ensure that Pub/Sub Topics are not anonymously or publicly accessible Terraform PubSubPrivateTopic.py
1656 CKV_GCP_100 resource google_bigquery_table_iam_binding Ensure that BigQuery Tables are not anonymously or publicly accessible Terraform BigQueryPrivateTable.py
1657 CKV_GCP_100 resource google_bigquery_table_iam_member Ensure that BigQuery Tables are not anonymously or publicly accessible Terraform BigQueryPrivateTable.py
1658 CKV_GCP_101 resource google_artifact_registry_repository_iam_binding Ensure that Artifact Registry repositories are not anonymously or publicly accessible Terraform ArtifactRegistryPrivateRepo.py
1659 CKV_GCP_101 resource google_artifact_registry_repository_iam_member Ensure that Artifact Registry repositories are not anonymously or publicly accessible Terraform ArtifactRegistryPrivateRepo.py
1660 CKV_GCP_102 resource google_cloud_run_service_iam_binding Ensure that GCP Cloud Run services are not anonymously or publicly accessible Terraform GCPCloudRunPrivateService.py
1661 CKV_GCP_102 resource google_cloud_run_service_iam_member Ensure that GCP Cloud Run services are not anonymously or publicly accessible Terraform GCPCloudRunPrivateService.py
1662 CKV_GCP_103 resource google_dataproc_cluster Ensure Dataproc Clusters do not have public IPs Terraform DataprocPublicIpCluster.py
1663 CKV_GCP_104 resource google_data_fusion_instance Ensure Datafusion has stack driver logging enabled Terraform DataFusionStackdriverLogs.py
1664 CKV_GCP_105 resource google_data_fusion_instance Ensure Datafusion has stack driver monitoring enabled Terraform DataFusionStackdriverMonitoring.py
1665 CKV_GCP_106 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted http port 80 access Terraform GoogleComputeFirewallUnrestrictedIngress80.py
1666 CKV_GCP_107 resource google_cloudfunctions2_function_iam_binding Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
1667 CKV_GCP_107 resource google_cloudfunctions2_function_iam_member Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
1668 CKV_GCP_107 resource google_cloudfunctions_function_iam_binding Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
1669 CKV_GCP_107 resource google_cloudfunctions_function_iam_member Cloud functions should not be public Terraform CloudFunctionsShouldNotBePublic.py
1670 CKV_GCP_108 resource google_sql_database_instance Ensure hostnames are logged for GCP PostgreSQL databases Terraform GoogleCloudPostgreSqlLogHostname.py
1671 CKV_GCP_109 resource google_sql_database_instance Ensure the GCP PostgreSQL database log levels are set to ERROR or lower Terraform GoogleCloudPostgreSqlLogMinErrorStatement.py
1672 CKV_GCP_110 resource google_sql_database_instance Ensure pgAudit is enabled for your GCP PostgreSQL database Terraform GoogleCloudPostgreSqlEnablePgaudit.py
1673 CKV_GCP_111 resource google_sql_database_instance Ensure GCP PostgreSQL logs SQL statements Terraform GoogleCloudPostgreSqlLogStatement.py
1674 CKV_GCP_112 resource google_kms_crypto_key_iam_binding Esnure KMS policy should not allow public access Terraform GoogleKMSKeyIsPublic.py
1675 CKV_GCP_112 resource google_kms_crypto_key_iam_member Esnure KMS policy should not allow public access Terraform GoogleKMSKeyIsPublic.py
1676 CKV_GCP_112 resource google_kms_crypto_key_iam_policy Esnure KMS policy should not allow public access Terraform GoogleKMSKeyIsPublic.py
1677 CKV_GCP_113 data google_iam_policy Ensure IAM policy should not define public access Terraform GooglePolicyIsPrivate.py
1678 CKV_GCP_114 resource google_storage_bucket Ensure public access prevention is enforced on Cloud Storage bucket Terraform GoogleStoragePublicAccessPrevention.py
1679 CKV_GCP_115 resource google_organization_iam_binding Ensure basic roles are not used at organization level. Terraform GoogleOrgBasicRole.py
1680 CKV_GCP_115 resource google_organization_iam_member Ensure basic roles are not used at organization level. Terraform GoogleOrgBasicRole.py
1681 CKV_GCP_116 resource google_folder_iam_binding Ensure basic roles are not used at folder level. Terraform GoogleFolderBasicRole.py
1682 CKV_GCP_116 resource google_folder_iam_member Ensure basic roles are not used at folder level. Terraform GoogleFolderBasicRole.py
1683 CKV_GCP_117 resource google_project_iam_binding Ensure basic roles are not used at project level. Terraform GoogleProjectBasicRole.py
1684 CKV_GCP_117 resource google_project_iam_member Ensure basic roles are not used at project level. Terraform GoogleProjectBasicRole.py
1685 CKV2_GCP_1 resource google_project_default_service_accounts Ensure GKE clusters are not running using the Compute Engine default service account Terraform GKEClustersAreNotUsingDefaultServiceAccount.yaml
1686 CKV2_GCP_2 resource google_compute_network Ensure legacy networks do not exist for a project Terraform GCPProjectHasNoLegacyNetworks.yaml
1687 CKV2_GCP_3 resource google_service_account_key Ensure that there are only GCP-managed service account keys for each service account Terraform ServiceAccountHasGCPmanagedKey.yaml
1688 CKV2_GCP_4 resource google_logging_folder_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
1689 CKV2_GCP_4 resource google_logging_organization_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
1690 CKV2_GCP_4 resource google_logging_project_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
1691 CKV2_GCP_4 resource google_storage_bucket Ensure that retention policies on log buckets are configured using Bucket Lock Terraform GCPLogBucketsConfiguredUsingLock.yaml
1692 CKV2_GCP_5 resource google_project Ensure that Cloud Audit Logging is configured properly across all services and all users from a project Terraform GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
1693 CKV2_GCP_5 resource google_project_iam_audit_config Ensure that Cloud Audit Logging is configured properly across all services and all users from a project Terraform GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
1694 CKV2_GCP_6 resource google_kms_crypto_key Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
1695 CKV2_GCP_6 resource google_kms_crypto_key_iam_binding Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
1696 CKV2_GCP_6 resource google_kms_crypto_key_iam_member Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
1697 CKV2_GCP_7 resource google_sql_database_instance Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges Terraform DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
1698 CKV2_GCP_7 resource google_sql_user Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges Terraform DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
1699 CKV2_GCP_8 resource google_kms_key_ring Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
1700 CKV2_GCP_8 resource google_kms_key_ring_iam_binding Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
1701 CKV2_GCP_8 resource google_kms_key_ring_iam_member Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
1702 CKV2_GCP_9 resource google_container_registry Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
1703 CKV2_GCP_9 resource google_storage_bucket_iam_binding Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
1704 CKV2_GCP_9 resource google_storage_bucket_iam_member Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
1705 CKV2_GCP_10 resource google_cloudfunctions_function Ensure GCP Cloud Function HTTP trigger is secured Terraform CloudFunctionSecureHTTPTrigger.yaml
1706 CKV2_GCP_11 resource google_project_services Ensure GCP GCR Container Vulnerability Scanning is enabled Terraform GCRContainerVulnerabilityScanningEnabled.yaml
1707 CKV2_GCP_12 resource google_compute_firewall Ensure GCP compute firewall ingress does not allow unrestricted access to all ports Terraform GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml
1708 CKV2_GCP_13 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_duration’ is set to ‘on’ Terraform GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml
1709 CKV2_GCP_14 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_executor_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml
1710 CKV2_GCP_15 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_parser_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml
1711 CKV2_GCP_16 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_planner_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml
1712 CKV2_GCP_17 resource google_sql_database_instance Ensure PostgreSQL database flag ‘log_statement_stats’ is set to ‘off’ Terraform GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml
1713 CKV2_GCP_18 resource google_compute_network Ensure GCP network defines a firewall and does not use the default firewall Terraform GCPNetworkDoesNotUseDefaultFirewall.yaml
1714 CKV2_GCP_19 resource google_container_cluster Ensure GCP Kubernetes engine clusters have ‘alpha cluster’ feature disabled Terraform GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml
1715 CKV2_GCP_20 resource google_sql_database_instance Ensure MySQL DB instance has point-in-time recovery backup configured Terraform GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml
1716 CKV_GIT_1 resource github_repository Ensure GitHub repository is Private Terraform PrivateRepo.py
1717 CKV_GIT_2 resource github_repository_webhook Ensure GitHub repository webhooks are using HTTPS Terraform WebhookInsecureSsl.py
1718 CKV_GIT_3 resource github_repository Ensure GitHub repository has vulnerability alerts enabled Terraform RepositoryEnableVulnerabilityAlerts.py
1719 CKV_GIT_4 resource github_actions_environment_secret Ensure GitHub Actions secrets are encrypted Terraform SecretsEncrypted.py
1720 CKV_GIT_4 resource github_actions_organization_secret Ensure GitHub Actions secrets are encrypted Terraform SecretsEncrypted.py
1721 CKV_GIT_4 resource github_actions_secret Ensure GitHub Actions secrets are encrypted Terraform SecretsEncrypted.py
1722 CKV_GIT_5 resource github_branch_protection GitHub pull requests should require at least 2 approvals Terraform BranchProtectionReviewNumTwo.py
1723 CKV_GIT_5 resource github_branch_protection_v3 GitHub pull requests should require at least 2 approvals Terraform BranchProtectionReviewNumTwo.py
1724 CKV_GIT_6 resource github_branch_protection Ensure GitHub branch protection rules requires signed commits Terraform BranchProtectionRequireSignedCommits.py
1725 CKV_GIT_6 resource github_branch_protection_v3 Ensure GitHub branch protection rules requires signed commits Terraform BranchProtectionRequireSignedCommits.py
1726 CKV2_GIT_1 resource github_repository Ensure each Repository has branch protection associated Terraform RepositoryHasBranchProtection.yaml
1727 CKV_GLB_1 resource gitlab_project Ensure at least two approving reviews are required to merge a GitLab MR Terraform RequireTwoApprovalsToMerge.py
1728 CKV_GLB_2 resource gitlab_branch_protection Ensure GitLab branch protection rules does not allow force pushes Terraform ForcePushDisabled.py
1729 CKV_GLB_3 resource gitlab_project Ensure GitLab prevent secrets is enabled Terraform PreventSecretsEnabled.py
1730 CKV_GLB_4 resource gitlab_project Ensure GitLab commits are signed Terraform RejectUnsignedCommits.py
1731 CKV_K8S_1 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPIDPSP.py
1732 CKV_K8S_2 resource kubernetes_pod_security_policy Do not admit privileged containers Terraform PrivilegedContainerPSP.py
1733 CKV_K8S_3 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPCPSP.py
1734 CKV_K8S_4 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host network namespace Terraform SharedHostNetworkNamespacePSP.py
1735 CKV_K8S_5 resource kubernetes_pod_security_policy Containers should not run with allowPrivilegeEscalation Terraform AllowPrivilegeEscalationPSP.py
1736 CKV_K8S_6 resource kubernetes_pod_security_policy Do not admit root containers Terraform RootContainerPSP.py
1737 CKV_K8S_7 resource kubernetes_pod_security_policy Do not admit containers with the NET_RAW capability Terraform DropCapabilitiesPSP.py
1738 CKV_K8S_8 resource kubernetes_deployment Liveness Probe Should be Configured Terraform LivenessProbe.py
1739 CKV_K8S_8 resource kubernetes_deployment_v1 Liveness Probe Should be Configured Terraform LivenessProbe.py
1740 CKV_K8S_8 resource kubernetes_pod Liveness Probe Should be Configured Terraform LivenessProbe.py
1741 CKV_K8S_8 resource kubernetes_pod_v1 Liveness Probe Should be Configured Terraform LivenessProbe.py
1742 CKV_K8S_9 resource kubernetes_deployment Readiness Probe Should be Configured Terraform ReadinessProbe.py
1743 CKV_K8S_9 resource kubernetes_deployment_v1 Readiness Probe Should be Configured Terraform ReadinessProbe.py
1744 CKV_K8S_9 resource kubernetes_pod Readiness Probe Should be Configured Terraform ReadinessProbe.py
1745 CKV_K8S_9 resource kubernetes_pod_v1 Readiness Probe Should be Configured Terraform ReadinessProbe.py
1746 CKV_K8S_10 resource kubernetes_deployment CPU requests should be set Terraform CPURequests.py
1747 CKV_K8S_10 resource kubernetes_deployment_v1 CPU requests should be set Terraform CPURequests.py
1748 CKV_K8S_10 resource kubernetes_pod CPU requests should be set Terraform CPURequests.py
1749 CKV_K8S_10 resource kubernetes_pod_v1 CPU requests should be set Terraform CPURequests.py
1750 CKV_K8S_11 resource kubernetes_deployment CPU Limits should be set Terraform CPULimits.py
1751 CKV_K8S_11 resource kubernetes_deployment_v1 CPU Limits should be set Terraform CPULimits.py
1752 CKV_K8S_11 resource kubernetes_pod CPU Limits should be set Terraform CPULimits.py
1753 CKV_K8S_11 resource kubernetes_pod_v1 CPU Limits should be set Terraform CPULimits.py
1754 CKV_K8S_12 resource kubernetes_deployment Memory Limits should be set Terraform MemoryLimits.py
1755 CKV_K8S_12 resource kubernetes_deployment_v1 Memory Limits should be set Terraform MemoryLimits.py
1756 CKV_K8S_12 resource kubernetes_pod Memory Limits should be set Terraform MemoryLimits.py
1757 CKV_K8S_12 resource kubernetes_pod_v1 Memory Limits should be set Terraform MemoryLimits.py
1758 CKV_K8S_13 resource kubernetes_deployment Memory requests should be set Terraform MemoryRequests.py
1759 CKV_K8S_13 resource kubernetes_deployment_v1 Memory requests should be set Terraform MemoryRequests.py
1760 CKV_K8S_13 resource kubernetes_pod Memory requests should be set Terraform MemoryRequests.py
1761 CKV_K8S_13 resource kubernetes_pod_v1 Memory requests should be set Terraform MemoryRequests.py
1762 CKV_K8S_14 resource kubernetes_deployment Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
1763 CKV_K8S_14 resource kubernetes_deployment_v1 Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
1764 CKV_K8S_14 resource kubernetes_pod Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
1765 CKV_K8S_14 resource kubernetes_pod_v1 Image Tag should be fixed - not latest or blank Terraform ImageTagFixed.py
1766 CKV_K8S_15 resource kubernetes_deployment Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
1767 CKV_K8S_15 resource kubernetes_deployment_v1 Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
1768 CKV_K8S_15 resource kubernetes_pod Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
1769 CKV_K8S_15 resource kubernetes_pod_v1 Image Pull Policy should be Always Terraform ImagePullPolicyAlways.py
1770 CKV_K8S_16 resource kubernetes_deployment Do not admit privileged containers Terraform PrivilegedContainer.py
1771 CKV_K8S_16 resource kubernetes_deployment_v1 Do not admit privileged containers Terraform PrivilegedContainer.py
1772 CKV_K8S_16 resource kubernetes_pod Do not admit privileged containers Terraform PrivilegedContainer.py
1773 CKV_K8S_16 resource kubernetes_pod_v1 Do not admit privileged containers Terraform PrivilegedContainer.py
1774 CKV_K8S_17 resource kubernetes_deployment Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
1775 CKV_K8S_17 resource kubernetes_deployment_v1 Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
1776 CKV_K8S_17 resource kubernetes_pod Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
1777 CKV_K8S_17 resource kubernetes_pod_v1 Do not admit containers wishing to share the host process ID namespace Terraform ShareHostPID.py
1778 CKV_K8S_18 resource kubernetes_deployment Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
1779 CKV_K8S_18 resource kubernetes_deployment_v1 Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
1780 CKV_K8S_18 resource kubernetes_pod Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
1781 CKV_K8S_18 resource kubernetes_pod_v1 Do not admit containers wishing to share the host IPC namespace Terraform ShareHostIPC.py
1782 CKV_K8S_19 resource kubernetes_deployment Do not admit containers wishing to share the host network namespace Terraform SharedHostNetworkNamespace.py
1783 CKV_K8S_19 resource kubernetes_deployment_v1 Do not admit containers wishing to share the host network namespace Terraform SharedHostNetworkNamespace.py
1784 CKV_K8S_19 resource kubernetes_pod Do not admit containers wishing to share the host network namespace Terraform SharedHostNetworkNamespace.py
1785 CKV_K8S_19 resource kubernetes_pod_v1 Do not admit containers wishing to share the host network namespace Terraform SharedHostNetworkNamespace.py
1786 CKV_K8S_20 resource kubernetes_deployment Containers should not run with allowPrivilegeEscalation Terraform AllowPrivilegeEscalation.py
1787 CKV_K8S_20 resource kubernetes_deployment_v1 Containers should not run with allowPrivilegeEscalation Terraform AllowPrivilegeEscalation.py
1788 CKV_K8S_20 resource kubernetes_pod Containers should not run with allowPrivilegeEscalation Terraform AllowPrivilegeEscalation.py
1789 CKV_K8S_20 resource kubernetes_pod_v1 Containers should not run with allowPrivilegeEscalation Terraform AllowPrivilegeEscalation.py
1790 CKV_K8S_21 resource kubernetes_config_map The default namespace should not be used Terraform DefaultNamespace.py
1791 CKV_K8S_21 resource kubernetes_config_map_v1 The default namespace should not be used Terraform DefaultNamespace.py
1792 CKV_K8S_21 resource kubernetes_cron_job The default namespace should not be used Terraform DefaultNamespace.py
1793 CKV_K8S_21 resource kubernetes_cron_job_v1 The default namespace should not be used Terraform DefaultNamespace.py
1794 CKV_K8S_21 resource kubernetes_daemon_set_v1 The default namespace should not be used Terraform DefaultNamespace.py
1795 CKV_K8S_21 resource kubernetes_daemonset The default namespace should not be used Terraform DefaultNamespace.py
1796 CKV_K8S_21 resource kubernetes_deployment The default namespace should not be used Terraform DefaultNamespace.py
1797 CKV_K8S_21 resource kubernetes_deployment_v1 The default namespace should not be used Terraform DefaultNamespace.py
1798 CKV_K8S_21 resource kubernetes_ingress The default namespace should not be used Terraform DefaultNamespace.py
1799 CKV_K8S_21 resource kubernetes_ingress_v1 The default namespace should not be used Terraform DefaultNamespace.py
1800 CKV_K8S_21 resource kubernetes_job The default namespace should not be used Terraform DefaultNamespace.py
1801 CKV_K8S_21 resource kubernetes_job_v1 The default namespace should not be used Terraform DefaultNamespace.py
1802 CKV_K8S_21 resource kubernetes_pod The default namespace should not be used Terraform DefaultNamespace.py
1803 CKV_K8S_21 resource kubernetes_pod_v1 The default namespace should not be used Terraform DefaultNamespace.py
1804 CKV_K8S_21 resource kubernetes_replication_controller The default namespace should not be used Terraform DefaultNamespace.py
1805 CKV_K8S_21 resource kubernetes_replication_controller_v1 The default namespace should not be used Terraform DefaultNamespace.py
1806 CKV_K8S_21 resource kubernetes_role_binding The default namespace should not be used Terraform DefaultNamespace.py
1807 CKV_K8S_21 resource kubernetes_role_binding_v1 The default namespace should not be used Terraform DefaultNamespace.py
1808 CKV_K8S_21 resource kubernetes_secret The default namespace should not be used Terraform DefaultNamespace.py
1809 CKV_K8S_21 resource kubernetes_secret_v1 The default namespace should not be used Terraform DefaultNamespace.py
1810 CKV_K8S_21 resource kubernetes_service The default namespace should not be used Terraform DefaultNamespace.py
1811 CKV_K8S_21 resource kubernetes_service_account The default namespace should not be used Terraform DefaultNamespace.py
1812 CKV_K8S_21 resource kubernetes_service_account_v1 The default namespace should not be used Terraform DefaultNamespace.py
1813 CKV_K8S_21 resource kubernetes_service_v1 The default namespace should not be used Terraform DefaultNamespace.py
1814 CKV_K8S_21 resource kubernetes_stateful_set The default namespace should not be used Terraform DefaultNamespace.py
1815 CKV_K8S_21 resource kubernetes_stateful_set_v1 The default namespace should not be used Terraform DefaultNamespace.py
1816 CKV_K8S_22 resource kubernetes_deployment Use read-only filesystem for containers where possible Terraform ReadonlyRootFilesystem.py
1817 CKV_K8S_22 resource kubernetes_deployment_v1 Use read-only filesystem for containers where possible Terraform ReadonlyRootFilesystem.py
1818 CKV_K8S_22 resource kubernetes_pod Use read-only filesystem for containers where possible Terraform ReadonlyRootFilesystem.py
1819 CKV_K8S_22 resource kubernetes_pod_v1 Use read-only filesystem for containers where possible Terraform ReadonlyRootFilesystem.py
1820 CKV_K8S_24 resource kubernetes_pod_security_policy Do not allow containers with added capability Terraform AllowedCapabilitiesPSP.py
1821 CKV_K8S_25 resource kubernetes_deployment Minimize the admission of containers with added capability Terraform AllowedCapabilities.py
1822 CKV_K8S_25 resource kubernetes_deployment_v1 Minimize the admission of containers with added capability Terraform AllowedCapabilities.py
1823 CKV_K8S_25 resource kubernetes_pod Minimize the admission of containers with added capability Terraform AllowedCapabilities.py
1824 CKV_K8S_25 resource kubernetes_pod_v1 Minimize the admission of containers with added capability Terraform AllowedCapabilities.py
1825 CKV_K8S_26 resource kubernetes_deployment Do not specify hostPort unless absolutely necessary Terraform HostPort.py
1826 CKV_K8S_26 resource kubernetes_deployment_v1 Do not specify hostPort unless absolutely necessary Terraform HostPort.py
1827 CKV_K8S_26 resource kubernetes_pod Do not specify hostPort unless absolutely necessary Terraform HostPort.py
1828 CKV_K8S_26 resource kubernetes_pod_v1 Do not specify hostPort unless absolutely necessary Terraform HostPort.py
1829 CKV_K8S_27 resource kubernetes_daemon_set_v1 Do not expose the docker daemon socket to containers Terraform DockerSocketVolume.py
1830 CKV_K8S_27 resource kubernetes_daemonset Do not expose the docker daemon socket to containers Terraform DockerSocketVolume.py
1831 CKV_K8S_27 resource kubernetes_deployment Do not expose the docker daemon socket to containers Terraform DockerSocketVolume.py
1832 CKV_K8S_27 resource kubernetes_deployment_v1 Do not expose the docker daemon socket to containers Terraform DockerSocketVolume.py
1833 CKV_K8S_27 resource kubernetes_pod Do not expose the docker daemon socket to containers Terraform DockerSocketVolume.py
1834 CKV_K8S_27 resource kubernetes_pod_v1 Do not expose the docker daemon socket to containers Terraform DockerSocketVolume.py
1835 CKV_K8S_28 resource kubernetes_deployment Minimize the admission of containers with the NET_RAW capability Terraform DropCapabilities.py
1836 CKV_K8S_28 resource kubernetes_deployment_v1 Minimize the admission of containers with the NET_RAW capability Terraform DropCapabilities.py
1837 CKV_K8S_28 resource kubernetes_pod Minimize the admission of containers with the NET_RAW capability Terraform DropCapabilities.py
1838 CKV_K8S_28 resource kubernetes_pod_v1 Minimize the admission of containers with the NET_RAW capability Terraform DropCapabilities.py
1839 CKV_K8S_29 resource kubernetes_daemon_set_v1 Apply security context to your pods, deployments and daemon_sets Terraform PodSecurityContext.py
1840 CKV_K8S_29 resource kubernetes_daemonset Apply security context to your pods, deployments and daemon_sets Terraform PodSecurityContext.py
1841 CKV_K8S_29 resource kubernetes_deployment Apply security context to your pods, deployments and daemon_sets Terraform PodSecurityContext.py
1842 CKV_K8S_29 resource kubernetes_deployment_v1 Apply security context to your pods, deployments and daemon_sets Terraform PodSecurityContext.py
1843 CKV_K8S_29 resource kubernetes_pod Apply security context to your pods, deployments and daemon_sets Terraform PodSecurityContext.py
1844 CKV_K8S_29 resource kubernetes_pod_v1 Apply security context to your pods, deployments and daemon_sets Terraform PodSecurityContext.py
1845 CKV_K8S_30 resource kubernetes_deployment Apply security context to your pods and containers Terraform ContainerSecurityContext.py
1846 CKV_K8S_30 resource kubernetes_deployment_v1 Apply security context to your pods and containers Terraform ContainerSecurityContext.py
1847 CKV_K8S_30 resource kubernetes_pod Apply security context to your pods and containers Terraform ContainerSecurityContext.py
1848 CKV_K8S_30 resource kubernetes_pod_v1 Apply security context to your pods and containers Terraform ContainerSecurityContext.py
1849 CKV_K8S_32 resource kubernetes_pod_security_policy Ensure default seccomp profile set to docker/default or runtime/default Terraform SeccompPSP.py
1850 CKV_K8S_34 resource kubernetes_deployment Ensure that Tiller (Helm v2) is not deployed Terraform Tiller.py
1851 CKV_K8S_34 resource kubernetes_deployment_v1 Ensure that Tiller (Helm v2) is not deployed Terraform Tiller.py
1852 CKV_K8S_34 resource kubernetes_pod Ensure that Tiller (Helm v2) is not deployed Terraform Tiller.py
1853 CKV_K8S_34 resource kubernetes_pod_v1 Ensure that Tiller (Helm v2) is not deployed Terraform Tiller.py
1854 CKV_K8S_35 resource kubernetes_deployment Prefer using secrets as files over secrets as environment variables Terraform Secrets.py
1855 CKV_K8S_35 resource kubernetes_deployment_v1 Prefer using secrets as files over secrets as environment variables Terraform Secrets.py
1856 CKV_K8S_35 resource kubernetes_pod Prefer using secrets as files over secrets as environment variables Terraform Secrets.py
1857 CKV_K8S_35 resource kubernetes_pod_v1 Prefer using secrets as files over secrets as environment variables Terraform Secrets.py
1858 CKV_K8S_36 resource kubernetes_pod_security_policy Minimise the admission of containers with capabilities assigned Terraform MinimiseCapabilitiesPSP.py
1859 CKV_K8S_37 resource kubernetes_deployment Minimise the admission of containers with capabilities assigned Terraform MinimiseCapabilities.py
1860 CKV_K8S_37 resource kubernetes_deployment_v1 Minimise the admission of containers with capabilities assigned Terraform MinimiseCapabilities.py
1861 CKV_K8S_37 resource kubernetes_pod Minimise the admission of containers with capabilities assigned Terraform MinimiseCapabilities.py
1862 CKV_K8S_37 resource kubernetes_pod_v1 Minimise the admission of containers with capabilities assigned Terraform MinimiseCapabilities.py
1863 CKV_K8S_39 resource kubernetes_deployment Do not use the CAP_SYS_ADMIN linux capability Terraform AllowedCapabilitiesSysAdmin.py
1864 CKV_K8S_39 resource kubernetes_deployment_v1 Do not use the CAP_SYS_ADMIN linux capability Terraform AllowedCapabilitiesSysAdmin.py
1865 CKV_K8S_39 resource kubernetes_pod Do not use the CAP_SYS_ADMIN linux capability Terraform AllowedCapabilitiesSysAdmin.py
1866 CKV_K8S_39 resource kubernetes_pod_v1 Do not use the CAP_SYS_ADMIN linux capability Terraform AllowedCapabilitiesSysAdmin.py
1867 CKV_K8S_41 resource kubernetes_service_account Ensure that default service accounts are not actively used Terraform DefaultServiceAccount.py
1868 CKV_K8S_41 resource kubernetes_service_account_v1 Ensure that default service accounts are not actively used Terraform DefaultServiceAccount.py
1869 CKV_K8S_42 resource kubernetes_cluster_role_binding Ensure that default service accounts are not actively used Terraform DefaultServiceAccountBinding.py
1870 CKV_K8S_42 resource kubernetes_cluster_role_binding_v1 Ensure that default service accounts are not actively used Terraform DefaultServiceAccountBinding.py
1871 CKV_K8S_42 resource kubernetes_role_binding Ensure that default service accounts are not actively used Terraform DefaultServiceAccountBinding.py
1872 CKV_K8S_42 resource kubernetes_role_binding_v1 Ensure that default service accounts are not actively used Terraform DefaultServiceAccountBinding.py
1873 CKV_K8S_43 resource kubernetes_deployment Image should use digest Terraform ImageDigest.py
1874 CKV_K8S_43 resource kubernetes_deployment_v1 Image should use digest Terraform ImageDigest.py
1875 CKV_K8S_43 resource kubernetes_pod Image should use digest Terraform ImageDigest.py
1876 CKV_K8S_43 resource kubernetes_pod_v1 Image should use digest Terraform ImageDigest.py
1877 CKV_K8S_44 resource kubernetes_service Ensure that the Tiller Service (Helm v2) is deleted Terraform TillerService.py
1878 CKV_K8S_44 resource kubernetes_service_v1 Ensure that the Tiller Service (Helm v2) is deleted Terraform TillerService.py
1879 CKV_K8S_49 resource kubernetes_cluster_role Minimize wildcard use in Roles and ClusterRoles Terraform WildcardRoles.py
1880 CKV_K8S_49 resource kubernetes_cluster_role_v1 Minimize wildcard use in Roles and ClusterRoles Terraform WildcardRoles.py
1881 CKV_K8S_49 resource kubernetes_role Minimize wildcard use in Roles and ClusterRoles Terraform WildcardRoles.py
1882 CKV_K8S_49 resource kubernetes_role_v1 Minimize wildcard use in Roles and ClusterRoles Terraform WildcardRoles.py
1883 CKV_LIN_1 provider linode Ensure no hard coded Linode tokens exist in provider Terraform credentials.py
1884 CKV_LIN_2 resource linode_instance Ensure SSH key set in authorized_keys Terraform authorized_keys.py
1885 CKV_LIN_3 resource linode_user Ensure email is set Terraform user_email_set.py
1886 CKV_LIN_4 resource linode_user Ensure username is set Terraform user_username_set.py
1887 CKV_LIN_5 resource linode_firewall Ensure Inbound Firewall Policy is not set to ACCEPT Terraform firewall_inbound_policy.py
1888 CKV_LIN_6 resource linode_firewall Ensure Outbound Firewall Policy is not set to ACCEPT Terraform firewall_outbound_policy.py
1889 CKV_NCP_1 resource ncloud_lb_target_group Ensure HTTP HTTPS Target group defines Healthcheck Terraform LBTargetGroupDefinesHealthCheck.py
1890 CKV_NCP_2 resource ncloud_access_control_group Ensure every access control groups rule has a description Terraform AccessControlGroupRuleDescription.py
1891 CKV_NCP_2 resource ncloud_access_control_group_rule Ensure every access control groups rule has a description Terraform AccessControlGroupRuleDescription.py
1892 CKV_NCP_3 resource ncloud_access_control_group_rule Ensure no security group rules allow outbound traffic to 0.0.0.0/0 Terraform AccessControlGroupOutboundRule.py
1893 CKV_NCP_4 resource ncloud_access_control_group_rule Ensure no access control groups allow inbound from 0.0.0.0:0 to port 22 Terraform AccessControlGroupInboundRulePort22.py
1894 CKV_NCP_5 resource ncloud_access_control_group_rule Ensure no access control groups allow inbound from 0.0.0.0:0 to port 3389 Terraform AccessControlGroupInboundRulePort3389.py
1895 CKV_NCP_6 resource ncloud_server Ensure Server instance is encrypted. Terraform ServerEncryptionVPC.py
1896 CKV_NCP_7 resource ncloud_launch_configuration Ensure Basic Block storage is encrypted. Terraform LaunchConfigurationEncryptionVPC.py
1897 CKV_NCP_8 resource ncloud_network_acl_rule Ensure no NACL allow inbound from 0.0.0.0:0 to port 20 Terraform NACLInbound20.py
1898 CKV_NCP_9 resource ncloud_network_acl_rule Ensure no NACL allow inbound from 0.0.0.0:0 to port 21 Terraform NACLInbound21.py
1899 CKV_NCP_10 resource ncloud_network_acl_rule Ensure no NACL allow inbound from 0.0.0.0:0 to port 22 Terraform NACLInbound22.py
1900 CKV_NCP_11 resource ncloud_network_acl_rule Ensure no NACL allow inbound from 0.0.0.0:0 to port 3389 Terraform NACLInbound3389.py
1901 CKV_NCP_12 resource ncloud_network_acl_rule An inbound Network ACL rule should not allow ALL ports. Terraform NACLPortCheck.py
1902 CKV_NCP_13 resource ncloud_lb_listener Ensure LB Listener uses only secure protocols Terraform LBListenerUsesSecureProtocols.py
1903 CKV_NCP_14 resource ncloud_nas_volume Ensure NAS is securely encrypted Terraform NASEncryptionEnabled.py
1904 CKV_NCP_15 resource ncloud_lb_target_group Ensure Load Balancer Target Group is not using HTTP Terraform LBTargetGroupUsingHTTPS.py
1905 CKV_NCP_16 resource ncloud_lb Ensure Load Balancer isn’t exposed to the internet Terraform LBNetworkPrivate.py
1906 CKV_NCP_18 resource ncloud_auto_scaling_group Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks. Terraform AutoScalingEnabledLB.yaml
1907 CKV_NCP_18 resource ncloud_lb_target_group Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks. Terraform AutoScalingEnabledLB.yaml
1908 CKV_NCP_19 resource ncloud_nks_cluster Ensure Naver Kubernetes Service public endpoint disabled Terraform NKSPublicAccess.py
1909 CKV_NCP_20 resource ncloud_route Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivity Terraform RouteTableNATGatewayDefault.py
1910 CKV_NCP_22 resource ncloud_nks_cluster Ensure NKS control plane logging enabled for all log types Terraform NKSControlPlaneLogging.py
1911 CKV_NCP_22 resource ncloud_route_table Ensure a route table for the public subnets is created. Terraform RouteTablePublicSubnetConnection.yaml
1912 CKV_NCP_22 resource ncloud_subnet Ensure a route table for the public subnets is created. Terraform RouteTablePublicSubnetConnection.yaml
1913 CKV_NCP_23 resource ncloud_public_ip Ensure Server instance should not have public IP. Terraform ServerPublicIP.py
1914 CKV_NCP_24 resource ncloud_lb_listener Ensure Load Balancer Listener Using HTTPS Terraform LBListenerUsingHTTPS.py
1915 CKV_NCP_25 resource ncloud_access_control_group_rule Ensure no access control groups allow inbound from 0.0.0.0:0 to port 80 Terraform AccessControlGroupInboundRulePort80.py
1916 CKV_NCP_26 resource ncloud_access_control_group Ensure Access Control Group has Access Control Group Rule attached Terraform AccessControlGroupRuleDefine.yaml
1917 CKV_OCI_1 provider oci Ensure no hard coded OCI private key in provider Terraform credentials.py
1918 CKV_OCI_2 resource oci_core_volume Ensure OCI Block Storage Block Volume has backup enabled Terraform StorageBlockBackupEnabled.py
1919 CKV_OCI_3 resource oci_core_volume OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) Terraform StorageBlockEncryption.py
1920 CKV_OCI_4 resource oci_core_instance Ensure OCI Compute Instance boot volume has in-transit data encryption enabled Terraform InstanceBootVolumeIntransitEncryption.py
1921 CKV_OCI_5 resource oci_core_instance Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled Terraform InstanceMetadataServiceEnabled.py
1922 CKV_OCI_6 resource oci_core_instance Ensure OCI Compute Instance has monitoring enabled Terraform InstanceMonitoringEnabled.py
1923 CKV_OCI_7 resource oci_objectstorage_bucket Ensure OCI Object Storage bucket can emit object events Terraform ObjectStorageEmitEvents.py
1924 CKV_OCI_8 resource oci_objectstorage_bucket Ensure OCI Object Storage has versioning enabled Terraform ObjectStorageVersioning.py
1925 CKV_OCI_9 resource oci_objectstorage_bucket Ensure OCI Object Storage is encrypted with Customer Managed Key Terraform ObjectStorageEncryption.py
1926 CKV_OCI_10 resource oci_objectstorage_bucket Ensure OCI Object Storage is not Public Terraform ObjectStoragePublic.py
1927 CKV_OCI_11 resource oci_identity_authentication_policy OCI IAM password policy - must contain lower case Terraform IAMPasswordPolicyLowerCase.py
1928 CKV_OCI_12 resource oci_identity_authentication_policy OCI IAM password policy - must contain Numeric characters Terraform IAMPasswordPolicyNumeric.py
1929 CKV_OCI_13 resource oci_identity_authentication_policy OCI IAM password policy - must contain Special characters Terraform IAMPasswordPolicySpecialCharacters.py
1930 CKV_OCI_14 resource oci_identity_authentication_policy OCI IAM password policy - must contain Uppercase characters Terraform IAMPasswordPolicyUpperCase.py
1931 CKV_OCI_15 resource oci_file_storage_file_system Ensure OCI File System is Encrypted with a customer Managed Key Terraform FileSystemEncryption.py
1932 CKV_OCI_16 resource oci_core_security_list Ensure VCN has an inbound security list Terraform SecurityListIngress.py
1933 CKV_OCI_17 resource oci_core_security_list Ensure VCN inbound security lists are stateless Terraform SecurityListIngressStateless.py
1934 CKV_OCI_18 resource oci_identity_authentication_policy OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters Terraform IAMPasswordLength.py
1935 CKV_OCI_19 resource oci_core_security_list Ensure no security list allow ingress from 0.0.0.0:0 to port 22. Terraform SecurityListUnrestrictedIngress22.py
1936 CKV_OCI_20 resource oci_core_security_list Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. Terraform SecurityListUnrestrictedIngress3389.py
1937 CKV_OCI_21 resource oci_core_network_security_group_security_rule Ensure security group has stateless ingress security rules Terraform SecurityGroupsIngressStatelessSecurityRules.py
1938 CKV_OCI_22 resource oci_core_network_security_group_security_rule Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 Terraform AbsSecurityGroupUnrestrictedIngress.py
1939 CKV2_OCI_1 resource oci_identity_group Ensure administrator users are not associated with API keys Terraform AdministratorUserNotAssociatedWithAPIKey.yaml
1940 CKV2_OCI_1 resource oci_identity_user Ensure administrator users are not associated with API keys Terraform AdministratorUserNotAssociatedWithAPIKey.yaml
1941 CKV2_OCI_1 resource oci_identity_user_group_membership Ensure administrator users are not associated with API keys Terraform AdministratorUserNotAssociatedWithAPIKey.yaml
1942 CKV2_OCI_2 resource oci_core_network_security_group_security_rule Ensure NSG does not allow all traffic on RDP port (3389) Terraform OCI_NSGNotAllowRDP.yaml
1943 CKV2_OCI_3 resource oci_containerengine_cluster Ensure Kubernetes engine cluster is configured with NSG(s) Terraform OCI_KubernetesEngineClusterEndpointConfigWithNSG.yaml
1944 CKV2_OCI_4 resource oci_file_storage_export Ensure File Storage File System access is restricted to root users Terraform OCI_NFSaccessRestrictedToRootUsers.yaml
1945 CKV2_OCI_5 resource oci_containerengine_node_pool Ensure Kubernetes Engine Cluster boot volume is configured with in-transit data encryption Terraform OCI_K8EngineClusterBootVolConfigInTransitEncryption.yaml
1946 CKV2_OCI_6 resource oci_containerengine_cluster Ensure Kubernetes Engine Cluster pod security policy is enforced Terraform OCI_K8EngineClusterPodSecPolicyEnforced.yaml
1947 CKV_OPENSTACK_1 provider openstack Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider Terraform credentials.py
1948 CKV_OPENSTACK_2 resource openstack_compute_secgroup_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) Terraform SecurityGroupUnrestrictedIngress22.py
1949 CKV_OPENSTACK_2 resource openstack_networking_secgroup_rule_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) Terraform SecurityGroupUnrestrictedIngress22.py
1950 CKV_OPENSTACK_3 resource openstack_compute_secgroup_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) Terraform SecurityGroupUnrestrictedIngress3389.py
1951 CKV_OPENSTACK_3 resource openstack_networking_secgroup_rule_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) Terraform SecurityGroupUnrestrictedIngress3389.py
1952 CKV_OPENSTACK_4 resource openstack_compute_instance_v2 Ensure that instance does not use basic credentials Terraform ComputeInstanceAdminPassword.py
1953 CKV_OPENSTACK_5 resource openstack_fw_rule_v1 Ensure firewall rule set a destination IP Terraform FirewallRuleSetDestinationIP.py
1954 CKV_PAN_1 provider panos Ensure no hard coded PAN-OS credentials exist in provider Terraform credentials.py
1955 CKV_PAN_2 resource panos_management_profile Ensure plain-text management HTTP is not enabled for an Interface Management Profile Terraform InterfaceMgmtProfileNoHTTP.py
1956 CKV_PAN_3 resource panos_management_profile Ensure plain-text management Telnet is not enabled for an Interface Management Profile Terraform InterfaceMgmtProfileNoTelnet.py
1957 CKV_PAN_4 resource panos_security_policy Ensure DSRI is not enabled within security policies Terraform PolicyNoDSRI.py
1958 CKV_PAN_4 resource panos_security_rule_group Ensure DSRI is not enabled within security policies Terraform PolicyNoDSRI.py
1959 CKV_PAN_5 resource panos_security_policy Ensure security rules do not have ‘applications’ set to ‘any’ Terraform PolicyNoApplicationAny.py
1960 CKV_PAN_5 resource panos_security_rule_group Ensure security rules do not have ‘applications’ set to ‘any’ Terraform PolicyNoApplicationAny.py
1961 CKV_PAN_6 resource panos_security_policy Ensure security rules do not have ‘services’ set to ‘any’ Terraform PolicyNoServiceAny.py
1962 CKV_PAN_6 resource panos_security_rule_group Ensure security rules do not have ‘services’ set to ‘any’ Terraform PolicyNoServiceAny.py
1963 CKV_PAN_7 resource panos_security_policy Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’ Terraform PolicyNoSrcAnyDstAny.py
1964 CKV_PAN_7 resource panos_security_rule_group Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’ Terraform PolicyNoSrcAnyDstAny.py
1965 CKV_PAN_8 resource panos_security_policy Ensure description is populated within security policies Terraform PolicyDescription.py
1966 CKV_PAN_8 resource panos_security_rule_group Ensure description is populated within security policies Terraform PolicyDescription.py
1967 CKV_PAN_9 resource panos_security_policy Ensure a Log Forwarding Profile is selected for each security policy rule Terraform PolicyLogForwarding.py
1968 CKV_PAN_9 resource panos_security_rule_group Ensure a Log Forwarding Profile is selected for each security policy rule Terraform PolicyLogForwarding.py
1969 CKV_PAN_10 resource panos_security_policy Ensure logging at session end is enabled within security policies Terraform PolicyLoggingEnabled.py
1970 CKV_PAN_10 resource panos_security_rule_group Ensure logging at session end is enabled within security policies Terraform PolicyLoggingEnabled.py
1971 CKV_PAN_11 resource panos_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure encryption algorithms Terraform NetworkIPsecAlgorithms.py
1972 CKV_PAN_11 resource panos_panorama_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure encryption algorithms Terraform NetworkIPsecAlgorithms.py
1973 CKV_PAN_12 resource panos_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure authentication algorithms Terraform NetworkIPsecAuthAlgorithms.py
1974 CKV_PAN_12 resource panos_panorama_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure authentication algorithms Terraform NetworkIPsecAuthAlgorithms.py
1975 CKV_PAN_13 resource panos_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure protocols Terraform NetworkIPsecProtocols.py
1976 CKV_PAN_13 resource panos_panorama_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure protocols Terraform NetworkIPsecProtocols.py
1977 CKV_PAN_14 resource panos_panorama_zone Ensure a Zone Protection Profile is defined within Security Zones Terraform ZoneProtectionProfile.py
1978 CKV_PAN_14 resource panos_zone Ensure a Zone Protection Profile is defined within Security Zones Terraform ZoneProtectionProfile.py
1979 CKV_PAN_14 resource panos_zone_entry Ensure a Zone Protection Profile is defined within Security Zones Terraform ZoneProtectionProfile.py
1980 CKV_PAN_15 resource panos_panorama_zone Ensure an Include ACL is defined for a Zone when User-ID is enabled Terraform ZoneUserIDIncludeACL.py
1981 CKV_PAN_15 resource panos_zone Ensure an Include ACL is defined for a Zone when User-ID is enabled Terraform ZoneUserIDIncludeACL.py
1982 CKV_YC_1 resource yandex_mdb_clickhouse_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1983 CKV_YC_1 resource yandex_mdb_elasticsearch_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1984 CKV_YC_1 resource yandex_mdb_greenplum_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1985 CKV_YC_1 resource yandex_mdb_kafka_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1986 CKV_YC_1 resource yandex_mdb_mongodb_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1987 CKV_YC_1 resource yandex_mdb_mysql_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1988 CKV_YC_1 resource yandex_mdb_postgresql_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1989 CKV_YC_1 resource yandex_mdb_redis_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1990 CKV_YC_1 resource yandex_mdb_sqlserver_cluster Ensure security group is assigned to database cluster. Terraform MDBSecurityGroup.py
1991 CKV_YC_2 resource yandex_compute_instance Ensure compute instance does not have public IP. Terraform ComputeVMPublicIP.py
1992 CKV_YC_3 resource yandex_storage_bucket Ensure storage bucket is encrypted. Terraform ObjectStorageBucketEncryption.py
1993 CKV_YC_4 resource yandex_compute_instance Ensure compute instance does not have serial console enabled. Terraform ComputeVMSerialConsole.py
1994 CKV_YC_5 resource yandex_kubernetes_cluster Ensure Kubernetes cluster does not have public IP address. Terraform K8SPublicIP.py
1995 CKV_YC_6 resource yandex_kubernetes_node_group Ensure Kubernetes cluster node group does not have public IP addresses. Terraform K8SNodeGroupPublicIP.py
1996 CKV_YC_7 resource yandex_kubernetes_cluster Ensure Kubernetes cluster auto-upgrade is enabled. Terraform K8SAutoUpgrade.py
1997 CKV_YC_8 resource yandex_kubernetes_node_group Ensure Kubernetes node group auto-upgrade is enabled. Terraform K8SNodeGroupAutoUpgrade.py
1998 CKV_YC_9 resource yandex_kms_symmetric_key Ensure KMS symmetric key is rotated. Terraform KMSSymmetricKeyRotation.py
1999 CKV_YC_10 resource yandex_kubernetes_cluster Ensure etcd database is encrypted with KMS key. Terraform K8SEtcdKMSEncryption.py
2000 CKV_YC_11 resource yandex_compute_instance Ensure security group is assigned to network interface. Terraform ComputeVMSecurityGroup.py
2001 CKV_YC_12 resource yandex_mdb_clickhouse_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2002 CKV_YC_12 resource yandex_mdb_elasticsearch_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2003 CKV_YC_12 resource yandex_mdb_greenplum_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2004 CKV_YC_12 resource yandex_mdb_kafka_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2005 CKV_YC_12 resource yandex_mdb_mongodb_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2006 CKV_YC_12 resource yandex_mdb_mysql_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2007 CKV_YC_12 resource yandex_mdb_postgresql_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2008 CKV_YC_12 resource yandex_mdb_sqlserver_cluster Ensure public IP is not assigned to database cluster. Terraform MDBPublicIP.py
2009 CKV_YC_13 resource yandex_resourcemanager_cloud_iam_binding Ensure cloud member does not have elevated access. Terraform IAMCloudElevatedMembers.py
2010 CKV_YC_13 resource yandex_resourcemanager_cloud_iam_member Ensure cloud member does not have elevated access. Terraform IAMCloudElevatedMembers.py
2011 CKV_YC_14 resource yandex_kubernetes_cluster Ensure security group is assigned to Kubernetes cluster. Terraform K8SSecurityGroup.py
2012 CKV_YC_15 resource yandex_kubernetes_node_group Ensure security group is assigned to Kubernetes node group. Terraform K8SNodeGroupSecurityGroup.py
2013 CKV_YC_16 resource yandex_kubernetes_cluster Ensure network policy is assigned to Kubernetes cluster. Terraform K8SNetworkPolicy.py
2014 CKV_YC_17 resource yandex_storage_bucket Ensure storage bucket does not have public access permissions. Terraform ObjectStorageBucketPublicAccess.py
2015 CKV_YC_18 resource yandex_compute_instance_group Ensure compute instance group does not have public IP. Terraform ComputeInstanceGroupPublicIP.py
2016 CKV_YC_19 resource yandex_vpc_security_group Ensure security group does not contain allow-all rules. Terraform VPCSecurityGroupAllowAll.py
2017 CKV_YC_20 resource yandex_vpc_security_group_rule Ensure security group rule is not allow-all. Terraform VPCSecurityGroupRuleAllowAll.py
2018 CKV_YC_21 resource yandex_organizationmanager_organization_iam_binding Ensure organization member does not have elevated access. Terraform IAMOrganizationElevatedMembers.py
2019 CKV_YC_21 resource yandex_organizationmanager_organization_iam_member Ensure organization member does not have elevated access. Terraform IAMOrganizationElevatedMembers.py
2020 CKV_YC_22 resource yandex_compute_instance_group Ensure compute instance group has security group assigned. Terraform ComputeInstanceGroupSecurityGroup.py
2021 CKV_YC_23 resource yandex_resourcemanager_folder_iam_binding Ensure folder member does not have elevated access. Terraform IAMFolderElevatedMembers.py
2022 CKV_YC_23 resource yandex_resourcemanager_folder_iam_member Ensure folder member does not have elevated access. Terraform IAMFolderElevatedMembers.py
2023 CKV_YC_24 resource yandex_organizationmanager_organization_iam_binding Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform IAMPassportAccountUsage.py
2024 CKV_YC_24 resource yandex_organizationmanager_organization_iam_member Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform IAMPassportAccountUsage.py
2025 CKV_YC_24 resource yandex_resourcemanager_cloud_iam_binding Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform IAMPassportAccountUsage.py
2026 CKV_YC_24 resource yandex_resourcemanager_cloud_iam_member Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform IAMPassportAccountUsage.py
2027 CKV_YC_24 resource yandex_resourcemanager_folder_iam_binding Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform IAMPassportAccountUsage.py
2028 CKV_YC_24 resource yandex_resourcemanager_folder_iam_member Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform IAMPassportAccountUsage.py

Powered By

  • Slack Community
  • About Bridgecrew
  • Prisma Cloud
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy