terraform resource scans (auto generated)

	Id	Type	Entity	Policy	IaC	Resource Link
0	CKV2_ADO_1	resource	azuredevops_branch_policy_min_reviewers	Ensure at least two approving reviews for PRs	Terraform	ADORepositoryHasMinTwoReviewers.yaml
1	CKV2_ADO_1	resource	azuredevops_git_repository	Ensure at least two approving reviews for PRs	Terraform	ADORepositoryHasMinTwoReviewers.yaml
2	CKV_ALI_1	resource	alicloud_oss_bucket	Alibaba Cloud OSS bucket accessible to public	Terraform	OSSBucketPublic.py
3	CKV_ALI_2	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
4	CKV_ALI_3	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
5	CKV_ALI_4	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all regions	Terraform	ActionTrailLogAllRegions.py
6	CKV_ALI_5	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all events	Terraform	ActionTrailLogAllEvents.py
7	CKV_ALI_6	resource	alicloud_oss_bucket	Ensure OSS bucket is encrypted with Customer Master Key	Terraform	OSSBucketEncryptedWithCMK.py
8	CKV_ALI_7	resource	alicloud_disk	Ensure disk is encrypted	Terraform	DiskIsEncrypted.py
9	CKV_ALI_8	resource	alicloud_disk	Ensure Disk is encrypted with Customer Master Key	Terraform	DiskEncryptedWithCMK.py
10	CKV_ALI_9	resource	alicloud_db_instance	Ensure database instance is not public	Terraform	RDSIsPublic.py
11	CKV_ALI_10	resource	alicloud_oss_bucket	Ensure OSS bucket has versioning enabled	Terraform	OSSBucketVersioning.py
12	CKV_ALI_11	resource	alicloud_oss_bucket	Ensure OSS bucket has transfer Acceleration enabled	Terraform	OSSBucketTransferAcceleration.py
13	CKV_ALI_12	resource	alicloud_oss_bucket	Ensure the OSS bucket has access logging enabled	Terraform	OSSBucketAccessLogs.py
14	CKV_ALI_13	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires minimum length of 14 or greater	Terraform	RAMPasswordPolicyLength.py
15	CKV_ALI_14	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one number	Terraform	RAMPasswordPolicyNumber.py
16	CKV_ALI_15	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one symbol	Terraform	RAMPasswordPolicySymbol.py
17	CKV_ALI_16	resource	alicloud_ram_account_password_policy	Ensure RAM password policy expires passwords within 90 days or less	Terraform	RAMPasswordPolicyExpiration.py
18	CKV_ALI_17	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one lowercase letter	Terraform	RAMPasswordPolicyLowercaseLetter.py
19	CKV_ALI_18	resource	alicloud_ram_account_password_policy	Ensure RAM password policy prevents password reuse	Terraform	RAMPasswordPolicyReuse.py
20	CKV_ALI_19	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one uppercase letter	Terraform	RAMPasswordPolicyUppcaseLetter.py
21	CKV_ALI_20	resource	alicloud_db_instance	Ensure RDS instance uses SSL	Terraform	RDSInstanceSSL.py
22	CKV_ALI_21	resource	alicloud_api_gateway_api	Ensure API Gateway API Protocol HTTPS	Terraform	APIGatewayProtocolHTTPS.py
23	CKV_ALI_22	resource	alicloud_db_instance	Ensure Transparent Data Encryption is Enabled on instance	Terraform	RDSTransparentDataEncryptionEnabled.py
24	CKV_ALI_23	resource	alicloud_ram_account_password_policy	Ensure Ram Account Password Policy Max Login Attempts not > 5	Terraform	RAMPasswordPolicyMaxLogin.py
25	CKV_ALI_24	resource	alicloud_ram_security_preference	Ensure RAM enforces MFA	Terraform	RAMSecurityEnforceMFA.py
26	CKV_ALI_25	resource	alicloud_db_instance	Ensure RDS Instance SQL Collector Retention Period should be greater than 180	Terraform	RDSRetention.py
27	CKV_ALI_26	resource	alicloud_cs_kubernetes	Ensure Kubernetes installs plugin Terway or Flannel to support standard policies	Terraform	K8sEnableNetworkPolicies.py
28	CKV_ALI_27	resource	alicloud_kms_key	Ensure KMS Key Rotation is enabled	Terraform	KMSKeyRotationIsEnabled.py
29	CKV_ALI_28	resource	alicloud_kms_key	Ensure KMS Keys are enabled	Terraform	KMSKeyIsEnabled.py
30	CKV_ALI_29	resource	alicloud_alb_acl_entry_attachment	Alibaba ALB ACL does not restrict Access	Terraform	ALBACLIsUnrestricted.py
31	CKV_ALI_30	resource	alicloud_db_instance	Ensure RDS instance auto upgrades for minor versions	Terraform	RDSInstanceAutoUpgrade.py
32	CKV_ALI_31	resource	alicloud_cs_kubernetes_node_pool	Ensure K8s nodepools are set to auto repair	Terraform	K8sNodePoolAutoRepair.py
33	CKV_ALI_32	resource	alicloud_ecs_launch_template	Ensure launch template data disks are encrypted	Terraform	LaunchTemplateDisksAreEncrypted.py
34	CKV_ALI_33	resource	alicloud_slb_tls_cipher_policy	Alibaba Cloud Cypher Policy are secure	Terraform	TLSPoliciesAreSecure.py
35	CKV_ALI_35	resource	alicloud_db_instance	Ensure RDS instance has log_duration enabled	Terraform	RDSInstanceLogsEnabled.py
36	CKV_ALI_36	resource	alicloud_db_instance	Ensure RDS instance has log_disconnections enabled	Terraform	RDSInstanceLogDisconnections.py
37	CKV_ALI_37	resource	alicloud_db_instance	Ensure RDS instance has log_connections enabled	Terraform	RDSInstanceLogConnections.py
38	CKV_ALI_38	resource	alicloud_log_audit	Ensure log audit is enabled for RDS	Terraform	LogAuditRDSEnabled.py
39	CKV_ALI_41	resource	alicloud_mongodb_instance	Ensure MongoDB is deployed inside a VPC	Terraform	MongoDBInsideVPC.py
40	CKV_ALI_42	resource	alicloud_mongodb_instance	Ensure Mongodb instance uses SSL	Terraform	MongoDBInstanceSSL.py
41	CKV_ALI_43	resource	alicloud_mongodb_instance	Ensure MongoDB instance is not public	Terraform	MongoDBIsPublic.py
42	CKV_ALI_44	resource	alicloud_mongodb_instance	Ensure MongoDB has Transparent Data Encryption Enabled	Terraform	MongoDBTransparentDataEncryptionEnabled.py
43	CKV_AWS_1	data	aws_iam_policy_document	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	AdminPolicyDocument.py
44	CKV_AWS_2	resource	aws_alb_listener	Ensure ALB protocol is HTTPS	Terraform	ALBListenerHTTPS.py
45	CKV_AWS_2	resource	aws_lb_listener	Ensure ALB protocol is HTTPS	Terraform	ALBListenerHTTPS.py
46	CKV_AWS_3	resource	aws_ebs_volume	Ensure all data stored in the EBS is securely encrypted	Terraform	EBSEncryption.py
47	CKV_AWS_5	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	ElasticsearchEncryption.py
48	CKV_AWS_5	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	ElasticsearchEncryption.py
49	CKV_AWS_6	resource	aws_elasticsearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	ElasticsearchNodeToNodeEncryption.py
50	CKV_AWS_6	resource	aws_opensearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	ElasticsearchNodeToNodeEncryption.py
51	CKV_AWS_7	resource	aws_kms_key	Ensure rotation for customer created CMKs is enabled	Terraform	KMSRotation.py
52	CKV_AWS_8	resource	aws_instance	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	LaunchConfigurationEBSEncryption.py
53	CKV_AWS_8	resource	aws_launch_configuration	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	LaunchConfigurationEBSEncryption.py
54	CKV_AWS_9	resource	aws_iam_account_password_policy	Ensure IAM password policy expires passwords within 90 days or less	Terraform	PasswordPolicyExpiration.py
55	CKV_AWS_10	resource	aws_iam_account_password_policy	Ensure IAM password policy requires minimum length of 14 or greater	Terraform	PasswordPolicyLength.py
56	CKV_AWS_11	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one lowercase letter	Terraform	PasswordPolicyLowercaseLetter.py
57	CKV_AWS_12	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one number	Terraform	PasswordPolicyNumber.py
58	CKV_AWS_13	resource	aws_iam_account_password_policy	Ensure IAM password policy prevents password reuse	Terraform	PasswordPolicyReuse.py
59	CKV_AWS_14	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one symbol	Terraform	PasswordPolicySymbol.py
60	CKV_AWS_15	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one uppercase letter	Terraform	PasswordPolicyUppercaseLetter.py
61	CKV_AWS_16	resource	aws_db_instance	Ensure all data stored in the RDS is securely encrypted at rest	Terraform	RDSEncryption.py
62	CKV_AWS_17	resource	aws_db_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	RDSPubliclyAccessible.py
63	CKV_AWS_17	resource	aws_rds_cluster_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	RDSPubliclyAccessible.py
64	CKV_AWS_18	resource	aws_s3_bucket	Ensure the S3 bucket has access logging enabled	Terraform	S3BucketLogging.yaml
65	CKV_AWS_19	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	S3BucketEncryption.yaml
66	CKV_AWS_19	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	S3BucketEncryption.yaml
67	CKV_AWS_20	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public READ access.	Terraform	S3PublicACLRead.yaml
68	CKV_AWS_20	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public READ access.	Terraform	S3PublicACLRead.yaml
69	CKV_AWS_21	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	S3BucketVersioning.yaml
70	CKV_AWS_21	resource	aws_s3_bucket_versioning	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	S3BucketVersioning.yaml
71	CKV_AWS_22	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Notebook is encrypted at rest using KMS CMK	Terraform	SagemakerNotebookEncryption.py
72	CKV_AWS_23	resource	aws_db_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
73	CKV_AWS_23	resource	aws_elasticache_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
74	CKV_AWS_23	resource	aws_redshift_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
75	CKV_AWS_23	resource	aws_security_group	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
76	CKV_AWS_23	resource	aws_security_group_rule	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
77	CKV_AWS_23	resource	aws_vpc_security_group_egress_rule	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
78	CKV_AWS_23	resource	aws_vpc_security_group_ingress_rule	Ensure every security groups rule has a description	Terraform	SecurityGroupRuleDescription.py
79	CKV_AWS_24	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
80	CKV_AWS_24	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
81	CKV_AWS_24	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
82	CKV_AWS_25	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
83	CKV_AWS_25	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
84	CKV_AWS_25	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
85	CKV_AWS_26	resource	aws_sns_topic	Ensure all data stored in the SNS topic is encrypted	Terraform	SNSTopicEncryption.py
86	CKV_AWS_27	resource	aws_sqs_queue	Ensure all data stored in the SQS queue is encrypted	Terraform	SQSQueueEncryption.py
87	CKV_AWS_28	resource	aws_dynamodb_table	Ensure Dynamodb point in time recovery (backup) is enabled	Terraform	DynamodbRecovery.py
88	CKV_AWS_29	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest	Terraform	ElasticacheReplicationGroupEncryptionAtRest.py
89	CKV_AWS_30	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit	Terraform	ElasticacheReplicationGroupEncryptionAtTransit.py
90	CKV_AWS_31	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token	Terraform	ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
91	CKV_AWS_32	resource	aws_ecr_repository_policy	Ensure ECR policy is not set to public	Terraform	ECRPolicy.py
92	CKV_AWS_33	resource	aws_kms_key	Ensure KMS key policy does not contain wildcard (*) principal	Terraform	KMSKeyWildcardPrincipal.py
93	CKV_AWS_34	resource	aws_cloudfront_distribution	Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS	Terraform	CloudfrontDistributionEncryption.py
94	CKV_AWS_35	resource	aws_cloudtrail	Ensure CloudTrail logs are encrypted at rest using KMS CMKs	Terraform	CloudtrailEncryptionWithCMK.py
95	CKV_AWS_36	resource	aws_cloudtrail	Ensure CloudTrail log file validation is enabled	Terraform	CloudtrailLogValidation.py
96	CKV_AWS_37	resource	aws_eks_cluster	Ensure Amazon EKS control plane logging enabled for all log types	Terraform	EKSControlPlaneLogging.py
97	CKV_AWS_38	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0	Terraform	EKSPublicAccessCIDR.py
98	CKV_AWS_39	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint disabled	Terraform	EKSPublicAccess.py
99	CKV_AWS_40	resource	aws_iam_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
100	CKV_AWS_40	resource	aws_iam_user_policy	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
101	CKV_AWS_40	resource	aws_iam_user_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
102	CKV_AWS_41	provider	aws	Ensure no hard coded AWS access key and secret key exists in provider	Terraform	credentials.py
103	CKV_AWS_42	resource	aws_efs_file_system	Ensure EFS is securely encrypted	Terraform	EFSEncryptionEnabled.py
104	CKV_AWS_43	resource	aws_kinesis_stream	Ensure Kinesis Stream is securely encrypted	Terraform	KinesisStreamEncryptionType.py
105	CKV_AWS_44	resource	aws_neptune_cluster	Ensure Neptune storage is securely encrypted	Terraform	NeptuneClusterStorageEncrypted.py
106	CKV_AWS_45	resource	aws_lambda_function	Ensure no hard-coded secrets exist in lambda environment	Terraform	LambdaEnvironmentCredentials.py
107	CKV_AWS_46	resource	aws_instance	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
108	CKV_AWS_46	resource	aws_launch_configuration	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
109	CKV_AWS_46	resource	aws_launch_template	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
110	CKV_AWS_47	resource	aws_dax_cluster	Ensure DAX is encrypted at rest (default is unencrypted)	Terraform	DAXEncryption.py
111	CKV_AWS_48	resource	aws_mq_broker	Ensure MQ Broker logging is enabled	Terraform	MQBrokerLogging.py
112	CKV_AWS_49	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	StarActionPolicyDocument.py
113	CKV_AWS_50	resource	aws_lambda_function	X-ray tracing is enabled for Lambda	Terraform	LambdaXrayEnabled.py
114	CKV_AWS_51	resource	aws_ecr_repository	Ensure ECR Image Tags are immutable	Terraform	ECRImmutableTags.py
115	CKV_AWS_53	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public ACLS enabled	Terraform	S3BlockPublicACLs.py
116	CKV_AWS_54	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public policy enabled	Terraform	S3BlockPublicPolicy.py
117	CKV_AWS_55	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ignore public ACLs enabled	Terraform	S3IgnorePublicACLs.py
118	CKV_AWS_56	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ‘restrict_public_bucket’ enabled	Terraform	S3RestrictPublicBuckets.py
119	CKV_AWS_57	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	S3PublicACLWrite.yaml
120	CKV_AWS_57	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	S3PublicACLWrite.yaml
121	CKV_AWS_58	resource	aws_eks_cluster	Ensure EKS Cluster has Secrets Encryption Enabled	Terraform	EKSSecretsEncryption.py
122	CKV_AWS_59	resource	aws_api_gateway_method	Ensure there is no open access to back-end resources through API	Terraform	APIGatewayAuthorization.py
123	CKV_AWS_60	resource	aws_iam_role	Ensure IAM role allows only specific services or principals to assume it	Terraform	IAMRoleAllowsPublicAssume.py
124	CKV_AWS_61	resource	aws_iam_role	Ensure AWS IAM policy does not allow assume role permission across all services	Terraform	IAMRoleAllowAssumeFromAccount.py
125	CKV_AWS_62	resource	aws_iam_group_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
126	CKV_AWS_62	resource	aws_iam_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
127	CKV_AWS_62	resource	aws_iam_role_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
128	CKV_AWS_62	resource	aws_iam_user_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
129	CKV_AWS_62	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
130	CKV_AWS_63	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
131	CKV_AWS_63	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
132	CKV_AWS_63	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
133	CKV_AWS_63	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
134	CKV_AWS_63	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
135	CKV_AWS_64	resource	aws_redshift_cluster	Ensure all data stored in the Redshift cluster is securely encrypted at rest	Terraform	RedshiftClusterEncryption.py
136	CKV_AWS_65	resource	aws_ecs_cluster	Ensure container insights are enabled on ECS cluster	Terraform	ECSClusterContainerInsights.py
137	CKV_AWS_66	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group specifies retention days	Terraform	CloudWatchLogGroupRetention.py
138	CKV_AWS_67	resource	aws_cloudtrail	Ensure CloudTrail is enabled in all Regions	Terraform	CloudtrailMultiRegion.py
139	CKV_AWS_68	resource	aws_cloudfront_distribution	CloudFront Distribution should have WAF enabled	Terraform	WAFEnabled.py
140	CKV_AWS_69	resource	aws_mq_broker	Ensure MQ Broker is not publicly exposed	Terraform	MQBrokerNotPubliclyExposed.py
141	CKV_AWS_70	resource	aws_s3_bucket	Ensure S3 bucket does not allow an action with any Principal	Terraform	S3AllowsAnyPrincipal.py
142	CKV_AWS_70	resource	aws_s3_bucket_policy	Ensure S3 bucket does not allow an action with any Principal	Terraform	S3AllowsAnyPrincipal.py
143	CKV_AWS_71	resource	aws_redshift_cluster	Ensure Redshift Cluster logging is enabled	Terraform	RedshiftClusterLogging.py
144	CKV_AWS_72	resource	aws_sqs_queue_policy	Ensure SQS policy does not allow ALL (*) actions.	Terraform	SQSPolicy.py
145	CKV_AWS_73	resource	aws_api_gateway_stage	Ensure API Gateway has X-Ray Tracing enabled	Terraform	APIGatewayXray.py
146	CKV_AWS_74	resource	aws_docdb_cluster	Ensure DocDB is encrypted at rest (default is unencrypted)	Terraform	DocDBEncryption.py
147	CKV_AWS_75	resource	aws_globalaccelerator_accelerator	Ensure Global Accelerator accelerator has flow logs enabled	Terraform	GlobalAcceleratorAcceleratorFlowLogs.py
148	CKV_AWS_76	resource	aws_api_gateway_stage	Ensure API Gateway has Access Logging enabled	Terraform	APIGatewayAccessLogging.py
149	CKV_AWS_76	resource	aws_apigatewayv2_stage	Ensure API Gateway has Access Logging enabled	Terraform	APIGatewayAccessLogging.py
150	CKV_AWS_77	resource	aws_athena_database	Ensure Athena Database is encrypted at rest (default is unencrypted)	Terraform	AthenaDatabaseEncryption.py
151	CKV_AWS_78	resource	aws_codebuild_project	Ensure that CodeBuild Project encryption is not disabled	Terraform	CodeBuildProjectEncryption.py
152	CKV_AWS_79	resource	aws_instance	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
153	CKV_AWS_79	resource	aws_launch_configuration	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
154	CKV_AWS_79	resource	aws_launch_template	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
155	CKV_AWS_80	resource	aws_msk_cluster	Ensure MSK Cluster logging is enabled	Terraform	MSKClusterLogging.py
156	CKV_AWS_81	resource	aws_msk_cluster	Ensure MSK Cluster encryption in rest and transit is enabled	Terraform	MSKClusterEncryption.py
157	CKV_AWS_82	resource	aws_athena_workgroup	Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption	Terraform	AthenaWorkgroupConfiguration.py
158	CKV_AWS_83	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	ElasticsearchDomainEnforceHTTPS.py
159	CKV_AWS_83	resource	aws_opensearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	ElasticsearchDomainEnforceHTTPS.py
160	CKV_AWS_84	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	ElasticsearchDomainLogging.py
161	CKV_AWS_84	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	ElasticsearchDomainLogging.py
162	CKV_AWS_85	resource	aws_docdb_cluster	Ensure DocDB Logging is enabled	Terraform	DocDBLogging.py
163	CKV_AWS_86	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution has Access Logging enabled	Terraform	CloudfrontDistributionLogging.py
164	CKV_AWS_87	resource	aws_redshift_cluster	Redshift cluster should not be publicly accessible	Terraform	RedshitClusterPubliclyAvailable.py
165	CKV_AWS_88	resource	aws_instance	EC2 instance should not have public IP.	Terraform	EC2PublicIP.py
166	CKV_AWS_88	resource	aws_launch_template	EC2 instance should not have public IP.	Terraform	EC2PublicIP.py
167	CKV_AWS_89	resource	aws_dms_replication_instance	DMS replication instance should not be publicly accessible	Terraform	DMSReplicationInstancePubliclyAccessible.py
168	CKV_AWS_90	resource	aws_docdb_cluster_parameter_group	Ensure DocDB TLS is not disabled	Terraform	DocDBTLS.py
169	CKV_AWS_91	resource	aws_alb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	ELBv2AccessLogs.py
170	CKV_AWS_91	resource	aws_lb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	ELBv2AccessLogs.py
171	CKV_AWS_92	resource	aws_elb	Ensure the ELB has access logging enabled	Terraform	ELBAccessLogs.py
172	CKV_AWS_93	resource	aws_s3_bucket	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	S3ProtectAgainstPolicyLockout.py
173	CKV_AWS_93	resource	aws_s3_bucket_policy	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	S3ProtectAgainstPolicyLockout.py
174	CKV_AWS_94	resource	aws_glue_data_catalog_encryption_settings	Ensure Glue Data Catalog Encryption is enabled	Terraform	GlueDataCatalogEncryption.py
175	CKV_AWS_96	resource	aws_rds_cluster	Ensure all data stored in Aurora is securely encrypted at rest	Terraform	AuroraEncryption.py
176	CKV_AWS_97	resource	aws_ecs_task_definition	Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions	Terraform	ECSTaskDefinitionEFSVolumeEncryption.py
177	CKV_AWS_98	resource	aws_sagemaker_endpoint_configuration	Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest	Terraform	SagemakerEndpointConfigurationEncryption.py
178	CKV_AWS_99	resource	aws_glue_security_configuration	Ensure Glue Security Configuration Encryption is enabled	Terraform	GlueSecurityConfiguration.py
179	CKV_AWS_100	resource	aws_eks_node_group	Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0	Terraform	EKSNodeGroupRemoteAccess.py
180	CKV_AWS_101	resource	aws_neptune_cluster	Ensure Neptune logging is enabled	Terraform	NeptuneClusterLogging.py
181	CKV_AWS_102	resource	aws_neptune_cluster_instance	Ensure Neptune Cluster instance is not publicly available	Terraform	NeptuneClusterInstancePublic.py
182	CKV_AWS_103	resource	aws_alb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
183	CKV_AWS_103	resource	aws_lb	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
184	CKV_AWS_103	resource	aws_lb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
185	CKV_AWS_104	resource	aws_docdb_cluster_parameter_group	Ensure DocDB has audit logs enabled	Terraform	DocDBAuditLogs.py
186	CKV_AWS_105	resource	aws_redshift_parameter_group	Ensure Redshift uses SSL	Terraform	RedShiftSSL.py
187	CKV_AWS_106	resource	aws_ebs_encryption_by_default	Ensure EBS default encryption is enabled	Terraform	EBSDefaultEncryption.py
188	CKV_AWS_107	data	aws_iam_policy_document	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
189	CKV_AWS_108	data	aws_iam_policy_document	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
190	CKV_AWS_109	data	aws_iam_policy_document	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
191	CKV_AWS_110	data	aws_iam_policy_document	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
192	CKV_AWS_111	data	aws_iam_policy_document	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
193	CKV_AWS_112	resource	aws_ssm_document	Ensure Session Manager data is encrypted in transit	Terraform	SSMSessionManagerDocumentEncryption.py
194	CKV_AWS_113	resource	aws_ssm_document	Ensure Session Manager logs are enabled and encrypted	Terraform	SSMSessionManagerDocumentLogging.py
195	CKV_AWS_114	resource	aws_emr_cluster	Ensure that EMR clusters with Kerberos have Kerberos Realm set	Terraform	EMRClusterKerberosAttributes.py
196	CKV_AWS_115	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Terraform	LambdaFunctionLevelConcurrentExecutionLimit.py
197	CKV_AWS_116	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Terraform	LambdaDLQConfigured.py
198	CKV_AWS_117	resource	aws_lambda_function	Ensure that AWS Lambda function is configured inside a VPC	Terraform	LambdaInVPC.py
199	CKV_AWS_118	resource	aws_db_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	RDSEnhancedMonitorEnabled.py
200	CKV_AWS_118	resource	aws_rds_cluster_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	RDSEnhancedMonitorEnabled.py
201	CKV_AWS_119	resource	aws_dynamodb_table	Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK	Terraform	DynamoDBTablesEncrypted.py
202	CKV_AWS_120	resource	aws_api_gateway_stage	Ensure API Gateway caching is enabled	Terraform	APIGatewayCacheEnable.py
203	CKV_AWS_121	resource	aws_config_configuration_aggregator	Ensure AWS Config is enabled in all regions	Terraform	ConfigConfgurationAggregatorAllRegions.py
204	CKV_AWS_122	resource	aws_sagemaker_notebook_instance	Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance	Terraform	SageMakerInternetAccessDisabled.py
205	CKV_AWS_123	resource	aws_vpc_endpoint_service	Ensure that VPC Endpoint Service is configured for Manual Acceptance	Terraform	VPCEndpointAcceptanceConfigured.py
206	CKV_AWS_124	resource	aws_cloudformation_stack	Ensure that CloudFormation stacks are sending event notifications to an SNS topic	Terraform	CloudformationStackNotificationArns.py
207	CKV_AWS_126	resource	aws_instance	Ensure that detailed monitoring is enabled for EC2 instances	Terraform	EC2DetailedMonitoringEnabled.py
208	CKV_AWS_127	resource	aws_elb	Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager	Terraform	ELBUsesSSL.py
209	CKV_AWS_129	resource	aws_db_instance	Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled	Terraform	DBInstanceLogging.py
210	CKV_AWS_130	resource	aws_subnet	Ensure VPC subnets do not assign public IP by default	Terraform	SubnetPublicIP.py
211	CKV_AWS_131	resource	aws_alb	Ensure that ALB drops HTTP headers	Terraform	ALBDropHttpHeaders.py
212	CKV_AWS_131	resource	aws_lb	Ensure that ALB drops HTTP headers	Terraform	ALBDropHttpHeaders.py
213	CKV_AWS_133	resource	aws_db_instance	Ensure that RDS instances has backup policy	Terraform	DBInstanceBackupRetentionPeriod.py
214	CKV_AWS_133	resource	aws_rds_cluster	Ensure that RDS instances has backup policy	Terraform	DBInstanceBackupRetentionPeriod.py
215	CKV_AWS_134	resource	aws_elasticache_cluster	Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on	Terraform	ElasticCacheAutomaticBackup.py
216	CKV_AWS_135	resource	aws_instance	Ensure that EC2 is EBS optimized	Terraform	EC2EBSOptimized.py
217	CKV_AWS_136	resource	aws_ecr_repository	Ensure that ECR repositories are encrypted using KMS	Terraform	ECRRepositoryEncrypted.py
218	CKV_AWS_137	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	ElasticsearchInVPC.py
219	CKV_AWS_137	resource	aws_opensearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	ElasticsearchInVPC.py
220	CKV_AWS_138	resource	aws_elb	Ensure that ELB is cross-zone-load-balancing enabled	Terraform	ELBCrossZoneEnable.py
221	CKV_AWS_139	resource	aws_rds_cluster	Ensure that RDS clusters have deletion protection enabled	Terraform	RDSDeletionProtection.py
222	CKV_AWS_140	resource	aws_rds_global_cluster	Ensure that RDS global clusters are encrypted	Terraform	RDSClusterEncrypted.py
223	CKV_AWS_141	resource	aws_redshift_cluster	Ensured that redshift cluster allowing version upgrade by default	Terraform	RedshiftClusterAllowVersionUpgrade.py
224	CKV_AWS_142	resource	aws_redshift_cluster	Ensure that Redshift cluster is encrypted by KMS	Terraform	RedshiftClusterKMSKey.py
225	CKV_AWS_143	resource	aws_s3_bucket	Ensure that S3 bucket has lock configuration enabled by default	Terraform	S3BucketObjectLock.py
226	CKV_AWS_144	resource	aws_s3_bucket	Ensure that S3 bucket has cross-region replication enabled	Terraform	S3BucketReplicationConfiguration.yaml
227	CKV_AWS_144	resource	aws_s3_bucket_replication_configuration	Ensure that S3 bucket has cross-region replication enabled	Terraform	S3BucketReplicationConfiguration.yaml
228	CKV_AWS_145	resource	aws_s3_bucket	Ensure that S3 buckets are encrypted with KMS by default	Terraform	S3KMSEncryptedByDefault.yaml
229	CKV_AWS_145	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure that S3 buckets are encrypted with KMS by default	Terraform	S3KMSEncryptedByDefault.yaml
230	CKV_AWS_146	resource	aws_db_cluster_snapshot	Ensure that RDS database cluster snapshot is encrypted	Terraform	RDSClusterSnapshotEncrypted.py
231	CKV_AWS_147	resource	aws_codebuild_project	Ensure that CodeBuild projects are encrypted using CMK	Terraform	CodebuildUsesCMK.py
232	CKV_AWS_148	resource	aws_default_vpc	Ensure no default VPC is planned to be provisioned	Terraform	VPCDefaultNetwork.py
233	CKV_AWS_149	resource	aws_secretsmanager_secret	Ensure that Secrets Manager secret is encrypted using KMS CMK	Terraform	SecretManagerSecretEncrypted.py
234	CKV_AWS_150	resource	aws_alb	Ensure that Load Balancer has deletion protection enabled	Terraform	LBDeletionProtection.py
235	CKV_AWS_150	resource	aws_lb	Ensure that Load Balancer has deletion protection enabled	Terraform	LBDeletionProtection.py
236	CKV_AWS_152	resource	aws_alb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	LBCrossZone.py
237	CKV_AWS_152	resource	aws_lb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	LBCrossZone.py
238	CKV_AWS_153	resource	aws_autoscaling_group	Autoscaling groups should supply tags to launch configurations	Terraform	AutoScalingTagging.py
239	CKV_AWS_154	resource	aws_redshift_cluster	Ensure Redshift is not deployed outside of a VPC	Terraform	RedshiftInEc2ClassicMode.py
240	CKV_AWS_155	resource	aws_workspaces_workspace	Ensure that Workspace user volumes are encrypted	Terraform	WorkspaceUserVolumeEncrypted.py
241	CKV_AWS_156	resource	aws_workspaces_workspace	Ensure that Workspace root volumes are encrypted	Terraform	WorkspaceRootVolumeEncrypted.py
242	CKV_AWS_157	resource	aws_db_instance	Ensure that RDS instances have Multi-AZ enabled	Terraform	RDSMultiAZEnabled.py
243	CKV_AWS_158	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group is encrypted by KMS	Terraform	CloudWatchLogGroupKMSKey.py
244	CKV_AWS_159	resource	aws_athena_workgroup	Ensure that Athena Workgroup is encrypted	Terraform	AthenaWorkgroupEncryption.py
245	CKV_AWS_160	resource	aws_timestreamwrite_database	Ensure that Timestream database is encrypted with KMS CMK	Terraform	TimestreamDatabaseKMSKey.py
246	CKV_AWS_161	resource	aws_db_instance	Ensure RDS database has IAM authentication enabled	Terraform	RDSIAMAuthentication.py
247	CKV_AWS_162	resource	aws_rds_cluster	Ensure RDS cluster has IAM authentication enabled	Terraform	RDSClusterIAMAuthentication.py
248	CKV_AWS_163	resource	aws_ecr_repository	Ensure ECR image scanning on push is enabled	Terraform	ECRImageScanning.py
249	CKV_AWS_164	resource	aws_transfer_server	Ensure Transfer Server is not exposed publicly.	Terraform	TransferServerIsPublic.py
250	CKV_AWS_165	resource	aws_dynamodb_global_table	Ensure Dynamodb point in time recovery (backup) is enabled for global tables	Terraform	DynamoDBGlobalTableRecovery.py
251	CKV_AWS_166	resource	aws_backup_vault	Ensure Backup Vault is encrypted at rest using KMS CMK	Terraform	BackupVaultEncrypted.py
252	CKV_AWS_167	resource	aws_glacier_vault	Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it	Terraform	GlacierVaultAnyPrincipal.py
253	CKV_AWS_168	resource	aws_sqs_queue	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	SQSQueuePolicyAnyPrincipal.py
254	CKV_AWS_168	resource	aws_sqs_queue_policy	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	SQSQueuePolicyAnyPrincipal.py
255	CKV_AWS_169	resource	aws_sns_topic_policy	Ensure SNS topic policy is not public by only allowing specific services or principals to access it	Terraform	SNSTopicPolicyAnyPrincipal.py
256	CKV_AWS_170	resource	aws_qldb_ledger	Ensure QLDB ledger permissions mode is set to STANDARD	Terraform	QLDBLedgerPermissionsMode.py
257	CKV_AWS_171	resource	aws_emr_security_configuration	Ensure Cluster security configuration encryption is using SSE-KMS	Terraform	EMRClusterIsEncryptedKMS.py
258	CKV_AWS_172	resource	aws_qldb_ledger	Ensure QLDB ledger has deletion protection enabled	Terraform	QLDBLedgerDeletionProtection.py
259	CKV_AWS_173	resource	aws_lambda_function	Check encryption settings for Lambda environmental variable	Terraform	LambdaEnvironmentEncryptionSettings.py
260	CKV_AWS_174	resource	aws_cloudfront_distribution	Verify CloudFront Distribution Viewer Certificate is using TLS v1.2	Terraform	CloudfrontTLS12.py
261	CKV_AWS_175	resource	aws_waf_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
262	CKV_AWS_175	resource	aws_wafregional_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
263	CKV_AWS_175	resource	aws_wafv2_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
264	CKV_AWS_176	resource	aws_waf_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	WAFHasLogs.py
265	CKV_AWS_176	resource	aws_wafregional_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	WAFHasLogs.py
266	CKV_AWS_177	resource	aws_kinesis_video_stream	Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	KinesisVideoEncryptedWithCMK.py
267	CKV_AWS_178	resource	aws_fsx_ontap_file_system	Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXOntapFSEncryptedWithCMK.py
268	CKV_AWS_179	resource	aws_fsx_windows_file_system	Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXWindowsFSEncryptedWithCMK.py
269	CKV_AWS_180	resource	aws_imagebuilder_component	Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK)	Terraform	ImagebuilderComponentEncryptedWithCMK.py
270	CKV_AWS_181	resource	aws_s3_object_copy	Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	S3ObjectCopyEncryptedWithCMK.py
271	CKV_AWS_182	resource	aws_docdb_cluster	Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK)	Terraform	DocDBEncryptedWithCMK.py
272	CKV_AWS_183	resource	aws_ebs_snapshot_copy	Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	EBSSnapshotCopyEncryptedWithCMK.py
273	CKV_AWS_184	resource	aws_efs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	EFSFileSystemEncryptedWithCMK.py
274	CKV_AWS_185	resource	aws_kinesis_stream	Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	KinesisStreamEncryptedWithCMK.py
275	CKV_AWS_186	resource	aws_s3_bucket_object	Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)	Terraform	S3BucketObjectEncryptedWithCMK.py
276	CKV_AWS_187	resource	aws_sagemaker_domain	Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	SagemakerDomainEncryptedWithCMK.py
277	CKV_AWS_188	resource	aws_redshift_cluster	Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)	Terraform	RedshiftClusterEncryptedWithCMK.py
278	CKV_AWS_189	resource	aws_ebs_volume	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	EBSVolumeEncryptedWithCMK.py
279	CKV_AWS_190	resource	aws_fsx_lustre_file_system	Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK)	Terraform	LustreFSEncryptedWithCMK.py
280	CKV_AWS_191	resource	aws_elasticache_replication_group	Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)	Terraform	ElasticacheReplicationGroupEncryptedWithCMK.py
281	CKV_AWS_192	resource	aws_wafv2_web_acl	Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	WAFACLCVE202144228.py
282	CKV_AWS_193	resource	aws_appsync_graphql_api	Ensure AppSync has Logging enabled	Terraform	AppSyncLogging.py
283	CKV_AWS_194	resource	aws_appsync_graphql_api	Ensure AppSync has Field-Level logs enabled	Terraform	AppSyncFieldLevelLogs.py
284	CKV_AWS_195	resource	aws_glue_crawler	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
285	CKV_AWS_195	resource	aws_glue_dev_endpoint	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
286	CKV_AWS_195	resource	aws_glue_job	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
287	CKV_AWS_196	resource	aws_elasticache_security_group	Ensure no aws_elasticache_security_group resources exist	Terraform	ElasticacheHasSecurityGroup.py
288	CKV_AWS_197	resource	aws_mq_broker	Ensure MQ Broker Audit logging is enabled	Terraform	MQBrokerAuditLogging.py
289	CKV_AWS_198	resource	aws_db_security_group	Ensure no aws_db_security_group resources exist	Terraform	RDSHasSecurityGroup.py
290	CKV_AWS_199	resource	aws_imagebuilder_distribution_configuration	Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK)	Terraform	ImagebuilderDistributionConfigurationEncryptedWithCMK.py
291	CKV_AWS_200	resource	aws_imagebuilder_image_recipe	Ensure that Image Recipe EBS Disk are encrypted with CMK	Terraform	ImagebuilderImageRecipeEBSEncrypted.py
292	CKV_AWS_201	resource	aws_memorydb_cluster	Ensure MemoryDB is encrypted at rest using KMS CMKs	Terraform	MemoryDBEncryptionWithCMK.py
293	CKV_AWS_202	resource	aws_memorydb_cluster	Ensure MemoryDB data is encrypted in transit	Terraform	MemoryDBClusterIntransitEncryption.py
294	CKV_AWS_203	resource	aws_fsx_openzfs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXOpenZFSFileSystemEncryptedWithCMK.py
295	CKV_AWS_204	resource	aws_ami	Ensure AMIs are encrypted using KMS CMKs	Terraform	AMIEncryption.py
296	CKV_AWS_205	resource	aws_ami_launch_permission	Ensure to Limit AMI launch Permissions	Terraform	AMILaunchIsShared.py
297	CKV_AWS_206	resource	aws_api_gateway_domain_name	Ensure API Gateway Domain uses a modern security Policy	Terraform	APIGatewayDomainNameTLS.py
298	CKV_AWS_207	resource	aws_mq_broker	Ensure MQ Broker minor version updates are enabled	Terraform	MQBrokerMinorAutoUpgrade.py
299	CKV_AWS_208	resource	aws_mq_broker	Ensure MQBroker version is current	Terraform	MQBrokerVersion.py
300	CKV_AWS_208	resource	aws_mq_configuration	Ensure MQBroker version is current	Terraform	MQBrokerVersion.py
301	CKV_AWS_209	resource	aws_mq_broker	Ensure MQ broker encrypted by KMS using a customer managed Key (CMK)	Terraform	MQBrokerEncryptedWithCMK.py
302	CKV_AWS_210	resource	aws_batch_job_definition	Batch job does not define a privileged container	Terraform	BatchJobIsNotPrivileged.py
303	CKV_AWS_211	resource	aws_db_instance	Ensure RDS uses a modern CaCert	Terraform	RDSCACertIsRecent.py
304	CKV_AWS_212	resource	aws_dms_replication_instance	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	DMSReplicationInstanceEncryptedWithCMK.py
305	CKV_AWS_213	resource	aws_load_balancer_policy	Ensure ELB Policy uses only secure protocols	Terraform	ELBPolicyUsesSecureProtocols.py
306	CKV_AWS_214	resource	aws_appsync_api_cache	Ensure Appsync API Cache is encrypted at rest	Terraform	AppsyncAPICacheEncryptionAtRest.py
307	CKV_AWS_215	resource	aws_appsync_api_cache	Ensure Appsync API Cache is encrypted in transit	Terraform	AppsyncAPICacheEncryptionInTransit.py
308	CKV_AWS_216	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution is enabled	Terraform	CloudfrontDistributionEnabled.py
309	CKV_AWS_217	resource	aws_api_gateway_deployment	Ensure Create before destroy for API deployments	Terraform	APIGatewayDeploymentCreateBeforeDestroy.py
310	CKV_AWS_218	resource	aws_cloudsearch_domain	Ensure that Cloudsearch is using latest TLS	Terraform	CloudsearchDomainTLS.py
311	CKV_AWS_219	resource	aws_codepipeline	Ensure Code Pipeline Artifact store is using a KMS CMK	Terraform	CodePipelineArtifactsEncrypted.py
312	CKV_AWS_220	resource	aws_cloudsearch_domain	Ensure that Cloudsearch is using https	Terraform	CloudsearchDomainEnforceHttps.py
313	CKV_AWS_221	resource	aws_codeartifact_domain	Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	CodeArtifactDomainEncryptedWithCMK.py
314	CKV_AWS_222	resource	aws_dms_replication_instance	Ensure DMS instance gets all minor upgrade automatically	Terraform	DMSReplicationInstanceMinorUpgrade.py
315	CKV_AWS_223	resource	aws_ecs_cluster	Ensure ECS Cluster enables logging of ECS Exec	Terraform	ECSClusterLoggingEnabled.py
316	CKV_AWS_224	resource	aws_ecs_cluster	Ensure ECS Cluster logging uses CMK	Terraform	ECSClusterLoggingEncryptedWithCMK.py
317	CKV_AWS_225	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is enabled	Terraform	APIGatewayMethodSettingsCacheEnabled.py
318	CKV_AWS_226	resource	aws_db_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	DBInstanceMinorUpgrade.py
319	CKV_AWS_226	resource	aws_rds_cluster_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	DBInstanceMinorUpgrade.py
320	CKV_AWS_227	resource	aws_kms_key	Ensure KMS key is enabled	Terraform	KMSKeyIsEnabled.py
321	CKV_AWS_228	resource	aws_elasticsearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	ElasticsearchTLSPolicy.py
322	CKV_AWS_228	resource	aws_opensearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	ElasticsearchTLSPolicy.py
323	CKV_AWS_229	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	NetworkACLUnrestrictedIngress21.py
324	CKV_AWS_229	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	NetworkACLUnrestrictedIngress21.py
325	CKV_AWS_230	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	NetworkACLUnrestrictedIngress20.py
326	CKV_AWS_230	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	NetworkACLUnrestrictedIngress20.py
327	CKV_AWS_231	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	NetworkACLUnrestrictedIngress3389.py
328	CKV_AWS_231	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	NetworkACLUnrestrictedIngress3389.py
329	CKV_AWS_232	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	NetworkACLUnrestrictedIngress22.py
330	CKV_AWS_232	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	NetworkACLUnrestrictedIngress22.py
331	CKV_AWS_233	resource	aws_acm_certificate	Ensure Create before destroy for ACM certificates	Terraform	ACMCertCreateBeforeDestroy.py
332	CKV_AWS_234	resource	aws_acm_certificate	Verify logging preference for ACM certificates	Terraform	ACMCertSetLoggingPreference.py
333	CKV_AWS_235	resource	aws_ami_copy	Ensure that copied AMIs are encrypted	Terraform	AMICopyIsEncrypted.py
334	CKV_AWS_236	resource	aws_ami_copy	Ensure AMI copying uses a CMK	Terraform	AMICopyUsesCMK.py
335	CKV_AWS_237	resource	aws_api_gateway_rest_api	Ensure Create before destroy for API GATEWAY	Terraform	APIGatewayCreateBeforeDestroy.py
336	CKV_AWS_238	resource	aws_guardduty_detector	Ensure that Guard Duty detector is enabled	Terraform	GuarddutyDetectorEnabled.py
337	CKV_AWS_239	resource	aws_dax_cluster	Ensure DAX cluster endpoint is using TLS	Terraform	DAXEndpointTLS.py
338	CKV_AWS_240	resource	aws_kinesis_firehose_delivery_stream	Ensure Kinesis Firehose delivery stream is encrypted	Terraform	KinesisFirehoseDeliveryStreamSSE.py
339	CKV_AWS_241	resource	aws_kinesis_firehose_delivery_stream	Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK	Terraform	KinesisFirehoseDeliveryStreamUsesCMK.py
340	CKV_AWS_242	resource	aws_mwaa_environment	Ensure MWAA environment has scheduler logs enabled	Terraform	MWAASchedulerLogsEnabled.py
341	CKV_AWS_243	resource	aws_mwaa_environment	Ensure MWAA environment has worker logs enabled	Terraform	MWAAWorkerLogsEnabled.py
342	CKV_AWS_244	resource	aws_mwaa_environment	Ensure MWAA environment has webserver logs enabled	Terraform	MWAAWebserverLogsEnabled.py
343	CKV_AWS_245	resource	aws_db_instance_automated_backups_replication	Ensure replicated backups are encrypted at rest using KMS CMKs	Terraform	RDSInstanceAutoBackupEncryptionWithCMK.py
344	CKV_AWS_246	resource	aws_rds_cluster_activity_stream	Ensure RDS Cluster activity streams are encrypted using KMS CMKs	Terraform	RDSClusterActivityStreamEncryptedWithCMK.py
345	CKV_AWS_247	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	ElasticsearchEncryptionWithCMK.py
346	CKV_AWS_247	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	ElasticsearchEncryptionWithCMK.py
347	CKV_AWS_248	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	ElasticsearchDefaultSG.py
348	CKV_AWS_248	resource	aws_opensearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	ElasticsearchDefaultSG.py
349	CKV_AWS_249	resource	aws_ecs_task_definition	Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions	Terraform	ECSTaskDefinitionRoleCheck.py
350	CKV_AWS_250	resource	aws_db_instance	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	RDSPostgreSQLLogFDWExtension.py
351	CKV_AWS_250	resource	aws_rds_cluster	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	RDSPostgreSQLLogFDWExtension.py
352	CKV_AWS_251	resource	aws_cloudtrail	Ensure CloudTrail logging is enabled	Terraform	CloudtrailEnableLogging.py
353	CKV_AWS_252	resource	aws_cloudtrail	Ensure CloudTrail defines an SNS Topic	Terraform	CloudtrailDefinesSNSTopic.py
354	CKV_AWS_253	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted	Terraform	DLMEventsCrossRegionEncryption.py
355	CKV_AWS_254	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted with Customer Managed Key	Terraform	DLMEventsCrossRegionEncryptionWithCMK.py
356	CKV_AWS_255	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted	Terraform	DLMScheduleCrossRegionEncryption.py
357	CKV_AWS_256	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted using a Customer Managed Key	Terraform	DLMScheduleCrossRegionEncryptionWithCMK.py
358	CKV_AWS_257	resource	aws_codecommit_approval_rule_template	Ensure codecommit branch changes have at least 2 approvals	Terraform	CodecommitApprovalsRulesRequireMin2.py
359	CKV_AWS_258	resource	aws_lambda_function_url	Ensure that Lambda function URLs AuthType is not None	Terraform	LambdaFunctionURLAuth.py
360	CKV_AWS_259	resource	aws_cloudfront_response_headers_policy	Ensure CloudFront response header policy enforces Strict Transport Security	Terraform	CloudFrontResponseHeaderStrictTransportSecurity.py
361	CKV_AWS_260	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
362	CKV_AWS_260	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
363	CKV_AWS_260	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
364	CKV_AWS_261	resource	aws_alb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupsDefinesHealthcheck.py
365	CKV_AWS_261	resource	aws_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupsDefinesHealthcheck.py
366	CKV_AWS_262	resource	aws_kendra_index	Ensure Kendra index Server side encryption uses CMK	Terraform	KendraIndexSSEUsesCMK.py
367	CKV_AWS_263	resource	aws_appflow_flow	Ensure App Flow flow uses CMK	Terraform	AppFlowUsesCMK.py
368	CKV_AWS_264	resource	aws_appflow_connector_profile	Ensure App Flow connector profile uses CMK	Terraform	AppFlowConnectorProfileUsesCMK.py
369	CKV_AWS_265	resource	aws_keyspaces_table	Ensure Keyspaces Table uses CMK	Terraform	KeyspacesTableUsesCMK.py
370	CKV_AWS_266	resource	aws_db_snapshot_copy	Ensure App Flow connector profile uses CMK	Terraform	DBSnapshotCopyUsesCMK.py
371	CKV_AWS_267	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s model is encrypted by KMS using a customer managed Key (CMK)	Terraform	ComprehendEntityRecognizerModelUsesCMK.py
372	CKV_AWS_268	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	ComprehendEntityRecognizerVolumeUsesCMK.py
373	CKV_AWS_269	resource	aws_connect_instance_storage_config	Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK	Terraform	ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py
374	CKV_AWS_270	resource	aws_connect_instance_storage_config	Ensure Connect Instance S3 Storage Config uses CMK	Terraform	ConnectInstanceS3StorageConfigUsesCMK.py
375	CKV_AWS_271	resource	aws_dynamodb_table_replica	Ensure DynamoDB table replica KMS encryption uses CMK	Terraform	DynamoDBTableReplicaKMSUsesCMK.py
376	CKV_AWS_272	resource	aws_lambda_function	Ensure AWS Lambda function is configured to validate code-signing	Terraform	LambdaCodeSigningConfigured.py
377	CKV_AWS_273	resource	aws_iam_user	Ensure access is controlled through SSO and not AWS IAM defined users	Terraform	IAMUserNotUsedForAccess.py
378	CKV_AWS_274	resource	aws_iam_group_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
379	CKV_AWS_274	resource	aws_iam_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
380	CKV_AWS_274	resource	aws_iam_role	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
381	CKV_AWS_274	resource	aws_iam_role_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
382	CKV_AWS_274	resource	aws_iam_user_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
383	CKV_AWS_274	resource	aws_ssoadmin_managed_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
384	CKV_AWS_275	data	aws_iam_policy	Disallow policies from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
385	CKV_AWS_276	resource	aws_api_gateway_method_settings	Ensure Data Trace is not enabled in API Gateway Method Settings	Terraform	APIGatewayMethodSettingsDataTrace.py
386	CKV_AWS_277	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
387	CKV_AWS_277	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
388	CKV_AWS_277	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
389	CKV_AWS_278	resource	aws_memorydb_snapshot	Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	MemoryDBSnapshotEncryptionWithCMK.py
390	CKV_AWS_279	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is securely encrypted	Terraform	NeptuneClusterSnapshotEncrypted.py
391	CKV_AWS_280	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	NeptuneClusterSnapshotEncryptedWithCMK.py
392	CKV_AWS_281	resource	aws_redshift_snapshot_copy_grant	Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py
393	CKV_AWS_282	resource	aws_redshiftserverless_namespace	Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK)	Terraform	RedshiftServerlessNamespaceKMSKey.py
394	CKV_AWS_283	data	aws_iam_policy_document	Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource	Terraform	IAMPublicActionsPolicy.py
395	CKV_AWS_284	resource	aws_sfn_state_machine	Ensure State Machine has X-Ray tracing enabled	Terraform	StateMachineXray.py
396	CKV_AWS_285	resource	aws_sfn_state_machine	Ensure State Machine has execution history logging enabled	Terraform	StateMachineLoggingExecutionHistory.py
397	CKV_AWS_286	resource	aws_iam_group_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
398	CKV_AWS_286	resource	aws_iam_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
399	CKV_AWS_286	resource	aws_iam_role_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
400	CKV_AWS_286	resource	aws_iam_user_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
401	CKV_AWS_286	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
402	CKV_AWS_287	resource	aws_iam_group_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
403	CKV_AWS_287	resource	aws_iam_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
404	CKV_AWS_287	resource	aws_iam_role_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
405	CKV_AWS_287	resource	aws_iam_user_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
406	CKV_AWS_287	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
407	CKV_AWS_288	resource	aws_iam_group_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
408	CKV_AWS_288	resource	aws_iam_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
409	CKV_AWS_288	resource	aws_iam_role_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
410	CKV_AWS_288	resource	aws_iam_user_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
411	CKV_AWS_288	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
412	CKV_AWS_289	resource	aws_iam_group_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
413	CKV_AWS_289	resource	aws_iam_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
414	CKV_AWS_289	resource	aws_iam_role_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
415	CKV_AWS_289	resource	aws_iam_user_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
416	CKV_AWS_289	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
417	CKV_AWS_290	resource	aws_iam_group_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
418	CKV_AWS_290	resource	aws_iam_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
419	CKV_AWS_290	resource	aws_iam_role_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
420	CKV_AWS_290	resource	aws_iam_user_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
421	CKV_AWS_290	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
422	CKV_AWS_291	resource	aws_msk_cluster	Ensure MSK nodes are private	Terraform	MSKClusterNodesArePrivate.py
423	CKV_AWS_292	resource	aws_docdb_global_cluster	Ensure DocDB Global Cluster is encrypted at rest (default is unencrypted)	Terraform	DocDBGlobalClusterEncryption.py
424	CKV_AWS_293	resource	aws_db_instance	Ensure that AWS database instances have deletion protection enabled	Terraform	RDSInstanceDeletionProtection.py
425	CKV_AWS_294	resource	aws_cloudtrail_event_data_store	Ensure Cloud Trail Event Data Store uses CMK	Terraform	CloudtrailEventDataStoreUsesCMK.py
426	CKV_AWS_295	resource	aws_datasync_location_object_storage	Ensure DataSync Location Object Storage doesn’t expose secrets	Terraform	DatasyncLocationExposesSecrets.py
427	CKV_AWS_296	resource	aws_dms_endpoint	Ensure DMS endpoint uses Customer Managed Key (CMK)	Terraform	DMSEndpointUsesCMK.py
428	CKV_AWS_297	resource	aws_scheduler_schedule	Ensure EventBridge Scheduler Schedule uses Customer Managed Key (CMK)	Terraform	SchedulerScheduleUsesCMK.py
429	CKV_AWS_298	resource	aws_dms_s3_endpoint	Ensure DMS S3 uses Customer Managed Key (CMK)	Terraform	DMSS3UsesCMK.py
430	CKV_AWS_300	resource	aws_s3_bucket_lifecycle_configuration	Ensure S3 lifecycle configuration sets period for aborting failed uploads	Terraform	S3AbortIncompleteUploads.py
431	CKV_AWS_301	resource	aws_lambda_permission	Ensure that AWS Lambda function is not publicly accessible	Terraform	LambdaFunctionIsNotPublic.py
432	CKV_AWS_302	resource	aws_db_snapshot	Ensure DB Snapshots are not Public	Terraform	DBSnapshotsArePrivate.py
433	CKV_AWS_303	resource	aws_ssm_document	Ensure SSM documents are not Public	Terraform	SSMDocumentsArePrivate.py
434	CKV_AWS_304	resource	aws_secretsmanager_secret_rotation	Ensure Secrets Manager secrets should be rotated within 90 days	Terraform	SecretManagerSecret90days.py
435	CKV_AWS_305	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution has a default root object configured	Terraform	CloudfrontDistributionDefaultRoot.py
436	CKV_AWS_306	resource	aws_sagemaker_notebook_instance	Ensure SageMaker notebook instances should be launched into a custom VPC	Terraform	SagemakerNotebookInCustomVPC.py
437	CKV_AWS_307	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Users should not have root access to SageMaker notebook instances	Terraform	SagemakerNotebookRoot.py
438	CKV_AWS_308	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is set to encrypted	Terraform	APIGatewayMethodSettingsCacheEncrypted.py
439	CKV_AWS_309	resource	aws_apigatewayv2_route	Ensure API GatewayV2 routes specify an authorization type	Terraform	APIGatewayV2RouteDefinesAuthorizationType.py
440	CKV_AWS_310	resource	aws_cloudfront_distribution	Ensure CloudFront distributions should have origin failover configured	Terraform	CloudfrontDistributionOriginFailover.py
441	CKV_AWS_311	resource	aws_codebuild_project	Ensure that CodeBuild S3 logs are encrypted	Terraform	CodebuildS3LogsEncrypted.py
442	CKV_AWS_312	resource	aws_elastic_beanstalk_environment	Ensure Elastic Beanstalk environments have enhanced health reporting enabled	Terraform	ElasticBeanstalkUseEnhancedHealthChecks.py
443	CKV_AWS_313	resource	aws_rds_cluster	Ensure RDS cluster configured to copy tags to snapshots	Terraform	RDSClusterCopyTags.py
444	CKV_AWS_314	resource	aws_codebuild_project	Ensure CodeBuild project environments have a logging configuration	Terraform	CodebuildHasLogs.py
445	CKV_AWS_315	resource	aws_autoscaling_group	Ensure EC2 Auto Scaling groups use EC2 launch templates	Terraform	AutoScalingLaunchTemplate.py
446	CKV_AWS_316	resource	aws_codebuild_project	Ensure CodeBuild project environments do not have privileged mode enabled	Terraform	CodeBuildPrivilegedMode.py
447	CKV_AWS_317	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Audit Logging is enabled	Terraform	ElasticsearchDomainAuditLogging.py
448	CKV_AWS_317	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Audit Logging is enabled	Terraform	ElasticsearchDomainAuditLogging.py
449	CKV_AWS_318	resource	aws_elasticsearch_domain	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA	Terraform	ElasticsearchDomainHA.py
450	CKV_AWS_318	resource	aws_opensearch_domain	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA	Terraform	ElasticsearchDomainHA.py
451	CKV_AWS_319	resource	aws_cloudwatch_metric_alarm	Ensure that CloudWatch alarm actions are enabled	Terraform	CloudWatchAlarmsEnabled.py
452	CKV_AWS_320	resource	aws_redshift_cluster	Ensure Redshift clusters do not use the default database name	Terraform	RedshiftClusterDatabaseName.py
453	CKV_AWS_321	resource	aws_redshift_cluster	Ensure Redshift clusters use enhanced VPC routing	Terraform	RedshiftClusterUseEnhancedVPCRouting.py
454	CKV_AWS_322	resource	aws_elasticache_cluster	Ensure ElastiCache for Redis cache clusters have auto minor version upgrades enabled	Terraform	ElasticCacheAutomaticMinorUpgrades.py
455	CKV_AWS_323	resource	aws_elasticache_cluster	Ensure ElastiCache clusters do not use the default subnet group	Terraform	ElastiCacheHasCustomSubnet.py
456	CKV_AWS_324	resource	aws_rds_cluster	Ensure that RDS Cluster log capture is enabled	Terraform	RDSClusterLogging.py
457	CKV_AWS_325	resource	aws_rds_cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine	Terraform	RDSClusterAuditLogging.py
458	CKV_AWS_326	resource	aws_rds_cluster	Ensure that RDS Aurora Clusters have backtracking enabled	Terraform	RDSClusterAuroraBacktrack.py
459	CKV_AWS_327	resource	aws_rds_cluster	Ensure RDS Clusters are encrypted using KMS CMKs	Terraform	RDSClusterEncryptedWithCMK.py
460	CKV_AWS_328	resource	aws_alb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
461	CKV_AWS_328	resource	aws_elb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
462	CKV_AWS_328	resource	aws_lb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
463	CKV_AWS_329	resource	aws_efs_access_point	EFS access points should enforce a root directory	Terraform	EFSAccessPointRoot.py
464	CKV_AWS_330	resource	aws_efs_access_point	EFS access points should enforce a user identity	Terraform	EFSAccessUserIdentity.py
465	CKV_AWS_331	resource	aws_ec2_transit_gateway	Ensure Transit Gateways do not automatically accept VPC attachment requests	Terraform	Ec2TransitGatewayAutoAccept.py
466	CKV_AWS_332	resource	aws_ecs_service	Ensure ECS Fargate services run on the latest Fargate platform version	Terraform	ECSServiceFargateLatest.py
467	CKV_AWS_333	resource	aws_ecs_service	Ensure ECS services do not have public IP addresses assigned to them automatically	Terraform	ECSServicePublicIP.py
468	CKV_AWS_334	resource	aws_ecs_task_definition	Ensure ECS containers should run as non-privileged	Terraform	ECSContainerPrivilege.py
469	CKV_AWS_335	resource	aws_ecs_task_definition	Ensure ECS task definitions should not share the host’s process namespace	Terraform	ECSContainerHostProcess.py
470	CKV_AWS_336	resource	aws_ecs_task_definition	Ensure ECS containers are limited to read-only access to root filesystems	Terraform	ECSContainerReadOnlyRoot.py
471	CKV_AWS_337	resource	aws_ssm_parameter	Ensure SSM parameters are using KMS CMK	Terraform	SSMParameterUsesCMK.py
472	CKV_AWS_338	resource	aws_cloudwatch_log_group	Ensure CloudWatch log groups retains logs for at least 1 year	Terraform	CloudWatchLogGroupRetentionYear.py
473	CKV_AWS_339	resource	aws_eks_cluster	Ensure EKS clusters run on a supported Kubernetes version	Terraform	EKSPlatformVersion.py
474	CKV_AWS_340	resource	aws_elastic_beanstalk_environment	Ensure Elastic Beanstalk managed platform updates are enabled	Terraform	ElasticBeanstalkUseManagedUpdates.py
475	CKV_AWS_341	resource	aws_launch_configuration	Ensure Launch template should not have a metadata response hop limit greater than 1	Terraform	LaunchTemplateMetadataHop.py
476	CKV_AWS_341	resource	aws_launch_template	Ensure Launch template should not have a metadata response hop limit greater than 1	Terraform	LaunchTemplateMetadataHop.py
477	CKV_AWS_342	resource	aws_waf_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
478	CKV_AWS_342	resource	aws_waf_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
479	CKV_AWS_342	resource	aws_wafregional_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
480	CKV_AWS_342	resource	aws_wafregional_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
481	CKV_AWS_342	resource	aws_wafv2_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
482	CKV_AWS_342	resource	aws_wafv2_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
483	CKV_AWS_343	resource	aws_redshift_cluster	Ensure Amazon Redshift clusters should have automatic snapshots enabled	Terraform	RedshiftClusterAutoSnap.py
484	CKV_AWS_344	resource	aws_networkfirewall_firewall	Ensure that Network firewalls have deletion protection enabled	Terraform	NetworkFirewallDeletionProtection.py
485	CKV_AWS_345	resource	aws_networkfirewall_firewall	Ensure that Network firewall encryption is via a CMK	Terraform	NetworkFirewallUsesCMK.py
486	CKV_AWS_345	resource	aws_networkfirewall_rule_group	Ensure that Network firewall encryption is via a CMK	Terraform	NetworkFirewallUsesCMK.py
487	CKV_AWS_346	resource	aws_networkfirewall_firewall_policy	Ensure Network Firewall Policy defines an encryption configuration that uses a customer managed Key (CMK)	Terraform	NetworkFirewallPolicyDefinesCMK.py
488	CKV_AWS_347	resource	aws_neptune_cluster	Ensure Neptune is encrypted by KMS using a customer managed Key (CMK)	Terraform	NeptuneClusterEncryptedWithCMK.py
489	CKV_AWS_348	resource	aws_iam_access_key	Ensure IAM root user doesnt have Access keys	Terraform	IAMUserRootAccessKeys.py
490	CKV_AWS_349	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts local disks	Terraform	EMRClusterConfEncryptsLocalDisk.py
491	CKV_AWS_350	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts ebs disks	Terraform	EMRClusterConfEncryptsEBS.py
492	CKV_AWS_351	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts InTransit	Terraform	EMRClusterConfEncryptsInTransit.py
493	CKV_AWS_352	resource	aws_network_acl_rule	Ensure NACL ingress does not allow all Ports	Terraform	NetworkACLUnrestricted.py
494	CKV_AWS_353	resource	aws_db_instance	Ensure that RDS instances have performance insights enabled	Terraform	RDSInstancePerformanceInsights.py
495	CKV_AWS_353	resource	aws_rds_cluster_instance	Ensure that RDS instances have performance insights enabled	Terraform	RDSInstancePerformanceInsights.py
496	CKV_AWS_354	resource	aws_db_instance	Ensure RDS Performance Insights are encrypted using KMS CMKs	Terraform	RDSInstancePerfInsightsEncryptionWithCMK.py
497	CKV_AWS_354	resource	aws_rds_cluster_instance	Ensure RDS Performance Insights are encrypted using KMS CMKs	Terraform	RDSInstancePerfInsightsEncryptionWithCMK.py
498	CKV_AWS_355	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
499	CKV_AWS_355	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
500	CKV_AWS_355	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
501	CKV_AWS_355	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
502	CKV_AWS_355	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
503	CKV_AWS_356	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	ResourcePolicyDocument.py
504	CKV_AWS_357	resource	aws_transfer_server	Ensure Transfer Server allows only secure protocols	Terraform	TransferServerAllowsOnlySecureProtocols.py
505	CKV_AWS_358	data	aws_iam_policy_document	Ensure GitHub Actions OIDC trust policies only allows actions from a specific known organization	Terraform	GithubActionsOIDCTrustPolicy.py
506	CKV_AWS_359	resource	aws_neptune_cluster	Neptune DB clusters should have IAM database authentication enabled	Terraform	NeptuneDBClustersIAMDatabaseAuthenticationEnabled.py
507	CKV_AWS_360	resource	aws_docdb_cluster	Ensure DocDB has an adequate backup retention period	Terraform	DocDBBackupRetention.py
508	CKV_AWS_361	resource	aws_neptune_cluster	Ensure that Neptune DB cluster has automated backups enabled with adequate retention	Terraform	NeptuneClusterBackupRetention.py
509	CKV_AWS_362	resource	aws_neptune_cluster	Neptune DB clusters should be configured to copy tags to snapshots	Terraform	NeptuneDBClustersCopyTagsToSnapshots.py
510	CKV_AWS_363	resource	aws_lambda_function	Ensure Lambda Runtime is not deprecated	Terraform	DeprecatedLambdaRuntime.py
511	CKV2_AWS_1	resource	aws_network_acl	Ensure that all NACL are attached to subnets	Terraform	SubnetHasACL.yaml
512	CKV2_AWS_1	resource	aws_subnet	Ensure that all NACL are attached to subnets	Terraform	SubnetHasACL.yaml
513	CKV2_AWS_2	resource	aws_ebs_volume	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
514	CKV2_AWS_2	resource	aws_volume_attachment	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
515	CKV2_AWS_3	resource	aws_guardduty_detector	Ensure GuardDuty is enabled to specific org/region	Terraform	GuardDutyIsEnabled.yaml
516	CKV2_AWS_3	resource	aws_guardduty_organization_configuration	Ensure GuardDuty is enabled to specific org/region	Terraform	GuardDutyIsEnabled.yaml
517	CKV2_AWS_4	resource	aws_api_gateway_method_settings	Ensure API Gateway stage have logging level defined as appropriate	Terraform	APIGWLoggingLevelsDefinedProperly.yaml
518	CKV2_AWS_4	resource	aws_api_gateway_stage	Ensure API Gateway stage have logging level defined as appropriate	Terraform	APIGWLoggingLevelsDefinedProperly.yaml
519	CKV2_AWS_5	resource	aws_security_group	Ensure that Security Groups are attached to another resource	Terraform	SGAttachedToResource.yaml
520	CKV2_AWS_6	resource	aws_s3_bucket	Ensure that S3 bucket has a Public Access block	Terraform	S3BucketHasPublicAccessBlock.yaml
521	CKV2_AWS_6	resource	aws_s3_bucket_public_access_block	Ensure that S3 bucket has a Public Access block	Terraform	S3BucketHasPublicAccessBlock.yaml
522	CKV2_AWS_7	resource	aws_emr_cluster	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	AMRClustersNotOpenToInternet.yaml
523	CKV2_AWS_7	resource	aws_security_group	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	AMRClustersNotOpenToInternet.yaml
524	CKV2_AWS_8	resource	aws_rds_cluster	Ensure that RDS clusters has backup plan of AWS Backup	Terraform	RDSClusterHasBackupPlan.yaml
525	CKV2_AWS_9	resource	aws_backup_selection	Ensure that EBS are added in the backup plans of AWS Backup	Terraform	EBSAddedBackup.yaml
526	CKV2_AWS_10	resource	aws_cloudtrail	Ensure CloudTrail trails are integrated with CloudWatch Logs	Terraform	CloudtrailHasCloudwatch.yaml
527	CKV2_AWS_11	resource	aws_vpc	Ensure VPC flow logging is enabled in all VPCs	Terraform	VPCHasFlowLog.yaml
528	CKV2_AWS_12	resource	aws_default_security_group	Ensure the default security group of every VPC restricts all traffic	Terraform	VPCHasRestrictedSG.yaml
529	CKV2_AWS_12	resource	aws_vpc	Ensure the default security group of every VPC restricts all traffic	Terraform	VPCHasRestrictedSG.yaml
530	CKV2_AWS_14	resource	aws_iam_group	Ensure that IAM groups includes at least one IAM user	Terraform	IAMGroupHasAtLeastOneUser.yaml
531	CKV2_AWS_14	resource	aws_iam_group_membership	Ensure that IAM groups includes at least one IAM user	Terraform	IAMGroupHasAtLeastOneUser.yaml
532	CKV2_AWS_15	resource	aws_autoscaling_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
533	CKV2_AWS_15	resource	aws_elb	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
534	CKV2_AWS_15	resource	aws_lb_target_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
535	CKV2_AWS_16	resource	aws_appautoscaling_target	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	AutoScalingEnableOnDynamoDBTables.yaml
536	CKV2_AWS_16	resource	aws_dynamodb_table	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	AutoScalingEnableOnDynamoDBTables.yaml
537	CKV2_AWS_18	resource	aws_backup_selection	Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup	Terraform	EFSAddedBackup.yaml
538	CKV2_AWS_19	resource	aws_eip	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	EIPAllocatedToVPCAttachedEC2.yaml
539	CKV2_AWS_19	resource	aws_eip_association	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	EIPAllocatedToVPCAttachedEC2.yaml
540	CKV2_AWS_20	resource	aws_alb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
541	CKV2_AWS_20	resource	aws_alb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
542	CKV2_AWS_20	resource	aws_lb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
543	CKV2_AWS_20	resource	aws_lb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
544	CKV2_AWS_21	resource	aws_iam_group_membership	Ensure that all IAM users are members of at least one IAM group.	Terraform	IAMUsersAreMembersAtLeastOneGroup.yaml
545	CKV2_AWS_22	resource	aws_iam_user	Ensure an IAM User does not have access to the console	Terraform	IAMUserHasNoConsoleAccess.yaml
546	CKV2_AWS_23	resource	aws_route53_record	Route53 A Record has Attached Resource	Terraform	Route53ARecordAttachedResource.yaml
547	CKV2_AWS_27	resource	aws_rds_cluster	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	PostgresRDSHasQueryLoggingEnabled.yaml
548	CKV2_AWS_27	resource	aws_rds_cluster_parameter_group	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	PostgresRDSHasQueryLoggingEnabled.yaml
549	CKV2_AWS_28	resource	aws_alb	Ensure public facing ALB are protected by WAF	Terraform	ALBProtectedByWAF.yaml
550	CKV2_AWS_28	resource	aws_lb	Ensure public facing ALB are protected by WAF	Terraform	ALBProtectedByWAF.yaml
551	CKV2_AWS_29	resource	aws_api_gateway_rest_api	Ensure public API gateway are protected by WAF	Terraform	APIProtectedByWAF.yaml
552	CKV2_AWS_29	resource	aws_api_gateway_stage	Ensure public API gateway are protected by WAF	Terraform	APIProtectedByWAF.yaml
553	CKV2_AWS_30	resource	aws_db_instance	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	PostgresDBHasQueryLoggingEnabled.yaml
554	CKV2_AWS_30	resource	aws_db_parameter_group	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	PostgresDBHasQueryLoggingEnabled.yaml
555	CKV2_AWS_31	resource	aws_wafv2_web_acl	Ensure WAF2 has a Logging Configuration	Terraform	WAF2HasLogs.yaml
556	CKV2_AWS_32	resource	aws_cloudfront_distribution	Ensure CloudFront distribution has a response headers policy attached	Terraform	CloudFrontHasResponseHeadersPolicy.yaml
557	CKV2_AWS_33	resource	aws_appsync_graphql_api	Ensure AppSync is protected by WAF	Terraform	AppSyncProtectedByWAF.yaml
558	CKV2_AWS_34	resource	aws_ssm_parameter	AWS SSM Parameter should be Encrypted	Terraform	AWSSSMParameterShouldBeEncrypted.yaml
559	CKV2_AWS_35	resource	aws_route	AWS NAT Gateways should be utilized for the default route	Terraform	AWSNATGatewaysshouldbeutilized.yaml
560	CKV2_AWS_35	resource	aws_route_table	AWS NAT Gateways should be utilized for the default route	Terraform	AWSNATGatewaysshouldbeutilized.yaml
561	CKV2_AWS_36	resource	aws_ssm_parameter	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	HTTPNotSendingPasswords.yaml
562	CKV2_AWS_36	resource	data.http	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	HTTPNotSendingPasswords.yaml
563	CKV2_AWS_37	resource	aws	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
564	CKV2_AWS_37	resource	aws_accessanalyzer_analyzer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
565	CKV2_AWS_37	resource	aws_acm_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
566	CKV2_AWS_37	resource	aws_acm_certificate_validation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
567	CKV2_AWS_37	resource	aws_acmpca_certificate_authority	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
568	CKV2_AWS_37	resource	aws_ami	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
569	CKV2_AWS_37	resource	aws_ami_copy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
570	CKV2_AWS_37	resource	aws_ami_from_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
571	CKV2_AWS_37	resource	aws_ami_launch_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
572	CKV2_AWS_37	resource	aws_api_gateway_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
573	CKV2_AWS_37	resource	aws_api_gateway_api_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
574	CKV2_AWS_37	resource	aws_api_gateway_authorizer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
575	CKV2_AWS_37	resource	aws_api_gateway_base_path_mapping	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
576	CKV2_AWS_37	resource	aws_api_gateway_client_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
577	CKV2_AWS_37	resource	aws_api_gateway_deployment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
578	CKV2_AWS_37	resource	aws_api_gateway_documentation_part	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
579	CKV2_AWS_37	resource	aws_api_gateway_documentation_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
580	CKV2_AWS_37	resource	aws_api_gateway_domain_name	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
581	CKV2_AWS_37	resource	aws_api_gateway_gateway_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
582	CKV2_AWS_37	resource	aws_api_gateway_integration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
583	CKV2_AWS_37	resource	aws_api_gateway_integration_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
584	CKV2_AWS_37	resource	aws_api_gateway_method	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
585	CKV2_AWS_37	resource	aws_api_gateway_method_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
586	CKV2_AWS_37	resource	aws_api_gateway_method_settings	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
587	CKV2_AWS_37	resource	aws_api_gateway_model	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
588	CKV2_AWS_37	resource	aws_api_gateway_request_validator	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
589	CKV2_AWS_37	resource	aws_api_gateway_resource	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
590	CKV2_AWS_37	resource	aws_api_gateway_rest_api	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
591	CKV2_AWS_37	resource	aws_api_gateway_stage	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
592	CKV2_AWS_37	resource	aws_api_gateway_usage_plan	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
593	CKV2_AWS_37	resource	aws_api_gateway_usage_plan_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
594	CKV2_AWS_37	resource	aws_api_gateway_vpc_link	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
595	CKV2_AWS_37	resource	aws_apigatewayv2_api	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
596	CKV2_AWS_37	resource	aws_apigatewayv2_api_mapping	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
597	CKV2_AWS_37	resource	aws_apigatewayv2_authorizer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
598	CKV2_AWS_37	resource	aws_apigatewayv2_deployment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
599	CKV2_AWS_37	resource	aws_apigatewayv2_domain_name	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
600	CKV2_AWS_37	resource	aws_apigatewayv2_integration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
601	CKV2_AWS_37	resource	aws_apigatewayv2_integration_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
602	CKV2_AWS_37	resource	aws_apigatewayv2_model	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
603	CKV2_AWS_37	resource	aws_apigatewayv2_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
604	CKV2_AWS_37	resource	aws_apigatewayv2_route_response	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
605	CKV2_AWS_37	resource	aws_apigatewayv2_stage	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
606	CKV2_AWS_37	resource	aws_apigatewayv2_vpc_link	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
607	CKV2_AWS_37	resource	aws_app_cookie_stickiness_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
608	CKV2_AWS_37	resource	aws_appautoscaling_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
609	CKV2_AWS_37	resource	aws_appautoscaling_scheduled_action	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
610	CKV2_AWS_37	resource	aws_appautoscaling_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
611	CKV2_AWS_37	resource	aws_appmesh_mesh	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
612	CKV2_AWS_37	resource	aws_appmesh_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
613	CKV2_AWS_37	resource	aws_appmesh_virtual_node	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
614	CKV2_AWS_37	resource	aws_appmesh_virtual_router	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
615	CKV2_AWS_37	resource	aws_appmesh_virtual_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
616	CKV2_AWS_37	resource	aws_appsync_api_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
617	CKV2_AWS_37	resource	aws_appsync_datasource	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
618	CKV2_AWS_37	resource	aws_appsync_function	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
619	CKV2_AWS_37	resource	aws_appsync_graphql_api	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
620	CKV2_AWS_37	resource	aws_appsync_resolver	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
621	CKV2_AWS_37	resource	aws_athena_database	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
622	CKV2_AWS_37	resource	aws_athena_named_query	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
623	CKV2_AWS_37	resource	aws_athena_workgroup	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
624	CKV2_AWS_37	resource	aws_autoscaling_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
625	CKV2_AWS_37	resource	aws_autoscaling_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
626	CKV2_AWS_37	resource	aws_autoscaling_lifecycle_hook	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
627	CKV2_AWS_37	resource	aws_autoscaling_notification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
628	CKV2_AWS_37	resource	aws_autoscaling_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
629	CKV2_AWS_37	resource	aws_autoscaling_schedule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
630	CKV2_AWS_37	resource	aws_backup_plan	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
631	CKV2_AWS_37	resource	aws_backup_selection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
632	CKV2_AWS_37	resource	aws_backup_vault	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
633	CKV2_AWS_37	resource	aws_batch_compute_environment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
634	CKV2_AWS_37	resource	aws_batch_job_definition	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
635	CKV2_AWS_37	resource	aws_batch_job_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
636	CKV2_AWS_37	resource	aws_budgets_budget	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
637	CKV2_AWS_37	resource	aws_cloud9_environment_ec2	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
638	CKV2_AWS_37	resource	aws_cloudformation_stack	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
639	CKV2_AWS_37	resource	aws_cloudformation_stack_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
640	CKV2_AWS_37	resource	aws_cloudformation_stack_set_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
641	CKV2_AWS_37	resource	aws_cloudfront_distribution	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
642	CKV2_AWS_37	resource	aws_cloudfront_origin_access_identity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
643	CKV2_AWS_37	resource	aws_cloudfront_public_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
644	CKV2_AWS_37	resource	aws_cloudhsm_v2_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
645	CKV2_AWS_37	resource	aws_cloudhsm_v2_hsm	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
646	CKV2_AWS_37	resource	aws_cloudtrail	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
647	CKV2_AWS_37	resource	aws_cloudwatch_dashboard	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
648	CKV2_AWS_37	resource	aws_cloudwatch_event_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
649	CKV2_AWS_37	resource	aws_cloudwatch_event_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
650	CKV2_AWS_37	resource	aws_cloudwatch_event_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
651	CKV2_AWS_37	resource	aws_cloudwatch_log_destination	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
652	CKV2_AWS_37	resource	aws_cloudwatch_log_destination_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
653	CKV2_AWS_37	resource	aws_cloudwatch_log_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
654	CKV2_AWS_37	resource	aws_cloudwatch_log_metric_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
655	CKV2_AWS_37	resource	aws_cloudwatch_log_resource_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
656	CKV2_AWS_37	resource	aws_cloudwatch_log_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
657	CKV2_AWS_37	resource	aws_cloudwatch_log_subscription_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
658	CKV2_AWS_37	resource	aws_cloudwatch_metric_alarm	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
659	CKV2_AWS_37	resource	aws_codebuild_project	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
660	CKV2_AWS_37	resource	aws_codebuild_source_credential	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
661	CKV2_AWS_37	resource	aws_codebuild_webhook	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
662	CKV2_AWS_37	resource	aws_codecommit_repository	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
663	CKV2_AWS_37	resource	aws_codecommit_trigger	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
664	CKV2_AWS_37	resource	aws_codedeploy_app	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
665	CKV2_AWS_37	resource	aws_codedeploy_deployment_config	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
666	CKV2_AWS_37	resource	aws_codedeploy_deployment_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
667	CKV2_AWS_37	resource	aws_codepipeline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
668	CKV2_AWS_37	resource	aws_codepipeline_webhook	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
669	CKV2_AWS_37	resource	aws_codestarnotifications_notification_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
670	CKV2_AWS_37	resource	aws_cognito_identity_pool	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
671	CKV2_AWS_37	resource	aws_cognito_identity_pool_roles_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
672	CKV2_AWS_37	resource	aws_cognito_identity_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
673	CKV2_AWS_37	resource	aws_cognito_resource_server	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
674	CKV2_AWS_37	resource	aws_cognito_user_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
675	CKV2_AWS_37	resource	aws_cognito_user_pool	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
676	CKV2_AWS_37	resource	aws_cognito_user_pool_client	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
677	CKV2_AWS_37	resource	aws_cognito_user_pool_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
678	CKV2_AWS_37	resource	aws_config_aggregate_authorization	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
679	CKV2_AWS_37	resource	aws_config_config_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
680	CKV2_AWS_37	resource	aws_config_configuration_aggregator	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
681	CKV2_AWS_37	resource	aws_config_configuration_recorder	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
682	CKV2_AWS_37	resource	aws_config_configuration_recorder_status	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
683	CKV2_AWS_37	resource	aws_config_delivery_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
684	CKV2_AWS_37	resource	aws_config_organization_custom_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
685	CKV2_AWS_37	resource	aws_config_organization_managed_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
686	CKV2_AWS_37	resource	aws_cur_report_definition	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
687	CKV2_AWS_37	resource	aws_customer_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
688	CKV2_AWS_37	resource	aws_datapipeline_pipeline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
689	CKV2_AWS_37	resource	aws_datasync_agent	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
690	CKV2_AWS_37	resource	aws_datasync_location_efs	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
691	CKV2_AWS_37	resource	aws_datasync_location_nfs	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
692	CKV2_AWS_37	resource	aws_datasync_location_s3	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
693	CKV2_AWS_37	resource	aws_datasync_location_smb	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
694	CKV2_AWS_37	resource	aws_datasync_task	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
695	CKV2_AWS_37	resource	aws_dax_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
696	CKV2_AWS_37	resource	aws_dax_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
697	CKV2_AWS_37	resource	aws_dax_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
698	CKV2_AWS_37	resource	aws_db_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
699	CKV2_AWS_37	resource	aws_db_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
700	CKV2_AWS_37	resource	aws_db_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
701	CKV2_AWS_37	resource	aws_db_instance_role_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
702	CKV2_AWS_37	resource	aws_db_option_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
703	CKV2_AWS_37	resource	aws_db_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
704	CKV2_AWS_37	resource	aws_db_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
705	CKV2_AWS_37	resource	aws_db_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
706	CKV2_AWS_37	resource	aws_db_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
707	CKV2_AWS_37	resource	aws_default_network_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
708	CKV2_AWS_37	resource	aws_default_route_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
709	CKV2_AWS_37	resource	aws_default_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
710	CKV2_AWS_37	resource	aws_default_subnet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
711	CKV2_AWS_37	resource	aws_default_vpc	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
712	CKV2_AWS_37	resource	aws_default_vpc_dhcp_options	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
713	CKV2_AWS_37	resource	aws_devicefarm_project	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
714	CKV2_AWS_37	resource	aws_directory_service_conditional_forwarder	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
715	CKV2_AWS_37	resource	aws_directory_service_directory	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
716	CKV2_AWS_37	resource	aws_directory_service_log_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
717	CKV2_AWS_37	resource	aws_dlm_lifecycle_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
718	CKV2_AWS_37	resource	aws_dms_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
719	CKV2_AWS_37	resource	aws_dms_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
720	CKV2_AWS_37	resource	aws_dms_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
721	CKV2_AWS_37	resource	aws_dms_replication_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
722	CKV2_AWS_37	resource	aws_dms_replication_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
723	CKV2_AWS_37	resource	aws_dms_replication_task	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
724	CKV2_AWS_37	resource	aws_docdb_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
725	CKV2_AWS_37	resource	aws_docdb_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
726	CKV2_AWS_37	resource	aws_docdb_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
727	CKV2_AWS_37	resource	aws_docdb_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
728	CKV2_AWS_37	resource	aws_docdb_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
729	CKV2_AWS_37	resource	aws_dx_bgp_peer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
730	CKV2_AWS_37	resource	aws_dx_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
731	CKV2_AWS_37	resource	aws_dx_connection_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
732	CKV2_AWS_37	resource	aws_dx_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
733	CKV2_AWS_37	resource	aws_dx_gateway_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
734	CKV2_AWS_37	resource	aws_dx_gateway_association_proposal	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
735	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
736	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
737	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
738	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
739	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
740	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
741	CKV2_AWS_37	resource	aws_dx_lag	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
742	CKV2_AWS_37	resource	aws_dx_private_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
743	CKV2_AWS_37	resource	aws_dx_public_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
744	CKV2_AWS_37	resource	aws_dx_transit_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
745	CKV2_AWS_37	resource	aws_dynamodb_global_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
746	CKV2_AWS_37	resource	aws_dynamodb_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
747	CKV2_AWS_37	resource	aws_dynamodb_table_item	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
748	CKV2_AWS_37	resource	aws_ebs_default_kms_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
749	CKV2_AWS_37	resource	aws_ebs_encryption_by_default	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
750	CKV2_AWS_37	resource	aws_ebs_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
751	CKV2_AWS_37	resource	aws_ebs_snapshot_copy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
752	CKV2_AWS_37	resource	aws_ebs_volume	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
753	CKV2_AWS_37	resource	aws_ec2_availability_zone_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
754	CKV2_AWS_37	resource	aws_ec2_capacity_reservation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
755	CKV2_AWS_37	resource	aws_ec2_client_vpn_authorization_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
756	CKV2_AWS_37	resource	aws_ec2_client_vpn_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
757	CKV2_AWS_37	resource	aws_ec2_client_vpn_network_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
758	CKV2_AWS_37	resource	aws_ec2_client_vpn_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
759	CKV2_AWS_37	resource	aws_ec2_fleet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
760	CKV2_AWS_37	resource	aws_ec2_local_gateway_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
761	CKV2_AWS_37	resource	aws_ec2_local_gateway_route_table_vpc_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
762	CKV2_AWS_37	resource	aws_ec2_tag	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
763	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
764	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
765	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_session	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
766	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
767	CKV2_AWS_37	resource	aws_ec2_transit_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
768	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
769	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
770	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
771	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
772	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
773	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_propagation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
774	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
775	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
776	CKV2_AWS_37	resource	aws_ecr_lifecycle_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
777	CKV2_AWS_37	resource	aws_ecr_repository	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
778	CKV2_AWS_37	resource	aws_ecr_repository_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
779	CKV2_AWS_37	resource	aws_ecs_capacity_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
780	CKV2_AWS_37	resource	aws_ecs_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
781	CKV2_AWS_37	resource	aws_ecs_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
782	CKV2_AWS_37	resource	aws_ecs_task_definition	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
783	CKV2_AWS_37	resource	aws_efs_access_point	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
784	CKV2_AWS_37	resource	aws_efs_file_system	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
785	CKV2_AWS_37	resource	aws_efs_file_system_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
786	CKV2_AWS_37	resource	aws_efs_mount_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
787	CKV2_AWS_37	resource	aws_egress_only_internet_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
788	CKV2_AWS_37	resource	aws_eip	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
789	CKV2_AWS_37	resource	aws_eip_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
790	CKV2_AWS_37	resource	aws_eks_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
791	CKV2_AWS_37	resource	aws_eks_fargate_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
792	CKV2_AWS_37	resource	aws_eks_node_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
793	CKV2_AWS_37	resource	aws_elastic_beanstalk_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
794	CKV2_AWS_37	resource	aws_elastic_beanstalk_application_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
795	CKV2_AWS_37	resource	aws_elastic_beanstalk_configuration_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
796	CKV2_AWS_37	resource	aws_elastic_beanstalk_environment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
797	CKV2_AWS_37	resource	aws_elasticache_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
798	CKV2_AWS_37	resource	aws_elasticache_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
799	CKV2_AWS_37	resource	aws_elasticache_replication_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
800	CKV2_AWS_37	resource	aws_elasticache_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
801	CKV2_AWS_37	resource	aws_elasticache_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
802	CKV2_AWS_37	resource	aws_elasticsearch_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
803	CKV2_AWS_37	resource	aws_elasticsearch_domain_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
804	CKV2_AWS_37	resource	aws_elastictranscoder_pipeline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
805	CKV2_AWS_37	resource	aws_elastictranscoder_preset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
806	CKV2_AWS_37	resource	aws_elb	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
807	CKV2_AWS_37	resource	aws_elb_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
808	CKV2_AWS_37	resource	aws_emr_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
809	CKV2_AWS_37	resource	aws_emr_instance_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
810	CKV2_AWS_37	resource	aws_emr_security_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
811	CKV2_AWS_37	resource	aws_flow_log	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
812	CKV2_AWS_37	resource	aws_fms_admin_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
813	CKV2_AWS_37	resource	aws_fsx_lustre_file_system	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
814	CKV2_AWS_37	resource	aws_fsx_windows_file_system	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
815	CKV2_AWS_37	resource	aws_gamelift_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
816	CKV2_AWS_37	resource	aws_gamelift_build	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
817	CKV2_AWS_37	resource	aws_gamelift_fleet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
818	CKV2_AWS_37	resource	aws_gamelift_game_session_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
819	CKV2_AWS_37	resource	aws_glacier_vault	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
820	CKV2_AWS_37	resource	aws_glacier_vault_lock	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
821	CKV2_AWS_37	resource	aws_globalaccelerator_accelerator	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
822	CKV2_AWS_37	resource	aws_globalaccelerator_endpoint_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
823	CKV2_AWS_37	resource	aws_globalaccelerator_listener	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
824	CKV2_AWS_37	resource	aws_glue_catalog_database	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
825	CKV2_AWS_37	resource	aws_glue_catalog_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
826	CKV2_AWS_37	resource	aws_glue_classifier	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
827	CKV2_AWS_37	resource	aws_glue_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
828	CKV2_AWS_37	resource	aws_glue_crawler	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
829	CKV2_AWS_37	resource	aws_glue_job	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
830	CKV2_AWS_37	resource	aws_glue_security_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
831	CKV2_AWS_37	resource	aws_glue_trigger	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
832	CKV2_AWS_37	resource	aws_glue_workflow	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
833	CKV2_AWS_37	resource	aws_guardduty_detector	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
834	CKV2_AWS_37	resource	aws_guardduty_invite_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
835	CKV2_AWS_37	resource	aws_guardduty_ipset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
836	CKV2_AWS_37	resource	aws_guardduty_member	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
837	CKV2_AWS_37	resource	aws_guardduty_organization_admin_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
838	CKV2_AWS_37	resource	aws_guardduty_organization_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
839	CKV2_AWS_37	resource	aws_guardduty_threatintelset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
840	CKV2_AWS_37	resource	aws_iam_access_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
841	CKV2_AWS_37	resource	aws_iam_account_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
842	CKV2_AWS_37	resource	aws_iam_account_password_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
843	CKV2_AWS_37	resource	aws_iam_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
844	CKV2_AWS_37	resource	aws_iam_group_membership	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
845	CKV2_AWS_37	resource	aws_iam_group_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
846	CKV2_AWS_37	resource	aws_iam_group_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
847	CKV2_AWS_37	resource	aws_iam_instance_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
848	CKV2_AWS_37	resource	aws_iam_openid_connect_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
849	CKV2_AWS_37	resource	aws_iam_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
850	CKV2_AWS_37	resource	aws_iam_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
851	CKV2_AWS_37	resource	aws_iam_policy_document	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
852	CKV2_AWS_37	resource	aws_iam_role	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
853	CKV2_AWS_37	resource	aws_iam_role_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
854	CKV2_AWS_37	resource	aws_iam_role_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
855	CKV2_AWS_37	resource	aws_iam_saml_provider	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
856	CKV2_AWS_37	resource	aws_iam_server_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
857	CKV2_AWS_37	resource	aws_iam_service_linked_role	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
858	CKV2_AWS_37	resource	aws_iam_user	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
859	CKV2_AWS_37	resource	aws_iam_user_group_membership	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
860	CKV2_AWS_37	resource	aws_iam_user_login_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
861	CKV2_AWS_37	resource	aws_iam_user_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
862	CKV2_AWS_37	resource	aws_iam_user_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
863	CKV2_AWS_37	resource	aws_iam_user_ssh_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
864	CKV2_AWS_37	resource	aws_inspector_assessment_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
865	CKV2_AWS_37	resource	aws_inspector_assessment_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
866	CKV2_AWS_37	resource	aws_inspector_resource_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
867	CKV2_AWS_37	resource	aws_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
868	CKV2_AWS_37	resource	aws_internet_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
869	CKV2_AWS_37	resource	aws_iot_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
870	CKV2_AWS_37	resource	aws_iot_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
871	CKV2_AWS_37	resource	aws_iot_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
872	CKV2_AWS_37	resource	aws_iot_role_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
873	CKV2_AWS_37	resource	aws_iot_thing	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
874	CKV2_AWS_37	resource	aws_iot_thing_principal_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
875	CKV2_AWS_37	resource	aws_iot_thing_type	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
876	CKV2_AWS_37	resource	aws_iot_topic_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
877	CKV2_AWS_37	resource	aws_key_pair	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
878	CKV2_AWS_37	resource	aws_kinesis_analytics_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
879	CKV2_AWS_37	resource	aws_kinesis_firehose_delivery_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
880	CKV2_AWS_37	resource	aws_kinesis_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
881	CKV2_AWS_37	resource	aws_kinesis_video_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
882	CKV2_AWS_37	resource	aws_kms_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
883	CKV2_AWS_37	resource	aws_kms_ciphertext	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
884	CKV2_AWS_37	resource	aws_kms_external_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
885	CKV2_AWS_37	resource	aws_kms_grant	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
886	CKV2_AWS_37	resource	aws_kms_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
887	CKV2_AWS_37	resource	aws_lambda_alias	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
888	CKV2_AWS_37	resource	aws_lambda_event_source_mapping	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
889	CKV2_AWS_37	resource	aws_lambda_function	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
890	CKV2_AWS_37	resource	aws_lambda_function_event_invoke_config	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
891	CKV2_AWS_37	resource	aws_lambda_layer_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
892	CKV2_AWS_37	resource	aws_lambda_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
893	CKV2_AWS_37	resource	aws_lambda_provisioned_concurrency_config	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
894	CKV2_AWS_37	resource	aws_launch_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
895	CKV2_AWS_37	resource	aws_launch_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
896	CKV2_AWS_37	resource	aws_lb	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
897	CKV2_AWS_37	resource	aws_lb_cookie_stickiness_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
898	CKV2_AWS_37	resource	aws_lb_listener	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
899	CKV2_AWS_37	resource	aws_lb_listener_certificate	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
900	CKV2_AWS_37	resource	aws_lb_listener_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
901	CKV2_AWS_37	resource	aws_lb_ssl_negotiation_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
902	CKV2_AWS_37	resource	aws_lb_target_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
903	CKV2_AWS_37	resource	aws_lb_target_group_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
904	CKV2_AWS_37	resource	aws_licensemanager_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
905	CKV2_AWS_37	resource	aws_licensemanager_license_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
906	CKV2_AWS_37	resource	aws_lightsail_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
907	CKV2_AWS_37	resource	aws_lightsail_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
908	CKV2_AWS_37	resource	aws_lightsail_key_pair	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
909	CKV2_AWS_37	resource	aws_lightsail_static_ip	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
910	CKV2_AWS_37	resource	aws_lightsail_static_ip_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
911	CKV2_AWS_37	resource	aws_load_balancer_backend_server_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
912	CKV2_AWS_37	resource	aws_load_balancer_listener_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
913	CKV2_AWS_37	resource	aws_load_balancer_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
914	CKV2_AWS_37	resource	aws_macie_member_account_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
915	CKV2_AWS_37	resource	aws_macie_s3_bucket_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
916	CKV2_AWS_37	resource	aws_main_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
917	CKV2_AWS_37	resource	aws_media_convert_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
918	CKV2_AWS_37	resource	aws_media_package_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
919	CKV2_AWS_37	resource	aws_media_store_container	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
920	CKV2_AWS_37	resource	aws_media_store_container_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
921	CKV2_AWS_37	resource	aws_mq_broker	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
922	CKV2_AWS_37	resource	aws_mq_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
923	CKV2_AWS_37	resource	aws_msk_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
924	CKV2_AWS_37	resource	aws_msk_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
925	CKV2_AWS_37	resource	aws_nat_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
926	CKV2_AWS_37	resource	aws_neptune_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
927	CKV2_AWS_37	resource	aws_neptune_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
928	CKV2_AWS_37	resource	aws_neptune_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
929	CKV2_AWS_37	resource	aws_neptune_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
930	CKV2_AWS_37	resource	aws_neptune_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
931	CKV2_AWS_37	resource	aws_neptune_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
932	CKV2_AWS_37	resource	aws_neptune_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
933	CKV2_AWS_37	resource	aws_network_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
934	CKV2_AWS_37	resource	aws_network_acl_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
935	CKV2_AWS_37	resource	aws_network_interface	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
936	CKV2_AWS_37	resource	aws_network_interface_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
937	CKV2_AWS_37	resource	aws_network_interface_sg_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
938	CKV2_AWS_37	resource	aws_opsworks_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
939	CKV2_AWS_37	resource	aws_opsworks_custom_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
940	CKV2_AWS_37	resource	aws_opsworks_ganglia_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
941	CKV2_AWS_37	resource	aws_opsworks_haproxy_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
942	CKV2_AWS_37	resource	aws_opsworks_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
943	CKV2_AWS_37	resource	aws_opsworks_java_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
944	CKV2_AWS_37	resource	aws_opsworks_memcached_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
945	CKV2_AWS_37	resource	aws_opsworks_mysql_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
946	CKV2_AWS_37	resource	aws_opsworks_nodejs_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
947	CKV2_AWS_37	resource	aws_opsworks_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
948	CKV2_AWS_37	resource	aws_opsworks_php_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
949	CKV2_AWS_37	resource	aws_opsworks_rails_app_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
950	CKV2_AWS_37	resource	aws_opsworks_rds_db_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
951	CKV2_AWS_37	resource	aws_opsworks_stack	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
952	CKV2_AWS_37	resource	aws_opsworks_static_web_layer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
953	CKV2_AWS_37	resource	aws_opsworks_user_profile	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
954	CKV2_AWS_37	resource	aws_organizations_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
955	CKV2_AWS_37	resource	aws_organizations_organization	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
956	CKV2_AWS_37	resource	aws_organizations_organizational_unit	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
957	CKV2_AWS_37	resource	aws_organizations_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
958	CKV2_AWS_37	resource	aws_organizations_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
959	CKV2_AWS_37	resource	aws_pinpoint_adm_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
960	CKV2_AWS_37	resource	aws_pinpoint_apns_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
961	CKV2_AWS_37	resource	aws_pinpoint_apns_sandbox_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
962	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
963	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_sandbox_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
964	CKV2_AWS_37	resource	aws_pinpoint_app	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
965	CKV2_AWS_37	resource	aws_pinpoint_baidu_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
966	CKV2_AWS_37	resource	aws_pinpoint_email_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
967	CKV2_AWS_37	resource	aws_pinpoint_event_stream	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
968	CKV2_AWS_37	resource	aws_pinpoint_gcm_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
969	CKV2_AWS_37	resource	aws_pinpoint_sms_channel	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
970	CKV2_AWS_37	resource	aws_placement_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
971	CKV2_AWS_37	resource	aws_proxy_protocol_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
972	CKV2_AWS_37	resource	aws_qldb_ledger	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
973	CKV2_AWS_37	resource	aws_quicksight_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
974	CKV2_AWS_37	resource	aws_quicksight_user	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
975	CKV2_AWS_37	resource	aws_ram_principal_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
976	CKV2_AWS_37	resource	aws_ram_resource_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
977	CKV2_AWS_37	resource	aws_ram_resource_share	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
978	CKV2_AWS_37	resource	aws_ram_resource_share_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
979	CKV2_AWS_37	resource	aws_rds_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
980	CKV2_AWS_37	resource	aws_rds_cluster_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
981	CKV2_AWS_37	resource	aws_rds_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
982	CKV2_AWS_37	resource	aws_rds_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
983	CKV2_AWS_37	resource	aws_rds_global_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
984	CKV2_AWS_37	resource	aws_redshift_cluster	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
985	CKV2_AWS_37	resource	aws_redshift_event_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
986	CKV2_AWS_37	resource	aws_redshift_parameter_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
987	CKV2_AWS_37	resource	aws_redshift_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
988	CKV2_AWS_37	resource	aws_redshift_snapshot_copy_grant	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
989	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
990	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
991	CKV2_AWS_37	resource	aws_redshift_subnet_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
992	CKV2_AWS_37	resource	aws_resourcegroups_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
993	CKV2_AWS_37	resource	aws_root	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
994	CKV2_AWS_37	resource	aws_root_access_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
995	CKV2_AWS_37	resource	aws_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
996	CKV2_AWS_37	resource	aws_route53_delegation_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
997	CKV2_AWS_37	resource	aws_route53_health_check	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
998	CKV2_AWS_37	resource	aws_route53_query_log	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
999	CKV2_AWS_37	resource	aws_route53_record	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1000	CKV2_AWS_37	resource	aws_route53_resolver_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1001	CKV2_AWS_37	resource	aws_route53_resolver_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1002	CKV2_AWS_37	resource	aws_route53_resolver_rule_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1003	CKV2_AWS_37	resource	aws_route53_vpc_association_authorization	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1004	CKV2_AWS_37	resource	aws_route53_zone	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1005	CKV2_AWS_37	resource	aws_route53_zone_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1006	CKV2_AWS_37	resource	aws_route_table	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1007	CKV2_AWS_37	resource	aws_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1008	CKV2_AWS_37	resource	aws_s3_access_point	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1009	CKV2_AWS_37	resource	aws_s3_account_public_access_block	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1010	CKV2_AWS_37	resource	aws_s3_bucket	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1011	CKV2_AWS_37	resource	aws_s3_bucket_analytics_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1012	CKV2_AWS_37	resource	aws_s3_bucket_inventory	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1013	CKV2_AWS_37	resource	aws_s3_bucket_metric	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1014	CKV2_AWS_37	resource	aws_s3_bucket_notification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1015	CKV2_AWS_37	resource	aws_s3_bucket_object	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1016	CKV2_AWS_37	resource	aws_s3_bucket_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1017	CKV2_AWS_37	resource	aws_s3_bucket_public_access_block	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1018	CKV2_AWS_37	resource	aws_sagemaker_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1019	CKV2_AWS_37	resource	aws_sagemaker_endpoint_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1020	CKV2_AWS_37	resource	aws_sagemaker_model	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1021	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1022	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance_lifecycle_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1023	CKV2_AWS_37	resource	aws_secretsmanager_secret	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1024	CKV2_AWS_37	resource	aws_secretsmanager_secret_rotation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1025	CKV2_AWS_37	resource	aws_secretsmanager_secret_version	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1026	CKV2_AWS_37	resource	aws_security_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1027	CKV2_AWS_37	resource	aws_security_group_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1028	CKV2_AWS_37	resource	aws_securityhub_account	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1029	CKV2_AWS_37	resource	aws_securityhub_member	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1030	CKV2_AWS_37	resource	aws_securityhub_product_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1031	CKV2_AWS_37	resource	aws_securityhub_standards_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1032	CKV2_AWS_37	resource	aws_service_discovery_http_namespace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1033	CKV2_AWS_37	resource	aws_service_discovery_private_dns_namespace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1034	CKV2_AWS_37	resource	aws_service_discovery_public_dns_namespace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1035	CKV2_AWS_37	resource	aws_service_discovery_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1036	CKV2_AWS_37	resource	aws_servicecatalog_portfolio	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1037	CKV2_AWS_37	resource	aws_servicequotas_service_quota	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1038	CKV2_AWS_37	resource	aws_ses_active_receipt_rule_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1039	CKV2_AWS_37	resource	aws_ses_configuration_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1040	CKV2_AWS_37	resource	aws_ses_domain_dkim	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1041	CKV2_AWS_37	resource	aws_ses_domain_identity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1042	CKV2_AWS_37	resource	aws_ses_domain_identity_verification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1043	CKV2_AWS_37	resource	aws_ses_domain_mail_from	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1044	CKV2_AWS_37	resource	aws_ses_email_identity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1045	CKV2_AWS_37	resource	aws_ses_event_destination	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1046	CKV2_AWS_37	resource	aws_ses_identity_notification_topic	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1047	CKV2_AWS_37	resource	aws_ses_identity_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1048	CKV2_AWS_37	resource	aws_ses_receipt_filter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1049	CKV2_AWS_37	resource	aws_ses_receipt_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1050	CKV2_AWS_37	resource	aws_ses_receipt_rule_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1051	CKV2_AWS_37	resource	aws_ses_template	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1052	CKV2_AWS_37	resource	aws_sfn_activity	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1053	CKV2_AWS_37	resource	aws_sfn_state_machine	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1054	CKV2_AWS_37	resource	aws_shield_protection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1055	CKV2_AWS_37	resource	aws_simpledb_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1056	CKV2_AWS_37	resource	aws_snapshot_create_volume_permission	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1057	CKV2_AWS_37	resource	aws_sns_platform_application	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1058	CKV2_AWS_37	resource	aws_sns_sms_preferences	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1059	CKV2_AWS_37	resource	aws_sns_topic	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1060	CKV2_AWS_37	resource	aws_sns_topic_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1061	CKV2_AWS_37	resource	aws_sns_topic_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1062	CKV2_AWS_37	resource	aws_spot_datafeed_subscription	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1063	CKV2_AWS_37	resource	aws_spot_fleet_request	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1064	CKV2_AWS_37	resource	aws_spot_instance_request	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1065	CKV2_AWS_37	resource	aws_sqs_queue	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1066	CKV2_AWS_37	resource	aws_sqs_queue_policy	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1067	CKV2_AWS_37	resource	aws_ssm_activation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1068	CKV2_AWS_37	resource	aws_ssm_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1069	CKV2_AWS_37	resource	aws_ssm_document	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1070	CKV2_AWS_37	resource	aws_ssm_maintenance_window	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1071	CKV2_AWS_37	resource	aws_ssm_maintenance_window_target	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1072	CKV2_AWS_37	resource	aws_ssm_maintenance_window_task	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1073	CKV2_AWS_37	resource	aws_ssm_parameter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1074	CKV2_AWS_37	resource	aws_ssm_patch_baseline	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1075	CKV2_AWS_37	resource	aws_ssm_patch_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1076	CKV2_AWS_37	resource	aws_ssm_resource_data_sync	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1077	CKV2_AWS_37	resource	aws_storagegateway_cache	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1078	CKV2_AWS_37	resource	aws_storagegateway_cached_iscsi_volume	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1079	CKV2_AWS_37	resource	aws_storagegateway_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1080	CKV2_AWS_37	resource	aws_storagegateway_nfs_file_share	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1081	CKV2_AWS_37	resource	aws_storagegateway_smb_file_share	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1082	CKV2_AWS_37	resource	aws_storagegateway_upload_buffer	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1083	CKV2_AWS_37	resource	aws_storagegateway_working_storage	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1084	CKV2_AWS_37	resource	aws_subnet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1085	CKV2_AWS_37	resource	aws_swf_domain	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1086	CKV2_AWS_37	resource	aws_transfer_server	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1087	CKV2_AWS_37	resource	aws_transfer_ssh_key	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1088	CKV2_AWS_37	resource	aws_transfer_user	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1089	CKV2_AWS_37	resource	aws_volume_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1090	CKV2_AWS_37	resource	aws_vpc	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1091	CKV2_AWS_37	resource	aws_vpc_dhcp_options	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1092	CKV2_AWS_37	resource	aws_vpc_dhcp_options_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1093	CKV2_AWS_37	resource	aws_vpc_endpoint	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1094	CKV2_AWS_37	resource	aws_vpc_endpoint_connection_notification	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1095	CKV2_AWS_37	resource	aws_vpc_endpoint_route_table_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1096	CKV2_AWS_37	resource	aws_vpc_endpoint_service	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1097	CKV2_AWS_37	resource	aws_vpc_endpoint_service_allowed_principal	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1098	CKV2_AWS_37	resource	aws_vpc_endpoint_subnet_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1099	CKV2_AWS_37	resource	aws_vpc_ipv4_cidr_block_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1100	CKV2_AWS_37	resource	aws_vpc_peering_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1101	CKV2_AWS_37	resource	aws_vpc_peering_connection_accepter	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1102	CKV2_AWS_37	resource	aws_vpc_peering_connection_options	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1103	CKV2_AWS_37	resource	aws_vpn_connection	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1104	CKV2_AWS_37	resource	aws_vpn_connection_route	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1105	CKV2_AWS_37	resource	aws_vpn_gateway	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1106	CKV2_AWS_37	resource	aws_vpn_gateway_attachment	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1107	CKV2_AWS_37	resource	aws_vpn_gateway_route_propagation	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1108	CKV2_AWS_37	resource	aws_waf_byte_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1109	CKV2_AWS_37	resource	aws_waf_geo_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1110	CKV2_AWS_37	resource	aws_waf_ipset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1111	CKV2_AWS_37	resource	aws_waf_rate_based_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1112	CKV2_AWS_37	resource	aws_waf_regex_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1113	CKV2_AWS_37	resource	aws_waf_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1114	CKV2_AWS_37	resource	aws_waf_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1115	CKV2_AWS_37	resource	aws_waf_rule_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1116	CKV2_AWS_37	resource	aws_waf_size_constraint_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1117	CKV2_AWS_37	resource	aws_waf_sql_injection_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1118	CKV2_AWS_37	resource	aws_waf_web_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1119	CKV2_AWS_37	resource	aws_waf_xss_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1120	CKV2_AWS_37	resource	aws_wafregional_byte_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1121	CKV2_AWS_37	resource	aws_wafregional_geo_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1122	CKV2_AWS_37	resource	aws_wafregional_ipset	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1123	CKV2_AWS_37	resource	aws_wafregional_rate_based_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1124	CKV2_AWS_37	resource	aws_wafregional_regex_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1125	CKV2_AWS_37	resource	aws_wafregional_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1126	CKV2_AWS_37	resource	aws_wafregional_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1127	CKV2_AWS_37	resource	aws_wafregional_rule_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1128	CKV2_AWS_37	resource	aws_wafregional_size_constraint_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1129	CKV2_AWS_37	resource	aws_wafregional_sql_injection_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1130	CKV2_AWS_37	resource	aws_wafregional_web_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1131	CKV2_AWS_37	resource	aws_wafregional_web_acl_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1132	CKV2_AWS_37	resource	aws_wafregional_xss_match_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1133	CKV2_AWS_37	resource	aws_wafv2_ip_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1134	CKV2_AWS_37	resource	aws_wafv2_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1135	CKV2_AWS_37	resource	aws_wafv2_rule_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1136	CKV2_AWS_37	resource	aws_wafv2_web_acl	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1137	CKV2_AWS_37	resource	aws_wafv2_web_acl_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1138	CKV2_AWS_37	resource	aws_wafv2_web_acl_logging_configuration	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1139	CKV2_AWS_37	resource	aws_worklink_fleet	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1140	CKV2_AWS_37	resource	aws_worklink_website_certificate_authority_association	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1141	CKV2_AWS_37	resource	aws_workspaces_directory	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1142	CKV2_AWS_37	resource	aws_workspaces_ip_group	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1143	CKV2_AWS_37	resource	aws_workspaces_workspace	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1144	CKV2_AWS_37	resource	aws_xray_sampling_rule	Ensure Codecommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1145	CKV2_AWS_38	resource	aws_route53_zone	Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones	Terraform	Route53ZoneEnableDNSSECSigning.yaml
1146	CKV2_AWS_39	resource	aws_route53_zone	Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones	Terraform	Route53ZoneHasMatchingQueryLog.yaml
1147	CKV2_AWS_40	resource	aws_iam_group_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1148	CKV2_AWS_40	resource	aws_iam_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1149	CKV2_AWS_40	resource	aws_iam_role_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1150	CKV2_AWS_40	resource	aws_iam_user_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1151	CKV2_AWS_40	resource	aws_ssoadmin_permission_set_inline_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1152	CKV2_AWS_40	resource	data.aws_iam_policy_document	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1153	CKV2_AWS_41	resource	aws_instance	Ensure an IAM role is attached to EC2 instance	Terraform	EC2InstanceHasIAMRoleAttached.yaml
1154	CKV2_AWS_42	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution uses custom SSL certificate	Terraform	CloudFrontHasCustomSSLCertificate.yaml
1155	CKV2_AWS_43	resource	aws_s3_bucket_acl	Ensure S3 Bucket does not allow access to all Authenticated users	Terraform	S3NotAllowAccessToAllAuthenticatedUsers.yaml
1156	CKV2_AWS_44	resource	aws_route	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	VPCPeeringRouteTableOverlyPermissive.yaml
1157	CKV2_AWS_44	resource	aws_route_table	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	VPCPeeringRouteTableOverlyPermissive.yaml
1158	CKV2_AWS_45	resource	aws_config_configuration_recorder	Ensure AWS Config recorder is enabled to record all supported resources	Terraform	AWSConfigRecorderEnabled.yaml
1159	CKV2_AWS_45	resource	aws_config_configuration_recorder_status	Ensure AWS Config recorder is enabled to record all supported resources	Terraform	AWSConfigRecorderEnabled.yaml
1160	CKV2_AWS_46	resource	aws_cloudfront_distribution	Ensure AWS Cloudfront Distribution with S3 have Origin Access set to enabled	Terraform	CLoudFrontS3OriginConfigWithOAI.yaml
1161	CKV2_AWS_47	resource	aws_cloudfront_distribution	Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability	Terraform	CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1162	CKV2_AWS_47	resource	aws_wafv2_web_acl	Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability	Terraform	CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1163	CKV2_AWS_48	resource	aws_config_configuration_recorder	Ensure AWS Config must record all possible resources	Terraform	ConfigRecorderRecordsAllGlobalResources.yaml
1164	CKV2_AWS_49	resource	aws_dms_endpoint	Ensure AWS Database Migration Service endpoints have SSL configured	Terraform	DMSEndpointHaveSSLConfigured.yaml
1165	CKV2_AWS_50	resource	aws_elasticache_replication_group	Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled	Terraform	ElastiCacheRedisConfiguredAutomaticFailOver.yaml
1166	CKV2_AWS_51	resource	aws_api_gateway_stage	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1167	CKV2_AWS_51	resource	aws_apigatewayv2_api	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1168	CKV2_AWS_51	resource	aws_apigatewayv2_stage	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1169	CKV2_AWS_52	resource	aws_elasticsearch_domain	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled	Terraform	OpenSearchDomainHasFineGrainedControl.yaml
1170	CKV2_AWS_52	resource	aws_opensearch_domain	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled	Terraform	OpenSearchDomainHasFineGrainedControl.yaml
1171	CKV2_AWS_53	resource	aws_api_gateway_method	Ensure AWS API gateway request is validated	Terraform	APIGatewayRequestParameterValidationEnabled.yaml
1172	CKV2_AWS_54	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution is using secure SSL protocols for HTTPS communication	Terraform	CloudFrontUsesSecureProtocolsForHTTPS.yaml
1173	CKV2_AWS_55	resource	aws_emr_cluster	Ensure AWS EMR cluster is configured with security configuration	Terraform	EMRClusterHasSecurityConfiguration.yaml
1174	CKV2_AWS_56	resource	aws_iam_group_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1175	CKV2_AWS_56	resource	aws_iam_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1176	CKV2_AWS_56	resource	aws_iam_role	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1177	CKV2_AWS_56	resource	aws_iam_role_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1178	CKV2_AWS_56	resource	aws_iam_user_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1179	CKV2_AWS_56	resource	aws_ssoadmin_managed_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1180	CKV2_AWS_56	resource	data.aws_iam_policy	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1181	CKV2_AWS_57	resource	aws_secretsmanager_secret	Ensure Secrets Manager secrets should have automatic rotation enabled	Terraform	SecretsAreRotated.yaml
1182	CKV2_AWS_58	resource	aws_neptune_cluster	Ensure AWS Neptune cluster deletion protection is enabled	Terraform	NeptuneDeletionProtectionEnabled.yaml
1183	CKV2_AWS_59	resource	aws_elasticsearch_domain	Ensure ElasticSearch/OpenSearch has dedicated master node enabled	Terraform	ElasticSearchDedicatedMasterEnabled.yaml
1184	CKV2_AWS_59	resource	aws_opensearch_domain	Ensure ElasticSearch/OpenSearch has dedicated master node enabled	Terraform	ElasticSearchDedicatedMasterEnabled.yaml
1185	CKV2_AWS_60	resource	aws_db_instance	Ensure RDS instance with copy tags to snapshots is enabled	Terraform	RDSEnableCopyTagsToSnapshot.yaml
1186	CKV2_AWS_61	resource	aws_s3_bucket	Ensure that an S3 bucket has a lifecycle configuration	Terraform	S3BucketLifecycle.yaml
1187	CKV2_AWS_62	resource	aws_s3_bucket	Ensure S3 buckets should have event notifications enabled	Terraform	S3BucketEventNotifications.yaml
1188	CKV2_AWS_63	resource	aws_networkfirewall_firewall	Ensure Network firewall has logging configuration defined	Terraform	NetworkFirewallHasLogging.yaml
1189	CKV2_AWS_64	resource	aws_kms_key	Ensure KMS key Policy is defined	Terraform	KmsKeyPolicyIsDefined.yaml
1190	CKV_AZURE_1	resource	azurerm_linux_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	AzureInstancePassword.py
1191	CKV_AZURE_1	resource	azurerm_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	AzureInstancePassword.py
1192	CKV_AZURE_2	resource	azurerm_managed_disk	Ensure Azure managed disk has encryption enabled	Terraform	AzureManagedDiskEncryption.py
1193	CKV_AZURE_3	resource	azurerm_storage_account	Ensure that ‘enable_https_traffic_only’ is enabled	Terraform	StorageAccountsTransportEncryption.py
1194	CKV_AZURE_4	resource	azurerm_kubernetes_cluster	Ensure AKS logging to Azure Monitoring is Configured	Terraform	AKSLoggingEnabled.py
1195	CKV_AZURE_5	resource	azurerm_kubernetes_cluster	Ensure RBAC is enabled on AKS clusters	Terraform	AKSRbacEnabled.py
1196	CKV_AZURE_6	resource	azurerm_kubernetes_cluster	Ensure AKS has an API Server Authorized IP Ranges enabled	Terraform	AKSApiServerAuthorizedIpRanges.py
1197	CKV_AZURE_7	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Network Policy configured	Terraform	AKSNetworkPolicy.py
1198	CKV_AZURE_8	resource	azurerm_kubernetes_cluster	Ensure Kubernetes Dashboard is disabled	Terraform	AKSDashboardDisabled.py
1199	CKV_AZURE_9	resource	azurerm_network_security_group	Ensure that RDP access is restricted from the internet	Terraform	NSGRuleRDPAccessRestricted.py
1200	CKV_AZURE_9	resource	azurerm_network_security_rule	Ensure that RDP access is restricted from the internet	Terraform	NSGRuleRDPAccessRestricted.py
1201	CKV_AZURE_10	resource	azurerm_network_security_group	Ensure that SSH access is restricted from the internet	Terraform	NSGRuleSSHAccessRestricted.py
1202	CKV_AZURE_10	resource	azurerm_network_security_rule	Ensure that SSH access is restricted from the internet	Terraform	NSGRuleSSHAccessRestricted.py
1203	CKV_AZURE_11	resource	azurerm_mariadb_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1204	CKV_AZURE_11	resource	azurerm_mysql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1205	CKV_AZURE_11	resource	azurerm_postgresql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1206	CKV_AZURE_11	resource	azurerm_sql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1207	CKV_AZURE_12	resource	azurerm_network_watcher_flow_log	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Terraform	NetworkWatcherFlowLogPeriod.py
1208	CKV_AZURE_13	resource	azurerm_app_service	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1209	CKV_AZURE_13	resource	azurerm_linux_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1210	CKV_AZURE_13	resource	azurerm_windows_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1211	CKV_AZURE_14	resource	azurerm_app_service	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1212	CKV_AZURE_14	resource	azurerm_linux_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1213	CKV_AZURE_14	resource	azurerm_windows_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1214	CKV_AZURE_15	resource	azurerm_app_service	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1215	CKV_AZURE_15	resource	azurerm_linux_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1216	CKV_AZURE_15	resource	azurerm_windows_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1217	CKV_AZURE_16	resource	azurerm_app_service	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1218	CKV_AZURE_16	resource	azurerm_linux_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1219	CKV_AZURE_16	resource	azurerm_windows_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1220	CKV_AZURE_17	resource	azurerm_app_service	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1221	CKV_AZURE_17	resource	azurerm_linux_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1222	CKV_AZURE_17	resource	azurerm_windows_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1223	CKV_AZURE_18	resource	azurerm_app_service	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1224	CKV_AZURE_18	resource	azurerm_linux_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1225	CKV_AZURE_18	resource	azurerm_windows_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1226	CKV_AZURE_19	resource	azurerm_security_center_subscription_pricing	Ensure that standard pricing tier is selected	Terraform	SecurityCenterStandardPricing.py
1227	CKV_AZURE_20	resource	azurerm_security_center_contact	Ensure that security contact ‘Phone number’ is set	Terraform	SecurityCenterContactPhone.py
1228	CKV_AZURE_21	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	SecurityCenterContactEmailAlert.py
1229	CKV_AZURE_22	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	SecurityCenterContactEmailAlertAdmins.py
1230	CKV_AZURE_23	resource	azurerm_mssql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1231	CKV_AZURE_23	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1232	CKV_AZURE_23	resource	azurerm_sql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1233	CKV_AZURE_24	resource	azurerm_mssql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1234	CKV_AZURE_24	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1235	CKV_AZURE_24	resource	azurerm_sql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1236	CKV_AZURE_25	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Threat Detection types’ is set to ‘All’	Terraform	SQLServerThreatDetectionTypes.py
1237	CKV_AZURE_26	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	Terraform	SQLServerEmailAlertsEnabled.py
1238	CKV_AZURE_27	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	Terraform	SQLServerEmailAlertsToAdminsEnabled.py
1239	CKV_AZURE_28	resource	azurerm_mysql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	Terraform	MySQLServerSSLEnforcementEnabled.py
1240	CKV_AZURE_29	resource	azurerm_postgresql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	Terraform	PostgreSQLServerSSLEnforcementEnabled.py
1241	CKV_AZURE_30	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogCheckpointsEnabled.py
1242	CKV_AZURE_31	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogConnectionsEnabled.py
1243	CKV_AZURE_32	resource	azurerm_postgresql_configuration	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerConnectionThrottlingEnabled.py
1244	CKV_AZURE_33	resource	azurerm_storage_account	Ensure Storage logging is enabled for Queue service for read, write and delete requests	Terraform	StorageAccountLoggingQueueServiceEnabled.py
1245	CKV_AZURE_34	resource	azurerm_storage_container	Ensure that ‘Public access level’ is set to Private for blob containers	Terraform	StorageBlobServiceContainerPrivateAccess.py
1246	CKV_AZURE_35	resource	azurerm_storage_account	Ensure default network access rule for Storage Accounts is set to deny	Terraform	StorageAccountDefaultNetworkAccessDeny.py
1247	CKV_AZURE_35	resource	azurerm_storage_account_network_rules	Ensure default network access rule for Storage Accounts is set to deny	Terraform	StorageAccountDefaultNetworkAccessDeny.py
1248	CKV_AZURE_36	resource	azurerm_storage_account	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	StorageAccountAzureServicesAccessEnabled.py
1249	CKV_AZURE_36	resource	azurerm_storage_account_network_rules	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	StorageAccountAzureServicesAccessEnabled.py
1250	CKV_AZURE_37	resource	azurerm_monitor_log_profile	Ensure that Activity Log Retention is set 365 days or greater	Terraform	MonitorLogProfileRetentionDays.py
1251	CKV_AZURE_38	resource	azurerm_monitor_log_profile	Ensure audit profile captures all the activities	Terraform	MonitorLogProfileCategories.py
1252	CKV_AZURE_39	resource	azurerm_role_definition	Ensure that no custom subscription owner roles are created	Terraform	CutsomRoleDefinitionSubscriptionOwner.py
1253	CKV_AZURE_40	resource	azurerm_key_vault_key	Ensure that the expiration date is set on all keys	Terraform	KeyExpirationDate.py
1254	CKV_AZURE_41	resource	azurerm_key_vault_secret	Ensure that the expiration date is set on all secrets	Terraform	SecretExpirationDate.py
1255	CKV_AZURE_42	resource	azurerm_key_vault	Ensure the key vault is recoverable	Terraform	KeyvaultRecoveryEnabled.py
1256	CKV_AZURE_43	resource	azurerm_storage_account	Ensure Storage Accounts adhere to the naming rules	Terraform	StorageAccountName.py
1257	CKV_AZURE_44	resource	azurerm_storage_account	Ensure Storage Account is using the latest version of TLS encryption	Terraform	StorageAccountMinimumTlsVersion.py
1258	CKV_AZURE_45	resource	azurerm_virtual_machine	Ensure that no sensitive credentials are exposed in VM custom_data	Terraform	VMCredsInCustomData.py
1259	CKV_AZURE_47	resource	azurerm_mariadb_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	Terraform	MariaDBSSLEnforcementEnabled.py
1260	CKV_AZURE_48	resource	azurerm_mariadb_server	Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers	Terraform	MariaDBPublicAccessDisabled.py
1261	CKV_AZURE_49	resource	azurerm_linux_virtual_machine_scale_set	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	Terraform	AzureScaleSetPassword.py
1262	CKV_AZURE_50	resource	azurerm_linux_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	AzureInstanceExtensions.py
1263	CKV_AZURE_50	resource	azurerm_windows_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	AzureInstanceExtensions.py
1264	CKV_AZURE_52	resource	azurerm_mssql_server	Ensure MSSQL is using the latest version of TLS encryption	Terraform	MSSQLServerMinTLSVersion.py
1265	CKV_AZURE_53	resource	azurerm_mysql_server	Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers	Terraform	MySQLPublicAccessDisabled.py
1266	CKV_AZURE_54	resource	azurerm_mysql_server	Ensure MySQL is using the latest version of TLS encryption	Terraform	MySQLServerMinTLSVersion.py
1267	CKV_AZURE_55	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Servers	Terraform	AzureDefenderOnServers.py
1268	CKV_AZURE_56	resource	azurerm_function_app	Ensure that function apps enables Authentication	Terraform	FunctionAppsEnableAuthentication.py
1269	CKV_AZURE_57	resource	azurerm_app_service	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1270	CKV_AZURE_57	resource	azurerm_linux_web_app	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1271	CKV_AZURE_57	resource	azurerm_windows_web_app	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1272	CKV_AZURE_58	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces enables managed virtual networks	Terraform	SynapseWorkspaceEnablesManagedVirtualNetworks.py
1273	CKV_AZURE_59	resource	azurerm_storage_account	Ensure that Storage accounts disallow public access	Terraform	StorageAccountDisablePublicAccess.py
1274	CKV_AZURE_61	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for App Service	Terraform	AzureDefenderOnAppServices.py
1275	CKV_AZURE_62	resource	azurerm_function_app	Ensure function apps are not accessible from all regions	Terraform	FunctionAppDisallowCORS.py
1276	CKV_AZURE_63	resource	azurerm_app_service	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1277	CKV_AZURE_63	resource	azurerm_linux_web_app	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1278	CKV_AZURE_63	resource	azurerm_windows_web_app	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1279	CKV_AZURE_64	resource	azurerm_storage_sync	Ensure that Azure File Sync disables public network access	Terraform	StorageSyncPublicAccessDisabled.py
1280	CKV_AZURE_65	resource	azurerm_app_service	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1281	CKV_AZURE_65	resource	azurerm_linux_web_app	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1282	CKV_AZURE_65	resource	azurerm_windows_web_app	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1283	CKV_AZURE_66	resource	azurerm_app_service	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1284	CKV_AZURE_66	resource	azurerm_linux_web_app	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1285	CKV_AZURE_66	resource	azurerm_windows_web_app	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1286	CKV_AZURE_67	resource	azurerm_function_app	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	FunctionAppHttpVersionLatest.py
1287	CKV_AZURE_67	resource	azurerm_function_app_slot	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	FunctionAppHttpVersionLatest.py
1288	CKV_AZURE_68	resource	azurerm_postgresql_server	Ensure that PostgreSQL server disables public network access	Terraform	PostgreSQLServerPublicAccessDisabled.py
1289	CKV_AZURE_69	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Azure SQL database servers	Terraform	AzureDefenderOnSqlServers.py
1290	CKV_AZURE_70	resource	azurerm_function_app	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1291	CKV_AZURE_71	resource	azurerm_app_service	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1292	CKV_AZURE_71	resource	azurerm_linux_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1293	CKV_AZURE_71	resource	azurerm_windows_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1294	CKV_AZURE_72	resource	azurerm_app_service	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1295	CKV_AZURE_72	resource	azurerm_linux_web_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1296	CKV_AZURE_72	resource	azurerm_windows_web_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1297	CKV_AZURE_73	resource	azurerm_automation_variable_bool	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1298	CKV_AZURE_73	resource	azurerm_automation_variable_datetime	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1299	CKV_AZURE_73	resource	azurerm_automation_variable_int	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1300	CKV_AZURE_73	resource	azurerm_automation_variable_string	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1301	CKV_AZURE_74	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer (Kusto) uses disk encryption	Terraform	DataExplorerUsesDiskEncryption.py
1302	CKV_AZURE_75	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer uses double encryption	Terraform	AzureDataExplorerDoubleEncryptionEnabled.py
1303	CKV_AZURE_76	resource	azurerm_batch_account	Ensure that Azure Batch account uses key vault to encrypt data	Terraform	AzureBatchAccountUsesKeyVaultEncryption.py
1304	CKV_AZURE_77	resource	azurerm_network_security_group	Ensure that UDP Services are restricted from the Internet	Terraform	NSGRuleUDPAccessRestricted.py
1305	CKV_AZURE_77	resource	azurerm_network_security_rule	Ensure that UDP Services are restricted from the Internet	Terraform	NSGRuleUDPAccessRestricted.py
1306	CKV_AZURE_78	resource	azurerm_app_service	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1307	CKV_AZURE_78	resource	azurerm_linux_web_app	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1308	CKV_AZURE_78	resource	azurerm_windows_web_app	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1309	CKV_AZURE_79	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for SQL servers on machines	Terraform	AzureDefenderOnSqlServerVMS.py
1310	CKV_AZURE_80	resource	azurerm_app_service	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Terraform	AppServiceDotnetFrameworkVersion.py
1311	CKV_AZURE_80	resource	azurerm_windows_web_app	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Terraform	AppServiceDotnetFrameworkVersion.py
1312	CKV_AZURE_81	resource	azurerm_app_service	Ensure that ‘PHP version’ is the latest, if used to run the web app	Terraform	AppServicePHPVersion.py
1313	CKV_AZURE_82	resource	azurerm_app_service	Ensure that ‘Python version’ is the latest, if used to run the web app	Terraform	AppServicePythonVersion.py
1314	CKV_AZURE_83	resource	azurerm_app_service	Ensure that ‘Java version’ is the latest, if used to run the web app	Terraform	AppServiceJavaVersion.py
1315	CKV_AZURE_84	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Storage	Terraform	AzureDefenderOnStorage.py
1316	CKV_AZURE_85	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Kubernetes	Terraform	AzureDefenderOnKubernetes.py
1317	CKV_AZURE_86	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Container Registries	Terraform	AzureDefenderOnContainerRegistry.py
1318	CKV_AZURE_87	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Key Vault	Terraform	AzureDefenderOnKeyVaults.py
1319	CKV_AZURE_88	resource	azurerm_app_service	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1320	CKV_AZURE_88	resource	azurerm_linux_web_app	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1321	CKV_AZURE_88	resource	azurerm_windows_web_app	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1322	CKV_AZURE_89	resource	azurerm_redis_cache	Ensure that Azure Cache for Redis disables public network access	Terraform	RedisCachePublicNetworkAccessEnabled.py
1323	CKV_AZURE_91	resource	azurerm_redis_cache	Ensure that only SSL are enabled for Cache for Redis	Terraform	RedisCacheEnableNonSSLPort.py
1324	CKV_AZURE_92	resource	azurerm_linux_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	VMStorageOsDisk.py
1325	CKV_AZURE_92	resource	azurerm_windows_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	VMStorageOsDisk.py
1326	CKV_AZURE_93	resource	azurerm_managed_disk	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	Terraform	AzureManagedDiskEncryptionSet.py
1327	CKV_AZURE_94	resource	azurerm_mysql_flexible_server	Ensure that My SQL server enables geo-redundant backups	Terraform	MySQLGeoBackupEnabled.py
1328	CKV_AZURE_94	resource	azurerm_mysql_server	Ensure that My SQL server enables geo-redundant backups	Terraform	MySQLGeoBackupEnabled.py
1329	CKV_AZURE_95	resource	azurerm_virtual_machine_scale_set	Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets	Terraform	VMScaleSetsAutoOSImagePatchingEnabled.py
1330	CKV_AZURE_96	resource	azurerm_mysql_server	Ensure that MySQL server enables infrastructure encryption	Terraform	MySQLEncryptionEnaled.py
1331	CKV_AZURE_97	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	VMEncryptionAtHostEnabled.py
1332	CKV_AZURE_97	resource	azurerm_windows_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	VMEncryptionAtHostEnabled.py
1333	CKV_AZURE_98	resource	azurerm_container_group	Ensure that Azure Container group is deployed into virtual network	Terraform	AzureContainerGroupDeployedIntoVirtualNetwork.py
1334	CKV_AZURE_99	resource	azurerm_cosmosdb_account	Ensure Cosmos DB accounts have restricted access	Terraform	CosmosDBAccountsRestrictedAccess.py
1335	CKV_AZURE_100	resource	azurerm_cosmosdb_account	Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest	Terraform	CosmosDBHaveCMK.py
1336	CKV_AZURE_101	resource	azurerm_cosmosdb_account	Ensure that Azure Cosmos DB disables public network access	Terraform	CosmosDBDisablesPublicNetwork.py
1337	CKV_AZURE_102	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables geo-redundant backups	Terraform	PostgressSQLGeoBackupEnabled.py
1338	CKV_AZURE_103	resource	azurerm_data_factory	Ensure that Azure Data Factory uses Git repository for source control	Terraform	DataFactoryUsesGitRepository.py
1339	CKV_AZURE_104	resource	azurerm_data_factory	Ensure that Azure Data factory public network access is disabled	Terraform	DataFactoryNoPublicNetworkAccess.py
1340	CKV_AZURE_105	resource	azurerm_data_lake_store	Ensure that Data Lake Store accounts enables encryption	Terraform	DataLakeStoreEncryption.py
1341	CKV_AZURE_106	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain public network access is disabled	Terraform	EventgridDomainNetworkAccess.py
1342	CKV_AZURE_107	resource	azurerm_api_management	Ensure that API management services use virtual networks	Terraform	APIServicesUseVirtualNetwork.py
1343	CKV_AZURE_108	resource	azurerm_iothub	Ensure that Azure IoT Hub disables public network access	Terraform	IoTNoPublicNetworkAccess.py
1344	CKV_AZURE_109	resource	azurerm_key_vault	Ensure that key vault allows firewall rules settings	Terraform	KeyVaultEnablesFirewallRulesSettings.py
1345	CKV_AZURE_110	resource	azurerm_key_vault	Ensure that key vault enables purge protection	Terraform	KeyVaultEnablesPurgeProtection.py
1346	CKV_AZURE_111	resource	azurerm_key_vault	Ensure that key vault enables soft delete	Terraform	KeyVaultEnablesSoftDelete.py
1347	CKV_AZURE_112	resource	azurerm_key_vault_key	Ensure that key vault key is backed by HSM	Terraform	KeyBackedByHSM.py
1348	CKV_AZURE_113	resource	azurerm_mssql_server	Ensure that SQL server disables public network access	Terraform	SQLServerPublicAccessDisabled.py
1349	CKV_AZURE_114	resource	azurerm_key_vault_secret	Ensure that key vault secrets have “content_type” set	Terraform	SecretContentType.py
1350	CKV_AZURE_115	resource	azurerm_kubernetes_cluster	Ensure that AKS enables private clusters	Terraform	AKSEnablesPrivateClusters.py
1351	CKV_AZURE_116	resource	azurerm_kubernetes_cluster	Ensure that AKS uses Azure Policies Add-on	Terraform	AKSUsesAzurePoliciesAddon.py
1352	CKV_AZURE_117	resource	azurerm_kubernetes_cluster	Ensure that AKS uses disk encryption set	Terraform	AKSUsesDiskEncryptionSet.py
1353	CKV_AZURE_118	resource	azurerm_network_interface	Ensure that Network Interfaces disable IP forwarding	Terraform	NetworkInterfaceEnableIPForwarding.py
1354	CKV_AZURE_119	resource	azurerm_network_interface	Ensure that Network Interfaces don’t use public IPs	Terraform	AzureNetworkInterfacePublicIPAddressId.yaml
1355	CKV_AZURE_120	resource	azurerm_application_gateway	Ensure that Application Gateway enables WAF	Terraform	ApplicationGatewayEnablesWAF.yaml
1356	CKV_AZURE_120	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway enables WAF	Terraform	ApplicationGatewayEnablesWAF.yaml
1357	CKV_AZURE_121	resource	azurerm_frontdoor	Ensure that Azure Front Door enables WAF	Terraform	AzureFrontDoorEnablesWAF.py
1358	CKV_AZURE_122	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes	Terraform	AppGWUseWAFMode.py
1359	CKV_AZURE_123	resource	azurerm_frontdoor_firewall_policy	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	Terraform	FrontdoorUseWAFMode.py
1360	CKV_AZURE_124	resource	azurerm_search_service	Ensure that Azure Cognitive Search disables public network access	Terraform	AzureSearchPublicNetworkAccessDisabled.py
1361	CKV_AZURE_125	resource	azurerm_service_fabric_cluster	Ensures that Service Fabric use three levels of protection available	Terraform	AzureServiceFabricClusterProtectionLevel.py
1362	CKV_AZURE_126	resource	azurerm_service_fabric_cluster	Ensures that Active Directory is used for authentication for Service Fabric	Terraform	ActiveDirectoryUsedAuthenticationServiceFabric.py
1363	CKV_AZURE_127	resource	azurerm_mysql_server	Ensure that My SQL server enables Threat detection policy	Terraform	MySQLTreatDetectionEnabled.py
1364	CKV_AZURE_128	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables Threat detection policy	Terraform	PostgresSQLTreatDetectionEnabled.py
1365	CKV_AZURE_129	resource	azurerm_mariadb_server	Ensure that MariaDB server enables geo-redundant backups	Terraform	MariaDBGeoBackupEnabled.py
1366	CKV_AZURE_130	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables infrastructure encryption	Terraform	PostgreSQLEncryptionEnabled.py
1367	CKV_AZURE_131	resource	azurerm_security_center_contact	Ensure that ‘Security contact emails’ is set	Terraform	SecurityCenterContactEmails.py
1368	CKV_AZURE_132	resource	azurerm_cosmosdb_account	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	Terraform	CosmosDBDisableAccessKeyWrite.py
1369	CKV_AZURE_133	resource	azurerm_frontdoor_firewall_policy	Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	FrontDoorWAFACLCVE202144228.py
1370	CKV_AZURE_134	resource	azurerm_cognitive_account	Ensure that Cognitive Services accounts disable public network access	Terraform	CognitiveServicesDisablesPublicNetwork.py
1371	CKV_AZURE_135	resource	azurerm_web_application_firewall_policy	Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	AppGatewayWAFACLCVE202144228.py
1372	CKV_AZURE_136	resource	azurerm_postgresql_flexible_server	Ensure that PostgreSQL Flexible server enables geo-redundant backups	Terraform	PostgreSQLFlexiServerGeoBackupEnabled.py
1373	CKV_AZURE_137	resource	azurerm_container_registry	Ensure ACR admin account is disabled	Terraform	ACRAdminAccountDisabled.py
1374	CKV_AZURE_138	resource	azurerm_container_registry	Ensures that ACR disables anonymous pulling of images	Terraform	ACRAnonymousPullDisabled.py
1375	CKV_AZURE_139	resource	azurerm_container_registry	Ensure ACR set to disable public networking	Terraform	ACRPublicNetworkAccessDisabled.py
1376	CKV_AZURE_140	resource	azurerm_cosmosdb_account	Ensure that Local Authentication is disabled on CosmosDB	Terraform	CosmosDBLocalAuthDisabled.py
1377	CKV_AZURE_141	resource	azurerm_kubernetes_cluster	Ensure AKS local admin account is disabled	Terraform	AKSLocalAdminDisabled.py
1378	CKV_AZURE_142	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Local Authentication is disabled	Terraform	MLCCLADisabled.py
1379	CKV_AZURE_143	resource	azurerm_kubernetes_cluster	Ensure AKS cluster nodes do not have public IP addresses	Terraform	AKSNodePublicIpDisabled.py
1380	CKV_AZURE_144	resource	azurerm_machine_learning_workspace	Ensure that Public Access is disabled for Machine Learning Workspace	Terraform	MLPublicAccess.py
1381	CKV_AZURE_145	resource	azurerm_function_app	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
1382	CKV_AZURE_146	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogRetentionEnabled.py
1383	CKV_AZURE_147	resource	azurerm_postgresql_server	Ensure PostgreSQL is using the latest version of TLS encryption	Terraform	PostgreSQLMinTLSVersion.py
1384	CKV_AZURE_148	resource	azurerm_redis_cache	Ensure Redis Cache is using the latest version of TLS encryption	Terraform	RedisCacheMinTLSVersion.py
1385	CKV_AZURE_149	resource	azurerm_linux_virtual_machine	Ensure that Virtual machine does not enable password authentication	Terraform	VMDisablePasswordAuthentication.py
1386	CKV_AZURE_149	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine does not enable password authentication	Terraform	VMDisablePasswordAuthentication.py
1387	CKV_AZURE_150	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0	Terraform	MLComputeClusterMinNodes.py
1388	CKV_AZURE_151	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables encryption	Terraform	WinVMEncryptionAtHost.py
1389	CKV_AZURE_152	resource	azurerm_api_management	Ensure Client Certificates are enforced for API management	Terraform	APIManagementCertsEnforced.py
1390	CKV_AZURE_153	resource	azurerm_app_service_slot	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Terraform	AppServiceSlotHTTPSOnly.py
1391	CKV_AZURE_154	resource	azurerm_app_service_slot	Ensure the App service slot is using the latest version of TLS encryption	Terraform	AppServiceSlotMinTLS.py
1392	CKV_AZURE_155	resource	azurerm_app_service_slot	Ensure debugging is disabled for the App service slot	Terraform	AppServiceSlotDebugDisabled.py
1393	CKV_AZURE_156	resource	azurerm_mssql_database_extended_auditing_policy	Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs	Terraform	MSSQLServerAuditPolicyLogMonitor.py
1394	CKV_AZURE_157	resource	azurerm_synapse_workspace	Ensure that Synapse workspace has data_exfiltration_protection_enabled	Terraform	SynapseWorkspaceEnablesDataExfilProtection.py
1395	CKV_AZURE_158	resource	azurerm_databricks_workspace	Ensure that databricks workspace has not public	Terraform	DatabricksWorkspaceIsNotPublic.py
1396	CKV_AZURE_159	resource	azurerm_function_app	Ensure function app builtin logging is enabled	Terraform	FunctionAppEnableLogging.py
1397	CKV_AZURE_159	resource	azurerm_function_app_slot	Ensure function app builtin logging is enabled	Terraform	FunctionAppEnableLogging.py
1398	CKV_AZURE_160	resource	azurerm_network_security_group	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	NSGRuleHTTPAccessRestricted.py
1399	CKV_AZURE_160	resource	azurerm_network_security_rule	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	NSGRuleHTTPAccessRestricted.py
1400	CKV_AZURE_161	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal is enabled on for HTTPS	Terraform	SpringCloudAPIPortalHTTPSOnly.py
1401	CKV_AZURE_162	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal Public Access Is Disabled	Terraform	SpringCloudAPIPortalPublicAccessIsDisabled.py
1402	CKV_AZURE_163	resource	azurerm_container_registry	Enable vulnerability scanning for container images.	Terraform	ACRContainerScanEnabled.py
1403	CKV_AZURE_164	resource	azurerm_container_registry	Ensures that ACR uses signed/trusted images	Terraform	ACRUseSignedImages.py
1404	CKV_AZURE_165	resource	azurerm_container_registry	Ensure geo-replicated container registries to match multi-region container deployments.	Terraform	ACRGeoreplicated.py
1405	CKV_AZURE_166	resource	azurerm_container_registry	Ensure container image quarantine, scan, and mark images verified	Terraform	ACREnableImageQuarantine.py
1406	CKV_AZURE_167	resource	azurerm_container_registry	Ensure a retention policy is set to cleanup untagged manifests.	Terraform	ACREnableRetentionPolicy.py
1407	CKV_AZURE_168	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	AKSMaxPodsMinimum.py
1408	CKV_AZURE_168	resource	azurerm_kubernetes_cluster_node_pool	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	AKSMaxPodsMinimum.py
1409	CKV_AZURE_169	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets	Terraform	AKSPoolTypeIsScaleSet.py
1410	CKV_AZURE_170	resource	azurerm_kubernetes_cluster	Ensure that AKS use the Paid Sku for its SLA	Terraform	AKSIsPaidSku.py
1411	CKV_AZURE_171	resource	azurerm_kubernetes_cluster	Ensure AKS cluster upgrade channel is chosen	Terraform	AKSUpgradeChannel.py
1412	CKV_AZURE_172	resource	azurerm_kubernetes_cluster	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	Terraform	AKSSecretStoreRotation.py
1413	CKV_AZURE_173	resource	azurerm_api_management	Ensure API management uses at least TLS 1.2	Terraform	APIManagementMinTLS12.py
1414	CKV_AZURE_174	resource	azurerm_api_management	Ensure API management public access is disabled	Terraform	APIManagementPublicAccess.py
1415	CKV_AZURE_175	resource	azurerm_web_pubsub	Ensure Web PubSub uses a SKU with an SLA	Terraform	PubsubSKUSLA.py
1416	CKV_AZURE_176	resource	azurerm_web_pubsub	Ensure Web PubSub uses managed identities to access Azure resources	Terraform	PubsubSpecifyIdentity.py
1417	CKV_AZURE_177	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables automatic updates	Terraform	WinVMAutomaticUpdates.py
1418	CKV_AZURE_177	resource	azurerm_windows_virtual_machine_scale_set	Ensure Windows VM enables automatic updates	Terraform	WinVMAutomaticUpdates.py
1419	CKV_AZURE_178	resource	azurerm_linux_virtual_machine	Ensure linux VM enables SSH with keys for secure communication	Terraform	LinuxVMUsesSSH.py
1420	CKV_AZURE_178	resource	azurerm_linux_virtual_machine_scale_set	Ensure linux VM enables SSH with keys for secure communication	Terraform	LinuxVMUsesSSH.py
1421	CKV_AZURE_179	resource	azurerm_linux_virtual_machine	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1422	CKV_AZURE_179	resource	azurerm_linux_virtual_machine_scale_set	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1423	CKV_AZURE_179	resource	azurerm_windows_virtual_machine	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1424	CKV_AZURE_179	resource	azurerm_windows_virtual_machine_scale_set	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
1425	CKV_AZURE_180	resource	azurerm_kusto_cluster	Ensure that data explorer uses Sku with an SLA	Terraform	DataExplorerSKUHasSLA.py
1426	CKV_AZURE_181	resource	azurerm_kusto_cluster	Ensure that data explorer/Kusto uses managed identities to access Azure resources securely.	Terraform	DataExplorerServiceIdentity.py
1427	CKV_AZURE_182	resource	azurerm_virtual_network	Ensure that VNET has at least 2 connected DNS Endpoints	Terraform	VnetSingleDNSServer.py
1428	CKV_AZURE_182	resource	azurerm_virtual_network_dns_servers	Ensure that VNET has at least 2 connected DNS Endpoints	Terraform	VnetSingleDNSServer.py
1429	CKV_AZURE_183	resource	azurerm_virtual_network	Ensure that VNET uses local DNS addresses	Terraform	VnetLocalDNS.py
1430	CKV_AZURE_184	resource	azurerm_app_configuration	Ensure ‘local_auth_enabled’ is set to ‘False’	Terraform	AppConfigLocalAuth.py
1431	CKV_AZURE_185	resource	azurerm_app_configuration	Ensure ‘Public Access’ is not Enabled for App configuration	Terraform	AppConfigPublicAccess.py
1432	CKV_AZURE_186	resource	azurerm_app_configuration	Ensure App configuration encryption block is set.	Terraform	AppConfigEncryption.py
1433	CKV_AZURE_187	resource	azurerm_app_configuration	Ensure App configuration purge protection is enabled	Terraform	AppConfigPurgeProtection.py
1434	CKV_AZURE_188	resource	azurerm_app_configuration	Ensure App configuration Sku is standard	Terraform	AppConfigSku.py
1435	CKV_AZURE_189	resource	azurerm_key_vault	Ensure that Azure Key Vault disables public network access	Terraform	KeyVaultDisablesPublicNetworkAccess.py
1436	CKV_AZURE_190	resource	azurerm_storage_account	Ensure that Storage blobs restrict public access	Terraform	StorageBlobRestrictPublicAccess.py
1437	CKV_AZURE_191	resource	azurerm_eventgrid_topic	Ensure that Managed identity provider is enabled for Azure Event Grid Topic	Terraform	EventgridTopicIdentityProviderEnabled.py
1438	CKV_AZURE_192	resource	azurerm_eventgrid_topic	Ensure that Azure Event Grid Topic local Authentication is disabled	Terraform	EventgridTopicLocalAuthentication.py
1439	CKV_AZURE_193	resource	azurerm_eventgrid_topic	Ensure public network access is disabled for Azure Event Grid Topic	Terraform	EventgridTopicNetworkAccess.py
1440	CKV_AZURE_194	resource	azurerm_eventgrid_domain	Ensure that Managed identity provider is enabled for Azure Event Grid Domain	Terraform	EventgridDomainIdentityProviderEnabled.py
1441	CKV_AZURE_195	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain local Authentication is disabled	Terraform	EventgridDomainLocalAuthentication.py
1442	CKV_AZURE_196	resource	azurerm_signalr_service	Ensure that SignalR uses a Paid Sku for its SLA	Terraform	SignalRSKUSLA.py
1443	CKV_AZURE_197	resource	azurerm_cdn_endpoint	Ensure the Azure CDN disables the HTTP endpoint	Terraform	CDNDisableHttpEndpoints.py
1444	CKV_AZURE_198	resource	azurerm_cdn_endpoint	Ensure the Azure CDN enables the HTTPS endpoint	Terraform	CDNEnableHttpsEndpoints.py
1445	CKV_AZURE_199	resource	azurerm_servicebus_namespace	Ensure that Azure Service Bus uses double encryption	Terraform	AzureServicebusDoubleEncryptionEnabled.py
1446	CKV_AZURE_200	resource	azurerm_cdn_endpoint_custom_domain	Ensure the Azure CDN endpoint is using the latest version of TLS encryption	Terraform	CDNTLSProtocol12.py
1447	CKV_AZURE_201	resource	azurerm_servicebus_namespace	Ensure that Azure Service Bus uses a customer-managed key to encrypt data	Terraform	AzureServicebusHasCMK.py
1448	CKV_AZURE_202	resource	azurerm_servicebus_namespace	Ensure that Managed identity provider is enabled for Azure Service Bus	Terraform	AzureServicebusIdentityProviderEnabled.py
1449	CKV_AZURE_203	resource	azurerm_servicebus_namespace	Ensure Azure Service Bus Local Authentication is disabled	Terraform	AzureServicebusLocalAuthDisabled.py
1450	CKV_AZURE_204	resource	azurerm_servicebus_namespace	Ensure ‘public network access enabled’ is set to ‘False’ for Azure Service Bus	Terraform	AzureServicebusPublicAccessDisabled.py
1451	CKV_AZURE_205	resource	azurerm_servicebus_namespace	Ensure Azure Service Bus is using the latest version of TLS encryption	Terraform	AzureServicebusMinTLSVersion.py
1452	CKV_AZURE_206	resource	azurerm_storage_account	Ensure that Storage Accounts use replication	Terraform	StorageAccountsUseReplication.py
1453	CKV_AZURE_207	resource	azurerm_search_service	Ensure Azure Cognitive Search service uses managed identities to access Azure resources	Terraform	AzureSearchManagedIdentity.py
1454	CKV_AZURE_208	resource	azurerm_search_service	Ensure that Azure Cognitive Search maintains SLA for index updates	Terraform	AzureSearchSLAIndex.py
1455	CKV_AZURE_209	resource	azurerm_search_service	Ensure that Azure Cognitive Search maintains SLA for search index queries	Terraform	AzureSearchSLAQueryUpdates.py
1456	CKV_AZURE_210	resource	azurerm_search_service	Ensure Azure Cognitive Search service allowed IPS does not give public Access	Terraform	AzureSearchAllowedIPsNotGlobal.py
1457	CKV_AZURE_211	resource	azurerm_service_plan	Ensure App Service plan suitable for production use	Terraform	AppServiceSkuMinimum.py
1458	CKV_AZURE_212	resource	azurerm_service_plan	Ensure App Service has a minimum number of instances for failover	Terraform	AppServiceInstanceMinimum.py
1459	CKV_AZURE_213	resource	azurerm_app_service	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
1460	CKV_AZURE_213	resource	azurerm_linux_web_app	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
1461	CKV_AZURE_213	resource	azurerm_windows_web_app	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
1462	CKV_AZURE_214	resource	azurerm_linux_web_app	Ensure App Service is set to be always on	Terraform	AppServiceAlwaysOn.py
1463	CKV_AZURE_214	resource	azurerm_windows_web_app	Ensure App Service is set to be always on	Terraform	AppServiceAlwaysOn.py
1464	CKV_AZURE_215	resource	azurerm_api_management_backend	Ensure API management backend uses https	Terraform	APIManagementBackendHTTPS.py
1465	CKV_AZURE_216	resource	azurerm_firewall	Ensure DenyIntelMode is set to Deny for Azure Firewalls	Terraform	AzureFirewallDenyThreatIntelMode.py
1466	CKV_AZURE_217	resource	azurerm_application_gateway	Ensure Azure Application gateways listener that allow connection requests over HTTP	Terraform	AppGWUsesHttps.py
1467	CKV_AZURE_218	resource	azurerm_application_gateway	Ensure Application Gateway defines secure protocols for in transit communication	Terraform	AppGWDefinesSecureProtocols.py
1468	CKV_AZURE_219	resource	azurerm_firewall	Ensure Firewall defines a firewall policy	Terraform	AzureFirewallDefinesPolicy.py
1469	CKV_AZURE_220	resource	azurerm_firewall_policy	Ensure Firewall policy has IDPS mode as deny	Terraform	AzureFirewallPolicyIDPSDeny.py
1470	CKV_AZURE_221	resource	azurerm_linux_function_app	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
1471	CKV_AZURE_221	resource	azurerm_linux_function_app_slot	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
1472	CKV_AZURE_221	resource	azurerm_windows_function_app	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
1473	CKV_AZURE_221	resource	azurerm_windows_function_app_slot	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
1474	CKV_AZURE_222	resource	azurerm_linux_web_app	Ensure that Azure Web App public network access is disabled	Terraform	AppServicePublicAccessDisabled.py
1475	CKV_AZURE_222	resource	azurerm_windows_web_app	Ensure that Azure Web App public network access is disabled	Terraform	AppServicePublicAccessDisabled.py
1476	CKV_AZURE_223	resource	azurerm_eventhub_namespace	Ensure Event Hub Namespace uses at least TLS 1.2	Terraform	EventHubNamespaceMinTLS12.py
1477	CKV_AZURE_224	resource	azurerm_mssql_database	Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity	Terraform	SQLDatabaseLedgerEnabled.py
1478	CKV2_AZURE_1	resource	azurerm_storage_account	Ensure storage for critical data are encrypted with Customer Managed Key	Terraform	StorageCriticalDataEncryptedCMK.yaml
1479	CKV2_AZURE_2	resource	azurerm_mssql_server_security_alert_policy	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	VAisEnabledInStorageAccount.yaml
1480	CKV2_AZURE_2	resource	azurerm_sql_server	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	VAisEnabledInStorageAccount.yaml
1481	CKV2_AZURE_3	resource	azurerm_mssql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1482	CKV2_AZURE_3	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1483	CKV2_AZURE_3	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1484	CKV2_AZURE_3	resource	azurerm_sql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
1485	CKV2_AZURE_4	resource	azurerm_mssql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1486	CKV2_AZURE_4	resource	azurerm_mssql_server_security_alert_policy	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1487	CKV2_AZURE_4	resource	azurerm_mssql_server_vulnerability_assessment	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1488	CKV2_AZURE_4	resource	azurerm_sql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
1489	CKV2_AZURE_5	resource	azurerm_mssql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1490	CKV2_AZURE_5	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1491	CKV2_AZURE_5	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1492	CKV2_AZURE_5	resource	azurerm_sql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
1493	CKV2_AZURE_6	resource	azurerm_sql_firewall_rule	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1494	CKV2_AZURE_6	resource	azurerm_sql_server	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
1495	CKV2_AZURE_7	resource	azurerm_sql_server	Ensure that Azure Active Directory Admin is configured	Terraform	AzureActiveDirectoryAdminIsConfigured.yaml
1496	CKV2_AZURE_8	resource	azurerm_monitor_activity_log_alert	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
1497	CKV2_AZURE_8	resource	azurerm_storage_account	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
1498	CKV2_AZURE_8	resource	azurerm_storage_container	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
1499	CKV2_AZURE_9	resource	azurerm_virtual_machine	Ensure Virtual Machines are utilizing Managed Disks	Terraform	VirtualMachinesUtilizingManagedDisks.yaml
1500	CKV2_AZURE_10	resource	azurerm_virtual_machine	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1501	CKV2_AZURE_10	resource	azurerm_virtual_machine_extension	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
1502	CKV2_AZURE_11	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer encryption at rest uses a customer-managed key	Terraform	DataExplorerEncryptionUsesCustomKey.yaml
1503	CKV2_AZURE_12	resource	azurerm_virtual_machine	Ensure that virtual machines are backed up using Azure Backup	Terraform	VMHasBackUpMachine.yaml
1504	CKV2_AZURE_13	resource	azurerm_mssql_server_security_alert_policy	Ensure that sql servers enables data security policy	Terraform	AzureMSSQLServerHasSecurityAlertPolicy.yaml
1505	CKV2_AZURE_13	resource	azurerm_sql_server	Ensure that sql servers enables data security policy	Terraform	AzureMSSQLServerHasSecurityAlertPolicy.yaml
1506	CKV2_AZURE_14	resource	azurerm_managed_disk	Ensure that Unattached disks are encrypted	Terraform	AzureUnattachedDisksAreEncrypted.yaml
1507	CKV2_AZURE_14	resource	azurerm_virtual_machine	Ensure that Unattached disks are encrypted	Terraform	AzureUnattachedDisksAreEncrypted.yaml
1508	CKV2_AZURE_15	resource	azurerm_data_factory	Ensure that Azure data factories are encrypted with a customer-managed key	Terraform	AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml
1509	CKV2_AZURE_16	resource	azurerm_mysql_server	Ensure that MySQL server enables customer-managed key for encryption	Terraform	MSQLenablesCustomerManagedKey.yaml
1510	CKV2_AZURE_16	resource	azurerm_mysql_server_key	Ensure that MySQL server enables customer-managed key for encryption	Terraform	MSQLenablesCustomerManagedKey.yaml
1511	CKV2_AZURE_17	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	PGSQLenablesCustomerManagedKey.yaml
1512	CKV2_AZURE_17	resource	azurerm_postgresql_server_key	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	PGSQLenablesCustomerManagedKey.yaml
1513	CKV2_AZURE_19	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces have no IP firewall rules attached	Terraform	AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml
1514	CKV2_AZURE_20	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
1515	CKV2_AZURE_20	resource	azurerm_storage_account	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
1516	CKV2_AZURE_20	resource	azurerm_storage_table	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
1517	CKV2_AZURE_21	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
1518	CKV2_AZURE_21	resource	azurerm_storage_account	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
1519	CKV2_AZURE_21	resource	azurerm_storage_container	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
1520	CKV2_AZURE_22	resource	azurerm_cognitive_account	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	CognitiveServicesCustomerManagedKey.yaml
1521	CKV2_AZURE_22	resource	azurerm_cognitive_account_customer_managed_key	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	CognitiveServicesCustomerManagedKey.yaml
1522	CKV2_AZURE_23	resource	azurerm_spring_cloud_service	Ensure Azure spring cloud is configured with Virtual network (Vnet)	Terraform	AzureSpringCloudConfigWithVnet.yaml
1523	CKV2_AZURE_24	resource	azurerm_automation_account	Ensure Azure automation account does NOT have overly permissive network access	Terraform	AzureAutomationAccNotOverlyPermissiveNetAccess.yaml
1524	CKV2_AZURE_25	resource	azurerm_mssql_database	Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled	Terraform	AzureSqlDbEnableTransparentDataEncryption.yaml
1525	CKV2_AZURE_26	resource	azurerm_postgresql_flexible_server_firewall_rule	Ensure Azure PostgreSQL Flexible server is not configured with overly permissive network access	Terraform	AzurePostgreSQLFlexServerNotOverlyPermissive.yaml
1526	CKV2_AZURE_27	resource	azurerm_mssql_server	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	Terraform	AzureConfigMSSQLwithAD.yaml
1527	CKV2_AZURE_28	resource	azurerm_container_group	Ensure Container Instance is configured with managed identity	Terraform	AzureContainerInstanceconfigManagedIdentity.yaml
1528	CKV2_AZURE_29	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Azure CNI networking enabled	Terraform	AzureAKSclusterAzureCNIEnabled.yaml
1529	CKV2_AZURE_30	resource	azurerm_container_registry_webhook	Ensure Azure Container Registry (ACR) has HTTPS enabled for webhook	Terraform	AzureACR_HTTPSwebhook.yaml
1530	CKV2_AZURE_31	resource	azurerm_subnet	Ensure VNET subnet is configured with a Network Security Group (NSG)	Terraform	AzureSubnetConfigWithNSG.yaml
1531	CKV2_AZURE_32	resource	azurerm_key_vault	Ensure private endpoint is configured to key vault	Terraform	AzureKeyVaultConfigPrivateEndpoint.yaml
1532	CKV2_AZURE_33	resource	azurerm_storage_account	Ensure storage account is configured with private endpoint	Terraform	AzureStorageAccConfigWithPrivateEndpoint.yaml
1533	CKV2_AZURE_34	resource	azurerm_sql_firewall_rule	Ensure Azure SQL server firewall is not overly permissive	Terraform	AzureSQLserverNotOverlyPermissive.yaml
1534	CKV2_AZURE_35	resource	azurerm_recovery_services_vault	Ensure Azure recovery services vault is configured with managed identity	Terraform	AzureRecoveryServicesvaultConfigManagedIdentity.yaml
1535	CKV2_AZURE_36	resource	azurerm_automation_account	Ensure Azure automation account is configured with managed identity	Terraform	AzureAutomationAccConfigManagedIdentity.yaml
1536	CKV2_AZURE_37	resource	azurerm_mariadb_server	Ensure Azure MariaDB server is using latest TLS (1.2)	Terraform	AzureMariaDBserverUsingTLS_1_2.yaml
1537	CKV2_AZURE_38	resource	azurerm_storage_account	Ensure soft-delete is enabled on Azure storage account	Terraform	AzureStorageAccountEnableSoftDelete.yaml
1538	CKV_BCW_1	provider	bridgecrew	Ensure no hard coded API token exist in the provider	Terraform	credentials.py
1539	CKV_DIO_1	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket has versioning enabled	Terraform	SpacesBucketVersioning.py
1540	CKV_DIO_2	resource	digitalocean_droplet	Ensure the droplet specifies an SSH key	Terraform	DropletSSHKeys.py
1541	CKV_DIO_3	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket is private	Terraform	SpacesBucketPublicRead.py
1542	CKV_DIO_4	resource	digitalocean_firewall	Ensure the firewall ingress is not wide open	Terraform	FirewallIngressOpen.py
1543	CKV_GCP_1	resource	google_container_cluster	Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters	Terraform	GKEClusterLogging.py
1544	CKV_GCP_2	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted ssh access	Terraform	GoogleComputeFirewallUnrestrictedIngress22.py
1545	CKV_GCP_3	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted rdp access	Terraform	GoogleComputeFirewallUnrestrictedIngress3389.py
1546	CKV_GCP_4	resource	google_compute_ssl_policy	Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites	Terraform	GoogleComputeSSLPolicy.py
1547	CKV_GCP_6	resource	google_sql_database_instance	Ensure all Cloud SQL database instance requires all incoming connections to use SSL	Terraform	GoogleCloudSqlDatabaseRequireSsl.py
1548	CKV_GCP_7	resource	google_container_cluster	Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters	Terraform	GKEDisableLegacyAuth.py
1549	CKV_GCP_8	resource	google_container_cluster	Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters	Terraform	GKEMonitoringEnabled.py
1550	CKV_GCP_9	resource	google_container_node_pool	Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters	Terraform	GKENodePoolAutoRepairEnabled.py
1551	CKV_GCP_10	resource	google_container_node_pool	Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters	Terraform	GKENodePoolAutoUpgradeEnabled.py
1552	CKV_GCP_11	resource	google_sql_database_instance	Ensure that Cloud SQL database Instances are not open to the world	Terraform	GoogleCloudSqlDatabasePubliclyAccessible.py
1553	CKV_GCP_12	resource	google_container_cluster	Ensure Network Policy is enabled on Kubernetes Engine Clusters	Terraform	GKENetworkPolicyEnabled.py
1554	CKV_GCP_13	resource	google_container_cluster	Ensure client certificate authentication to Kubernetes Engine Clusters is disabled	Terraform	GKEClientCertificateDisabled.py
1555	CKV_GCP_14	resource	google_sql_database_instance	Ensure all Cloud SQL database instance have backup configuration enabled	Terraform	GoogleCloudSqlBackupConfiguration.py
1556	CKV_GCP_15	resource	google_bigquery_dataset	Ensure that BigQuery datasets are not anonymously or publicly accessible	Terraform	GoogleBigQueryDatasetPublicACL.py
1557	CKV_GCP_16	resource	google_dns_managed_zone	Ensure that DNSSEC is enabled for Cloud DNS	Terraform	GoogleCloudDNSSECEnabled.py
1558	CKV_GCP_17	resource	google_dns_managed_zone	Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC	Terraform	GoogleCloudDNSKeySpecsRSASHA1.py
1559	CKV_GCP_18	resource	google_container_cluster	Ensure GKE Control Plane is not public	Terraform	GKEPublicControlPlane.py
1560	CKV_GCP_19	resource	google_container_cluster	Ensure GKE basic auth is disabled	Terraform	GKEBasicAuth.py
1561	CKV_GCP_20	resource	google_container_cluster	Ensure master authorized networks is set to enabled in GKE clusters	Terraform	GKEMasterAuthorizedNetworksEnabled.py
1562	CKV_GCP_21	resource	google_container_cluster	Ensure Kubernetes Clusters are configured with Labels	Terraform	GKEHasLabels.py
1563	CKV_GCP_22	resource	google_container_node_pool	Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image	Terraform	GKEUseCosImage.py
1564	CKV_GCP_23	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Alias IP ranges enabled	Terraform	GKEAliasIpEnabled.py
1565	CKV_GCP_24	resource	google_container_cluster	Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters	Terraform	GKEPodSecurityPolicyEnabled.py
1566	CKV_GCP_25	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Private cluster enabled	Terraform	GKEPrivateClusterConfig.py
1567	CKV_GCP_26	resource	google_compute_subnetwork	Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network	Terraform	GoogleSubnetworkLoggingEnabled.py
1568	CKV_GCP_27	resource	google_project	Ensure that the default network does not exist in a project	Terraform	GoogleProjectDefaultNetwork.py
1569	CKV_GCP_28	resource	google_storage_bucket_iam_binding	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	GoogleStorageBucketNotPublic.py
1570	CKV_GCP_28	resource	google_storage_bucket_iam_member	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	GoogleStorageBucketNotPublic.py
1571	CKV_GCP_29	resource	google_storage_bucket	Ensure that Cloud Storage buckets have uniform bucket-level access enabled	Terraform	GoogleStorageBucketUniformAccess.py
1572	CKV_GCP_30	resource	google_compute_instance	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
1573	CKV_GCP_30	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
1574	CKV_GCP_30	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
1575	CKV_GCP_31	resource	google_compute_instance	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
1576	CKV_GCP_31	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
1577	CKV_GCP_31	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
1578	CKV_GCP_32	resource	google_compute_instance	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
1579	CKV_GCP_32	resource	google_compute_instance_from_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
1580	CKV_GCP_32	resource	google_compute_instance_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
1581	CKV_GCP_33	resource	google_compute_project_metadata	Ensure oslogin is enabled for a Project	Terraform	GoogleComputeProjectOSLogin.py
1582	CKV_GCP_34	resource	google_compute_instance	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
1583	CKV_GCP_34	resource	google_compute_instance_from_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
1584	CKV_GCP_34	resource	google_compute_instance_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
1585	CKV_GCP_35	resource	google_compute_instance	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
1586	CKV_GCP_35	resource	google_compute_instance_from_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
1587	CKV_GCP_35	resource	google_compute_instance_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
1588	CKV_GCP_36	resource	google_compute_instance	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
1589	CKV_GCP_36	resource	google_compute_instance_from_template	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
1590	CKV_GCP_36	resource	google_compute_instance_template	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
1591	CKV_GCP_37	resource	google_compute_disk	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	GoogleComputeDiskEncryption.py
1592	CKV_GCP_38	resource	google_compute_instance	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	GoogleComputeBootDiskEncryption.py
1593	CKV_GCP_39	resource	google_compute_instance	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
1594	CKV_GCP_39	resource	google_compute_instance_from_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
1595	CKV_GCP_39	resource	google_compute_instance_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
1596	CKV_GCP_40	resource	google_compute_instance	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
1597	CKV_GCP_40	resource	google_compute_instance_from_template	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
1598	CKV_GCP_40	resource	google_compute_instance_template	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
1599	CKV_GCP_41	resource	google_project_iam_binding	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	GoogleRoleServiceAccountUser.py
1600	CKV_GCP_41	resource	google_project_iam_member	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	GoogleRoleServiceAccountUser.py
1601	CKV_GCP_42	resource	google_project_iam_member	Ensure that Service Account has no Admin privileges	Terraform	GoogleProjectAdminServiceAccount.py
1602	CKV_GCP_43	resource	google_kms_crypto_key	Ensure KMS encryption keys are rotated within a period of 90 days	Terraform	GoogleKMSRotationPeriod.py
1603	CKV_GCP_44	resource	google_folder_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	GoogleFolderImpersonationRole.py
1604	CKV_GCP_44	resource	google_folder_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	GoogleFolderImpersonationRole.py
1605	CKV_GCP_45	resource	google_organization_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	GoogleOrgImpersonationRole.py
1606	CKV_GCP_45	resource	google_organization_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	GoogleOrgImpersonationRole.py
1607	CKV_GCP_46	resource	google_project_iam_binding	Ensure Default Service account is not used at a project level	Terraform	GoogleProjectMemberDefaultServiceAccount.py
1608	CKV_GCP_46	resource	google_project_iam_member	Ensure Default Service account is not used at a project level	Terraform	GoogleProjectMemberDefaultServiceAccount.py
1609	CKV_GCP_47	resource	google_organization_iam_binding	Ensure default service account is not used at an organization level	Terraform	GoogleOrgMemberDefaultServiceAccount.py
1610	CKV_GCP_47	resource	google_organization_iam_member	Ensure default service account is not used at an organization level	Terraform	GoogleOrgMemberDefaultServiceAccount.py
1611	CKV_GCP_48	resource	google_folder_iam_binding	Ensure Default Service account is not used at a folder level	Terraform	GoogleFolderMemberDefaultServiceAccount.py
1612	CKV_GCP_48	resource	google_folder_iam_member	Ensure Default Service account is not used at a folder level	Terraform	GoogleFolderMemberDefaultServiceAccount.py
1613	CKV_GCP_49	resource	google_project_iam_binding	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	GoogleProjectImpersonationRole.py
1614	CKV_GCP_49	resource	google_project_iam_member	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	GoogleProjectImpersonationRole.py
1615	CKV_GCP_50	resource	google_sql_database_instance	Ensure MySQL database ‘local_infile’ flag is set to ‘off’	Terraform	GoogleCloudMySqlLocalInfileOff.py
1616	CKV_GCP_51	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogCheckpoints.py
1617	CKV_GCP_52	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogConnection.py
1618	CKV_GCP_53	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogDisconnection.py
1619	CKV_GCP_54	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogLockWaits.py
1620	CKV_GCP_55	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value	Terraform	GoogleCloudPostgreSqlLogMinMessage.py
1621	CKV_GCP_56	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’	Terraform	GoogleCloudPostgreSqlLogTemp.py
1622	CKV_GCP_57	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’	Terraform	GoogleCloudPostgreSqlLogMinDuration.py
1623	CKV_GCP_58	resource	google_sql_database_instance	Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’	Terraform	GoogleCloudSqlServerCrossDBOwnershipChaining.py
1624	CKV_GCP_59	resource	google_sql_database_instance	Ensure SQL database ‘contained database authentication’ flag is set to ‘off’	Terraform	GoogleCloudSqlServerContainedDBAuthentication.py
1625	CKV_GCP_60	resource	google_sql_database_instance	Ensure Cloud SQL database does not have public IP	Terraform	GoogleCloudSqlServerNoPublicIP.py
1626	CKV_GCP_61	resource	google_container_cluster	Enable VPC Flow Logs and Intranode Visibility	Terraform	GKEEnableVPCFlowLogs.py
1627	CKV_GCP_62	resource	google_storage_bucket	Bucket should log access	Terraform	CloudStorageLogging.py
1628	CKV_GCP_63	resource	google_storage_bucket	Bucket should not log to itself	Terraform	CloudStorageSelfLogging.py
1629	CKV_GCP_64	resource	google_container_cluster	Ensure clusters are created with Private Nodes	Terraform	GKEPrivateNodes.py
1630	CKV_GCP_65	resource	google_container_cluster	Manage Kubernetes RBAC users with Google Groups for GKE	Terraform	GKEKubernetesRBACGoogleGroups.py
1631	CKV_GCP_66	resource	google_container_cluster	Ensure use of Binary Authorization	Terraform	GKEBinaryAuthorization.py
1632	CKV_GCP_68	resource	google_container_cluster	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	GKESecureBootforShieldedNodes.py
1633	CKV_GCP_68	resource	google_container_node_pool	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	GKESecureBootforShieldedNodes.py
1634	CKV_GCP_69	resource	google_container_cluster	Ensure the GKE Metadata Server is Enabled	Terraform	GKEMetadataServerIsEnabled.py
1635	CKV_GCP_69	resource	google_container_node_pool	Ensure the GKE Metadata Server is Enabled	Terraform	GKEMetadataServerIsEnabled.py
1636	CKV_GCP_70	resource	google_container_cluster	Ensure the GKE Release Channel is set	Terraform	GKEReleaseChannel.py
1637	CKV_GCP_71	resource	google_container_cluster	Ensure Shielded GKE Nodes are Enabled	Terraform	GKEEnableShieldedNodes.py
1638	CKV_GCP_72	resource	google_container_cluster	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	GKEEnsureIntegrityMonitoring.py
1639	CKV_GCP_72	resource	google_container_node_pool	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	GKEEnsureIntegrityMonitoring.py
1640	CKV_GCP_73	resource	google_compute_security_policy	Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	CloudArmorWAFACLCVE202144228.py
1641	CKV_GCP_74	resource	google_compute_subnetwork	Ensure that private_ip_google_access is enabled for Subnet	Terraform	GoogleSubnetworkPrivateGoogleEnabled.py
1642	CKV_GCP_75	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted FTP access	Terraform	GoogleComputeFirewallUnrestrictedIngress21.py
1643	CKV_GCP_76	resource	google_compute_subnetwork	Ensure that Private google access is enabled for IPV6	Terraform	GoogleSubnetworkIPV6PrivateGoogleEnabled.py
1644	CKV_GCP_77	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow on ftp port	Terraform	GoogleComputeFirewallUnrestrictedIngress20.py
1645	CKV_GCP_78	resource	google_storage_bucket	Ensure Cloud storage has versioning enabled	Terraform	CloudStorageVersioningEnabled.py
1646	CKV_GCP_79	resource	google_sql_database_instance	Ensure SQL database is using latest Major version	Terraform	CloudSqlMajorVersion.py
1647	CKV_GCP_80	resource	google_bigquery_table	Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigQueryTableEncryptedWithCMK.py
1648	CKV_GCP_81	resource	google_bigquery_dataset	Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigQueryDatasetEncryptedWithCMK.py
1649	CKV_GCP_82	resource	google_kms_crypto_key	Ensure KMS keys are protected from deletion	Terraform	GoogleKMSPreventDestroy.py
1650	CKV_GCP_83	resource	google_pubsub_topic	Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	CloudPubSubEncryptedWithCMK.py
1651	CKV_GCP_84	resource	google_artifact_registry_repository	Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	ArtifactRegsitryEncryptedWithCMK.py
1652	CKV_GCP_85	resource	google_bigtable_instance	Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigTableInstanceEncryptedWithCMK.py
1653	CKV_GCP_86	resource	google_cloudbuild_worker_pool	Ensure Cloud build workers are private	Terraform	CloudBuildWorkersArePrivate.py
1654	CKV_GCP_87	resource	google_data_fusion_instance	Ensure Data fusion instances are private	Terraform	DataFusionPrivateInstance.py
1655	CKV_GCP_88	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted mysql access	Terraform	GoogleComputeFirewallUnrestrictedIngress3306.py
1656	CKV_GCP_89	resource	google_notebooks_instance	Ensure Vertex AI instances are private	Terraform	VertexAIPrivateInstance.py
1657	CKV_GCP_90	resource	google_dataflow_job	Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	DataflowJobEncryptedWithCMK.py
1658	CKV_GCP_91	resource	google_dataproc_cluster	Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	DataprocClusterEncryptedWithCMK.py
1659	CKV_GCP_92	resource	google_vertex_ai_dataset	Ensure Vertex AI datasets uses a CMK (Customer Manager Key)	Terraform	VertexAIDatasetEncryptedWithCMK.py
1660	CKV_GCP_93	resource	google_spanner_database	Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	SpannerDatabaseEncryptedWithCMK.py
1661	CKV_GCP_94	resource	google_dataflow_job	Ensure Dataflow jobs are private	Terraform	DataflowPrivateJob.py
1662	CKV_GCP_95	resource	google_redis_instance	Ensure Memorystore for Redis has AUTH enabled	Terraform	MemorystoreForRedisAuthEnabled.py
1663	CKV_GCP_96	resource	google_vertex_ai_metadata_store	Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key)	Terraform	VertexAIMetadataStoreEncryptedWithCMK.py
1664	CKV_GCP_97	resource	google_redis_instance	Ensure Memorystore for Redis uses intransit encryption	Terraform	MemorystoreForRedisInTransitEncryption.py
1665	CKV_GCP_98	resource	google_dataproc_cluster_iam_binding	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	DataprocPrivateCluster.py
1666	CKV_GCP_98	resource	google_dataproc_cluster_iam_member	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	DataprocPrivateCluster.py
1667	CKV_GCP_99	resource	google_pubsub_topic_iam_binding	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	PubSubPrivateTopic.py
1668	CKV_GCP_99	resource	google_pubsub_topic_iam_member	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	PubSubPrivateTopic.py
1669	CKV_GCP_100	resource	google_bigquery_table_iam_binding	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	BigQueryPrivateTable.py
1670	CKV_GCP_100	resource	google_bigquery_table_iam_member	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	BigQueryPrivateTable.py
1671	CKV_GCP_101	resource	google_artifact_registry_repository_iam_binding	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	ArtifactRegistryPrivateRepo.py
1672	CKV_GCP_101	resource	google_artifact_registry_repository_iam_member	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	ArtifactRegistryPrivateRepo.py
1673	CKV_GCP_102	resource	google_cloud_run_service_iam_binding	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	GCPCloudRunPrivateService.py
1674	CKV_GCP_102	resource	google_cloud_run_service_iam_member	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	GCPCloudRunPrivateService.py
1675	CKV_GCP_103	resource	google_dataproc_cluster	Ensure Dataproc Clusters do not have public IPs	Terraform	DataprocPublicIpCluster.py
1676	CKV_GCP_104	resource	google_data_fusion_instance	Ensure Datafusion has stack driver logging enabled	Terraform	DataFusionStackdriverLogs.py
1677	CKV_GCP_105	resource	google_data_fusion_instance	Ensure Datafusion has stack driver monitoring enabled	Terraform	DataFusionStackdriverMonitoring.py
1678	CKV_GCP_106	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted http port 80 access	Terraform	GoogleComputeFirewallUnrestrictedIngress80.py
1679	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_binding	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
1680	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_member	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
1681	CKV_GCP_107	resource	google_cloudfunctions_function_iam_binding	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
1682	CKV_GCP_107	resource	google_cloudfunctions_function_iam_member	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
1683	CKV_GCP_108	resource	google_sql_database_instance	Ensure hostnames are logged for GCP PostgreSQL databases	Terraform	GoogleCloudPostgreSqlLogHostname.py
1684	CKV_GCP_109	resource	google_sql_database_instance	Ensure the GCP PostgreSQL database log levels are set to ERROR or lower	Terraform	GoogleCloudPostgreSqlLogMinErrorStatement.py
1685	CKV_GCP_110	resource	google_sql_database_instance	Ensure pgAudit is enabled for your GCP PostgreSQL database	Terraform	GoogleCloudPostgreSqlEnablePgaudit.py
1686	CKV_GCP_111	resource	google_sql_database_instance	Ensure GCP PostgreSQL logs SQL statements	Terraform	GoogleCloudPostgreSqlLogStatement.py
1687	CKV_GCP_112	resource	google_kms_crypto_key_iam_binding	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
1688	CKV_GCP_112	resource	google_kms_crypto_key_iam_member	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
1689	CKV_GCP_112	resource	google_kms_crypto_key_iam_policy	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
1690	CKV_GCP_113	data	google_iam_policy	Ensure IAM policy should not define public access	Terraform	GooglePolicyIsPrivate.py
1691	CKV_GCP_114	resource	google_storage_bucket	Ensure public access prevention is enforced on Cloud Storage bucket	Terraform	GoogleStoragePublicAccessPrevention.py
1692	CKV_GCP_115	resource	google_organization_iam_binding	Ensure basic roles are not used at organization level.	Terraform	GoogleOrgBasicRole.py
1693	CKV_GCP_115	resource	google_organization_iam_member	Ensure basic roles are not used at organization level.	Terraform	GoogleOrgBasicRole.py
1694	CKV_GCP_116	resource	google_folder_iam_binding	Ensure basic roles are not used at folder level.	Terraform	GoogleFolderBasicRole.py
1695	CKV_GCP_116	resource	google_folder_iam_member	Ensure basic roles are not used at folder level.	Terraform	GoogleFolderBasicRole.py
1696	CKV_GCP_117	resource	google_project_iam_binding	Ensure basic roles are not used at project level.	Terraform	GoogleProjectBasicRole.py
1697	CKV_GCP_117	resource	google_project_iam_member	Ensure basic roles are not used at project level.	Terraform	GoogleProjectBasicRole.py
1698	CKV_GCP_118	resource	google_iam_workload_identity_pool_provider	Ensure IAM workload identity pool provider is restricted	Terraform	GoogleIAMWorkloadIdentityConditional.py
1699	CKV2_GCP_1	resource	google_project_default_service_accounts	Ensure GKE clusters are not running using the Compute Engine default service account	Terraform	GKEClustersAreNotUsingDefaultServiceAccount.yaml
1700	CKV2_GCP_2	resource	google_compute_network	Ensure legacy networks do not exist for a project	Terraform	GCPProjectHasNoLegacyNetworks.yaml
1701	CKV2_GCP_3	resource	google_service_account_key	Ensure that there are only GCP-managed service account keys for each service account	Terraform	ServiceAccountHasGCPmanagedKey.yaml
1702	CKV2_GCP_4	resource	google_logging_folder_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
1703	CKV2_GCP_4	resource	google_logging_organization_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
1704	CKV2_GCP_4	resource	google_logging_project_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
1705	CKV2_GCP_4	resource	google_storage_bucket	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
1706	CKV2_GCP_5	resource	google_project	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
1707	CKV2_GCP_5	resource	google_project_iam_audit_config	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
1708	CKV2_GCP_6	resource	google_kms_crypto_key	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
1709	CKV2_GCP_6	resource	google_kms_crypto_key_iam_binding	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
1710	CKV2_GCP_6	resource	google_kms_crypto_key_iam_member	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
1711	CKV2_GCP_7	resource	google_sql_database_instance	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
1712	CKV2_GCP_7	resource	google_sql_user	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
1713	CKV2_GCP_8	resource	google_kms_key_ring	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
1714	CKV2_GCP_8	resource	google_kms_key_ring_iam_binding	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
1715	CKV2_GCP_8	resource	google_kms_key_ring_iam_member	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
1716	CKV2_GCP_9	resource	google_container_registry	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
1717	CKV2_GCP_9	resource	google_storage_bucket_iam_binding	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
1718	CKV2_GCP_9	resource	google_storage_bucket_iam_member	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
1719	CKV2_GCP_10	resource	google_cloudfunctions_function	Ensure GCP Cloud Function HTTP trigger is secured	Terraform	CloudFunctionSecureHTTPTrigger.yaml
1720	CKV2_GCP_11	resource	google_project_services	Ensure GCP GCR Container Vulnerability Scanning is enabled	Terraform	GCRContainerVulnerabilityScanningEnabled.yaml
1721	CKV2_GCP_12	resource	google_compute_firewall	Ensure GCP compute firewall ingress does not allow unrestricted access to all ports	Terraform	GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml
1722	CKV2_GCP_13	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_duration’ is set to ‘on’	Terraform	GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml
1723	CKV2_GCP_14	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_executor_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml
1724	CKV2_GCP_15	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_parser_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml
1725	CKV2_GCP_16	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_planner_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml
1726	CKV2_GCP_17	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_statement_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml
1727	CKV2_GCP_18	resource	google_compute_network	Ensure GCP network defines a firewall and does not use the default firewall	Terraform	GCPNetworkDoesNotUseDefaultFirewall.yaml
1728	CKV2_GCP_19	resource	google_container_cluster	Ensure GCP Kubernetes engine clusters have ‘alpha cluster’ feature disabled	Terraform	GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml
1729	CKV2_GCP_20	resource	google_sql_database_instance	Ensure MySQL DB instance has point-in-time recovery backup configured	Terraform	GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml
1730	CKV_GIT_1	resource	github_repository	Ensure GitHub repository is Private	Terraform	PrivateRepo.py
1731	CKV_GIT_2	resource	github_repository_webhook	Ensure GitHub repository webhooks are using HTTPS	Terraform	WebhookInsecureSsl.py
1732	CKV_GIT_3	resource	github_repository	Ensure GitHub repository has vulnerability alerts enabled	Terraform	RepositoryEnableVulnerabilityAlerts.py
1733	CKV_GIT_4	resource	github_actions_environment_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
1734	CKV_GIT_4	resource	github_actions_organization_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
1735	CKV_GIT_4	resource	github_actions_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
1736	CKV_GIT_5	resource	github_branch_protection	GitHub pull requests should require at least 2 approvals	Terraform	BranchProtectionReviewNumTwo.py
1737	CKV_GIT_5	resource	github_branch_protection_v3	GitHub pull requests should require at least 2 approvals	Terraform	BranchProtectionReviewNumTwo.py
1738	CKV_GIT_6	resource	github_branch_protection	Ensure GitHub branch protection rules requires signed commits	Terraform	BranchProtectionRequireSignedCommits.py
1739	CKV_GIT_6	resource	github_branch_protection_v3	Ensure GitHub branch protection rules requires signed commits	Terraform	BranchProtectionRequireSignedCommits.py
1740	CKV2_GIT_1	resource	github_repository	Ensure each Repository has branch protection associated	Terraform	RepositoryHasBranchProtection.yaml
1741	CKV_GLB_1	resource	gitlab_project	Ensure at least two approving reviews are required to merge a GitLab MR	Terraform	RequireTwoApprovalsToMerge.py
1742	CKV_GLB_2	resource	gitlab_branch_protection	Ensure GitLab branch protection rules does not allow force pushes	Terraform	ForcePushDisabled.py
1743	CKV_GLB_3	resource	gitlab_project	Ensure GitLab prevent secrets is enabled	Terraform	PreventSecretsEnabled.py
1744	CKV_GLB_4	resource	gitlab_project	Ensure GitLab commits are signed	Terraform	RejectUnsignedCommits.py
1745	CKV_K8S_1	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPIDPSP.py
1746	CKV_K8S_2	resource	kubernetes_pod_security_policy	Do not admit privileged containers	Terraform	PrivilegedContainerPSP.py
1747	CKV_K8S_3	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPCPSP.py
1748	CKV_K8S_4	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespacePSP.py
1749	CKV_K8S_5	resource	kubernetes_pod_security_policy	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalationPSP.py
1750	CKV_K8S_6	resource	kubernetes_pod_security_policy	Do not admit root containers	Terraform	RootContainerPSP.py
1751	CKV_K8S_7	resource	kubernetes_pod_security_policy	Do not admit containers with the NET_RAW capability	Terraform	DropCapabilitiesPSP.py
1752	CKV_K8S_8	resource	kubernetes_deployment	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
1753	CKV_K8S_8	resource	kubernetes_deployment_v1	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
1754	CKV_K8S_8	resource	kubernetes_pod	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
1755	CKV_K8S_8	resource	kubernetes_pod_v1	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
1756	CKV_K8S_9	resource	kubernetes_deployment	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
1757	CKV_K8S_9	resource	kubernetes_deployment_v1	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
1758	CKV_K8S_9	resource	kubernetes_pod	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
1759	CKV_K8S_9	resource	kubernetes_pod_v1	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
1760	CKV_K8S_10	resource	kubernetes_deployment	CPU requests should be set	Terraform	CPURequests.py
1761	CKV_K8S_10	resource	kubernetes_deployment_v1	CPU requests should be set	Terraform	CPURequests.py
1762	CKV_K8S_10	resource	kubernetes_pod	CPU requests should be set	Terraform	CPURequests.py
1763	CKV_K8S_10	resource	kubernetes_pod_v1	CPU requests should be set	Terraform	CPURequests.py
1764	CKV_K8S_11	resource	kubernetes_deployment	CPU Limits should be set	Terraform	CPULimits.py
1765	CKV_K8S_11	resource	kubernetes_deployment_v1	CPU Limits should be set	Terraform	CPULimits.py
1766	CKV_K8S_11	resource	kubernetes_pod	CPU Limits should be set	Terraform	CPULimits.py
1767	CKV_K8S_11	resource	kubernetes_pod_v1	CPU Limits should be set	Terraform	CPULimits.py
1768	CKV_K8S_12	resource	kubernetes_deployment	Memory Limits should be set	Terraform	MemoryLimits.py
1769	CKV_K8S_12	resource	kubernetes_deployment_v1	Memory Limits should be set	Terraform	MemoryLimits.py
1770	CKV_K8S_12	resource	kubernetes_pod	Memory Limits should be set	Terraform	MemoryLimits.py
1771	CKV_K8S_12	resource	kubernetes_pod_v1	Memory Limits should be set	Terraform	MemoryLimits.py
1772	CKV_K8S_13	resource	kubernetes_deployment	Memory requests should be set	Terraform	MemoryRequests.py
1773	CKV_K8S_13	resource	kubernetes_deployment_v1	Memory requests should be set	Terraform	MemoryRequests.py
1774	CKV_K8S_13	resource	kubernetes_pod	Memory requests should be set	Terraform	MemoryRequests.py
1775	CKV_K8S_13	resource	kubernetes_pod_v1	Memory requests should be set	Terraform	MemoryRequests.py
1776	CKV_K8S_14	resource	kubernetes_deployment	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
1777	CKV_K8S_14	resource	kubernetes_deployment_v1	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
1778	CKV_K8S_14	resource	kubernetes_pod	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
1779	CKV_K8S_14	resource	kubernetes_pod_v1	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
1780	CKV_K8S_15	resource	kubernetes_deployment	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
1781	CKV_K8S_15	resource	kubernetes_deployment_v1	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
1782	CKV_K8S_15	resource	kubernetes_pod	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
1783	CKV_K8S_15	resource	kubernetes_pod_v1	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
1784	CKV_K8S_16	resource	kubernetes_deployment	Do not admit privileged containers	Terraform	PrivilegedContainer.py
1785	CKV_K8S_16	resource	kubernetes_deployment_v1	Do not admit privileged containers	Terraform	PrivilegedContainer.py
1786	CKV_K8S_16	resource	kubernetes_pod	Do not admit privileged containers	Terraform	PrivilegedContainer.py
1787	CKV_K8S_16	resource	kubernetes_pod_v1	Do not admit privileged containers	Terraform	PrivilegedContainer.py
1788	CKV_K8S_17	resource	kubernetes_deployment	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
1789	CKV_K8S_17	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
1790	CKV_K8S_17	resource	kubernetes_pod	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
1791	CKV_K8S_17	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
1792	CKV_K8S_18	resource	kubernetes_deployment	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
1793	CKV_K8S_18	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
1794	CKV_K8S_18	resource	kubernetes_pod	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
1795	CKV_K8S_18	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
1796	CKV_K8S_19	resource	kubernetes_deployment	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
1797	CKV_K8S_19	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
1798	CKV_K8S_19	resource	kubernetes_pod	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
1799	CKV_K8S_19	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
1800	CKV_K8S_20	resource	kubernetes_deployment	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
1801	CKV_K8S_20	resource	kubernetes_deployment_v1	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
1802	CKV_K8S_20	resource	kubernetes_pod	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
1803	CKV_K8S_20	resource	kubernetes_pod_v1	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
1804	CKV_K8S_21	resource	kubernetes_config_map	The default namespace should not be used	Terraform	DefaultNamespace.py
1805	CKV_K8S_21	resource	kubernetes_config_map_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1806	CKV_K8S_21	resource	kubernetes_cron_job	The default namespace should not be used	Terraform	DefaultNamespace.py
1807	CKV_K8S_21	resource	kubernetes_cron_job_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1808	CKV_K8S_21	resource	kubernetes_daemon_set_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1809	CKV_K8S_21	resource	kubernetes_daemonset	The default namespace should not be used	Terraform	DefaultNamespace.py
1810	CKV_K8S_21	resource	kubernetes_deployment	The default namespace should not be used	Terraform	DefaultNamespace.py
1811	CKV_K8S_21	resource	kubernetes_deployment_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1812	CKV_K8S_21	resource	kubernetes_ingress	The default namespace should not be used	Terraform	DefaultNamespace.py
1813	CKV_K8S_21	resource	kubernetes_ingress_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1814	CKV_K8S_21	resource	kubernetes_job	The default namespace should not be used	Terraform	DefaultNamespace.py
1815	CKV_K8S_21	resource	kubernetes_job_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1816	CKV_K8S_21	resource	kubernetes_pod	The default namespace should not be used	Terraform	DefaultNamespace.py
1817	CKV_K8S_21	resource	kubernetes_pod_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1818	CKV_K8S_21	resource	kubernetes_replication_controller	The default namespace should not be used	Terraform	DefaultNamespace.py
1819	CKV_K8S_21	resource	kubernetes_replication_controller_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1820	CKV_K8S_21	resource	kubernetes_role_binding	The default namespace should not be used	Terraform	DefaultNamespace.py
1821	CKV_K8S_21	resource	kubernetes_role_binding_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1822	CKV_K8S_21	resource	kubernetes_secret	The default namespace should not be used	Terraform	DefaultNamespace.py
1823	CKV_K8S_21	resource	kubernetes_secret_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1824	CKV_K8S_21	resource	kubernetes_service	The default namespace should not be used	Terraform	DefaultNamespace.py
1825	CKV_K8S_21	resource	kubernetes_service_account	The default namespace should not be used	Terraform	DefaultNamespace.py
1826	CKV_K8S_21	resource	kubernetes_service_account_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1827	CKV_K8S_21	resource	kubernetes_service_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1828	CKV_K8S_21	resource	kubernetes_stateful_set	The default namespace should not be used	Terraform	DefaultNamespace.py
1829	CKV_K8S_21	resource	kubernetes_stateful_set_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
1830	CKV_K8S_22	resource	kubernetes_deployment	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
1831	CKV_K8S_22	resource	kubernetes_deployment_v1	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
1832	CKV_K8S_22	resource	kubernetes_pod	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
1833	CKV_K8S_22	resource	kubernetes_pod_v1	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
1834	CKV_K8S_24	resource	kubernetes_pod_security_policy	Do not allow containers with added capability	Terraform	AllowedCapabilitiesPSP.py
1835	CKV_K8S_25	resource	kubernetes_deployment	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
1836	CKV_K8S_25	resource	kubernetes_deployment_v1	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
1837	CKV_K8S_25	resource	kubernetes_pod	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
1838	CKV_K8S_25	resource	kubernetes_pod_v1	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
1839	CKV_K8S_26	resource	kubernetes_deployment	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
1840	CKV_K8S_26	resource	kubernetes_deployment_v1	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
1841	CKV_K8S_26	resource	kubernetes_pod	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
1842	CKV_K8S_26	resource	kubernetes_pod_v1	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
1843	CKV_K8S_27	resource	kubernetes_daemon_set_v1	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
1844	CKV_K8S_27	resource	kubernetes_daemonset	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
1845	CKV_K8S_27	resource	kubernetes_deployment	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
1846	CKV_K8S_27	resource	kubernetes_deployment_v1	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
1847	CKV_K8S_27	resource	kubernetes_pod	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
1848	CKV_K8S_27	resource	kubernetes_pod_v1	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
1849	CKV_K8S_28	resource	kubernetes_deployment	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
1850	CKV_K8S_28	resource	kubernetes_deployment_v1	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
1851	CKV_K8S_28	resource	kubernetes_pod	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
1852	CKV_K8S_28	resource	kubernetes_pod_v1	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
1853	CKV_K8S_29	resource	kubernetes_daemon_set_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
1854	CKV_K8S_29	resource	kubernetes_daemonset	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
1855	CKV_K8S_29	resource	kubernetes_deployment	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
1856	CKV_K8S_29	resource	kubernetes_deployment_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
1857	CKV_K8S_29	resource	kubernetes_pod	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
1858	CKV_K8S_29	resource	kubernetes_pod_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
1859	CKV_K8S_30	resource	kubernetes_deployment	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
1860	CKV_K8S_30	resource	kubernetes_deployment_v1	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
1861	CKV_K8S_30	resource	kubernetes_pod	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
1862	CKV_K8S_30	resource	kubernetes_pod_v1	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
1863	CKV_K8S_32	resource	kubernetes_pod_security_policy	Ensure default seccomp profile set to docker/default or runtime/default	Terraform	SeccompPSP.py
1864	CKV_K8S_34	resource	kubernetes_deployment	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
1865	CKV_K8S_34	resource	kubernetes_deployment_v1	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
1866	CKV_K8S_34	resource	kubernetes_pod	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
1867	CKV_K8S_34	resource	kubernetes_pod_v1	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
1868	CKV_K8S_35	resource	kubernetes_deployment	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
1869	CKV_K8S_35	resource	kubernetes_deployment_v1	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
1870	CKV_K8S_35	resource	kubernetes_pod	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
1871	CKV_K8S_35	resource	kubernetes_pod_v1	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
1872	CKV_K8S_36	resource	kubernetes_pod_security_policy	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilitiesPSP.py
1873	CKV_K8S_37	resource	kubernetes_deployment	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
1874	CKV_K8S_37	resource	kubernetes_deployment_v1	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
1875	CKV_K8S_37	resource	kubernetes_pod	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
1876	CKV_K8S_37	resource	kubernetes_pod_v1	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
1877	CKV_K8S_39	resource	kubernetes_deployment	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
1878	CKV_K8S_39	resource	kubernetes_deployment_v1	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
1879	CKV_K8S_39	resource	kubernetes_pod	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
1880	CKV_K8S_39	resource	kubernetes_pod_v1	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
1881	CKV_K8S_41	resource	kubernetes_service_account	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccount.py
1882	CKV_K8S_41	resource	kubernetes_service_account_v1	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccount.py
1883	CKV_K8S_42	resource	kubernetes_cluster_role_binding	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
1884	CKV_K8S_42	resource	kubernetes_cluster_role_binding_v1	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
1885	CKV_K8S_42	resource	kubernetes_role_binding	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
1886	CKV_K8S_42	resource	kubernetes_role_binding_v1	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
1887	CKV_K8S_43	resource	kubernetes_deployment	Image should use digest	Terraform	ImageDigest.py
1888	CKV_K8S_43	resource	kubernetes_deployment_v1	Image should use digest	Terraform	ImageDigest.py
1889	CKV_K8S_43	resource	kubernetes_pod	Image should use digest	Terraform	ImageDigest.py
1890	CKV_K8S_43	resource	kubernetes_pod_v1	Image should use digest	Terraform	ImageDigest.py
1891	CKV_K8S_44	resource	kubernetes_service	Ensure that the Tiller Service (Helm v2) is deleted	Terraform	TillerService.py
1892	CKV_K8S_44	resource	kubernetes_service_v1	Ensure that the Tiller Service (Helm v2) is deleted	Terraform	TillerService.py
1893	CKV_K8S_49	resource	kubernetes_cluster_role	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
1894	CKV_K8S_49	resource	kubernetes_cluster_role_v1	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
1895	CKV_K8S_49	resource	kubernetes_role	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
1896	CKV_K8S_49	resource	kubernetes_role_v1	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
1897	CKV_LIN_1	provider	linode	Ensure no hard coded Linode tokens exist in provider	Terraform	credentials.py
1898	CKV_LIN_2	resource	linode_instance	Ensure SSH key set in authorized_keys	Terraform	authorized_keys.py
1899	CKV_LIN_3	resource	linode_user	Ensure email is set	Terraform	user_email_set.py
1900	CKV_LIN_4	resource	linode_user	Ensure username is set	Terraform	user_username_set.py
1901	CKV_LIN_5	resource	linode_firewall	Ensure Inbound Firewall Policy is not set to ACCEPT	Terraform	firewall_inbound_policy.py
1902	CKV_LIN_6	resource	linode_firewall	Ensure Outbound Firewall Policy is not set to ACCEPT	Terraform	firewall_outbound_policy.py
1903	CKV_NCP_1	resource	ncloud_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupDefinesHealthCheck.py
1904	CKV_NCP_2	resource	ncloud_access_control_group	Ensure every access control groups rule has a description	Terraform	AccessControlGroupRuleDescription.py
1905	CKV_NCP_2	resource	ncloud_access_control_group_rule	Ensure every access control groups rule has a description	Terraform	AccessControlGroupRuleDescription.py
1906	CKV_NCP_3	resource	ncloud_access_control_group_rule	Ensure no security group rules allow outbound traffic to 0.0.0.0/0	Terraform	AccessControlGroupOutboundRule.py
1907	CKV_NCP_4	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 22	Terraform	AccessControlGroupInboundRulePort22.py
1908	CKV_NCP_5	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 3389	Terraform	AccessControlGroupInboundRulePort3389.py
1909	CKV_NCP_6	resource	ncloud_server	Ensure Server instance is encrypted.	Terraform	ServerEncryptionVPC.py
1910	CKV_NCP_7	resource	ncloud_launch_configuration	Ensure Basic Block storage is encrypted.	Terraform	LaunchConfigurationEncryptionVPC.py
1911	CKV_NCP_8	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 20	Terraform	NACLInbound20.py
1912	CKV_NCP_9	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 21	Terraform	NACLInbound21.py
1913	CKV_NCP_10	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 22	Terraform	NACLInbound22.py
1914	CKV_NCP_11	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 3389	Terraform	NACLInbound3389.py
1915	CKV_NCP_12	resource	ncloud_network_acl_rule	An inbound Network ACL rule should not allow ALL ports.	Terraform	NACLPortCheck.py
1916	CKV_NCP_13	resource	ncloud_lb_listener	Ensure LB Listener uses only secure protocols	Terraform	LBListenerUsesSecureProtocols.py
1917	CKV_NCP_14	resource	ncloud_nas_volume	Ensure NAS is securely encrypted	Terraform	NASEncryptionEnabled.py
1918	CKV_NCP_15	resource	ncloud_lb_target_group	Ensure Load Balancer Target Group is not using HTTP	Terraform	LBTargetGroupUsingHTTPS.py
1919	CKV_NCP_16	resource	ncloud_lb	Ensure Load Balancer isn’t exposed to the internet	Terraform	LBNetworkPrivate.py
1920	CKV_NCP_18	resource	ncloud_auto_scaling_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks.	Terraform	AutoScalingEnabledLB.yaml
1921	CKV_NCP_18	resource	ncloud_lb_target_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks.	Terraform	AutoScalingEnabledLB.yaml
1922	CKV_NCP_19	resource	ncloud_nks_cluster	Ensure Naver Kubernetes Service public endpoint disabled	Terraform	NKSPublicAccess.py
1923	CKV_NCP_20	resource	ncloud_route	Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivity	Terraform	RouteTableNATGatewayDefault.py
1924	CKV_NCP_22	resource	ncloud_nks_cluster	Ensure NKS control plane logging enabled for all log types	Terraform	NKSControlPlaneLogging.py
1925	CKV_NCP_22	resource	ncloud_route_table	Ensure a route table for the public subnets is created.	Terraform	RouteTablePublicSubnetConnection.yaml
1926	CKV_NCP_22	resource	ncloud_subnet	Ensure a route table for the public subnets is created.	Terraform	RouteTablePublicSubnetConnection.yaml
1927	CKV_NCP_23	resource	ncloud_public_ip	Ensure Server instance should not have public IP.	Terraform	ServerPublicIP.py
1928	CKV_NCP_24	resource	ncloud_lb_listener	Ensure Load Balancer Listener Using HTTPS	Terraform	LBListenerUsingHTTPS.py
1929	CKV_NCP_25	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 80	Terraform	AccessControlGroupInboundRulePort80.py
1930	CKV_NCP_26	resource	ncloud_access_control_group	Ensure Access Control Group has Access Control Group Rule attached	Terraform	AccessControlGroupRuleDefine.yaml
1931	CKV_OCI_1	provider	oci	Ensure no hard coded OCI private key in provider	Terraform	credentials.py
1932	CKV_OCI_2	resource	oci_core_volume	Ensure OCI Block Storage Block Volume has backup enabled	Terraform	StorageBlockBackupEnabled.py
1933	CKV_OCI_3	resource	oci_core_volume	OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK)	Terraform	StorageBlockEncryption.py
1934	CKV_OCI_4	resource	oci_core_instance	Ensure OCI Compute Instance boot volume has in-transit data encryption enabled	Terraform	InstanceBootVolumeIntransitEncryption.py
1935	CKV_OCI_5	resource	oci_core_instance	Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled	Terraform	InstanceMetadataServiceEnabled.py
1936	CKV_OCI_6	resource	oci_core_instance	Ensure OCI Compute Instance has monitoring enabled	Terraform	InstanceMonitoringEnabled.py
1937	CKV_OCI_7	resource	oci_objectstorage_bucket	Ensure OCI Object Storage bucket can emit object events	Terraform	ObjectStorageEmitEvents.py
1938	CKV_OCI_8	resource	oci_objectstorage_bucket	Ensure OCI Object Storage has versioning enabled	Terraform	ObjectStorageVersioning.py
1939	CKV_OCI_9	resource	oci_objectstorage_bucket	Ensure OCI Object Storage is encrypted with Customer Managed Key	Terraform	ObjectStorageEncryption.py
1940	CKV_OCI_10	resource	oci_objectstorage_bucket	Ensure OCI Object Storage is not Public	Terraform	ObjectStoragePublic.py
1941	CKV_OCI_11	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain lower case	Terraform	IAMPasswordPolicyLowerCase.py
1942	CKV_OCI_12	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Numeric characters	Terraform	IAMPasswordPolicyNumeric.py
1943	CKV_OCI_13	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Special characters	Terraform	IAMPasswordPolicySpecialCharacters.py
1944	CKV_OCI_14	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Uppercase characters	Terraform	IAMPasswordPolicyUpperCase.py
1945	CKV_OCI_15	resource	oci_file_storage_file_system	Ensure OCI File System is Encrypted with a customer Managed Key	Terraform	FileSystemEncryption.py
1946	CKV_OCI_16	resource	oci_core_security_list	Ensure VCN has an inbound security list	Terraform	SecurityListIngress.py
1947	CKV_OCI_17	resource	oci_core_security_list	Ensure VCN inbound security lists are stateless	Terraform	SecurityListIngressStateless.py
1948	CKV_OCI_18	resource	oci_identity_authentication_policy	OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters	Terraform	IAMPasswordLength.py
1949	CKV_OCI_19	resource	oci_core_security_list	Ensure no security list allow ingress from 0.0.0.0:0 to port 22.	Terraform	SecurityListUnrestrictedIngress22.py
1950	CKV_OCI_20	resource	oci_core_security_list	Ensure no security list allow ingress from 0.0.0.0:0 to port 3389.	Terraform	SecurityListUnrestrictedIngress3389.py
1951	CKV_OCI_21	resource	oci_core_network_security_group_security_rule	Ensure security group has stateless ingress security rules	Terraform	SecurityGroupsIngressStatelessSecurityRules.py
1952	CKV_OCI_22	resource	oci_core_network_security_group_security_rule	Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22	Terraform	AbsSecurityGroupUnrestrictedIngress.py
1953	CKV2_OCI_1	resource	oci_identity_group	Ensure administrator users are not associated with API keys	Terraform	AdministratorUserNotAssociatedWithAPIKey.yaml
1954	CKV2_OCI_1	resource	oci_identity_user	Ensure administrator users are not associated with API keys	Terraform	AdministratorUserNotAssociatedWithAPIKey.yaml
1955	CKV2_OCI_1	resource	oci_identity_user_group_membership	Ensure administrator users are not associated with API keys	Terraform	AdministratorUserNotAssociatedWithAPIKey.yaml
1956	CKV2_OCI_2	resource	oci_core_network_security_group_security_rule	Ensure NSG does not allow all traffic on RDP port (3389)	Terraform	OCI_NSGNotAllowRDP.yaml
1957	CKV2_OCI_3	resource	oci_containerengine_cluster	Ensure Kubernetes engine cluster is configured with NSG(s)	Terraform	OCI_KubernetesEngineClusterEndpointConfigWithNSG.yaml
1958	CKV2_OCI_4	resource	oci_file_storage_export	Ensure File Storage File System access is restricted to root users	Terraform	OCI_NFSaccessRestrictedToRootUsers.yaml
1959	CKV2_OCI_5	resource	oci_containerengine_node_pool	Ensure Kubernetes Engine Cluster boot volume is configured with in-transit data encryption	Terraform	OCI_K8EngineClusterBootVolConfigInTransitEncryption.yaml
1960	CKV2_OCI_6	resource	oci_containerengine_cluster	Ensure Kubernetes Engine Cluster pod security policy is enforced	Terraform	OCI_K8EngineClusterPodSecPolicyEnforced.yaml
1961	CKV_OPENSTACK_1	provider	openstack	Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider	Terraform	credentials.py
1962	CKV_OPENSTACK_2	resource	openstack_compute_secgroup_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress22.py
1963	CKV_OPENSTACK_2	resource	openstack_networking_secgroup_rule_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress22.py
1964	CKV_OPENSTACK_3	resource	openstack_compute_secgroup_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress3389.py
1965	CKV_OPENSTACK_3	resource	openstack_networking_secgroup_rule_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress3389.py
1966	CKV_OPENSTACK_4	resource	openstack_compute_instance_v2	Ensure that instance does not use basic credentials	Terraform	ComputeInstanceAdminPassword.py
1967	CKV_OPENSTACK_5	resource	openstack_fw_rule_v1	Ensure firewall rule set a destination IP	Terraform	FirewallRuleSetDestinationIP.py
1968	CKV_PAN_1	provider	panos	Ensure no hard coded PAN-OS credentials exist in provider	Terraform	credentials.py
1969	CKV_PAN_2	resource	panos_management_profile	Ensure plain-text management HTTP is not enabled for an Interface Management Profile	Terraform	InterfaceMgmtProfileNoHTTP.py
1970	CKV_PAN_3	resource	panos_management_profile	Ensure plain-text management Telnet is not enabled for an Interface Management Profile	Terraform	InterfaceMgmtProfileNoTelnet.py
1971	CKV_PAN_4	resource	panos_security_policy	Ensure DSRI is not enabled within security policies	Terraform	PolicyNoDSRI.py
1972	CKV_PAN_4	resource	panos_security_rule_group	Ensure DSRI is not enabled within security policies	Terraform	PolicyNoDSRI.py
1973	CKV_PAN_5	resource	panos_security_policy	Ensure security rules do not have ‘applications’ set to ‘any’	Terraform	PolicyNoApplicationAny.py
1974	CKV_PAN_5	resource	panos_security_rule_group	Ensure security rules do not have ‘applications’ set to ‘any’	Terraform	PolicyNoApplicationAny.py
1975	CKV_PAN_6	resource	panos_security_policy	Ensure security rules do not have ‘services’ set to ‘any’	Terraform	PolicyNoServiceAny.py
1976	CKV_PAN_6	resource	panos_security_rule_group	Ensure security rules do not have ‘services’ set to ‘any’	Terraform	PolicyNoServiceAny.py
1977	CKV_PAN_7	resource	panos_security_policy	Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’	Terraform	PolicyNoSrcAnyDstAny.py
1978	CKV_PAN_7	resource	panos_security_rule_group	Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’	Terraform	PolicyNoSrcAnyDstAny.py
1979	CKV_PAN_8	resource	panos_security_policy	Ensure description is populated within security policies	Terraform	PolicyDescription.py
1980	CKV_PAN_8	resource	panos_security_rule_group	Ensure description is populated within security policies	Terraform	PolicyDescription.py
1981	CKV_PAN_9	resource	panos_security_policy	Ensure a Log Forwarding Profile is selected for each security policy rule	Terraform	PolicyLogForwarding.py
1982	CKV_PAN_9	resource	panos_security_rule_group	Ensure a Log Forwarding Profile is selected for each security policy rule	Terraform	PolicyLogForwarding.py
1983	CKV_PAN_10	resource	panos_security_policy	Ensure logging at session end is enabled within security policies	Terraform	PolicyLoggingEnabled.py
1984	CKV_PAN_10	resource	panos_security_rule_group	Ensure logging at session end is enabled within security policies	Terraform	PolicyLoggingEnabled.py
1985	CKV_PAN_11	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure encryption algorithms	Terraform	NetworkIPsecAlgorithms.py
1986	CKV_PAN_11	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure encryption algorithms	Terraform	NetworkIPsecAlgorithms.py
1987	CKV_PAN_12	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Terraform	NetworkIPsecAuthAlgorithms.py
1988	CKV_PAN_12	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Terraform	NetworkIPsecAuthAlgorithms.py
1989	CKV_PAN_13	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure protocols	Terraform	NetworkIPsecProtocols.py
1990	CKV_PAN_13	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure protocols	Terraform	NetworkIPsecProtocols.py
1991	CKV_PAN_14	resource	panos_panorama_zone	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	ZoneProtectionProfile.py
1992	CKV_PAN_14	resource	panos_zone	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	ZoneProtectionProfile.py
1993	CKV_PAN_14	resource	panos_zone_entry	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	ZoneProtectionProfile.py
1994	CKV_PAN_15	resource	panos_panorama_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Terraform	ZoneUserIDIncludeACL.py
1995	CKV_PAN_15	resource	panos_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Terraform	ZoneUserIDIncludeACL.py
1996	CKV_TF_1	module	module	Ensure Terraform module sources use a commit hash	Terraform	RevisionHash.py
1997	CKV_YC_1	resource	yandex_mdb_clickhouse_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
1998	CKV_YC_1	resource	yandex_mdb_elasticsearch_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
1999	CKV_YC_1	resource	yandex_mdb_greenplum_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2000	CKV_YC_1	resource	yandex_mdb_kafka_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2001	CKV_YC_1	resource	yandex_mdb_mongodb_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2002	CKV_YC_1	resource	yandex_mdb_mysql_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2003	CKV_YC_1	resource	yandex_mdb_postgresql_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2004	CKV_YC_1	resource	yandex_mdb_redis_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2005	CKV_YC_1	resource	yandex_mdb_sqlserver_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
2006	CKV_YC_2	resource	yandex_compute_instance	Ensure compute instance does not have public IP.	Terraform	ComputeVMPublicIP.py
2007	CKV_YC_3	resource	yandex_storage_bucket	Ensure storage bucket is encrypted.	Terraform	ObjectStorageBucketEncryption.py
2008	CKV_YC_4	resource	yandex_compute_instance	Ensure compute instance does not have serial console enabled.	Terraform	ComputeVMSerialConsole.py
2009	CKV_YC_5	resource	yandex_kubernetes_cluster	Ensure Kubernetes cluster does not have public IP address.	Terraform	K8SPublicIP.py
2010	CKV_YC_6	resource	yandex_kubernetes_node_group	Ensure Kubernetes cluster node group does not have public IP addresses.	Terraform	K8SNodeGroupPublicIP.py
2011	CKV_YC_7	resource	yandex_kubernetes_cluster	Ensure Kubernetes cluster auto-upgrade is enabled.	Terraform	K8SAutoUpgrade.py
2012	CKV_YC_8	resource	yandex_kubernetes_node_group	Ensure Kubernetes node group auto-upgrade is enabled.	Terraform	K8SNodeGroupAutoUpgrade.py
2013	CKV_YC_9	resource	yandex_kms_symmetric_key	Ensure KMS symmetric key is rotated.	Terraform	KMSSymmetricKeyRotation.py
2014	CKV_YC_10	resource	yandex_kubernetes_cluster	Ensure etcd database is encrypted with KMS key.	Terraform	K8SEtcdKMSEncryption.py
2015	CKV_YC_11	resource	yandex_compute_instance	Ensure security group is assigned to network interface.	Terraform	ComputeVMSecurityGroup.py
2016	CKV_YC_12	resource	yandex_mdb_clickhouse_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2017	CKV_YC_12	resource	yandex_mdb_elasticsearch_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2018	CKV_YC_12	resource	yandex_mdb_greenplum_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2019	CKV_YC_12	resource	yandex_mdb_kafka_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2020	CKV_YC_12	resource	yandex_mdb_mongodb_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2021	CKV_YC_12	resource	yandex_mdb_mysql_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2022	CKV_YC_12	resource	yandex_mdb_postgresql_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2023	CKV_YC_12	resource	yandex_mdb_sqlserver_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
2024	CKV_YC_13	resource	yandex_resourcemanager_cloud_iam_binding	Ensure cloud member does not have elevated access.	Terraform	IAMCloudElevatedMembers.py
2025	CKV_YC_13	resource	yandex_resourcemanager_cloud_iam_member	Ensure cloud member does not have elevated access.	Terraform	IAMCloudElevatedMembers.py
2026	CKV_YC_14	resource	yandex_kubernetes_cluster	Ensure security group is assigned to Kubernetes cluster.	Terraform	K8SSecurityGroup.py
2027	CKV_YC_15	resource	yandex_kubernetes_node_group	Ensure security group is assigned to Kubernetes node group.	Terraform	K8SNodeGroupSecurityGroup.py
2028	CKV_YC_16	resource	yandex_kubernetes_cluster	Ensure network policy is assigned to Kubernetes cluster.	Terraform	K8SNetworkPolicy.py
2029	CKV_YC_17	resource	yandex_storage_bucket	Ensure storage bucket does not have public access permissions.	Terraform	ObjectStorageBucketPublicAccess.py
2030	CKV_YC_18	resource	yandex_compute_instance_group	Ensure compute instance group does not have public IP.	Terraform	ComputeInstanceGroupPublicIP.py
2031	CKV_YC_19	resource	yandex_vpc_security_group	Ensure security group does not contain allow-all rules.	Terraform	VPCSecurityGroupAllowAll.py
2032	CKV_YC_20	resource	yandex_vpc_security_group_rule	Ensure security group rule is not allow-all.	Terraform	VPCSecurityGroupRuleAllowAll.py
2033	CKV_YC_21	resource	yandex_organizationmanager_organization_iam_binding	Ensure organization member does not have elevated access.	Terraform	IAMOrganizationElevatedMembers.py
2034	CKV_YC_21	resource	yandex_organizationmanager_organization_iam_member	Ensure organization member does not have elevated access.	Terraform	IAMOrganizationElevatedMembers.py
2035	CKV_YC_22	resource	yandex_compute_instance_group	Ensure compute instance group has security group assigned.	Terraform	ComputeInstanceGroupSecurityGroup.py
2036	CKV_YC_23	resource	yandex_resourcemanager_folder_iam_binding	Ensure folder member does not have elevated access.	Terraform	IAMFolderElevatedMembers.py
2037	CKV_YC_23	resource	yandex_resourcemanager_folder_iam_member	Ensure folder member does not have elevated access.	Terraform	IAMFolderElevatedMembers.py
2038	CKV_YC_24	resource	yandex_organizationmanager_organization_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
2039	CKV_YC_24	resource	yandex_organizationmanager_organization_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
2040	CKV_YC_24	resource	yandex_resourcemanager_cloud_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
2041	CKV_YC_24	resource	yandex_resourcemanager_cloud_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
2042	CKV_YC_24	resource	yandex_resourcemanager_folder_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
2043	CKV_YC_24	resource	yandex_resourcemanager_folder_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py

---