Bridgecrew.io
  • About Bridgecrew by Prisma Cloud
Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Try Bridgecrew
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • Github Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
  • 5.Policy Index
    • all resource scans
    • arm resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans
    • terraform resource scans (auto generated)
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CycloneDX BOM
    • JUnit XML
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 5.policy index
  • terraform resource scans
Edit on GitHub

terraform resource scans (auto generated)

  Id Type Entity Policy IaC
0 CKV2_ADO_1 resource azuredevops_branch_policy_min_reviewers Ensure at least two approving reviews for PRs Terraform
1 CKV2_ADO_1 resource azuredevops_git_repository Ensure at least two approving reviews for PRs Terraform
2 CKV_ALI_1 resource alicloud_oss_bucket Alibaba Cloud OSS bucket accessible to public Terraform
3 CKV_ALI_2 resource alicloud_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform
4 CKV_ALI_3 resource alicloud_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform
5 CKV_ALI_4 resource alicloud_actiontrail_trail Ensure Action Trail Logging for all regions Terraform
6 CKV_ALI_5 resource alicloud_actiontrail_trail Ensure Action Trail Logging for all events Terraform
7 CKV_ALI_6 resource alicloud_oss_bucket Ensure OSS bucket is encrypted with Customer Master Key Terraform
8 CKV_ALI_7 resource alicloud_disk Ensure disk is encrypted Terraform
9 CKV_ALI_8 resource alicloud_disk Ensure Disk is encrypted with Customer Master Key Terraform
10 CKV_ALI_9 resource alicloud_db_instance Ensure database instance is not public Terraform
11 CKV_ALI_10 resource alicloud_oss_bucket Ensure OSS bucket has versioning enabled Terraform
12 CKV_ALI_11 resource alicloud_oss_bucket Ensure OSS bucket has transfer Acceleration enabled Terraform
13 CKV_ALI_12 resource alicloud_oss_bucket Ensure the OSS bucket has access logging enabled Terraform
14 CKV_ALI_13 resource alicloud_ram_account_password_policy Ensure RAM password policy requires minimum length of 14 or greater Terraform
15 CKV_ALI_14 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one number Terraform
16 CKV_ALI_15 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one symbol Terraform
17 CKV_ALI_16 resource alicloud_ram_account_password_policy Ensure RAM password policy expires passwords within 90 days or less Terraform
18 CKV_ALI_17 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one lowercase letter Terraform
19 CKV_ALI_18 resource alicloud_ram_account_password_policy Ensure RAM password policy prevents password reuse Terraform
20 CKV_ALI_19 resource alicloud_ram_account_password_policy Ensure RAM password policy requires at least one uppercase letter Terraform
21 CKV_ALI_20 resource alicloud_db_instance Ensure RDS instance uses SSL Terraform
22 CKV_ALI_21 resource alicloud_api_gateway_api Ensure API Gateway API Protocol HTTPS Terraform
23 CKV_ALI_22 resource alicloud_db_instance Ensure Transparent Data Encryption is Enabled on instance Terraform
24 CKV_ALI_23 resource alicloud_ram_account_password_policy Ensure Ram Account Password Policy Max Login Attempts not > 5 Terraform
25 CKV_ALI_24 resource alicloud_ram_account_password_policy Ensure Ram Account Password Policy Max Age less than/equal to 90 days Terraform
26 CKV_ALI_25 resource alicloud_db_instance Ensure RDS Instance SQL Collector Retention Period should be greater than 180 Terraform
27 CKV_ALI_26 resource alicloud_cs_kubernetes Ensure Kubernetes installs plugin Terway or Flannel to support standard policies Terraform
28 CKV_AWS_1 data aws_iam_policy_document Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
29 CKV_AWS_2 resource aws_alb_listener Ensure ALB protocol is HTTPS Terraform
30 CKV_AWS_2 resource aws_lb_listener Ensure ALB protocol is HTTPS Terraform
31 CKV_AWS_3 resource aws_ebs_volume Ensure all data stored in the EBS is securely encrypted Terraform
32 CKV_AWS_5 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform
33 CKV_AWS_5 resource aws_opensearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform
34 CKV_AWS_6 resource aws_elasticsearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform
35 CKV_AWS_6 resource aws_opensearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform
36 CKV_AWS_7 resource aws_kms_key Ensure rotation for customer created CMKs is enabled Terraform
37 CKV_AWS_8 resource aws_instance Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted Terraform
38 CKV_AWS_8 resource aws_launch_configuration Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted Terraform
39 CKV_AWS_9 resource aws_iam_account_password_policy Ensure IAM password policy expires passwords within 90 days or less Terraform
40 CKV_AWS_10 resource aws_iam_account_password_policy Ensure IAM password policy requires minimum length of 14 or greater Terraform
41 CKV_AWS_11 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one lowercase letter Terraform
42 CKV_AWS_12 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one number Terraform
43 CKV_AWS_13 resource aws_iam_account_password_policy Ensure IAM password policy prevents password reuse Terraform
44 CKV_AWS_14 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one symbol Terraform
45 CKV_AWS_15 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one uppercase letter Terraform
46 CKV_AWS_16 resource aws_db_instance Ensure all data stored in the RDS is securely encrypted at rest Terraform
47 CKV_AWS_17 resource aws_db_instance Ensure all data stored in RDS is not publicly accessible Terraform
48 CKV_AWS_17 resource aws_rds_cluster_instance Ensure all data stored in RDS is not publicly accessible Terraform
49 CKV_AWS_18 resource aws_s3_bucket Ensure the S3 bucket has access logging enabled Terraform
50 CKV_AWS_19 resource aws_s3_bucket Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform
51 CKV_AWS_19 resource aws_s3_bucket_server_side_encryption_configuration Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform
52 CKV_AWS_20 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public READ access. Terraform
53 CKV_AWS_20 resource aws_s3_bucket_acl S3 Bucket has an ACL defined which allows public READ access. Terraform
54 CKV_AWS_21 resource aws_s3_bucket Ensure all data stored in the S3 bucket have versioning enabled Terraform
55 CKV_AWS_21 resource aws_s3_bucket_versioning Ensure all data stored in the S3 bucket have versioning enabled Terraform
56 CKV_AWS_22 resource aws_sagemaker_notebook_instance Ensure SageMaker Notebook is encrypted at rest using KMS CMK Terraform
57 CKV_AWS_23 resource aws_db_security_group Ensure every security groups rule has a description Terraform
58 CKV_AWS_23 resource aws_elasticache_security_group Ensure every security groups rule has a description Terraform
59 CKV_AWS_23 resource aws_redshift_security_group Ensure every security groups rule has a description Terraform
60 CKV_AWS_23 resource aws_security_group Ensure every security groups rule has a description Terraform
61 CKV_AWS_23 resource aws_security_group_rule Ensure every security groups rule has a description Terraform
62 CKV_AWS_24 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform
63 CKV_AWS_24 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform
64 CKV_AWS_25 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform
65 CKV_AWS_25 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform
66 CKV_AWS_26 resource aws_sns_topic Ensure all data stored in the SNS topic is encrypted Terraform
67 CKV_AWS_27 resource aws_sqs_queue Ensure all data stored in the SQS queue is encrypted Terraform
68 CKV_AWS_28 resource aws_dynamodb_table Ensure Dynamodb point in time recovery (backup) is enabled Terraform
69 CKV_AWS_29 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Terraform
70 CKV_AWS_30 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Terraform
71 CKV_AWS_31 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Terraform
72 CKV_AWS_32 resource aws_ecr_repository_policy Ensure ECR policy is not set to public Terraform
73 CKV_AWS_33 resource aws_kms_key Ensure KMS key policy does not contain wildcard (*) principal Terraform
74 CKV_AWS_34 resource aws_cloudfront_distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Terraform
75 CKV_AWS_35 resource aws_cloudtrail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Terraform
76 CKV_AWS_36 resource aws_cloudtrail Ensure CloudTrail log file validation is enabled Terraform
77 CKV_AWS_37 resource aws_eks_cluster Ensure Amazon EKS control plane logging enabled for all log types Terraform
78 CKV_AWS_38 resource aws_eks_cluster Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 Terraform
79 CKV_AWS_39 resource aws_eks_cluster Ensure Amazon EKS public endpoint disabled Terraform
80 CKV_AWS_40 resource aws_iam_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
81 CKV_AWS_40 resource aws_iam_user_policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
82 CKV_AWS_40 resource aws_iam_user_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
83 CKV_AWS_41 provider aws Ensure no hard coded AWS access key and secret key exists in provider Terraform
84 CKV_AWS_42 resource aws_efs_file_system Ensure EFS is securely encrypted Terraform
85 CKV_AWS_43 resource aws_kinesis_stream Ensure Kinesis Stream is securely encrypted Terraform
86 CKV_AWS_44 resource aws_neptune_cluster Ensure Neptune storage is securely encrypted Terraform
87 CKV_AWS_45 resource aws_lambda_function Ensure no hard-coded secrets exist in lambda environment Terraform
88 CKV_AWS_46 resource aws_instance Ensure no hard-coded secrets exist in EC2 user data Terraform
89 CKV_AWS_47 resource aws_dax_cluster Ensure DAX is encrypted at rest (default is unencrypted) Terraform
90 CKV_AWS_48 resource aws_mq_broker Ensure MQ Broker logging is enabled Terraform
91 CKV_AWS_49 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
92 CKV_AWS_50 resource aws_lambda_function X-ray tracing is enabled for Lambda Terraform
93 CKV_AWS_51 resource aws_ecr_repository Ensure ECR Image Tags are immutable Terraform
94 CKV_AWS_53 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public ACLS enabled Terraform
95 CKV_AWS_54 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public policy enabled Terraform
96 CKV_AWS_55 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ignore public ACLs enabled Terraform
97 CKV_AWS_56 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ‘restrict_public_bucket’ enabled Terraform
98 CKV_AWS_57 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public WRITE access. Terraform
99 CKV_AWS_57 resource aws_s3_bucket_acl S3 Bucket has an ACL defined which allows public WRITE access. Terraform
100 CKV_AWS_58 resource aws_eks_cluster Ensure EKS Cluster has Secrets Encryption Enabled Terraform
101 CKV_AWS_59 resource aws_api_gateway_method Ensure there is no open access to back-end resources through API Terraform
102 CKV_AWS_60 resource aws_iam_role Ensure IAM role allows only specific services or principals to assume it Terraform
103 CKV_AWS_61 resource aws_iam_role Ensure AWS IAM policy does not allow assume role permission across all services Terraform
104 CKV_AWS_62 resource aws_iam_group_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
105 CKV_AWS_62 resource aws_iam_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
106 CKV_AWS_62 resource aws_iam_role_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
107 CKV_AWS_62 resource aws_iam_user_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
108 CKV_AWS_62 resource aws_ssoadmin_permission_set_inline_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
109 CKV_AWS_63 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
110 CKV_AWS_63 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
111 CKV_AWS_63 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
112 CKV_AWS_63 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
113 CKV_AWS_63 resource aws_ssoadmin_permission_set_inline_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
114 CKV_AWS_64 resource aws_redshift_cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Terraform
115 CKV_AWS_65 resource aws_ecs_cluster Ensure container insights are enabled on ECS cluster Terraform
116 CKV_AWS_66 resource aws_cloudwatch_log_group Ensure that CloudWatch Log Group specifies retention days Terraform
117 CKV_AWS_67 resource aws_cloudtrail Ensure CloudTrail is enabled in all Regions Terraform
118 CKV_AWS_68 resource aws_cloudfront_distribution CloudFront Distribution should have WAF enabled Terraform
119 CKV_AWS_69 resource aws_mq_broker Ensure MQ Broker is not publicly exposed Terraform
120 CKV_AWS_70 resource aws_s3_bucket Ensure S3 bucket does not allow an action with any Principal Terraform
121 CKV_AWS_70 resource aws_s3_bucket_policy Ensure S3 bucket does not allow an action with any Principal Terraform
122 CKV_AWS_71 resource aws_redshift_cluster Ensure Redshift Cluster logging is enabled Terraform
123 CKV_AWS_72 resource aws_sqs_queue_policy Ensure SQS policy does not allow ALL (*) actions. Terraform
124 CKV_AWS_73 resource aws_api_gateway_stage Ensure API Gateway has X-Ray Tracing enabled Terraform
125 CKV_AWS_74 resource aws_docdb_cluster Ensure DocDB is encrypted at rest (default is unencrypted) Terraform
126 CKV_AWS_75 resource aws_globalaccelerator_accelerator Ensure Global Accelerator accelerator has flow logs enabled Terraform
127 CKV_AWS_76 resource aws_api_gateway_stage Ensure API Gateway has Access Logging enabled Terraform
128 CKV_AWS_76 resource aws_apigatewayv2_stage Ensure API Gateway has Access Logging enabled Terraform
129 CKV_AWS_77 resource aws_athena_database Ensure Athena Database is encrypted at rest (default is unencrypted) Terraform
130 CKV_AWS_78 resource aws_codebuild_project Ensure that CodeBuild Project encryption is not disabled Terraform
131 CKV_AWS_79 resource aws_instance Ensure Instance Metadata Service Version 1 is not enabled Terraform
132 CKV_AWS_79 resource aws_launch_configuration Ensure Instance Metadata Service Version 1 is not enabled Terraform
133 CKV_AWS_79 resource aws_launch_template Ensure Instance Metadata Service Version 1 is not enabled Terraform
134 CKV_AWS_80 resource aws_msk_cluster Ensure MSK Cluster logging is enabled Terraform
135 CKV_AWS_81 resource aws_msk_cluster Ensure MSK Cluster encryption in rest and transit is enabled Terraform
136 CKV_AWS_82 resource aws_athena_workgroup Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption Terraform
137 CKV_AWS_83 resource aws_elasticsearch_domain Ensure Elasticsearch Domain enforces HTTPS Terraform
138 CKV_AWS_83 resource aws_opensearch_domain Ensure Elasticsearch Domain enforces HTTPS Terraform
139 CKV_AWS_84 resource aws_elasticsearch_domain Ensure Elasticsearch Domain Logging is enabled Terraform
140 CKV_AWS_84 resource aws_opensearch_domain Ensure Elasticsearch Domain Logging is enabled Terraform
141 CKV_AWS_85 resource aws_docdb_cluster Ensure DocDB Logging is enabled Terraform
142 CKV_AWS_86 resource aws_cloudfront_distribution Ensure Cloudfront distribution has Access Logging enabled Terraform
143 CKV_AWS_87 resource aws_redshift_cluster Redshift cluster should not be publicly accessible Terraform
144 CKV_AWS_88 resource aws_instance EC2 instance should not have public IP. Terraform
145 CKV_AWS_88 resource aws_launch_template EC2 instance should not have public IP. Terraform
146 CKV_AWS_89 resource aws_dms_replication_instance DMS replication instance should not be publicly accessible Terraform
147 CKV_AWS_90 resource aws_docdb_cluster_parameter_group Ensure DocDB TLS is not disabled Terraform
148 CKV_AWS_91 resource aws_alb Ensure the ELBv2 (Application/Network) has access logging enabled Terraform
149 CKV_AWS_91 resource aws_lb Ensure the ELBv2 (Application/Network) has access logging enabled Terraform
150 CKV_AWS_92 resource aws_elb Ensure the ELB has access logging enabled Terraform
151 CKV_AWS_93 resource aws_s3_bucket Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) Terraform
152 CKV_AWS_93 resource aws_s3_bucket_policy Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) Terraform
153 CKV_AWS_94 resource aws_glue_data_catalog_encryption_settings Ensure Glue Data Catalog Encryption is enabled Terraform
154 CKV_AWS_96 resource aws_rds_cluster Ensure all data stored in Aurora is securely encrypted at rest Terraform
155 CKV_AWS_97 resource aws_ecs_task_definition Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions Terraform
156 CKV_AWS_98 resource aws_sagemaker_endpoint_configuration Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest Terraform
157 CKV_AWS_99 resource aws_glue_security_configuration Ensure Glue Security Configuration Encryption is enabled Terraform
158 CKV_AWS_100 resource aws_eks_node_group Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 Terraform
159 CKV_AWS_101 resource aws_neptune_cluster Ensure Neptune logging is enabled Terraform
160 CKV_AWS_102 resource aws_neptune_cluster_instance Ensure Neptune Cluster instance is not publicly available Terraform
161 CKV_AWS_103 resource aws_alb_listener Ensure that load balancer is using TLS 1.2 Terraform
162 CKV_AWS_103 resource aws_lb_listener Ensure that load balancer is using TLS 1.2 Terraform
163 CKV_AWS_104 resource aws_docdb_cluster_parameter_group Ensure DocDB has audit logs enabled Terraform
164 CKV_AWS_105 resource aws_redshift_parameter_group Ensure Redshift uses SSL Terraform
165 CKV_AWS_106 resource aws_ebs_encryption_by_default Ensure EBS default encryption is enabled Terraform
166 CKV_AWS_107 data aws_iam_policy_document Ensure IAM policies does not allow credentials exposure Terraform
167 CKV_AWS_108 data aws_iam_policy_document Ensure IAM policies does not allow data exfiltration Terraform
168 CKV_AWS_109 data aws_iam_policy_document Ensure IAM policies does not allow permissions management / resource exposure without constraints Terraform
169 CKV_AWS_110 data aws_iam_policy_document Ensure IAM policies does not allow privilege escalation Terraform
170 CKV_AWS_111 data aws_iam_policy_document Ensure IAM policies does not allow write access without constraints Terraform
171 CKV_AWS_112 resource aws_ssm_document Ensure Session Manager data is encrypted in transit Terraform
172 CKV_AWS_113 resource aws_ssm_document Ensure Session Manager logs are enabled and encrypted Terraform
173 CKV_AWS_114 resource aws_emr_cluster Ensure that EMR clusters with Kerberos have Kerberos Realm set Terraform
174 CKV_AWS_115 resource aws_lambda_function Ensure that AWS Lambda function is configured for function-level concurrent execution limit Terraform
175 CKV_AWS_116 resource aws_lambda_function Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) Terraform
176 CKV_AWS_117 resource aws_lambda_function Ensure that AWS Lambda function is configured inside a VPC Terraform
177 CKV_AWS_118 resource aws_db_instance Ensure that enhanced monitoring is enabled for Amazon RDS instances Terraform
178 CKV_AWS_118 resource aws_rds_cluster_instance Ensure that enhanced monitoring is enabled for Amazon RDS instances Terraform
179 CKV_AWS_119 resource aws_dynamodb_table Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK Terraform
180 CKV_AWS_120 resource aws_api_gateway_stage Ensure API Gateway caching is enabled Terraform
181 CKV_AWS_121 resource aws_config_configuration_aggregator Ensure AWS Config is enabled in all regions Terraform
182 CKV_AWS_122 resource aws_sagemaker_notebook_instance Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance Terraform
183 CKV_AWS_123 resource aws_vpc_endpoint_service Ensure that VPC Endpoint Service is configured for Manual Acceptance Terraform
184 CKV_AWS_124 resource aws_cloudformation_stack Ensure that CloudFormation stacks are sending event notifications to an SNS topic Terraform
185 CKV_AWS_126 resource aws_instance Ensure that detailed monitoring is enabled for EC2 instances Terraform
186 CKV_AWS_127 resource aws_elb Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager Terraform
187 CKV_AWS_128 resource aws_rds_cluster Ensure that an Amazon RDS Clusters have AWS Identity and Access Management (IAM) authentication enabled Terraform
188 CKV_AWS_129 resource aws_db_instance Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled Terraform
189 CKV_AWS_130 resource aws_subnet Ensure VPC subnets do not assign public IP by default Terraform
190 CKV_AWS_131 resource aws_alb Ensure that ALB drops HTTP headers Terraform
191 CKV_AWS_131 resource aws_lb Ensure that ALB drops HTTP headers Terraform
192 CKV_AWS_133 resource aws_db_instance Ensure that RDS instances has backup policy Terraform
193 CKV_AWS_133 resource aws_rds_cluster Ensure that RDS instances has backup policy Terraform
194 CKV_AWS_134 resource aws_elasticache_cluster Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on Terraform
195 CKV_AWS_135 resource aws_instance Ensure that EC2 is EBS optimized Terraform
196 CKV_AWS_136 resource aws_ecr_repository Ensure that ECR repositories are encrypted using KMS Terraform
197 CKV_AWS_137 resource aws_elasticsearch_domain Ensure that Elasticsearch is configured inside a VPC Terraform
198 CKV_AWS_137 resource aws_opensearch_domain Ensure that Elasticsearch is configured inside a VPC Terraform
199 CKV_AWS_138 resource aws_elb Ensure that ELB is cross-zone-load-balancing enabled Terraform
200 CKV_AWS_139 resource aws_rds_cluster Ensure that RDS clusters have deletion protection enabled Terraform
201 CKV_AWS_140 resource aws_rds_global_cluster Ensure that RDS global clusters are encrypted Terraform
202 CKV_AWS_141 resource aws_redshift_cluster Ensured that redshift cluster allowing version upgrade by default Terraform
203 CKV_AWS_142 resource aws_redshift_cluster Ensure that Redshift cluster is encrypted by KMS Terraform
204 CKV_AWS_143 resource aws_s3_bucket Ensure that S3 bucket has lock configuration enabled by default Terraform
205 CKV_AWS_144 resource aws_s3_bucket Ensure that S3 bucket has cross-region replication enabled Terraform
206 CKV_AWS_144 resource aws_s3_bucket_replication_configuration Ensure that S3 bucket has cross-region replication enabled Terraform
207 CKV_AWS_145 resource aws_s3_bucket Ensure that S3 buckets are encrypted with KMS by default Terraform
208 CKV_AWS_145 resource aws_s3_bucket_server_side_encryption_configuration Ensure that S3 buckets are encrypted with KMS by default Terraform
209 CKV_AWS_146 resource aws_db_cluster_snapshot Ensure that RDS database cluster snapshot is encrypted Terraform
210 CKV_AWS_147 resource aws_codebuild_project Ensure that CodeBuild projects are encrypted Terraform
211 CKV_AWS_148 resource aws_default_vpc Ensure no default VPC is planned to be provisioned Terraform
212 CKV_AWS_149 resource aws_secretsmanager_secret Ensure that Secrets Manager secret is encrypted using KMS CMK Terraform
213 CKV_AWS_150 resource aws_alb Ensure that Load Balancer has deletion protection enabled Terraform
214 CKV_AWS_150 resource aws_lb Ensure that Load Balancer has deletion protection enabled Terraform
215 CKV_AWS_152 resource aws_alb Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled Terraform
216 CKV_AWS_152 resource aws_lb Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled Terraform
217 CKV_AWS_153 resource aws_autoscaling_group Autoscaling groups should supply tags to launch configurations Terraform
218 CKV_AWS_154 resource aws_redshift_cluster Ensure Redshift is not deployed outside of a VPC Terraform
219 CKV_AWS_155 resource aws_workspaces_workspace Ensure that Workspace user volumes are encrypted Terraform
220 CKV_AWS_156 resource aws_workspaces_workspace Ensure that Workspace root volumes are encrypted Terraform
221 CKV_AWS_157 resource aws_db_instance Ensure that RDS instances have Multi-AZ enabled Terraform
222 CKV_AWS_158 resource aws_cloudwatch_log_group Ensure that CloudWatch Log Group is encrypted by KMS Terraform
223 CKV_AWS_159 resource aws_athena_workgroup Ensure that Athena Workgroup is encrypted Terraform
224 CKV_AWS_160 resource aws_timestreamwrite_database Ensure that Timestream database is encrypted with KMS CMK Terraform
225 CKV_AWS_161 resource aws_db_instance Ensure RDS database has IAM authentication enabled Terraform
226 CKV_AWS_162 resource aws_rds_cluster Ensure RDS cluster has IAM authentication enabled Terraform
227 CKV_AWS_163 resource aws_ecr_repository Ensure ECR image scanning on push is enabled Terraform
228 CKV_AWS_164 resource aws_transfer_server Ensure Transfer Server is not exposed publicly. Terraform
229 CKV_AWS_165 resource aws_dynamodb_global_table Ensure Dynamodb point in time recovery (backup) is enabled for global tables Terraform
230 CKV_AWS_166 resource aws_backup_vault Ensure Backup Vault is encrypted at rest using KMS CMK Terraform
231 CKV_AWS_167 resource aws_glacier_vault Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it Terraform
232 CKV_AWS_168 resource aws_sqs_queue Ensure SQS queue policy is not public by only allowing specific services or principals to access it Terraform
233 CKV_AWS_168 resource aws_sqs_queue_policy Ensure SQS queue policy is not public by only allowing specific services or principals to access it Terraform
234 CKV_AWS_169 resource aws_sns_topic_policy Ensure SNS topic policy is not public by only allowing specific services or principals to access it Terraform
235 CKV_AWS_170 resource aws_qldb_ledger Ensure QLDB ledger permissions mode is set to STANDARD Terraform
236 CKV_AWS_171 resource aws_emr_security_configuration Ensure Cluster security configuration encryption is using SSE-KMS Terraform
237 CKV_AWS_172 resource aws_qldb_ledger Ensure QLDB ledger has deletion protection enabled Terraform
238 CKV_AWS_173 resource aws_lambda_function Check encryption settings for Lambda environmental variable Terraform
239 CKV_AWS_174 resource aws_cloudfront_distribution Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 Terraform
240 CKV_AWS_175 resource aws_waf_web_acl Ensure WAF has associated rules Terraform
241 CKV_AWS_175 resource aws_wafregional_web_acl Ensure WAF has associated rules Terraform
242 CKV_AWS_175 resource aws_wafv2_web_acl Ensure WAF has associated rules Terraform
243 CKV_AWS_176 resource aws_waf_web_acl Ensure Logging is enabled for WAF Web Access Control Lists Terraform
244 CKV_AWS_176 resource aws_wafregional_web_acl Ensure Logging is enabled for WAF Web Access Control Lists Terraform
245 CKV_AWS_177 resource aws_kinesis_video_stream Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK) Terraform
246 CKV_AWS_178 resource aws_fsx_ontap_file_system Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK) Terraform
247 CKV_AWS_179 resource aws_fsx_windows_file_system Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK) Terraform
248 CKV_AWS_180 resource aws_imagebuilder_component Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK) Terraform
249 CKV_AWS_181 resource aws_s3_object_copy Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK) Terraform
250 CKV_AWS_182 resource aws_docdb_cluster Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK) Terraform
251 CKV_AWS_183 resource aws_ebs_snapshot_copy Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK) Terraform
252 CKV_AWS_184 resource aws_efs_file_system Ensure resource is encrypted by KMS using a customer managed Key (CMK) Terraform
253 CKV_AWS_185 resource aws_kinesis_stream Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK) Terraform
254 CKV_AWS_186 resource aws_s3_bucket_object Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK) Terraform
255 CKV_AWS_187 resource aws_sagemaker_domain Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK) Terraform
256 CKV_AWS_188 resource aws_redshift_cluster Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK) Terraform
257 CKV_AWS_189 resource aws_ebs_volume Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) Terraform
258 CKV_AWS_190 resource aws_fsx_lustre_file_system Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK) Terraform
259 CKV_AWS_191 resource aws_elasticache_replication_group Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK) Terraform
260 CKV_AWS_192 resource aws_wafv2_web_acl Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform
261 CKV_AWS_193 resource aws_appsync_graphql_api Ensure AppSync has Logging enabled Terraform
262 CKV_AWS_194 resource aws_appsync_graphql_api Ensure AppSync has Field-Level logs enabled Terraform
263 CKV_AWS_195 resource aws_glue_crawler Ensure Glue component has a security configuration associated Terraform
264 CKV_AWS_195 resource aws_glue_dev_endpoint Ensure Glue component has a security configuration associated Terraform
265 CKV_AWS_195 resource aws_glue_job Ensure Glue component has a security configuration associated Terraform
266 CKV_AWS_196 resource aws_elasticache_security_group Ensure no aws_elasticache_security_group resources exist Terraform
267 CKV_AWS_197 resource aws_mq_broker Ensure MQ Broker Audit logging is enabled Terraform
268 CKV_AWS_198 resource aws_db_security_group Ensure no aws_db_security_group resources exist Terraform
269 CKV_AWS_199 resource aws_imagebuilder_distribution_configuration Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK) Terraform
270 CKV_AWS_200 resource aws_imagebuilder_image_recipe Ensure that Image Recipe EBS Disk are encrypted with CMK Terraform
271 CKV_AWS_201 resource aws_memorydb_cluster Ensure MemoryDB is encrypted at rest using KMS CMKs Terraform
272 CKV_AWS_202 resource aws_memorydb_cluster Ensure MemoryDB data is encrypted in transit Terraform
273 CKV_AWS_203 resource aws_fsx_openzfs_file_system Ensure resource is encrypted by KMS using a customer managed Key (CMK) Terraform
274 CKV_AWS_204 resource aws_ami Ensure AMIs are encrypted using KMS CMKs Terraform
275 CKV_AWS_205 resource aws_ami_launch_permission Ensure to Limit AMI launch Permissions Terraform
276 CKV_AWS_206 resource aws_api_gateway_domain_name Ensure API Gateway Domain uses a modern security Policy Terraform
277 CKV_AWS_207 resource aws_mq_broker Ensure MQ Broker minor version updates are enabled Terraform
278 CKV_AWS_208 resource aws_mq_broker Ensure MQBroker version is current Terraform
279 CKV_AWS_208 resource aws_mq_configuration Ensure MQBroker version is current Terraform
280 CKV_AWS_209 resource aws_mq_broker Ensure MQ broker encrypted by KMS using a customer managed Key (CMK) Terraform
281 CKV_AWS_210 resource aws_batch_job_definition Batch job does not define a privileged container Terraform
282 CKV_AWS_211 resource aws_db_instance Ensure RDS uses a modern CaCert Terraform
283 CKV_AWS_212 resource aws_dms_replication_instance Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) Terraform
284 CKV_AWS_213 resource aws_load_balancer_policy Ensure ELB Policy uses only secure protocols Terraform
285 CKV_AWS_214 resource aws_appsync_api_cache Ensure Appsync API Cache is encrypted at rest Terraform
286 CKV_AWS_215 resource aws_appsync_api_cache Ensure Appsync API Cache is encrypted in transit Terraform
287 CKV_AWS_216 resource aws_cloudfront_distribution Ensure Cloudfront distribution is enabled Terraform
288 CKV_AWS_217 resource aws_api_gateway_deployment Ensure Create before destroy for API deployments Terraform
289 CKV_AWS_218 resource aws_cloudsearch_domain Ensure that Cloudsearch is using latest TLS Terraform
290 CKV_AWS_219 resource aws_codepipeline Ensure Code Pipeline Artifact store is using a KMS CMK Terraform
291 CKV_AWS_220 resource aws_cloudsearch_domain Ensure that Cloudsearch is using https Terraform
292 CKV_AWS_221 resource aws_codeartifact_domain Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK) Terraform
293 CKV_AWS_222 resource aws_dms_replication_instance Ensure DMS instance gets all minor upgrade automatically Terraform
294 CKV_AWS_223 resource aws_ecs_cluster Ensure ECS Cluster enables logging of ECS Exec Terraform
295 CKV_AWS_224 resource aws_ecs_cluster Ensure Cluster logging with CMK Terraform
296 CKV_AWS_225 resource aws_api_gateway_method_settings Ensure API Gateway method setting caching is enabled Terraform
297 CKV_AWS_226 resource aws_db_instance Ensure DB instance gets all minor upgrades automatically Terraform
298 CKV_AWS_226 resource aws_rds_cluster_instance Ensure DB instance gets all minor upgrades automatically Terraform
299 CKV_AWS_227 resource aws_kms_key Ensure KMS key is enabled Terraform
300 CKV_AWS_228 resource aws_elasticsearch_domain Verify Elasticsearch domain is using an up to date TLS policy Terraform
301 CKV_AWS_228 resource aws_opensearch_domain Verify Elasticsearch domain is using an up to date TLS policy Terraform
302 CKV_AWS_229 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 Terraform
303 CKV_AWS_229 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 Terraform
304 CKV_AWS_230 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 Terraform
305 CKV_AWS_230 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 Terraform
306 CKV_AWS_231 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 Terraform
307 CKV_AWS_231 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 Terraform
308 CKV_AWS_232 resource aws_network_acl Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 Terraform
309 CKV_AWS_232 resource aws_network_acl_rule Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 Terraform
310 CKV_AWS_233 resource aws_acm_certificate Ensure Create before destroy for ACM certificates Terraform
311 CKV_AWS_234 resource aws_acm_certificate Verify logging preference for ACM certificates Terraform
312 CKV_AWS_235 resource aws_ami_copy Ensure that copied AMIs are encrypted Terraform
313 CKV_AWS_236 resource aws_ami_copy Ensure AMI copying uses a CMK Terraform
314 CKV_AWS_237 resource aws_api_gateway_rest_api Ensure Create before destroy for API GATEWAY Terraform
315 CKV_AWS_238 resource aws_guardduty_detector Ensure that Guard Duty detector is enabled Terraform
316 CKV_AWS_239 resource aws_dax_cluster Ensure DAX cluster endpoint is using TLS Terraform
317 CKV_AWS_240 resource aws_kinesis_firehose_delivery_stream Ensure Kinesis Firehose delivery stream is encrypted Terraform
318 CKV_AWS_241 resource aws_kinesis_firehose_delivery_stream Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK Terraform
319 CKV_AWS_242 resource aws_mwaa_environment Ensure MWAA environment has scheduler logs enabled Terraform
320 CKV_AWS_243 resource aws_mwaa_environment Ensure MWAA environment has worker logs enabled Terraform
321 CKV_AWS_244 resource aws_mwaa_environment Ensure MWAA environment has webserver logs enabled Terraform
322 CKV_AWS_245 resource aws_db_instance_automated_backups_replication Ensure replicated backups are encrypted at rest using KMS CMKs Terraform
323 CKV_AWS_246 resource aws_rds_cluster_activity_stream Ensure RDS Cluster activity streams are encrypted using KMS CMKs Terraform
324 CKV_AWS_247 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is encrypted with a CMK Terraform
325 CKV_AWS_247 resource aws_opensearch_domain Ensure all data stored in the Elasticsearch is encrypted with a CMK Terraform
326 CKV_AWS_248 resource aws_elasticsearch_domain Ensure that Elasticsearch is not using the default Security Group Terraform
327 CKV_AWS_248 resource aws_opensearch_domain Ensure that Elasticsearch is not using the default Security Group Terraform
328 CKV_AWS_249 resource aws_ecs_task_definition Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions Terraform
329 CKV_AWS_250 resource aws_db_instance Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) Terraform
330 CKV_AWS_250 resource aws_rds_cluster Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) Terraform
331 CKV_AWS_251 resource aws_cloudtrail Ensure CloudTrail logging is enabled Terraform
332 CKV_AWS_252 resource aws_cloudtrail Ensure CloudTrail defines an SNS Topic Terraform
333 CKV_AWS_253 resource aws_dlm_lifecycle_policy Ensure DLM cross region events are encrypted Terraform
334 CKV_AWS_254 resource aws_dlm_lifecycle_policy Ensure DLM cross region events are encrypted with Customer Managed Key Terraform
335 CKV_AWS_255 resource aws_dlm_lifecycle_policy Ensure DLM cross region schedules are encrypted Terraform
336 CKV_AWS_256 resource aws_dlm_lifecycle_policy Ensure DLM cross region schedules are encrypted using a Customer Managed Key Terraform
337 CKV_AWS_257 resource aws_codecommit_approval_rule_template Ensure codecommit branch changes have at least 2 approvals Terraform
338 CKV_AWS_258 resource aws_lambda_function_url Ensure that Lambda function URLs AuthType is not None Terraform
339 CKV_AWS_259 resource aws_cloudfront_response_headers_policy Ensure CloudFront response header policy enforces Strict Transport Security Terraform
340 CKV_AWS_260 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform
341 CKV_AWS_260 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 Terraform
342 CKV2_AWS_1 resource aws_network_acl Ensure that all NACL are attached to subnets Terraform
343 CKV2_AWS_1 resource aws_subnet Ensure that all NACL are attached to subnets Terraform
344 CKV2_AWS_2 resource aws_ebs_volume Ensure that only encrypted EBS volumes are attached to EC2 instances Terraform
345 CKV2_AWS_2 resource aws_volume_attachment Ensure that only encrypted EBS volumes are attached to EC2 instances Terraform
346 CKV2_AWS_3 resource aws_guardduty_detector Ensure GuardDuty is enabled to specific org/region Terraform
347 CKV2_AWS_3 resource aws_guardduty_organization_configuration Ensure GuardDuty is enabled to specific org/region Terraform
348 CKV2_AWS_4 resource aws_api_gateway_method_settings Ensure API Gateway stage have logging level defined as appropriate Terraform
349 CKV2_AWS_4 resource aws_api_gateway_stage Ensure API Gateway stage have logging level defined as appropriate Terraform
350 CKV2_AWS_5 resource aws_security_group Ensure that Security Groups are attached to another resource Terraform
351 CKV2_AWS_6 resource aws_s3_bucket Ensure that S3 bucket has a Public Access block Terraform
352 CKV2_AWS_6 resource aws_s3_bucket_public_access_block Ensure that S3 bucket has a Public Access block Terraform
353 CKV2_AWS_7 resource aws_emr_cluster Ensure that Amazon EMR clusters’ security groups are not open to the world Terraform
354 CKV2_AWS_7 resource aws_security_group Ensure that Amazon EMR clusters’ security groups are not open to the world Terraform
355 CKV2_AWS_8 resource aws_rds_cluster Ensure that RDS clusters has backup plan of AWS Backup Terraform
356 CKV2_AWS_9 resource aws_backup_selection Ensure that EBS are added in the backup plans of AWS Backup Terraform
357 CKV2_AWS_10 resource aws_cloudtrail Ensure CloudTrail trails are integrated with CloudWatch Logs Terraform
358 CKV2_AWS_11 resource aws_vpc Ensure VPC flow logging is enabled in all VPCs Terraform
359 CKV2_AWS_12 resource aws_default_security_group Ensure the default security group of every VPC restricts all traffic Terraform
360 CKV2_AWS_12 resource aws_vpc Ensure the default security group of every VPC restricts all traffic Terraform
361 CKV2_AWS_14 resource aws_iam_group Ensure that IAM groups includes at least one IAM user Terraform
362 CKV2_AWS_14 resource aws_iam_group_membership Ensure that IAM groups includes at least one IAM user Terraform
363 CKV2_AWS_15 resource aws_autoscaling_group Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform
364 CKV2_AWS_15 resource aws_elb Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. Terraform
365 CKV2_AWS_16 resource aws_appautoscaling_target Ensure that Auto Scaling is enabled on your DynamoDB tables Terraform
366 CKV2_AWS_16 resource aws_dynamodb_table Ensure that Auto Scaling is enabled on your DynamoDB tables Terraform
367 CKV2_AWS_18 resource aws_backup_selection Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup Terraform
368 CKV2_AWS_19 resource aws_eip Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances Terraform
369 CKV2_AWS_19 resource aws_eip_association Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances Terraform
370 CKV2_AWS_20 resource aws_alb Ensure that ALB redirects HTTP requests into HTTPS ones Terraform
371 CKV2_AWS_20 resource aws_alb_listener Ensure that ALB redirects HTTP requests into HTTPS ones Terraform
372 CKV2_AWS_20 resource aws_lb Ensure that ALB redirects HTTP requests into HTTPS ones Terraform
373 CKV2_AWS_20 resource aws_lb_listener Ensure that ALB redirects HTTP requests into HTTPS ones Terraform
374 CKV2_AWS_21 resource aws_iam_group_membership Ensure that all IAM users are members of at least one IAM group. Terraform
375 CKV2_AWS_22 resource aws_iam_user Ensure an IAM User does not have access to the console Terraform
376 CKV2_AWS_23 resource aws_route53_record Route53 A Record has Attached Resource Terraform
377 CKV2_AWS_27 resource aws_rds_cluster Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled Terraform
378 CKV2_AWS_27 resource aws_rds_cluster_parameter_group Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled Terraform
379 CKV2_AWS_28 resource aws_alb Ensure public facing ALB are protected by WAF Terraform
380 CKV2_AWS_28 resource aws_lb Ensure public facing ALB are protected by WAF Terraform
381 CKV2_AWS_29 resource aws_api_gateway_rest_api Ensure public API gateway are protected by WAF Terraform
382 CKV2_AWS_29 resource aws_api_gateway_stage Ensure public API gateway are protected by WAF Terraform
383 CKV2_AWS_30 resource aws_db_instance Ensure Postgres RDS as aws_db_instance has Query Logging enabled Terraform
384 CKV2_AWS_30 resource aws_db_parameter_group Ensure Postgres RDS as aws_db_instance has Query Logging enabled Terraform
385 CKV2_AWS_31 resource aws_wafv2_web_acl Ensure WAF2 has a Logging Configuration Terraform
386 CKV2_AWS_32 resource aws_cloudfront_distribution Ensure CloudFront distribution has a response headers policy attached Terraform
387 CKV2_AWS_33 resource aws_appsync_graphql_api Ensure AppSync is protected by WAF Terraform
388 CKV2_AWS_34 resource aws_ssm_parameter AWS SSM Parameter should be Encrypted Terraform
389 CKV2_AWS_35 resource aws_route AWS NAT Gateways should be utilized for the default route Terraform
390 CKV2_AWS_35 resource aws_route_table AWS NAT Gateways should be utilized for the default route Terraform
391 CKV2_AWS_36 resource aws_ssm_parameter Ensure terraform is not sending SSM secrets to untrusted domains over HTTP Terraform
392 CKV2_AWS_36 resource data.http Ensure terraform is not sending SSM secrets to untrusted domains over HTTP Terraform
393 CKV2_AWS_37 resource aws Ensure Codecommit associates an approval rule Terraform
394 CKV2_AWS_37 resource aws_accessanalyzer_analyzer Ensure Codecommit associates an approval rule Terraform
395 CKV2_AWS_37 resource aws_acm_certificate Ensure Codecommit associates an approval rule Terraform
396 CKV2_AWS_37 resource aws_acm_certificate_validation Ensure Codecommit associates an approval rule Terraform
397 CKV2_AWS_37 resource aws_acmpca_certificate_authority Ensure Codecommit associates an approval rule Terraform
398 CKV2_AWS_37 resource aws_ami Ensure Codecommit associates an approval rule Terraform
399 CKV2_AWS_37 resource aws_ami_copy Ensure Codecommit associates an approval rule Terraform
400 CKV2_AWS_37 resource aws_ami_from_instance Ensure Codecommit associates an approval rule Terraform
401 CKV2_AWS_37 resource aws_ami_launch_permission Ensure Codecommit associates an approval rule Terraform
402 CKV2_AWS_37 resource aws_api_gateway_account Ensure Codecommit associates an approval rule Terraform
403 CKV2_AWS_37 resource aws_api_gateway_api_key Ensure Codecommit associates an approval rule Terraform
404 CKV2_AWS_37 resource aws_api_gateway_authorizer Ensure Codecommit associates an approval rule Terraform
405 CKV2_AWS_37 resource aws_api_gateway_base_path_mapping Ensure Codecommit associates an approval rule Terraform
406 CKV2_AWS_37 resource aws_api_gateway_client_certificate Ensure Codecommit associates an approval rule Terraform
407 CKV2_AWS_37 resource aws_api_gateway_deployment Ensure Codecommit associates an approval rule Terraform
408 CKV2_AWS_37 resource aws_api_gateway_documentation_part Ensure Codecommit associates an approval rule Terraform
409 CKV2_AWS_37 resource aws_api_gateway_documentation_version Ensure Codecommit associates an approval rule Terraform
410 CKV2_AWS_37 resource aws_api_gateway_domain_name Ensure Codecommit associates an approval rule Terraform
411 CKV2_AWS_37 resource aws_api_gateway_gateway_response Ensure Codecommit associates an approval rule Terraform
412 CKV2_AWS_37 resource aws_api_gateway_integration Ensure Codecommit associates an approval rule Terraform
413 CKV2_AWS_37 resource aws_api_gateway_integration_response Ensure Codecommit associates an approval rule Terraform
414 CKV2_AWS_37 resource aws_api_gateway_method Ensure Codecommit associates an approval rule Terraform
415 CKV2_AWS_37 resource aws_api_gateway_method_response Ensure Codecommit associates an approval rule Terraform
416 CKV2_AWS_37 resource aws_api_gateway_method_settings Ensure Codecommit associates an approval rule Terraform
417 CKV2_AWS_37 resource aws_api_gateway_model Ensure Codecommit associates an approval rule Terraform
418 CKV2_AWS_37 resource aws_api_gateway_request_validator Ensure Codecommit associates an approval rule Terraform
419 CKV2_AWS_37 resource aws_api_gateway_resource Ensure Codecommit associates an approval rule Terraform
420 CKV2_AWS_37 resource aws_api_gateway_rest_api Ensure Codecommit associates an approval rule Terraform
421 CKV2_AWS_37 resource aws_api_gateway_stage Ensure Codecommit associates an approval rule Terraform
422 CKV2_AWS_37 resource aws_api_gateway_usage_plan Ensure Codecommit associates an approval rule Terraform
423 CKV2_AWS_37 resource aws_api_gateway_usage_plan_key Ensure Codecommit associates an approval rule Terraform
424 CKV2_AWS_37 resource aws_api_gateway_vpc_link Ensure Codecommit associates an approval rule Terraform
425 CKV2_AWS_37 resource aws_apigatewayv2_api Ensure Codecommit associates an approval rule Terraform
426 CKV2_AWS_37 resource aws_apigatewayv2_api_mapping Ensure Codecommit associates an approval rule Terraform
427 CKV2_AWS_37 resource aws_apigatewayv2_authorizer Ensure Codecommit associates an approval rule Terraform
428 CKV2_AWS_37 resource aws_apigatewayv2_deployment Ensure Codecommit associates an approval rule Terraform
429 CKV2_AWS_37 resource aws_apigatewayv2_domain_name Ensure Codecommit associates an approval rule Terraform
430 CKV2_AWS_37 resource aws_apigatewayv2_integration Ensure Codecommit associates an approval rule Terraform
431 CKV2_AWS_37 resource aws_apigatewayv2_integration_response Ensure Codecommit associates an approval rule Terraform
432 CKV2_AWS_37 resource aws_apigatewayv2_model Ensure Codecommit associates an approval rule Terraform
433 CKV2_AWS_37 resource aws_apigatewayv2_route Ensure Codecommit associates an approval rule Terraform
434 CKV2_AWS_37 resource aws_apigatewayv2_route_response Ensure Codecommit associates an approval rule Terraform
435 CKV2_AWS_37 resource aws_apigatewayv2_stage Ensure Codecommit associates an approval rule Terraform
436 CKV2_AWS_37 resource aws_apigatewayv2_vpc_link Ensure Codecommit associates an approval rule Terraform
437 CKV2_AWS_37 resource aws_app_cookie_stickiness_policy Ensure Codecommit associates an approval rule Terraform
438 CKV2_AWS_37 resource aws_appautoscaling_policy Ensure Codecommit associates an approval rule Terraform
439 CKV2_AWS_37 resource aws_appautoscaling_scheduled_action Ensure Codecommit associates an approval rule Terraform
440 CKV2_AWS_37 resource aws_appautoscaling_target Ensure Codecommit associates an approval rule Terraform
441 CKV2_AWS_37 resource aws_appmesh_mesh Ensure Codecommit associates an approval rule Terraform
442 CKV2_AWS_37 resource aws_appmesh_route Ensure Codecommit associates an approval rule Terraform
443 CKV2_AWS_37 resource aws_appmesh_virtual_node Ensure Codecommit associates an approval rule Terraform
444 CKV2_AWS_37 resource aws_appmesh_virtual_router Ensure Codecommit associates an approval rule Terraform
445 CKV2_AWS_37 resource aws_appmesh_virtual_service Ensure Codecommit associates an approval rule Terraform
446 CKV2_AWS_37 resource aws_appsync_api_key Ensure Codecommit associates an approval rule Terraform
447 CKV2_AWS_37 resource aws_appsync_datasource Ensure Codecommit associates an approval rule Terraform
448 CKV2_AWS_37 resource aws_appsync_function Ensure Codecommit associates an approval rule Terraform
449 CKV2_AWS_37 resource aws_appsync_graphql_api Ensure Codecommit associates an approval rule Terraform
450 CKV2_AWS_37 resource aws_appsync_resolver Ensure Codecommit associates an approval rule Terraform
451 CKV2_AWS_37 resource aws_athena_database Ensure Codecommit associates an approval rule Terraform
452 CKV2_AWS_37 resource aws_athena_named_query Ensure Codecommit associates an approval rule Terraform
453 CKV2_AWS_37 resource aws_athena_workgroup Ensure Codecommit associates an approval rule Terraform
454 CKV2_AWS_37 resource aws_autoscaling_attachment Ensure Codecommit associates an approval rule Terraform
455 CKV2_AWS_37 resource aws_autoscaling_group Ensure Codecommit associates an approval rule Terraform
456 CKV2_AWS_37 resource aws_autoscaling_lifecycle_hook Ensure Codecommit associates an approval rule Terraform
457 CKV2_AWS_37 resource aws_autoscaling_notification Ensure Codecommit associates an approval rule Terraform
458 CKV2_AWS_37 resource aws_autoscaling_policy Ensure Codecommit associates an approval rule Terraform
459 CKV2_AWS_37 resource aws_autoscaling_schedule Ensure Codecommit associates an approval rule Terraform
460 CKV2_AWS_37 resource aws_backup_plan Ensure Codecommit associates an approval rule Terraform
461 CKV2_AWS_37 resource aws_backup_selection Ensure Codecommit associates an approval rule Terraform
462 CKV2_AWS_37 resource aws_backup_vault Ensure Codecommit associates an approval rule Terraform
463 CKV2_AWS_37 resource aws_batch_compute_environment Ensure Codecommit associates an approval rule Terraform
464 CKV2_AWS_37 resource aws_batch_job_definition Ensure Codecommit associates an approval rule Terraform
465 CKV2_AWS_37 resource aws_batch_job_queue Ensure Codecommit associates an approval rule Terraform
466 CKV2_AWS_37 resource aws_budgets_budget Ensure Codecommit associates an approval rule Terraform
467 CKV2_AWS_37 resource aws_cloud9_environment_ec2 Ensure Codecommit associates an approval rule Terraform
468 CKV2_AWS_37 resource aws_cloudformation_stack Ensure Codecommit associates an approval rule Terraform
469 CKV2_AWS_37 resource aws_cloudformation_stack_set Ensure Codecommit associates an approval rule Terraform
470 CKV2_AWS_37 resource aws_cloudformation_stack_set_instance Ensure Codecommit associates an approval rule Terraform
471 CKV2_AWS_37 resource aws_cloudfront_distribution Ensure Codecommit associates an approval rule Terraform
472 CKV2_AWS_37 resource aws_cloudfront_origin_access_identity Ensure Codecommit associates an approval rule Terraform
473 CKV2_AWS_37 resource aws_cloudfront_public_key Ensure Codecommit associates an approval rule Terraform
474 CKV2_AWS_37 resource aws_cloudhsm_v2_cluster Ensure Codecommit associates an approval rule Terraform
475 CKV2_AWS_37 resource aws_cloudhsm_v2_hsm Ensure Codecommit associates an approval rule Terraform
476 CKV2_AWS_37 resource aws_cloudtrail Ensure Codecommit associates an approval rule Terraform
477 CKV2_AWS_37 resource aws_cloudwatch_dashboard Ensure Codecommit associates an approval rule Terraform
478 CKV2_AWS_37 resource aws_cloudwatch_event_permission Ensure Codecommit associates an approval rule Terraform
479 CKV2_AWS_37 resource aws_cloudwatch_event_rule Ensure Codecommit associates an approval rule Terraform
480 CKV2_AWS_37 resource aws_cloudwatch_event_target Ensure Codecommit associates an approval rule Terraform
481 CKV2_AWS_37 resource aws_cloudwatch_log_destination Ensure Codecommit associates an approval rule Terraform
482 CKV2_AWS_37 resource aws_cloudwatch_log_destination_policy Ensure Codecommit associates an approval rule Terraform
483 CKV2_AWS_37 resource aws_cloudwatch_log_group Ensure Codecommit associates an approval rule Terraform
484 CKV2_AWS_37 resource aws_cloudwatch_log_metric_filter Ensure Codecommit associates an approval rule Terraform
485 CKV2_AWS_37 resource aws_cloudwatch_log_resource_policy Ensure Codecommit associates an approval rule Terraform
486 CKV2_AWS_37 resource aws_cloudwatch_log_stream Ensure Codecommit associates an approval rule Terraform
487 CKV2_AWS_37 resource aws_cloudwatch_log_subscription_filter Ensure Codecommit associates an approval rule Terraform
488 CKV2_AWS_37 resource aws_cloudwatch_metric_alarm Ensure Codecommit associates an approval rule Terraform
489 CKV2_AWS_37 resource aws_codebuild_project Ensure Codecommit associates an approval rule Terraform
490 CKV2_AWS_37 resource aws_codebuild_source_credential Ensure Codecommit associates an approval rule Terraform
491 CKV2_AWS_37 resource aws_codebuild_webhook Ensure Codecommit associates an approval rule Terraform
492 CKV2_AWS_37 resource aws_codecommit_repository Ensure Codecommit associates an approval rule Terraform
493 CKV2_AWS_37 resource aws_codecommit_trigger Ensure Codecommit associates an approval rule Terraform
494 CKV2_AWS_37 resource aws_codedeploy_app Ensure Codecommit associates an approval rule Terraform
495 CKV2_AWS_37 resource aws_codedeploy_deployment_config Ensure Codecommit associates an approval rule Terraform
496 CKV2_AWS_37 resource aws_codedeploy_deployment_group Ensure Codecommit associates an approval rule Terraform
497 CKV2_AWS_37 resource aws_codepipeline Ensure Codecommit associates an approval rule Terraform
498 CKV2_AWS_37 resource aws_codepipeline_webhook Ensure Codecommit associates an approval rule Terraform
499 CKV2_AWS_37 resource aws_codestarnotifications_notification_rule Ensure Codecommit associates an approval rule Terraform
500 CKV2_AWS_37 resource aws_cognito_identity_pool Ensure Codecommit associates an approval rule Terraform
501 CKV2_AWS_37 resource aws_cognito_identity_pool_roles_attachment Ensure Codecommit associates an approval rule Terraform
502 CKV2_AWS_37 resource aws_cognito_identity_provider Ensure Codecommit associates an approval rule Terraform
503 CKV2_AWS_37 resource aws_cognito_resource_server Ensure Codecommit associates an approval rule Terraform
504 CKV2_AWS_37 resource aws_cognito_user_group Ensure Codecommit associates an approval rule Terraform
505 CKV2_AWS_37 resource aws_cognito_user_pool Ensure Codecommit associates an approval rule Terraform
506 CKV2_AWS_37 resource aws_cognito_user_pool_client Ensure Codecommit associates an approval rule Terraform
507 CKV2_AWS_37 resource aws_cognito_user_pool_domain Ensure Codecommit associates an approval rule Terraform
508 CKV2_AWS_37 resource aws_config_aggregate_authorization Ensure Codecommit associates an approval rule Terraform
509 CKV2_AWS_37 resource aws_config_config_rule Ensure Codecommit associates an approval rule Terraform
510 CKV2_AWS_37 resource aws_config_configuration_aggregator Ensure Codecommit associates an approval rule Terraform
511 CKV2_AWS_37 resource aws_config_configuration_recorder Ensure Codecommit associates an approval rule Terraform
512 CKV2_AWS_37 resource aws_config_configuration_recorder_status Ensure Codecommit associates an approval rule Terraform
513 CKV2_AWS_37 resource aws_config_delivery_channel Ensure Codecommit associates an approval rule Terraform
514 CKV2_AWS_37 resource aws_config_organization_custom_rule Ensure Codecommit associates an approval rule Terraform
515 CKV2_AWS_37 resource aws_config_organization_managed_rule Ensure Codecommit associates an approval rule Terraform
516 CKV2_AWS_37 resource aws_cur_report_definition Ensure Codecommit associates an approval rule Terraform
517 CKV2_AWS_37 resource aws_customer_gateway Ensure Codecommit associates an approval rule Terraform
518 CKV2_AWS_37 resource aws_datapipeline_pipeline Ensure Codecommit associates an approval rule Terraform
519 CKV2_AWS_37 resource aws_datasync_agent Ensure Codecommit associates an approval rule Terraform
520 CKV2_AWS_37 resource aws_datasync_location_efs Ensure Codecommit associates an approval rule Terraform
521 CKV2_AWS_37 resource aws_datasync_location_nfs Ensure Codecommit associates an approval rule Terraform
522 CKV2_AWS_37 resource aws_datasync_location_s3 Ensure Codecommit associates an approval rule Terraform
523 CKV2_AWS_37 resource aws_datasync_location_smb Ensure Codecommit associates an approval rule Terraform
524 CKV2_AWS_37 resource aws_datasync_task Ensure Codecommit associates an approval rule Terraform
525 CKV2_AWS_37 resource aws_dax_cluster Ensure Codecommit associates an approval rule Terraform
526 CKV2_AWS_37 resource aws_dax_parameter_group Ensure Codecommit associates an approval rule Terraform
527 CKV2_AWS_37 resource aws_dax_subnet_group Ensure Codecommit associates an approval rule Terraform
528 CKV2_AWS_37 resource aws_db_cluster_snapshot Ensure Codecommit associates an approval rule Terraform
529 CKV2_AWS_37 resource aws_db_event_subscription Ensure Codecommit associates an approval rule Terraform
530 CKV2_AWS_37 resource aws_db_instance Ensure Codecommit associates an approval rule Terraform
531 CKV2_AWS_37 resource aws_db_instance_role_association Ensure Codecommit associates an approval rule Terraform
532 CKV2_AWS_37 resource aws_db_option_group Ensure Codecommit associates an approval rule Terraform
533 CKV2_AWS_37 resource aws_db_parameter_group Ensure Codecommit associates an approval rule Terraform
534 CKV2_AWS_37 resource aws_db_security_group Ensure Codecommit associates an approval rule Terraform
535 CKV2_AWS_37 resource aws_db_snapshot Ensure Codecommit associates an approval rule Terraform
536 CKV2_AWS_37 resource aws_db_subnet_group Ensure Codecommit associates an approval rule Terraform
537 CKV2_AWS_37 resource aws_default_network_acl Ensure Codecommit associates an approval rule Terraform
538 CKV2_AWS_37 resource aws_default_route_table Ensure Codecommit associates an approval rule Terraform
539 CKV2_AWS_37 resource aws_default_security_group Ensure Codecommit associates an approval rule Terraform
540 CKV2_AWS_37 resource aws_default_subnet Ensure Codecommit associates an approval rule Terraform
541 CKV2_AWS_37 resource aws_default_vpc Ensure Codecommit associates an approval rule Terraform
542 CKV2_AWS_37 resource aws_default_vpc_dhcp_options Ensure Codecommit associates an approval rule Terraform
543 CKV2_AWS_37 resource aws_devicefarm_project Ensure Codecommit associates an approval rule Terraform
544 CKV2_AWS_37 resource aws_directory_service_conditional_forwarder Ensure Codecommit associates an approval rule Terraform
545 CKV2_AWS_37 resource aws_directory_service_directory Ensure Codecommit associates an approval rule Terraform
546 CKV2_AWS_37 resource aws_directory_service_log_subscription Ensure Codecommit associates an approval rule Terraform
547 CKV2_AWS_37 resource aws_dlm_lifecycle_policy Ensure Codecommit associates an approval rule Terraform
548 CKV2_AWS_37 resource aws_dms_certificate Ensure Codecommit associates an approval rule Terraform
549 CKV2_AWS_37 resource aws_dms_endpoint Ensure Codecommit associates an approval rule Terraform
550 CKV2_AWS_37 resource aws_dms_event_subscription Ensure Codecommit associates an approval rule Terraform
551 CKV2_AWS_37 resource aws_dms_replication_instance Ensure Codecommit associates an approval rule Terraform
552 CKV2_AWS_37 resource aws_dms_replication_subnet_group Ensure Codecommit associates an approval rule Terraform
553 CKV2_AWS_37 resource aws_dms_replication_task Ensure Codecommit associates an approval rule Terraform
554 CKV2_AWS_37 resource aws_docdb_cluster Ensure Codecommit associates an approval rule Terraform
555 CKV2_AWS_37 resource aws_docdb_cluster_instance Ensure Codecommit associates an approval rule Terraform
556 CKV2_AWS_37 resource aws_docdb_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform
557 CKV2_AWS_37 resource aws_docdb_cluster_snapshot Ensure Codecommit associates an approval rule Terraform
558 CKV2_AWS_37 resource aws_docdb_subnet_group Ensure Codecommit associates an approval rule Terraform
559 CKV2_AWS_37 resource aws_dx_bgp_peer Ensure Codecommit associates an approval rule Terraform
560 CKV2_AWS_37 resource aws_dx_connection Ensure Codecommit associates an approval rule Terraform
561 CKV2_AWS_37 resource aws_dx_connection_association Ensure Codecommit associates an approval rule Terraform
562 CKV2_AWS_37 resource aws_dx_gateway Ensure Codecommit associates an approval rule Terraform
563 CKV2_AWS_37 resource aws_dx_gateway_association Ensure Codecommit associates an approval rule Terraform
564 CKV2_AWS_37 resource aws_dx_gateway_association_proposal Ensure Codecommit associates an approval rule Terraform
565 CKV2_AWS_37 resource aws_dx_hosted_private_virtual_interface Ensure Codecommit associates an approval rule Terraform
566 CKV2_AWS_37 resource aws_dx_hosted_private_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform
567 CKV2_AWS_37 resource aws_dx_hosted_public_virtual_interface Ensure Codecommit associates an approval rule Terraform
568 CKV2_AWS_37 resource aws_dx_hosted_public_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform
569 CKV2_AWS_37 resource aws_dx_hosted_transit_virtual_interface Ensure Codecommit associates an approval rule Terraform
570 CKV2_AWS_37 resource aws_dx_hosted_transit_virtual_interface_accepter Ensure Codecommit associates an approval rule Terraform
571 CKV2_AWS_37 resource aws_dx_lag Ensure Codecommit associates an approval rule Terraform
572 CKV2_AWS_37 resource aws_dx_private_virtual_interface Ensure Codecommit associates an approval rule Terraform
573 CKV2_AWS_37 resource aws_dx_public_virtual_interface Ensure Codecommit associates an approval rule Terraform
574 CKV2_AWS_37 resource aws_dx_transit_virtual_interface Ensure Codecommit associates an approval rule Terraform
575 CKV2_AWS_37 resource aws_dynamodb_global_table Ensure Codecommit associates an approval rule Terraform
576 CKV2_AWS_37 resource aws_dynamodb_table Ensure Codecommit associates an approval rule Terraform
577 CKV2_AWS_37 resource aws_dynamodb_table_item Ensure Codecommit associates an approval rule Terraform
578 CKV2_AWS_37 resource aws_ebs_default_kms_key Ensure Codecommit associates an approval rule Terraform
579 CKV2_AWS_37 resource aws_ebs_encryption_by_default Ensure Codecommit associates an approval rule Terraform
580 CKV2_AWS_37 resource aws_ebs_snapshot Ensure Codecommit associates an approval rule Terraform
581 CKV2_AWS_37 resource aws_ebs_snapshot_copy Ensure Codecommit associates an approval rule Terraform
582 CKV2_AWS_37 resource aws_ebs_volume Ensure Codecommit associates an approval rule Terraform
583 CKV2_AWS_37 resource aws_ec2_availability_zone_group Ensure Codecommit associates an approval rule Terraform
584 CKV2_AWS_37 resource aws_ec2_capacity_reservation Ensure Codecommit associates an approval rule Terraform
585 CKV2_AWS_37 resource aws_ec2_client_vpn_authorization_rule Ensure Codecommit associates an approval rule Terraform
586 CKV2_AWS_37 resource aws_ec2_client_vpn_endpoint Ensure Codecommit associates an approval rule Terraform
587 CKV2_AWS_37 resource aws_ec2_client_vpn_network_association Ensure Codecommit associates an approval rule Terraform
588 CKV2_AWS_37 resource aws_ec2_client_vpn_route Ensure Codecommit associates an approval rule Terraform
589 CKV2_AWS_37 resource aws_ec2_fleet Ensure Codecommit associates an approval rule Terraform
590 CKV2_AWS_37 resource aws_ec2_local_gateway_route Ensure Codecommit associates an approval rule Terraform
591 CKV2_AWS_37 resource aws_ec2_local_gateway_route_table_vpc_association Ensure Codecommit associates an approval rule Terraform
592 CKV2_AWS_37 resource aws_ec2_tag Ensure Codecommit associates an approval rule Terraform
593 CKV2_AWS_37 resource aws_ec2_traffic_mirror_filter Ensure Codecommit associates an approval rule Terraform
594 CKV2_AWS_37 resource aws_ec2_traffic_mirror_filter_rule Ensure Codecommit associates an approval rule Terraform
595 CKV2_AWS_37 resource aws_ec2_traffic_mirror_session Ensure Codecommit associates an approval rule Terraform
596 CKV2_AWS_37 resource aws_ec2_traffic_mirror_target Ensure Codecommit associates an approval rule Terraform
597 CKV2_AWS_37 resource aws_ec2_transit_gateway Ensure Codecommit associates an approval rule Terraform
598 CKV2_AWS_37 resource aws_ec2_transit_gateway_peering_attachment Ensure Codecommit associates an approval rule Terraform
599 CKV2_AWS_37 resource aws_ec2_transit_gateway_peering_attachment_accepter Ensure Codecommit associates an approval rule Terraform
600 CKV2_AWS_37 resource aws_ec2_transit_gateway_route Ensure Codecommit associates an approval rule Terraform
601 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table Ensure Codecommit associates an approval rule Terraform
602 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table_association Ensure Codecommit associates an approval rule Terraform
603 CKV2_AWS_37 resource aws_ec2_transit_gateway_route_table_propagation Ensure Codecommit associates an approval rule Terraform
604 CKV2_AWS_37 resource aws_ec2_transit_gateway_vpc_attachment Ensure Codecommit associates an approval rule Terraform
605 CKV2_AWS_37 resource aws_ec2_transit_gateway_vpc_attachment_accepter Ensure Codecommit associates an approval rule Terraform
606 CKV2_AWS_37 resource aws_ecr_lifecycle_policy Ensure Codecommit associates an approval rule Terraform
607 CKV2_AWS_37 resource aws_ecr_repository Ensure Codecommit associates an approval rule Terraform
608 CKV2_AWS_37 resource aws_ecr_repository_policy Ensure Codecommit associates an approval rule Terraform
609 CKV2_AWS_37 resource aws_ecs_capacity_provider Ensure Codecommit associates an approval rule Terraform
610 CKV2_AWS_37 resource aws_ecs_cluster Ensure Codecommit associates an approval rule Terraform
611 CKV2_AWS_37 resource aws_ecs_service Ensure Codecommit associates an approval rule Terraform
612 CKV2_AWS_37 resource aws_ecs_task_definition Ensure Codecommit associates an approval rule Terraform
613 CKV2_AWS_37 resource aws_efs_access_point Ensure Codecommit associates an approval rule Terraform
614 CKV2_AWS_37 resource aws_efs_file_system Ensure Codecommit associates an approval rule Terraform
615 CKV2_AWS_37 resource aws_efs_file_system_policy Ensure Codecommit associates an approval rule Terraform
616 CKV2_AWS_37 resource aws_efs_mount_target Ensure Codecommit associates an approval rule Terraform
617 CKV2_AWS_37 resource aws_egress_only_internet_gateway Ensure Codecommit associates an approval rule Terraform
618 CKV2_AWS_37 resource aws_eip Ensure Codecommit associates an approval rule Terraform
619 CKV2_AWS_37 resource aws_eip_association Ensure Codecommit associates an approval rule Terraform
620 CKV2_AWS_37 resource aws_eks_cluster Ensure Codecommit associates an approval rule Terraform
621 CKV2_AWS_37 resource aws_eks_fargate_profile Ensure Codecommit associates an approval rule Terraform
622 CKV2_AWS_37 resource aws_eks_node_group Ensure Codecommit associates an approval rule Terraform
623 CKV2_AWS_37 resource aws_elastic_beanstalk_application Ensure Codecommit associates an approval rule Terraform
624 CKV2_AWS_37 resource aws_elastic_beanstalk_application_version Ensure Codecommit associates an approval rule Terraform
625 CKV2_AWS_37 resource aws_elastic_beanstalk_configuration_template Ensure Codecommit associates an approval rule Terraform
626 CKV2_AWS_37 resource aws_elastic_beanstalk_environment Ensure Codecommit associates an approval rule Terraform
627 CKV2_AWS_37 resource aws_elasticache_cluster Ensure Codecommit associates an approval rule Terraform
628 CKV2_AWS_37 resource aws_elasticache_parameter_group Ensure Codecommit associates an approval rule Terraform
629 CKV2_AWS_37 resource aws_elasticache_replication_group Ensure Codecommit associates an approval rule Terraform
630 CKV2_AWS_37 resource aws_elasticache_security_group Ensure Codecommit associates an approval rule Terraform
631 CKV2_AWS_37 resource aws_elasticache_subnet_group Ensure Codecommit associates an approval rule Terraform
632 CKV2_AWS_37 resource aws_elasticsearch_domain Ensure Codecommit associates an approval rule Terraform
633 CKV2_AWS_37 resource aws_elasticsearch_domain_policy Ensure Codecommit associates an approval rule Terraform
634 CKV2_AWS_37 resource aws_elastictranscoder_pipeline Ensure Codecommit associates an approval rule Terraform
635 CKV2_AWS_37 resource aws_elastictranscoder_preset Ensure Codecommit associates an approval rule Terraform
636 CKV2_AWS_37 resource aws_elb Ensure Codecommit associates an approval rule Terraform
637 CKV2_AWS_37 resource aws_elb_attachment Ensure Codecommit associates an approval rule Terraform
638 CKV2_AWS_37 resource aws_emr_cluster Ensure Codecommit associates an approval rule Terraform
639 CKV2_AWS_37 resource aws_emr_instance_group Ensure Codecommit associates an approval rule Terraform
640 CKV2_AWS_37 resource aws_emr_security_configuration Ensure Codecommit associates an approval rule Terraform
641 CKV2_AWS_37 resource aws_flow_log Ensure Codecommit associates an approval rule Terraform
642 CKV2_AWS_37 resource aws_fms_admin_account Ensure Codecommit associates an approval rule Terraform
643 CKV2_AWS_37 resource aws_fsx_lustre_file_system Ensure Codecommit associates an approval rule Terraform
644 CKV2_AWS_37 resource aws_fsx_windows_file_system Ensure Codecommit associates an approval rule Terraform
645 CKV2_AWS_37 resource aws_gamelift_alias Ensure Codecommit associates an approval rule Terraform
646 CKV2_AWS_37 resource aws_gamelift_build Ensure Codecommit associates an approval rule Terraform
647 CKV2_AWS_37 resource aws_gamelift_fleet Ensure Codecommit associates an approval rule Terraform
648 CKV2_AWS_37 resource aws_gamelift_game_session_queue Ensure Codecommit associates an approval rule Terraform
649 CKV2_AWS_37 resource aws_glacier_vault Ensure Codecommit associates an approval rule Terraform
650 CKV2_AWS_37 resource aws_glacier_vault_lock Ensure Codecommit associates an approval rule Terraform
651 CKV2_AWS_37 resource aws_globalaccelerator_accelerator Ensure Codecommit associates an approval rule Terraform
652 CKV2_AWS_37 resource aws_globalaccelerator_endpoint_group Ensure Codecommit associates an approval rule Terraform
653 CKV2_AWS_37 resource aws_globalaccelerator_listener Ensure Codecommit associates an approval rule Terraform
654 CKV2_AWS_37 resource aws_glue_catalog_database Ensure Codecommit associates an approval rule Terraform
655 CKV2_AWS_37 resource aws_glue_catalog_table Ensure Codecommit associates an approval rule Terraform
656 CKV2_AWS_37 resource aws_glue_classifier Ensure Codecommit associates an approval rule Terraform
657 CKV2_AWS_37 resource aws_glue_connection Ensure Codecommit associates an approval rule Terraform
658 CKV2_AWS_37 resource aws_glue_crawler Ensure Codecommit associates an approval rule Terraform
659 CKV2_AWS_37 resource aws_glue_job Ensure Codecommit associates an approval rule Terraform
660 CKV2_AWS_37 resource aws_glue_security_configuration Ensure Codecommit associates an approval rule Terraform
661 CKV2_AWS_37 resource aws_glue_trigger Ensure Codecommit associates an approval rule Terraform
662 CKV2_AWS_37 resource aws_glue_workflow Ensure Codecommit associates an approval rule Terraform
663 CKV2_AWS_37 resource aws_guardduty_detector Ensure Codecommit associates an approval rule Terraform
664 CKV2_AWS_37 resource aws_guardduty_invite_accepter Ensure Codecommit associates an approval rule Terraform
665 CKV2_AWS_37 resource aws_guardduty_ipset Ensure Codecommit associates an approval rule Terraform
666 CKV2_AWS_37 resource aws_guardduty_member Ensure Codecommit associates an approval rule Terraform
667 CKV2_AWS_37 resource aws_guardduty_organization_admin_account Ensure Codecommit associates an approval rule Terraform
668 CKV2_AWS_37 resource aws_guardduty_organization_configuration Ensure Codecommit associates an approval rule Terraform
669 CKV2_AWS_37 resource aws_guardduty_threatintelset Ensure Codecommit associates an approval rule Terraform
670 CKV2_AWS_37 resource aws_iam_access_key Ensure Codecommit associates an approval rule Terraform
671 CKV2_AWS_37 resource aws_iam_account_alias Ensure Codecommit associates an approval rule Terraform
672 CKV2_AWS_37 resource aws_iam_account_password_policy Ensure Codecommit associates an approval rule Terraform
673 CKV2_AWS_37 resource aws_iam_group Ensure Codecommit associates an approval rule Terraform
674 CKV2_AWS_37 resource aws_iam_group_membership Ensure Codecommit associates an approval rule Terraform
675 CKV2_AWS_37 resource aws_iam_group_policy Ensure Codecommit associates an approval rule Terraform
676 CKV2_AWS_37 resource aws_iam_group_policy_attachment Ensure Codecommit associates an approval rule Terraform
677 CKV2_AWS_37 resource aws_iam_instance_profile Ensure Codecommit associates an approval rule Terraform
678 CKV2_AWS_37 resource aws_iam_openid_connect_provider Ensure Codecommit associates an approval rule Terraform
679 CKV2_AWS_37 resource aws_iam_policy Ensure Codecommit associates an approval rule Terraform
680 CKV2_AWS_37 resource aws_iam_policy_attachment Ensure Codecommit associates an approval rule Terraform
681 CKV2_AWS_37 resource aws_iam_policy_document Ensure Codecommit associates an approval rule Terraform
682 CKV2_AWS_37 resource aws_iam_role Ensure Codecommit associates an approval rule Terraform
683 CKV2_AWS_37 resource aws_iam_role_policy Ensure Codecommit associates an approval rule Terraform
684 CKV2_AWS_37 resource aws_iam_role_policy_attachment Ensure Codecommit associates an approval rule Terraform
685 CKV2_AWS_37 resource aws_iam_saml_provider Ensure Codecommit associates an approval rule Terraform
686 CKV2_AWS_37 resource aws_iam_server_certificate Ensure Codecommit associates an approval rule Terraform
687 CKV2_AWS_37 resource aws_iam_service_linked_role Ensure Codecommit associates an approval rule Terraform
688 CKV2_AWS_37 resource aws_iam_user Ensure Codecommit associates an approval rule Terraform
689 CKV2_AWS_37 resource aws_iam_user_group_membership Ensure Codecommit associates an approval rule Terraform
690 CKV2_AWS_37 resource aws_iam_user_login_profile Ensure Codecommit associates an approval rule Terraform
691 CKV2_AWS_37 resource aws_iam_user_policy Ensure Codecommit associates an approval rule Terraform
692 CKV2_AWS_37 resource aws_iam_user_policy_attachment Ensure Codecommit associates an approval rule Terraform
693 CKV2_AWS_37 resource aws_iam_user_ssh_key Ensure Codecommit associates an approval rule Terraform
694 CKV2_AWS_37 resource aws_inspector_assessment_target Ensure Codecommit associates an approval rule Terraform
695 CKV2_AWS_37 resource aws_inspector_assessment_template Ensure Codecommit associates an approval rule Terraform
696 CKV2_AWS_37 resource aws_inspector_resource_group Ensure Codecommit associates an approval rule Terraform
697 CKV2_AWS_37 resource aws_instance Ensure Codecommit associates an approval rule Terraform
698 CKV2_AWS_37 resource aws_internet_gateway Ensure Codecommit associates an approval rule Terraform
699 CKV2_AWS_37 resource aws_iot_certificate Ensure Codecommit associates an approval rule Terraform
700 CKV2_AWS_37 resource aws_iot_policy Ensure Codecommit associates an approval rule Terraform
701 CKV2_AWS_37 resource aws_iot_policy_attachment Ensure Codecommit associates an approval rule Terraform
702 CKV2_AWS_37 resource aws_iot_role_alias Ensure Codecommit associates an approval rule Terraform
703 CKV2_AWS_37 resource aws_iot_thing Ensure Codecommit associates an approval rule Terraform
704 CKV2_AWS_37 resource aws_iot_thing_principal_attachment Ensure Codecommit associates an approval rule Terraform
705 CKV2_AWS_37 resource aws_iot_thing_type Ensure Codecommit associates an approval rule Terraform
706 CKV2_AWS_37 resource aws_iot_topic_rule Ensure Codecommit associates an approval rule Terraform
707 CKV2_AWS_37 resource aws_key_pair Ensure Codecommit associates an approval rule Terraform
708 CKV2_AWS_37 resource aws_kinesis_analytics_application Ensure Codecommit associates an approval rule Terraform
709 CKV2_AWS_37 resource aws_kinesis_firehose_delivery_stream Ensure Codecommit associates an approval rule Terraform
710 CKV2_AWS_37 resource aws_kinesis_stream Ensure Codecommit associates an approval rule Terraform
711 CKV2_AWS_37 resource aws_kinesis_video_stream Ensure Codecommit associates an approval rule Terraform
712 CKV2_AWS_37 resource aws_kms_alias Ensure Codecommit associates an approval rule Terraform
713 CKV2_AWS_37 resource aws_kms_ciphertext Ensure Codecommit associates an approval rule Terraform
714 CKV2_AWS_37 resource aws_kms_external_key Ensure Codecommit associates an approval rule Terraform
715 CKV2_AWS_37 resource aws_kms_grant Ensure Codecommit associates an approval rule Terraform
716 CKV2_AWS_37 resource aws_kms_key Ensure Codecommit associates an approval rule Terraform
717 CKV2_AWS_37 resource aws_lambda_alias Ensure Codecommit associates an approval rule Terraform
718 CKV2_AWS_37 resource aws_lambda_event_source_mapping Ensure Codecommit associates an approval rule Terraform
719 CKV2_AWS_37 resource aws_lambda_function Ensure Codecommit associates an approval rule Terraform
720 CKV2_AWS_37 resource aws_lambda_function_event_invoke_config Ensure Codecommit associates an approval rule Terraform
721 CKV2_AWS_37 resource aws_lambda_layer_version Ensure Codecommit associates an approval rule Terraform
722 CKV2_AWS_37 resource aws_lambda_permission Ensure Codecommit associates an approval rule Terraform
723 CKV2_AWS_37 resource aws_lambda_provisioned_concurrency_config Ensure Codecommit associates an approval rule Terraform
724 CKV2_AWS_37 resource aws_launch_configuration Ensure Codecommit associates an approval rule Terraform
725 CKV2_AWS_37 resource aws_launch_template Ensure Codecommit associates an approval rule Terraform
726 CKV2_AWS_37 resource aws_lb Ensure Codecommit associates an approval rule Terraform
727 CKV2_AWS_37 resource aws_lb_cookie_stickiness_policy Ensure Codecommit associates an approval rule Terraform
728 CKV2_AWS_37 resource aws_lb_listener Ensure Codecommit associates an approval rule Terraform
729 CKV2_AWS_37 resource aws_lb_listener_certificate Ensure Codecommit associates an approval rule Terraform
730 CKV2_AWS_37 resource aws_lb_listener_rule Ensure Codecommit associates an approval rule Terraform
731 CKV2_AWS_37 resource aws_lb_ssl_negotiation_policy Ensure Codecommit associates an approval rule Terraform
732 CKV2_AWS_37 resource aws_lb_target_group Ensure Codecommit associates an approval rule Terraform
733 CKV2_AWS_37 resource aws_lb_target_group_attachment Ensure Codecommit associates an approval rule Terraform
734 CKV2_AWS_37 resource aws_licensemanager_association Ensure Codecommit associates an approval rule Terraform
735 CKV2_AWS_37 resource aws_licensemanager_license_configuration Ensure Codecommit associates an approval rule Terraform
736 CKV2_AWS_37 resource aws_lightsail_domain Ensure Codecommit associates an approval rule Terraform
737 CKV2_AWS_37 resource aws_lightsail_instance Ensure Codecommit associates an approval rule Terraform
738 CKV2_AWS_37 resource aws_lightsail_key_pair Ensure Codecommit associates an approval rule Terraform
739 CKV2_AWS_37 resource aws_lightsail_static_ip Ensure Codecommit associates an approval rule Terraform
740 CKV2_AWS_37 resource aws_lightsail_static_ip_attachment Ensure Codecommit associates an approval rule Terraform
741 CKV2_AWS_37 resource aws_load_balancer_backend_server_policy Ensure Codecommit associates an approval rule Terraform
742 CKV2_AWS_37 resource aws_load_balancer_listener_policy Ensure Codecommit associates an approval rule Terraform
743 CKV2_AWS_37 resource aws_load_balancer_policy Ensure Codecommit associates an approval rule Terraform
744 CKV2_AWS_37 resource aws_macie_member_account_association Ensure Codecommit associates an approval rule Terraform
745 CKV2_AWS_37 resource aws_macie_s3_bucket_association Ensure Codecommit associates an approval rule Terraform
746 CKV2_AWS_37 resource aws_main_route_table_association Ensure Codecommit associates an approval rule Terraform
747 CKV2_AWS_37 resource aws_media_convert_queue Ensure Codecommit associates an approval rule Terraform
748 CKV2_AWS_37 resource aws_media_package_channel Ensure Codecommit associates an approval rule Terraform
749 CKV2_AWS_37 resource aws_media_store_container Ensure Codecommit associates an approval rule Terraform
750 CKV2_AWS_37 resource aws_media_store_container_policy Ensure Codecommit associates an approval rule Terraform
751 CKV2_AWS_37 resource aws_mq_broker Ensure Codecommit associates an approval rule Terraform
752 CKV2_AWS_37 resource aws_mq_configuration Ensure Codecommit associates an approval rule Terraform
753 CKV2_AWS_37 resource aws_msk_cluster Ensure Codecommit associates an approval rule Terraform
754 CKV2_AWS_37 resource aws_msk_configuration Ensure Codecommit associates an approval rule Terraform
755 CKV2_AWS_37 resource aws_nat_gateway Ensure Codecommit associates an approval rule Terraform
756 CKV2_AWS_37 resource aws_neptune_cluster Ensure Codecommit associates an approval rule Terraform
757 CKV2_AWS_37 resource aws_neptune_cluster_instance Ensure Codecommit associates an approval rule Terraform
758 CKV2_AWS_37 resource aws_neptune_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform
759 CKV2_AWS_37 resource aws_neptune_cluster_snapshot Ensure Codecommit associates an approval rule Terraform
760 CKV2_AWS_37 resource aws_neptune_event_subscription Ensure Codecommit associates an approval rule Terraform
761 CKV2_AWS_37 resource aws_neptune_parameter_group Ensure Codecommit associates an approval rule Terraform
762 CKV2_AWS_37 resource aws_neptune_subnet_group Ensure Codecommit associates an approval rule Terraform
763 CKV2_AWS_37 resource aws_network_acl Ensure Codecommit associates an approval rule Terraform
764 CKV2_AWS_37 resource aws_network_acl_rule Ensure Codecommit associates an approval rule Terraform
765 CKV2_AWS_37 resource aws_network_interface Ensure Codecommit associates an approval rule Terraform
766 CKV2_AWS_37 resource aws_network_interface_attachment Ensure Codecommit associates an approval rule Terraform
767 CKV2_AWS_37 resource aws_network_interface_sg_attachment Ensure Codecommit associates an approval rule Terraform
768 CKV2_AWS_37 resource aws_opsworks_application Ensure Codecommit associates an approval rule Terraform
769 CKV2_AWS_37 resource aws_opsworks_custom_layer Ensure Codecommit associates an approval rule Terraform
770 CKV2_AWS_37 resource aws_opsworks_ganglia_layer Ensure Codecommit associates an approval rule Terraform
771 CKV2_AWS_37 resource aws_opsworks_haproxy_layer Ensure Codecommit associates an approval rule Terraform
772 CKV2_AWS_37 resource aws_opsworks_instance Ensure Codecommit associates an approval rule Terraform
773 CKV2_AWS_37 resource aws_opsworks_java_app_layer Ensure Codecommit associates an approval rule Terraform
774 CKV2_AWS_37 resource aws_opsworks_memcached_layer Ensure Codecommit associates an approval rule Terraform
775 CKV2_AWS_37 resource aws_opsworks_mysql_layer Ensure Codecommit associates an approval rule Terraform
776 CKV2_AWS_37 resource aws_opsworks_nodejs_app_layer Ensure Codecommit associates an approval rule Terraform
777 CKV2_AWS_37 resource aws_opsworks_permission Ensure Codecommit associates an approval rule Terraform
778 CKV2_AWS_37 resource aws_opsworks_php_app_layer Ensure Codecommit associates an approval rule Terraform
779 CKV2_AWS_37 resource aws_opsworks_rails_app_layer Ensure Codecommit associates an approval rule Terraform
780 CKV2_AWS_37 resource aws_opsworks_rds_db_instance Ensure Codecommit associates an approval rule Terraform
781 CKV2_AWS_37 resource aws_opsworks_stack Ensure Codecommit associates an approval rule Terraform
782 CKV2_AWS_37 resource aws_opsworks_static_web_layer Ensure Codecommit associates an approval rule Terraform
783 CKV2_AWS_37 resource aws_opsworks_user_profile Ensure Codecommit associates an approval rule Terraform
784 CKV2_AWS_37 resource aws_organizations_account Ensure Codecommit associates an approval rule Terraform
785 CKV2_AWS_37 resource aws_organizations_organization Ensure Codecommit associates an approval rule Terraform
786 CKV2_AWS_37 resource aws_organizations_organizational_unit Ensure Codecommit associates an approval rule Terraform
787 CKV2_AWS_37 resource aws_organizations_policy Ensure Codecommit associates an approval rule Terraform
788 CKV2_AWS_37 resource aws_organizations_policy_attachment Ensure Codecommit associates an approval rule Terraform
789 CKV2_AWS_37 resource aws_pinpoint_adm_channel Ensure Codecommit associates an approval rule Terraform
790 CKV2_AWS_37 resource aws_pinpoint_apns_channel Ensure Codecommit associates an approval rule Terraform
791 CKV2_AWS_37 resource aws_pinpoint_apns_sandbox_channel Ensure Codecommit associates an approval rule Terraform
792 CKV2_AWS_37 resource aws_pinpoint_apns_voip_channel Ensure Codecommit associates an approval rule Terraform
793 CKV2_AWS_37 resource aws_pinpoint_apns_voip_sandbox_channel Ensure Codecommit associates an approval rule Terraform
794 CKV2_AWS_37 resource aws_pinpoint_app Ensure Codecommit associates an approval rule Terraform
795 CKV2_AWS_37 resource aws_pinpoint_baidu_channel Ensure Codecommit associates an approval rule Terraform
796 CKV2_AWS_37 resource aws_pinpoint_email_channel Ensure Codecommit associates an approval rule Terraform
797 CKV2_AWS_37 resource aws_pinpoint_event_stream Ensure Codecommit associates an approval rule Terraform
798 CKV2_AWS_37 resource aws_pinpoint_gcm_channel Ensure Codecommit associates an approval rule Terraform
799 CKV2_AWS_37 resource aws_pinpoint_sms_channel Ensure Codecommit associates an approval rule Terraform
800 CKV2_AWS_37 resource aws_placement_group Ensure Codecommit associates an approval rule Terraform
801 CKV2_AWS_37 resource aws_proxy_protocol_policy Ensure Codecommit associates an approval rule Terraform
802 CKV2_AWS_37 resource aws_qldb_ledger Ensure Codecommit associates an approval rule Terraform
803 CKV2_AWS_37 resource aws_quicksight_group Ensure Codecommit associates an approval rule Terraform
804 CKV2_AWS_37 resource aws_quicksight_user Ensure Codecommit associates an approval rule Terraform
805 CKV2_AWS_37 resource aws_ram_principal_association Ensure Codecommit associates an approval rule Terraform
806 CKV2_AWS_37 resource aws_ram_resource_association Ensure Codecommit associates an approval rule Terraform
807 CKV2_AWS_37 resource aws_ram_resource_share Ensure Codecommit associates an approval rule Terraform
808 CKV2_AWS_37 resource aws_ram_resource_share_accepter Ensure Codecommit associates an approval rule Terraform
809 CKV2_AWS_37 resource aws_rds_cluster Ensure Codecommit associates an approval rule Terraform
810 CKV2_AWS_37 resource aws_rds_cluster_endpoint Ensure Codecommit associates an approval rule Terraform
811 CKV2_AWS_37 resource aws_rds_cluster_instance Ensure Codecommit associates an approval rule Terraform
812 CKV2_AWS_37 resource aws_rds_cluster_parameter_group Ensure Codecommit associates an approval rule Terraform
813 CKV2_AWS_37 resource aws_rds_global_cluster Ensure Codecommit associates an approval rule Terraform
814 CKV2_AWS_37 resource aws_redshift_cluster Ensure Codecommit associates an approval rule Terraform
815 CKV2_AWS_37 resource aws_redshift_event_subscription Ensure Codecommit associates an approval rule Terraform
816 CKV2_AWS_37 resource aws_redshift_parameter_group Ensure Codecommit associates an approval rule Terraform
817 CKV2_AWS_37 resource aws_redshift_security_group Ensure Codecommit associates an approval rule Terraform
818 CKV2_AWS_37 resource aws_redshift_snapshot_copy_grant Ensure Codecommit associates an approval rule Terraform
819 CKV2_AWS_37 resource aws_redshift_snapshot_schedule Ensure Codecommit associates an approval rule Terraform
820 CKV2_AWS_37 resource aws_redshift_snapshot_schedule_association Ensure Codecommit associates an approval rule Terraform
821 CKV2_AWS_37 resource aws_redshift_subnet_group Ensure Codecommit associates an approval rule Terraform
822 CKV2_AWS_37 resource aws_resourcegroups_group Ensure Codecommit associates an approval rule Terraform
823 CKV2_AWS_37 resource aws_root Ensure Codecommit associates an approval rule Terraform
824 CKV2_AWS_37 resource aws_root_access_key Ensure Codecommit associates an approval rule Terraform
825 CKV2_AWS_37 resource aws_route Ensure Codecommit associates an approval rule Terraform
826 CKV2_AWS_37 resource aws_route53_delegation_set Ensure Codecommit associates an approval rule Terraform
827 CKV2_AWS_37 resource aws_route53_health_check Ensure Codecommit associates an approval rule Terraform
828 CKV2_AWS_37 resource aws_route53_query_log Ensure Codecommit associates an approval rule Terraform
829 CKV2_AWS_37 resource aws_route53_record Ensure Codecommit associates an approval rule Terraform
830 CKV2_AWS_37 resource aws_route53_resolver_endpoint Ensure Codecommit associates an approval rule Terraform
831 CKV2_AWS_37 resource aws_route53_resolver_rule Ensure Codecommit associates an approval rule Terraform
832 CKV2_AWS_37 resource aws_route53_resolver_rule_association Ensure Codecommit associates an approval rule Terraform
833 CKV2_AWS_37 resource aws_route53_vpc_association_authorization Ensure Codecommit associates an approval rule Terraform
834 CKV2_AWS_37 resource aws_route53_zone Ensure Codecommit associates an approval rule Terraform
835 CKV2_AWS_37 resource aws_route53_zone_association Ensure Codecommit associates an approval rule Terraform
836 CKV2_AWS_37 resource aws_route_table Ensure Codecommit associates an approval rule Terraform
837 CKV2_AWS_37 resource aws_route_table_association Ensure Codecommit associates an approval rule Terraform
838 CKV2_AWS_37 resource aws_s3_access_point Ensure Codecommit associates an approval rule Terraform
839 CKV2_AWS_37 resource aws_s3_account_public_access_block Ensure Codecommit associates an approval rule Terraform
840 CKV2_AWS_37 resource aws_s3_bucket Ensure Codecommit associates an approval rule Terraform
841 CKV2_AWS_37 resource aws_s3_bucket_analytics_configuration Ensure Codecommit associates an approval rule Terraform
842 CKV2_AWS_37 resource aws_s3_bucket_inventory Ensure Codecommit associates an approval rule Terraform
843 CKV2_AWS_37 resource aws_s3_bucket_metric Ensure Codecommit associates an approval rule Terraform
844 CKV2_AWS_37 resource aws_s3_bucket_notification Ensure Codecommit associates an approval rule Terraform
845 CKV2_AWS_37 resource aws_s3_bucket_object Ensure Codecommit associates an approval rule Terraform
846 CKV2_AWS_37 resource aws_s3_bucket_policy Ensure Codecommit associates an approval rule Terraform
847 CKV2_AWS_37 resource aws_s3_bucket_public_access_block Ensure Codecommit associates an approval rule Terraform
848 CKV2_AWS_37 resource aws_sagemaker_endpoint Ensure Codecommit associates an approval rule Terraform
849 CKV2_AWS_37 resource aws_sagemaker_endpoint_configuration Ensure Codecommit associates an approval rule Terraform
850 CKV2_AWS_37 resource aws_sagemaker_model Ensure Codecommit associates an approval rule Terraform
851 CKV2_AWS_37 resource aws_sagemaker_notebook_instance Ensure Codecommit associates an approval rule Terraform
852 CKV2_AWS_37 resource aws_sagemaker_notebook_instance_lifecycle_configuration Ensure Codecommit associates an approval rule Terraform
853 CKV2_AWS_37 resource aws_secretsmanager_secret Ensure Codecommit associates an approval rule Terraform
854 CKV2_AWS_37 resource aws_secretsmanager_secret_rotation Ensure Codecommit associates an approval rule Terraform
855 CKV2_AWS_37 resource aws_secretsmanager_secret_version Ensure Codecommit associates an approval rule Terraform
856 CKV2_AWS_37 resource aws_security_group Ensure Codecommit associates an approval rule Terraform
857 CKV2_AWS_37 resource aws_security_group_rule Ensure Codecommit associates an approval rule Terraform
858 CKV2_AWS_37 resource aws_securityhub_account Ensure Codecommit associates an approval rule Terraform
859 CKV2_AWS_37 resource aws_securityhub_member Ensure Codecommit associates an approval rule Terraform
860 CKV2_AWS_37 resource aws_securityhub_product_subscription Ensure Codecommit associates an approval rule Terraform
861 CKV2_AWS_37 resource aws_securityhub_standards_subscription Ensure Codecommit associates an approval rule Terraform
862 CKV2_AWS_37 resource aws_service_discovery_http_namespace Ensure Codecommit associates an approval rule Terraform
863 CKV2_AWS_37 resource aws_service_discovery_private_dns_namespace Ensure Codecommit associates an approval rule Terraform
864 CKV2_AWS_37 resource aws_service_discovery_public_dns_namespace Ensure Codecommit associates an approval rule Terraform
865 CKV2_AWS_37 resource aws_service_discovery_service Ensure Codecommit associates an approval rule Terraform
866 CKV2_AWS_37 resource aws_servicecatalog_portfolio Ensure Codecommit associates an approval rule Terraform
867 CKV2_AWS_37 resource aws_servicequotas_service_quota Ensure Codecommit associates an approval rule Terraform
868 CKV2_AWS_37 resource aws_ses_active_receipt_rule_set Ensure Codecommit associates an approval rule Terraform
869 CKV2_AWS_37 resource aws_ses_configuration_set Ensure Codecommit associates an approval rule Terraform
870 CKV2_AWS_37 resource aws_ses_domain_dkim Ensure Codecommit associates an approval rule Terraform
871 CKV2_AWS_37 resource aws_ses_domain_identity Ensure Codecommit associates an approval rule Terraform
872 CKV2_AWS_37 resource aws_ses_domain_identity_verification Ensure Codecommit associates an approval rule Terraform
873 CKV2_AWS_37 resource aws_ses_domain_mail_from Ensure Codecommit associates an approval rule Terraform
874 CKV2_AWS_37 resource aws_ses_email_identity Ensure Codecommit associates an approval rule Terraform
875 CKV2_AWS_37 resource aws_ses_event_destination Ensure Codecommit associates an approval rule Terraform
876 CKV2_AWS_37 resource aws_ses_identity_notification_topic Ensure Codecommit associates an approval rule Terraform
877 CKV2_AWS_37 resource aws_ses_identity_policy Ensure Codecommit associates an approval rule Terraform
878 CKV2_AWS_37 resource aws_ses_receipt_filter Ensure Codecommit associates an approval rule Terraform
879 CKV2_AWS_37 resource aws_ses_receipt_rule Ensure Codecommit associates an approval rule Terraform
880 CKV2_AWS_37 resource aws_ses_receipt_rule_set Ensure Codecommit associates an approval rule Terraform
881 CKV2_AWS_37 resource aws_ses_template Ensure Codecommit associates an approval rule Terraform
882 CKV2_AWS_37 resource aws_sfn_activity Ensure Codecommit associates an approval rule Terraform
883 CKV2_AWS_37 resource aws_sfn_state_machine Ensure Codecommit associates an approval rule Terraform
884 CKV2_AWS_37 resource aws_shield_protection Ensure Codecommit associates an approval rule Terraform
885 CKV2_AWS_37 resource aws_simpledb_domain Ensure Codecommit associates an approval rule Terraform
886 CKV2_AWS_37 resource aws_snapshot_create_volume_permission Ensure Codecommit associates an approval rule Terraform
887 CKV2_AWS_37 resource aws_sns_platform_application Ensure Codecommit associates an approval rule Terraform
888 CKV2_AWS_37 resource aws_sns_sms_preferences Ensure Codecommit associates an approval rule Terraform
889 CKV2_AWS_37 resource aws_sns_topic Ensure Codecommit associates an approval rule Terraform
890 CKV2_AWS_37 resource aws_sns_topic_policy Ensure Codecommit associates an approval rule Terraform
891 CKV2_AWS_37 resource aws_sns_topic_subscription Ensure Codecommit associates an approval rule Terraform
892 CKV2_AWS_37 resource aws_spot_datafeed_subscription Ensure Codecommit associates an approval rule Terraform
893 CKV2_AWS_37 resource aws_spot_fleet_request Ensure Codecommit associates an approval rule Terraform
894 CKV2_AWS_37 resource aws_spot_instance_request Ensure Codecommit associates an approval rule Terraform
895 CKV2_AWS_37 resource aws_sqs_queue Ensure Codecommit associates an approval rule Terraform
896 CKV2_AWS_37 resource aws_sqs_queue_policy Ensure Codecommit associates an approval rule Terraform
897 CKV2_AWS_37 resource aws_ssm_activation Ensure Codecommit associates an approval rule Terraform
898 CKV2_AWS_37 resource aws_ssm_association Ensure Codecommit associates an approval rule Terraform
899 CKV2_AWS_37 resource aws_ssm_document Ensure Codecommit associates an approval rule Terraform
900 CKV2_AWS_37 resource aws_ssm_maintenance_window Ensure Codecommit associates an approval rule Terraform
901 CKV2_AWS_37 resource aws_ssm_maintenance_window_target Ensure Codecommit associates an approval rule Terraform
902 CKV2_AWS_37 resource aws_ssm_maintenance_window_task Ensure Codecommit associates an approval rule Terraform
903 CKV2_AWS_37 resource aws_ssm_parameter Ensure Codecommit associates an approval rule Terraform
904 CKV2_AWS_37 resource aws_ssm_patch_baseline Ensure Codecommit associates an approval rule Terraform
905 CKV2_AWS_37 resource aws_ssm_patch_group Ensure Codecommit associates an approval rule Terraform
906 CKV2_AWS_37 resource aws_ssm_resource_data_sync Ensure Codecommit associates an approval rule Terraform
907 CKV2_AWS_37 resource aws_storagegateway_cache Ensure Codecommit associates an approval rule Terraform
908 CKV2_AWS_37 resource aws_storagegateway_cached_iscsi_volume Ensure Codecommit associates an approval rule Terraform
909 CKV2_AWS_37 resource aws_storagegateway_gateway Ensure Codecommit associates an approval rule Terraform
910 CKV2_AWS_37 resource aws_storagegateway_nfs_file_share Ensure Codecommit associates an approval rule Terraform
911 CKV2_AWS_37 resource aws_storagegateway_smb_file_share Ensure Codecommit associates an approval rule Terraform
912 CKV2_AWS_37 resource aws_storagegateway_upload_buffer Ensure Codecommit associates an approval rule Terraform
913 CKV2_AWS_37 resource aws_storagegateway_working_storage Ensure Codecommit associates an approval rule Terraform
914 CKV2_AWS_37 resource aws_subnet Ensure Codecommit associates an approval rule Terraform
915 CKV2_AWS_37 resource aws_swf_domain Ensure Codecommit associates an approval rule Terraform
916 CKV2_AWS_37 resource aws_transfer_server Ensure Codecommit associates an approval rule Terraform
917 CKV2_AWS_37 resource aws_transfer_ssh_key Ensure Codecommit associates an approval rule Terraform
918 CKV2_AWS_37 resource aws_transfer_user Ensure Codecommit associates an approval rule Terraform
919 CKV2_AWS_37 resource aws_volume_attachment Ensure Codecommit associates an approval rule Terraform
920 CKV2_AWS_37 resource aws_vpc Ensure Codecommit associates an approval rule Terraform
921 CKV2_AWS_37 resource aws_vpc_dhcp_options Ensure Codecommit associates an approval rule Terraform
922 CKV2_AWS_37 resource aws_vpc_dhcp_options_association Ensure Codecommit associates an approval rule Terraform
923 CKV2_AWS_37 resource aws_vpc_endpoint Ensure Codecommit associates an approval rule Terraform
924 CKV2_AWS_37 resource aws_vpc_endpoint_connection_notification Ensure Codecommit associates an approval rule Terraform
925 CKV2_AWS_37 resource aws_vpc_endpoint_route_table_association Ensure Codecommit associates an approval rule Terraform
926 CKV2_AWS_37 resource aws_vpc_endpoint_service Ensure Codecommit associates an approval rule Terraform
927 CKV2_AWS_37 resource aws_vpc_endpoint_service_allowed_principal Ensure Codecommit associates an approval rule Terraform
928 CKV2_AWS_37 resource aws_vpc_endpoint_subnet_association Ensure Codecommit associates an approval rule Terraform
929 CKV2_AWS_37 resource aws_vpc_ipv4_cidr_block_association Ensure Codecommit associates an approval rule Terraform
930 CKV2_AWS_37 resource aws_vpc_peering_connection Ensure Codecommit associates an approval rule Terraform
931 CKV2_AWS_37 resource aws_vpc_peering_connection_accepter Ensure Codecommit associates an approval rule Terraform
932 CKV2_AWS_37 resource aws_vpc_peering_connection_options Ensure Codecommit associates an approval rule Terraform
933 CKV2_AWS_37 resource aws_vpn_connection Ensure Codecommit associates an approval rule Terraform
934 CKV2_AWS_37 resource aws_vpn_connection_route Ensure Codecommit associates an approval rule Terraform
935 CKV2_AWS_37 resource aws_vpn_gateway Ensure Codecommit associates an approval rule Terraform
936 CKV2_AWS_37 resource aws_vpn_gateway_attachment Ensure Codecommit associates an approval rule Terraform
937 CKV2_AWS_37 resource aws_vpn_gateway_route_propagation Ensure Codecommit associates an approval rule Terraform
938 CKV2_AWS_37 resource aws_waf_byte_match_set Ensure Codecommit associates an approval rule Terraform
939 CKV2_AWS_37 resource aws_waf_geo_match_set Ensure Codecommit associates an approval rule Terraform
940 CKV2_AWS_37 resource aws_waf_ipset Ensure Codecommit associates an approval rule Terraform
941 CKV2_AWS_37 resource aws_waf_rate_based_rule Ensure Codecommit associates an approval rule Terraform
942 CKV2_AWS_37 resource aws_waf_regex_match_set Ensure Codecommit associates an approval rule Terraform
943 CKV2_AWS_37 resource aws_waf_regex_pattern_set Ensure Codecommit associates an approval rule Terraform
944 CKV2_AWS_37 resource aws_waf_rule Ensure Codecommit associates an approval rule Terraform
945 CKV2_AWS_37 resource aws_waf_rule_group Ensure Codecommit associates an approval rule Terraform
946 CKV2_AWS_37 resource aws_waf_size_constraint_set Ensure Codecommit associates an approval rule Terraform
947 CKV2_AWS_37 resource aws_waf_sql_injection_match_set Ensure Codecommit associates an approval rule Terraform
948 CKV2_AWS_37 resource aws_waf_web_acl Ensure Codecommit associates an approval rule Terraform
949 CKV2_AWS_37 resource aws_waf_xss_match_set Ensure Codecommit associates an approval rule Terraform
950 CKV2_AWS_37 resource aws_wafregional_byte_match_set Ensure Codecommit associates an approval rule Terraform
951 CKV2_AWS_37 resource aws_wafregional_geo_match_set Ensure Codecommit associates an approval rule Terraform
952 CKV2_AWS_37 resource aws_wafregional_ipset Ensure Codecommit associates an approval rule Terraform
953 CKV2_AWS_37 resource aws_wafregional_rate_based_rule Ensure Codecommit associates an approval rule Terraform
954 CKV2_AWS_37 resource aws_wafregional_regex_match_set Ensure Codecommit associates an approval rule Terraform
955 CKV2_AWS_37 resource aws_wafregional_regex_pattern_set Ensure Codecommit associates an approval rule Terraform
956 CKV2_AWS_37 resource aws_wafregional_rule Ensure Codecommit associates an approval rule Terraform
957 CKV2_AWS_37 resource aws_wafregional_rule_group Ensure Codecommit associates an approval rule Terraform
958 CKV2_AWS_37 resource aws_wafregional_size_constraint_set Ensure Codecommit associates an approval rule Terraform
959 CKV2_AWS_37 resource aws_wafregional_sql_injection_match_set Ensure Codecommit associates an approval rule Terraform
960 CKV2_AWS_37 resource aws_wafregional_web_acl Ensure Codecommit associates an approval rule Terraform
961 CKV2_AWS_37 resource aws_wafregional_web_acl_association Ensure Codecommit associates an approval rule Terraform
962 CKV2_AWS_37 resource aws_wafregional_xss_match_set Ensure Codecommit associates an approval rule Terraform
963 CKV2_AWS_37 resource aws_wafv2_ip_set Ensure Codecommit associates an approval rule Terraform
964 CKV2_AWS_37 resource aws_wafv2_regex_pattern_set Ensure Codecommit associates an approval rule Terraform
965 CKV2_AWS_37 resource aws_wafv2_rule_group Ensure Codecommit associates an approval rule Terraform
966 CKV2_AWS_37 resource aws_wafv2_web_acl Ensure Codecommit associates an approval rule Terraform
967 CKV2_AWS_37 resource aws_wafv2_web_acl_association Ensure Codecommit associates an approval rule Terraform
968 CKV2_AWS_37 resource aws_wafv2_web_acl_logging_configuration Ensure Codecommit associates an approval rule Terraform
969 CKV2_AWS_37 resource aws_worklink_fleet Ensure Codecommit associates an approval rule Terraform
970 CKV2_AWS_37 resource aws_worklink_website_certificate_authority_association Ensure Codecommit associates an approval rule Terraform
971 CKV2_AWS_37 resource aws_workspaces_directory Ensure Codecommit associates an approval rule Terraform
972 CKV2_AWS_37 resource aws_workspaces_ip_group Ensure Codecommit associates an approval rule Terraform
973 CKV2_AWS_37 resource aws_workspaces_workspace Ensure Codecommit associates an approval rule Terraform
974 CKV2_AWS_37 resource aws_xray_sampling_rule Ensure Codecommit associates an approval rule Terraform
975 CKV_AZURE_1 resource azurerm_linux_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform
976 CKV_AZURE_1 resource azurerm_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform
977 CKV_AZURE_2 resource azurerm_managed_disk Ensure Azure managed disk has encryption enabled Terraform
978 CKV_AZURE_3 resource azurerm_storage_account Ensure that ‘Secure transfer required’ is set to ‘Enabled’ Terraform
979 CKV_AZURE_4 resource azurerm_kubernetes_cluster Ensure AKS logging to Azure Monitoring is Configured Terraform
980 CKV_AZURE_5 resource azurerm_kubernetes_cluster Ensure RBAC is enabled on AKS clusters Terraform
981 CKV_AZURE_6 resource azurerm_kubernetes_cluster Ensure AKS has an API Server Authorized IP Ranges enabled Terraform
982 CKV_AZURE_7 resource azurerm_kubernetes_cluster Ensure AKS cluster has Network Policy configured Terraform
983 CKV_AZURE_8 resource azurerm_kubernetes_cluster Ensure Kubernetes Dashboard is disabled Terraform
984 CKV_AZURE_9 resource azurerm_network_security_group Ensure that RDP access is restricted from the internet Terraform
985 CKV_AZURE_9 resource azurerm_network_security_rule Ensure that RDP access is restricted from the internet Terraform
986 CKV_AZURE_10 resource azurerm_network_security_group Ensure that SSH access is restricted from the internet Terraform
987 CKV_AZURE_10 resource azurerm_network_security_rule Ensure that SSH access is restricted from the internet Terraform
988 CKV_AZURE_11 resource azurerm_mariadb_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
989 CKV_AZURE_11 resource azurerm_mysql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
990 CKV_AZURE_11 resource azurerm_postgresql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
991 CKV_AZURE_11 resource azurerm_sql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
992 CKV_AZURE_12 resource azurerm_network_watcher_flow_log Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Terraform
993 CKV_AZURE_13 resource azurerm_app_service Ensure App Service Authentication is set on Azure App Service Terraform
994 CKV_AZURE_14 resource azurerm_app_service Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform
995 CKV_AZURE_15 resource azurerm_app_service Ensure web app is using the latest version of TLS encryption Terraform
996 CKV_AZURE_16 resource azurerm_app_service Ensure that Register with Azure Active Directory is enabled on App Service Terraform
997 CKV_AZURE_17 resource azurerm_app_service Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform
998 CKV_AZURE_18 resource azurerm_app_service Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform
999 CKV_AZURE_19 resource azurerm_security_center_subscription_pricing Ensure that standard pricing tier is selected Terraform
1000 CKV_AZURE_20 resource azurerm_security_center_contact Ensure that security contact ‘Phone number’ is set Terraform
1001 CKV_AZURE_21 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform
1002 CKV_AZURE_22 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform
1003 CKV_AZURE_23 resource azurerm_mssql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform
1004 CKV_AZURE_23 resource azurerm_mssql_server_extended_auditing_policy Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform
1005 CKV_AZURE_23 resource azurerm_sql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform
1006 CKV_AZURE_24 resource azurerm_mssql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform
1007 CKV_AZURE_24 resource azurerm_mssql_server_extended_auditing_policy Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform
1008 CKV_AZURE_24 resource azurerm_sql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform
1009 CKV_AZURE_25 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Threat Detection types’ is set to ‘All’ Terraform
1010 CKV_AZURE_26 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Send Alerts To’ is enabled for MSSQL servers Terraform
1011 CKV_AZURE_27 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers Terraform
1012 CKV_AZURE_28 resource azurerm_mysql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server Terraform
1013 CKV_AZURE_29 resource azurerm_postgresql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server Terraform
1014 CKV_AZURE_30 resource azurerm_postgresql_configuration Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server Terraform
1015 CKV_AZURE_31 resource azurerm_postgresql_configuration Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server Terraform
1016 CKV_AZURE_32 resource azurerm_postgresql_configuration Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server Terraform
1017 CKV_AZURE_33 resource azurerm_storage_account Ensure Storage logging is enabled for Queue service for read, write and delete requests Terraform
1018 CKV_AZURE_34 resource azurerm_storage_container Ensure that ‘Public access level’ is set to Private for blob containers Terraform
1019 CKV_AZURE_35 resource azurerm_storage_account Ensure default network access rule for Storage Accounts is set to deny Terraform
1020 CKV_AZURE_35 resource azurerm_storage_account_network_rules Ensure default network access rule for Storage Accounts is set to deny Terraform
1021 CKV_AZURE_36 resource azurerm_storage_account Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform
1022 CKV_AZURE_36 resource azurerm_storage_account_network_rules Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform
1023 CKV_AZURE_37 resource azurerm_monitor_log_profile Ensure that Activity Log Retention is set 365 days or greater Terraform
1024 CKV_AZURE_38 resource azurerm_monitor_log_profile Ensure audit profile captures all the activities Terraform
1025 CKV_AZURE_39 resource azurerm_role_definition Ensure that no custom subscription owner roles are created Terraform
1026 CKV_AZURE_40 resource azurerm_key_vault_key Ensure that the expiration date is set on all keys Terraform
1027 CKV_AZURE_41 resource azurerm_key_vault_secret Ensure that the expiration date is set on all secrets Terraform
1028 CKV_AZURE_42 resource azurerm_key_vault Ensure the key vault is recoverable Terraform
1029 CKV_AZURE_43 resource azurerm_storage_account Ensure Storage Accounts adhere to the naming rules Terraform
1030 CKV_AZURE_44 resource azurerm_storage_account Ensure Storage Account is using the latest version of TLS encryption Terraform
1031 CKV_AZURE_45 resource azurerm_virtual_machine Ensure that no sensitive credentials are exposed in VM custom_data Terraform
1032 CKV_AZURE_47 resource azurerm_mariadb_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers Terraform
1033 CKV_AZURE_48 resource azurerm_mariadb_server Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers Terraform
1034 CKV_AZURE_49 resource azurerm_linux_virtual_machine_scale_set Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) Terraform
1035 CKV_AZURE_50 resource azurerm_linux_virtual_machine Ensure Virtual Machine Extensions are not Installed Terraform
1036 CKV_AZURE_50 resource azurerm_windows_virtual_machine Ensure Virtual Machine Extensions are not Installed Terraform
1037 CKV_AZURE_52 resource azurerm_mssql_server Ensure MSSQL is using the latest version of TLS encryption Terraform
1038 CKV_AZURE_53 resource azurerm_mysql_server Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers Terraform
1039 CKV_AZURE_54 resource azurerm_mysql_server Ensure MySQL is using the latest version of TLS encryption Terraform
1040 CKV_AZURE_55 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Servers Terraform
1041 CKV_AZURE_56 resource azurerm_function_app Ensure that function apps enables Authentication Terraform
1042 CKV_AZURE_57 resource azurerm_app_service Ensure that CORS disallows every resource to access app services Terraform
1043 CKV_AZURE_58 resource azurerm_synapse_workspace Ensure that Azure Synapse workspaces enables managed virtual networks Terraform
1044 CKV_AZURE_59 resource azurerm_storage_account Ensure that Storage accounts disallow public access Terraform
1045 CKV_AZURE_60 resource azurerm_storage_account Ensure that storage account enables secure transfer Terraform
1046 CKV_AZURE_61 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for App Service Terraform
1047 CKV_AZURE_62 resource azurerm_function_app Ensure function apps are not accessible from all regions Terraform
1048 CKV_AZURE_63 resource azurerm_app_service Ensure that App service enables HTTP logging Terraform
1049 CKV_AZURE_64 resource azurerm_storage_sync Ensure that Azure File Sync disables public network access Terraform
1050 CKV_AZURE_65 resource azurerm_app_service Ensure that App service enables detailed error messages Terraform
1051 CKV_AZURE_66 resource azurerm_app_service Ensure that App service enables failed request tracing Terraform
1052 CKV_AZURE_67 resource azurerm_function_app Ensure that ‘HTTP Version’ is the latest, if used to run the Function app Terraform
1053 CKV_AZURE_67 resource azurerm_function_app_slot Ensure that ‘HTTP Version’ is the latest, if used to run the Function app Terraform
1054 CKV_AZURE_68 resource azurerm_postgresql_server Ensure that PostgreSQL server disables public network access Terraform
1055 CKV_AZURE_69 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Azure SQL database servers Terraform
1056 CKV_AZURE_70 resource azurerm_function_app Ensure that Function apps is only accessible over HTTPS Terraform
1057 CKV_AZURE_71 resource azurerm_app_service Ensure that Managed identity provider is enabled for app services Terraform
1058 CKV_AZURE_72 resource azurerm_app_service Ensure that remote debugging is not enabled for app services Terraform
1059 CKV_AZURE_73 resource azurerm_automation_variable_bool Ensure that Automation account variables are encrypted Terraform
1060 CKV_AZURE_73 resource azurerm_automation_variable_datetime Ensure that Automation account variables are encrypted Terraform
1061 CKV_AZURE_73 resource azurerm_automation_variable_int Ensure that Automation account variables are encrypted Terraform
1062 CKV_AZURE_73 resource azurerm_automation_variable_string Ensure that Automation account variables are encrypted Terraform
1063 CKV_AZURE_74 resource azurerm_kusto_cluster Ensure that Azure Data Explorer uses disk encryption Terraform
1064 CKV_AZURE_75 resource azurerm_kusto_cluster Ensure that Azure Data Explorer uses double encryption Terraform
1065 CKV_AZURE_76 resource azurerm_batch_account Ensure that Azure Batch account uses key vault to encrypt data Terraform
1066 CKV_AZURE_77 resource azurerm_network_security_group Ensure that UDP Services are restricted from the Internet Terraform
1067 CKV_AZURE_77 resource azurerm_network_security_rule Ensure that UDP Services are restricted from the Internet Terraform
1068 CKV_AZURE_78 resource azurerm_app_service Ensure FTP deployments are disabled Terraform
1069 CKV_AZURE_79 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for SQL servers on machines Terraform
1070 CKV_AZURE_80 resource azurerm_app_service Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app Terraform
1071 CKV_AZURE_81 resource azurerm_app_service Ensure that ‘PHP version’ is the latest, if used to run the web app Terraform
1072 CKV_AZURE_82 resource azurerm_app_service Ensure that ‘Python version’ is the latest, if used to run the web app Terraform
1073 CKV_AZURE_83 resource azurerm_app_service Ensure that ‘Java version’ is the latest, if used to run the web app Terraform
1074 CKV_AZURE_84 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Storage Terraform
1075 CKV_AZURE_85 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Kubernetes Terraform
1076 CKV_AZURE_86 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Container Registries Terraform
1077 CKV_AZURE_87 resource azurerm_security_center_subscription_pricing Ensure that Azure Defender is set to On for Key Vault Terraform
1078 CKV_AZURE_88 resource azurerm_app_service Ensure that app services use Azure Files Terraform
1079 CKV_AZURE_89 resource azurerm_redis_cache Ensure that Azure Cache for Redis disables public network access Terraform
1080 CKV_AZURE_91 resource azurerm_redis_cache Ensure that only SSL are enabled for Cache for Redis Terraform
1081 CKV_AZURE_92 resource azurerm_linux_virtual_machine Ensure that Virtual Machines use managed disks Terraform
1082 CKV_AZURE_92 resource azurerm_windows_virtual_machine Ensure that Virtual Machines use managed disks Terraform
1083 CKV_AZURE_93 resource azurerm_managed_disk Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption Terraform
1084 CKV_AZURE_94 resource azurerm_mysql_server Ensure that My SQL server enables geo-redundant backups Terraform
1085 CKV_AZURE_95 resource azurerm_virtual_machine_scale_set Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets Terraform
1086 CKV_AZURE_96 resource azurerm_mysql_server Ensure that MySQL server enables infrastructure encryption Terraform
1087 CKV_AZURE_97 resource azurerm_linux_virtual_machine_scale_set Ensure that Virtual machine scale sets have encryption at host enabled Terraform
1088 CKV_AZURE_97 resource azurerm_windows_virtual_machine_scale_set Ensure that Virtual machine scale sets have encryption at host enabled Terraform
1089 CKV_AZURE_98 resource azurerm_container_group Ensure that Azure Container group is deployed into virtual network Terraform
1090 CKV_AZURE_99 resource azurerm_cosmosdb_account Ensure Cosmos DB accounts have restricted access Terraform
1091 CKV_AZURE_100 resource azurerm_cosmosdb_account Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest Terraform
1092 CKV_AZURE_101 resource azurerm_cosmosdb_account Ensure that Azure Cosmos DB disables public network access Terraform
1093 CKV_AZURE_102 resource azurerm_postgresql_server Ensure that PostgreSQL server enables geo-redundant backups Terraform
1094 CKV_AZURE_103 resource azurerm_data_factory Ensure that Azure Data Factory uses Git repository for source control Terraform
1095 CKV_AZURE_104 resource azurerm_data_factory Ensure that Azure Data factory public network access is disabled Terraform
1096 CKV_AZURE_105 resource azurerm_data_lake_store Ensure that Data Lake Store accounts enables encryption Terraform
1097 CKV_AZURE_106 resource azurerm_eventgrid_domain Ensure that Azure Event Grid Domain public network access is disabled Terraform
1098 CKV_AZURE_107 resource azurerm_api_management Ensure that API management services use virtual networks Terraform
1099 CKV_AZURE_108 resource azurerm_iothub Ensure that Azure IoT Hub disables public network access Terraform
1100 CKV_AZURE_109 resource azurerm_key_vault Ensure that key vault allows firewall rules settings Terraform
1101 CKV_AZURE_110 resource azurerm_key_vault Ensure that key vault enables purge protection Terraform
1102 CKV_AZURE_111 resource azurerm_key_vault Ensure that key vault enables soft delete Terraform
1103 CKV_AZURE_112 resource azurerm_key_vault_key Ensure that key vault key is backed by HSM Terraform
1104 CKV_AZURE_113 resource azurerm_mssql_server Ensure that SQL server disables public network access Terraform
1105 CKV_AZURE_114 resource azurerm_key_vault_secret Ensure that key vault secrets have “content_type” set Terraform
1106 CKV_AZURE_115 resource azurerm_kubernetes_cluster Ensure that AKS enables private clusters Terraform
1107 CKV_AZURE_116 resource azurerm_kubernetes_cluster Ensure that AKS uses Azure Policies Add-on Terraform
1108 CKV_AZURE_117 resource azurerm_kubernetes_cluster Ensure that AKS uses disk encryption set Terraform
1109 CKV_AZURE_118 resource azurerm_network_interface Ensure that Network Interfaces disable IP forwarding Terraform
1110 CKV_AZURE_119 resource azurerm_network_interface Ensure that Network Interfaces don’t use public IPs Terraform
1111 CKV_AZURE_120 resource azurerm_application_gateway Ensure that Application Gateway enables WAF Terraform
1112 CKV_AZURE_120 resource azurerm_web_application_firewall_policy Ensure that Application Gateway enables WAF Terraform
1113 CKV_AZURE_121 resource azurerm_frontdoor Ensure that Azure Front Door enables WAF Terraform
1114 CKV_AZURE_122 resource azurerm_web_application_firewall_policy Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes Terraform
1115 CKV_AZURE_123 resource azurerm_frontdoor_firewall_policy Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes Terraform
1116 CKV_AZURE_124 resource azurerm_search_service Ensure that Azure Cognitive Search disables public network access Terraform
1117 CKV_AZURE_125 resource azurerm_service_fabric_cluster Ensures that Service Fabric use three levels of protection available Terraform
1118 CKV_AZURE_126 resource azurerm_service_fabric_cluster Ensures that Active Directory is used for authentication for Service Fabric Terraform
1119 CKV_AZURE_127 resource azurerm_mysql_server Ensure that My SQL server enables Threat detection policy Terraform
1120 CKV_AZURE_128 resource azurerm_postgresql_server Ensure that PostgreSQL server enables Threat detection policy Terraform
1121 CKV_AZURE_129 resource azurerm_mariadb_server Ensure that MariaDB server enables geo-redundant backups Terraform
1122 CKV_AZURE_130 resource azurerm_postgresql_server Ensure that PostgreSQL server enables infrastructure encryption Terraform
1123 CKV_AZURE_131 resource azurerm_security_center_contact Ensure that ‘Security contact emails’ is set Terraform
1124 CKV_AZURE_132 resource azurerm_cosmosdb_account Ensure cosmosdb does not allow privileged escalation by restricting management plane changes Terraform
1125 CKV_AZURE_133 resource azurerm_frontdoor_firewall_policy Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform
1126 CKV_AZURE_134 resource azurerm_cognitive_account Ensure that Cognitive Services accounts disable public network access Terraform
1127 CKV_AZURE_135 resource azurerm_web_application_firewall_policy Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform
1128 CKV_AZURE_136 resource azurerm_postgresql_flexible_server Ensure that PostgreSQL Flexible server enables geo-redundant backups Terraform
1129 CKV_AZURE_137 resource azurerm_container_registry Ensure ACR admin account is disabled Terraform
1130 CKV_AZURE_138 resource azurerm_container_registry Ensures that ACR disables anonymous pulling of images Terraform
1131 CKV_AZURE_139 resource azurerm_container_registry Ensure ACR set to disable public networking Terraform
1132 CKV_AZURE_140 resource azurerm_cosmosdb_account Ensure that Local Authentication is disabled on CosmosDB Terraform
1133 CKV_AZURE_141 resource azurerm_kubernetes_cluster Ensure AKS local admin account is disabled Terraform
1134 CKV_AZURE_142 resource azurerm_machine_learning_compute_cluster Ensure Machine Learning Compute Cluster Local Authentication is disabled Terraform
1135 CKV_AZURE_143 resource azurerm_kubernetes_cluster Ensure AKS cluster nodes do not have public IP addresses Terraform
1136 CKV_AZURE_144 resource azurerm_machine_learning_workspace Ensure that Public Access is disabled for Machine Learning Workspace Terraform
1137 CKV_AZURE_145 resource azurerm_function_app Ensure Function app is using the latest version of TLS encryption Terraform
1138 CKV_AZURE_146 resource azurerm_postgresql_configuration Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server Terraform
1139 CKV_AZURE_147 resource azurerm_postgresql_server Ensure PostgreSQL is using the latest version of TLS encryption Terraform
1140 CKV_AZURE_148 resource azurerm_redis_cache Ensure Redis Cache is using the latest version of TLS encryption Terraform
1141 CKV_AZURE_149 resource azurerm_linux_virtual_machine Ensure that Virtual machine does not enable password authentication Terraform
1142 CKV_AZURE_149 resource azurerm_linux_virtual_machine_scale_set Ensure that Virtual machine does not enable password authentication Terraform
1143 CKV_AZURE_150 resource azurerm_machine_learning_compute_cluster Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0 Terraform
1144 CKV_AZURE_151 resource azurerm_windows_virtual_machine Ensure Windows VM enables encryption Terraform
1145 CKV_AZURE_152 resource azurerm_api_management Ensure Client Certificates are enforced for API management Terraform
1146 CKV_AZURE_153 resource azurerm_app_service_slot Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot Terraform
1147 CKV_AZURE_154 resource azurerm_app_service_slot Ensure the App service slot is using the latest version of TLS encryption Terraform
1148 CKV_AZURE_155 resource azurerm_app_service_slot Ensure debugging is disabled for the App service slot Terraform
1149 CKV_AZURE_156 resource azurerm_mssql_database_extended_auditing_policy Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs Terraform
1150 CKV_AZURE_157 resource azurerm_synapse_workspace Ensure that Synapse workspace has data_exfiltration_protection_enabled Terraform
1151 CKV_AZURE_158 resource azurerm_databricks_workspace Ensure that databricks workspace has not public Terraform
1152 CKV_AZURE_159 resource azurerm_function_app Ensure function app builtin logging is enabled Terraform
1153 CKV_AZURE_159 resource azurerm_function_app_slot Ensure function app builtin logging is enabled Terraform
1154 CKV_AZURE_160 resource azurerm_network_security_group Ensure that HTTP (port 80) access is restricted from the internet Terraform
1155 CKV_AZURE_160 resource azurerm_network_security_rule Ensure that HTTP (port 80) access is restricted from the internet Terraform
1156 CKV2_AZURE_1 resource azurerm_storage_account Ensure storage for critical data are encrypted with Customer Managed Key Terraform
1157 CKV2_AZURE_2 resource azurerm_mssql_server_security_alert_policy Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account Terraform
1158 CKV2_AZURE_2 resource azurerm_sql_server Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account Terraform
1159 CKV2_AZURE_3 resource azurerm_mssql_server Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform
1160 CKV2_AZURE_3 resource azurerm_mssql_server_security_alert_policy Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform
1161 CKV2_AZURE_3 resource azurerm_mssql_server_vulnerability_assessment Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform
1162 CKV2_AZURE_3 resource azurerm_sql_server Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server Terraform
1163 CKV2_AZURE_4 resource azurerm_mssql_server Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform
1164 CKV2_AZURE_4 resource azurerm_mssql_server_security_alert_policy Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform
1165 CKV2_AZURE_4 resource azurerm_mssql_server_vulnerability_assessment Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform
1166 CKV2_AZURE_4 resource azurerm_sql_server Ensure Azure SQL server ADS VA Send scan reports to is configured Terraform
1167 CKV2_AZURE_5 resource azurerm_mssql_server Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform
1168 CKV2_AZURE_5 resource azurerm_mssql_server_security_alert_policy Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform
1169 CKV2_AZURE_5 resource azurerm_mssql_server_vulnerability_assessment Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform
1170 CKV2_AZURE_5 resource azurerm_sql_server Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server Terraform
1171 CKV2_AZURE_6 resource azurerm_sql_firewall_rule Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled Terraform
1172 CKV2_AZURE_6 resource azurerm_sql_server Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled Terraform
1173 CKV2_AZURE_7 resource azurerm_sql_server Ensure that Azure Active Directory Admin is configured Terraform
1174 CKV2_AZURE_8 resource azurerm_monitor_activity_log_alert Ensure the storage container storing the activity logs is not publicly accessible Terraform
1175 CKV2_AZURE_8 resource azurerm_storage_container Ensure the storage container storing the activity logs is not publicly accessible Terraform
1176 CKV2_AZURE_9 resource azurerm_virtual_machine Ensure Virtual Machines are utilizing Managed Disks Terraform
1177 CKV2_AZURE_10 resource azurerm_virtual_machine Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Terraform
1178 CKV2_AZURE_10 resource azurerm_virtual_machine_extension Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Terraform
1179 CKV2_AZURE_11 resource azurerm_kusto_cluster Ensure that Azure Data Explorer encryption at rest uses a customer-managed key Terraform
1180 CKV2_AZURE_12 resource azurerm_virtual_machine Ensure that virtual machines are backed up using Azure Backup Terraform
1181 CKV2_AZURE_13 resource azurerm_mssql_server_security_alert_policy Ensure that sql servers enables data security policy Terraform
1182 CKV2_AZURE_13 resource azurerm_sql_server Ensure that sql servers enables data security policy Terraform
1183 CKV2_AZURE_14 resource azurerm_managed_disk Ensure that Unattached disks are encrypted Terraform
1184 CKV2_AZURE_14 resource azurerm_virtual_machine Ensure that Unattached disks are encrypted Terraform
1185 CKV2_AZURE_15 resource azurerm_data_factory Ensure that Azure data factories are encrypted with a customer-managed key Terraform
1186 CKV2_AZURE_16 resource azurerm_mysql_server Ensure that MySQL server enables customer-managed key for encryption Terraform
1187 CKV2_AZURE_16 resource azurerm_mysql_server_key Ensure that MySQL server enables customer-managed key for encryption Terraform
1188 CKV2_AZURE_17 resource azurerm_postgresql_server Ensure that PostgreSQL server enables customer-managed key for encryption Terraform
1189 CKV2_AZURE_17 resource azurerm_postgresql_server_key Ensure that PostgreSQL server enables customer-managed key for encryption Terraform
1190 CKV2_AZURE_18 resource azurerm_storage_account Ensure that Storage Accounts use customer-managed key for encryption Terraform
1191 CKV2_AZURE_18 resource azurerm_storage_account_customer_managed_key Ensure that Storage Accounts use customer-managed key for encryption Terraform
1192 CKV2_AZURE_19 resource azurerm_synapse_workspace Ensure that Azure Synapse workspaces have no IP firewall rules attached Terraform
1193 CKV2_AZURE_20 resource azurerm_log_analytics_storage_insights Ensure Storage logging is enabled for Table service for read requests Terraform
1194 CKV2_AZURE_20 resource azurerm_storage_account Ensure Storage logging is enabled for Table service for read requests Terraform
1195 CKV2_AZURE_20 resource azurerm_storage_table Ensure Storage logging is enabled for Table service for read requests Terraform
1196 CKV2_AZURE_21 resource azurerm_log_analytics_storage_insights Ensure Storage logging is enabled for Blob service for read requests Terraform
1197 CKV2_AZURE_21 resource azurerm_storage_account Ensure Storage logging is enabled for Blob service for read requests Terraform
1198 CKV2_AZURE_21 resource azurerm_storage_container Ensure Storage logging is enabled for Blob service for read requests Terraform
1199 CKV2_AZURE_22 resource azurerm_cognitive_account Ensure that Cognitive Services enables customer-managed key for encryption Terraform
1200 CKV2_AZURE_22 resource azurerm_cognitive_account_customer_managed_key Ensure that Cognitive Services enables customer-managed key for encryption Terraform
1201 CKV_BCW_1 provider bridgecrew Ensure no hard coded API token exist in the provider Terraform
1202 CKV_DIO_1 resource digitalocean_spaces_bucket Ensure the Spaces bucket has versioning enabled Terraform
1203 CKV_DIO_2 resource digitalocean_droplet Ensure the droplet specifies an SSH key Terraform
1204 CKV_DIO_3 resource digitalocean_spaces_bucket Ensure the Spaces bucket is private Terraform
1205 CKV_DIO_4 resource digitalocean_firewall Ensure the firewall ingress is not wide open Terraform
1206 CKV_GCP_1 resource google_container_cluster Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters Terraform
1207 CKV_GCP_2 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted ssh access Terraform
1208 CKV_GCP_3 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted rdp access Terraform
1209 CKV_GCP_4 resource google_compute_ssl_policy Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites Terraform
1210 CKV_GCP_6 resource google_sql_database_instance Ensure all Cloud SQL database instance requires all incoming connections to use SSL Terraform
1211 CKV_GCP_7 resource google_container_cluster Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters Terraform
1212 CKV_GCP_8 resource google_container_cluster Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters Terraform
1213 CKV_GCP_9 resource google_container_node_pool Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters Terraform
1214 CKV_GCP_10 resource google_container_node_pool Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters Terraform
1215 CKV_GCP_11 resource google_sql_database_instance Ensure that Cloud SQL database Instances are not open to the world Terraform
1216 CKV_GCP_12 resource google_container_cluster Ensure Network Policy is enabled on Kubernetes Engine Clusters Terraform
1217 CKV_GCP_13 resource google_container_cluster Ensure client certificate authentication to Kubernetes Engine Clusters is disabled Terraform
1218 CKV_GCP_14 resource google_sql_database_instance Ensure all Cloud SQL database instance have backup configuration enabled Terraform
1219 CKV_GCP_15 resource google_bigquery_dataset Ensure that BigQuery datasets are not anonymously or publicly accessible Terraform
1220 CKV_GCP_16 resource google_dns_managed_zone Ensure that DNSSEC is enabled for Cloud DNS Terraform
1221 CKV_GCP_17 resource google_dns_managed_zone Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC Terraform
1222 CKV_GCP_18 resource google_container_cluster Ensure GKE Control Plane is not public Terraform
1223 CKV_GCP_19 resource google_container_cluster Ensure GKE basic auth is disabled Terraform
1224 CKV_GCP_20 resource google_container_cluster Ensure master authorized networks is set to enabled in GKE clusters Terraform
1225 CKV_GCP_21 resource google_container_cluster Ensure Kubernetes Clusters are configured with Labels Terraform
1226 CKV_GCP_22 resource google_container_node_pool Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image Terraform
1227 CKV_GCP_23 resource google_container_cluster Ensure Kubernetes Cluster is created with Alias IP ranges enabled Terraform
1228 CKV_GCP_24 resource google_container_cluster Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Terraform
1229 CKV_GCP_25 resource google_container_cluster Ensure Kubernetes Cluster is created with Private cluster enabled Terraform
1230 CKV_GCP_26 resource google_compute_subnetwork Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network Terraform
1231 CKV_GCP_27 resource google_project Ensure that the default network does not exist in a project Terraform
1232 CKV_GCP_28 resource google_storage_bucket_iam_binding Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform
1233 CKV_GCP_28 resource google_storage_bucket_iam_member Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform
1234 CKV_GCP_29 resource google_storage_bucket Ensure that Cloud Storage buckets have uniform bucket-level access enabled Terraform
1235 CKV_GCP_30 resource google_compute_instance Ensure that instances are not configured to use the default service account Terraform
1236 CKV_GCP_30 resource google_compute_instance_from_template Ensure that instances are not configured to use the default service account Terraform
1237 CKV_GCP_30 resource google_compute_instance_template Ensure that instances are not configured to use the default service account Terraform
1238 CKV_GCP_31 resource google_compute_instance Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform
1239 CKV_GCP_31 resource google_compute_instance_from_template Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform
1240 CKV_GCP_31 resource google_compute_instance_template Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform
1241 CKV_GCP_32 resource google_compute_instance Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform
1242 CKV_GCP_32 resource google_compute_instance_from_template Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform
1243 CKV_GCP_32 resource google_compute_instance_template Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform
1244 CKV_GCP_33 resource google_compute_project_metadata Ensure oslogin is enabled for a Project Terraform
1245 CKV_GCP_34 resource google_compute_instance Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform
1246 CKV_GCP_34 resource google_compute_instance_from_template Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform
1247 CKV_GCP_34 resource google_compute_instance_template Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) Terraform
1248 CKV_GCP_35 resource google_compute_instance Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform
1249 CKV_GCP_35 resource google_compute_instance_from_template Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform
1250 CKV_GCP_35 resource google_compute_instance_template Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform
1251 CKV_GCP_36 resource google_compute_instance Ensure that IP forwarding is not enabled on Instances Terraform
1252 CKV_GCP_36 resource google_compute_instance_from_template Ensure that IP forwarding is not enabled on Instances Terraform
1253 CKV_GCP_36 resource google_compute_instance_template Ensure that IP forwarding is not enabled on Instances Terraform
1254 CKV_GCP_37 resource google_compute_disk Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1255 CKV_GCP_38 resource google_compute_instance Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1256 CKV_GCP_39 resource google_compute_instance Ensure Compute instances are launched with Shielded VM enabled Terraform
1257 CKV_GCP_39 resource google_compute_instance_from_template Ensure Compute instances are launched with Shielded VM enabled Terraform
1258 CKV_GCP_39 resource google_compute_instance_template Ensure Compute instances are launched with Shielded VM enabled Terraform
1259 CKV_GCP_40 resource google_compute_instance Ensure that Compute instances do not have public IP addresses Terraform
1260 CKV_GCP_40 resource google_compute_instance_from_template Ensure that Compute instances do not have public IP addresses Terraform
1261 CKV_GCP_40 resource google_compute_instance_template Ensure that Compute instances do not have public IP addresses Terraform
1262 CKV_GCP_41 resource google_project_iam_binding Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform
1263 CKV_GCP_41 resource google_project_iam_member Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform
1264 CKV_GCP_42 resource google_project_iam_member Ensure that Service Account has no Admin privileges Terraform
1265 CKV_GCP_43 resource google_kms_crypto_key Ensure KMS encryption keys are rotated within a period of 90 days Terraform
1266 CKV_GCP_44 resource google_folder_iam_binding Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level Terraform
1267 CKV_GCP_44 resource google_folder_iam_member Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level Terraform
1268 CKV_GCP_45 resource google_organization_iam_binding Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level Terraform
1269 CKV_GCP_45 resource google_organization_iam_member Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level Terraform
1270 CKV_GCP_46 resource google_project_iam_binding Ensure Default Service account is not used at a project level Terraform
1271 CKV_GCP_46 resource google_project_iam_member Ensure Default Service account is not used at a project level Terraform
1272 CKV_GCP_47 resource google_organization_iam_binding Ensure default service account is not used at an organization level Terraform
1273 CKV_GCP_47 resource google_organization_iam_member Ensure default service account is not used at an organization level Terraform
1274 CKV_GCP_48 resource google_folder_iam_binding Ensure Default Service account is not used at a folder level Terraform
1275 CKV_GCP_48 resource google_folder_iam_member Ensure Default Service account is not used at a folder level Terraform
1276 CKV_GCP_49 resource google_project_iam_binding Ensure roles do not impersonate or manage Service Accounts used at project level Terraform
1277 CKV_GCP_49 resource google_project_iam_member Ensure roles do not impersonate or manage Service Accounts used at project level Terraform
1278 CKV_GCP_50 resource google_sql_database_instance Ensure MySQL database ‘local_infile’ flag is set to ‘off’ Terraform
1279 CKV_GCP_51 resource google_sql_database_instance Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’ Terraform
1280 CKV_GCP_52 resource google_sql_database_instance Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’ Terraform
1281 CKV_GCP_53 resource google_sql_database_instance Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’ Terraform
1282 CKV_GCP_54 resource google_sql_database_instance Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’ Terraform
1283 CKV_GCP_55 resource google_sql_database_instance Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value Terraform
1284 CKV_GCP_56 resource google_sql_database_instance Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’ Terraform
1285 CKV_GCP_57 resource google_sql_database_instance Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’ Terraform
1286 CKV_GCP_58 resource google_sql_database_instance Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’ Terraform
1287 CKV_GCP_59 resource google_sql_database_instance Ensure SQL database ‘contained database authentication’ flag is set to ‘off’ Terraform
1288 CKV_GCP_60 resource google_sql_database_instance Ensure Cloud SQL database does not have public IP Terraform
1289 CKV_GCP_61 resource google_container_cluster Enable VPC Flow Logs and Intranode Visibility Terraform
1290 CKV_GCP_62 resource google_storage_bucket Bucket should log access Terraform
1291 CKV_GCP_63 resource google_storage_bucket Bucket should not log to itself Terraform
1292 CKV_GCP_64 resource google_container_cluster Ensure clusters are created with Private Nodes Terraform
1293 CKV_GCP_65 resource google_container_cluster Manage Kubernetes RBAC users with Google Groups for GKE Terraform
1294 CKV_GCP_66 resource google_container_cluster Ensure use of Binary Authorization Terraform
1295 CKV_GCP_67 resource google_container_cluster Ensure legacy Compute Engine instance metadata APIs are Disabled Terraform
1296 CKV_GCP_68 resource google_container_cluster Ensure Secure Boot for Shielded GKE Nodes is Enabled Terraform
1297 CKV_GCP_68 resource google_container_node_pool Ensure Secure Boot for Shielded GKE Nodes is Enabled Terraform
1298 CKV_GCP_69 resource google_container_cluster Ensure the GKE Metadata Server is Enabled Terraform
1299 CKV_GCP_69 resource google_container_node_pool Ensure the GKE Metadata Server is Enabled Terraform
1300 CKV_GCP_70 resource google_container_cluster Ensure the GKE Release Channel is set Terraform
1301 CKV_GCP_71 resource google_container_cluster Ensure Shielded GKE Nodes are Enabled Terraform
1302 CKV_GCP_72 resource google_container_cluster Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled Terraform
1303 CKV_GCP_72 resource google_container_node_pool Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled Terraform
1304 CKV_GCP_73 resource google_compute_security_policy Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell Terraform
1305 CKV_GCP_74 resource google_compute_subnetwork Ensure that private_ip_google_access is enabled for Subnet Terraform
1306 CKV_GCP_75 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted FTP access Terraform
1307 CKV_GCP_76 resource google_compute_subnetwork Ensure that Private google access is enabled for IPV6 Terraform
1308 CKV_GCP_77 resource google_compute_firewall Ensure Google compute firewall ingress does not allow on ftp port Terraform
1309 CKV_GCP_78 resource google_storage_bucket Ensure Cloud storage has versioning enabled Terraform
1310 CKV_GCP_79 resource google_sql_database_instance Ensure SQL database is using latest Major version Terraform
1311 CKV_GCP_80 resource google_bigquery_table Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1312 CKV_GCP_81 resource google_bigquery_dataset Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1313 CKV_GCP_82 resource google_kms_crypto_key Ensure KMS keys are protected from deletion Terraform
1314 CKV_GCP_83 resource google_pubsub_topic Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1315 CKV_GCP_84 resource google_artifact_registry_repository Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1316 CKV_GCP_85 resource google_bigtable_instance Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1317 CKV_GCP_86 resource google_cloudbuild_worker_pool Ensure Cloud build workers are private Terraform
1318 CKV_GCP_87 resource google_data_fusion_instance Ensure Data fusion instances are private Terraform
1319 CKV_GCP_88 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted mysql access Terraform
1320 CKV_GCP_89 resource google_notebooks_instance Ensure Vertex AI instances are private Terraform
1321 CKV_GCP_90 resource google_dataflow_job Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1322 CKV_GCP_91 resource google_dataproc_cluster Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1323 CKV_GCP_92 resource google_vertex_ai_dataset Ensure Vertex AI datasets uses a CMK (Customer Manager Key) Terraform
1324 CKV_GCP_93 resource google_spanner_database Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
1325 CKV_GCP_94 resource google_dataflow_job Ensure Dataflow jobs are private Terraform
1326 CKV_GCP_95 resource google_redis_instance Ensure Memorystore for Redis has AUTH enabled Terraform
1327 CKV_GCP_96 resource google_vertex_ai_metadata_store Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key) Terraform
1328 CKV_GCP_97 resource google_redis_instance Ensure Memorystore for Redis uses intransit encryption Terraform
1329 CKV_GCP_98 resource google_dataproc_cluster_iam_binding Ensure that Dataproc clusters are not anonymously or publicly accessible Terraform
1330 CKV_GCP_98 resource google_dataproc_cluster_iam_member Ensure that Dataproc clusters are not anonymously or publicly accessible Terraform
1331 CKV_GCP_99 resource google_pubsub_topic_iam_binding Ensure that Pub/Sub Topics are not anonymously or publicly accessible Terraform
1332 CKV_GCP_99 resource google_pubsub_topic_iam_member Ensure that Pub/Sub Topics are not anonymously or publicly accessible Terraform
1333 CKV_GCP_100 resource google_bigquery_table_iam_binding Ensure that BigQuery Tables are not anonymously or publicly accessible Terraform
1334 CKV_GCP_100 resource google_bigquery_table_iam_member Ensure that BigQuery Tables are not anonymously or publicly accessible Terraform
1335 CKV_GCP_101 resource google_artifact_registry_repository_iam_binding Ensure that Artifact Registry repositories are not anonymously or publicly accessible Terraform
1336 CKV_GCP_101 resource google_artifact_registry_repository_iam_member Ensure that Artifact Registry repositories are not anonymously or publicly accessible Terraform
1337 CKV_GCP_102 resource google_cloud_run_service_iam_binding Ensure that GCP Cloud Run services are not anonymously or publicly accessible Terraform
1338 CKV_GCP_102 resource google_cloud_run_service_iam_member Ensure that GCP Cloud Run services are not anonymously or publicly accessible Terraform
1339 CKV_GCP_103 resource google_dataproc_cluster Ensure Dataproc Clusters do not have public IPs Terraform
1340 CKV_GCP_104 resource google_data_fusion_instance Ensure Datafusion has stack driver logging enabled Terraform
1341 CKV_GCP_105 resource google_data_fusion_instance Ensure Datafusion has stack driver monitoring enabled Terraform
1342 CKV_GCP_106 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted http port 80 access Terraform
1343 CKV2_GCP_1 resource google_project_default_service_accounts Ensure GKE clusters are not running using the Compute Engine default service account Terraform
1344 CKV2_GCP_2 resource google_compute_network Ensure legacy networks do not exist for a project Terraform
1345 CKV2_GCP_3 resource google_service_account_key Ensure that there are only GCP-managed service account keys for each service account Terraform
1346 CKV2_GCP_4 resource google_logging_folder_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform
1347 CKV2_GCP_4 resource google_logging_organization_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform
1348 CKV2_GCP_4 resource google_logging_project_sink Ensure that retention policies on log buckets are configured using Bucket Lock Terraform
1349 CKV2_GCP_4 resource google_storage_bucket Ensure that retention policies on log buckets are configured using Bucket Lock Terraform
1350 CKV2_GCP_5 resource google_project Ensure that Cloud Audit Logging is configured properly across all services and all users from a project Terraform
1351 CKV2_GCP_5 resource google_project_iam_audit_config Ensure that Cloud Audit Logging is configured properly across all services and all users from a project Terraform
1352 CKV2_GCP_6 resource google_kms_crypto_key Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform
1353 CKV2_GCP_6 resource google_kms_crypto_key_iam_binding Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform
1354 CKV2_GCP_6 resource google_kms_crypto_key_iam_member Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible Terraform
1355 CKV2_GCP_7 resource google_sql_database_instance Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges Terraform
1356 CKV2_GCP_7 resource google_sql_user Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges Terraform
1357 CKV2_GCP_8 resource google_kms_key_ring Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform
1358 CKV2_GCP_8 resource google_kms_key_ring_iam_binding Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform
1359 CKV2_GCP_8 resource google_kms_key_ring_iam_member Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible Terraform
1360 CKV2_GCP_9 resource google_container_registry Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform
1361 CKV2_GCP_9 resource google_storage_bucket_iam_binding Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform
1362 CKV2_GCP_9 resource google_storage_bucket_iam_member Ensure that Container Registry repositories are not anonymously or publicly accessible Terraform
1363 CKV_GIT_1 resource github_repository Ensure Repository is Private Terraform
1364 CKV_GIT_2 resource github_repository_webhook Ensure Repository Webhook uses secure Ssl Terraform
1365 CKV_GIT_3 resource github_repository Ensure GitHub repository has vulnerability alerts enabled Terraform
1366 CKV_GIT_4 resource github_actions_environment_secret Ensure Secrets are encrypted Terraform
1367 CKV_GIT_4 resource github_actions_organization_secret Ensure Secrets are encrypted Terraform
1368 CKV_GIT_4 resource github_actions_secret Ensure Secrets are encrypted Terraform
1369 CKV_GIT_5 resource github_branch_protection Ensure at least two approving reviews for PRs Terraform
1370 CKV_GIT_5 resource github_branch_protection_v3 Ensure at least two approving reviews for PRs Terraform
1371 CKV_GIT_6 resource github_branch_protection Ensure all commits GPG signed Terraform
1372 CKV_GIT_6 resource github_branch_protection_v3 Ensure all commits GPG signed Terraform
1373 CKV2_GIT_1 resource github_repository Ensure each Repository has branch protection associated Terraform
1374 CKV_GLB_1 resource gitlab_project Ensure at least two approving reviews to merge Terraform
1375 CKV_GLB_2 resource gitlab_branch_protection Ensure force push is disabled Terraform
1376 CKV_GLB_3 resource gitlab_project Ensure prevent secrets is enabled Terraform
1377 CKV_GLB_4 resource gitlab_project Ensure commits are signed Terraform
1378 CKV_K8S_1 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host process ID namespace Terraform
1379 CKV_K8S_2 resource kubernetes_pod_security_policy Do not admit privileged containers Terraform
1380 CKV_K8S_3 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host IPC namespace Terraform
1381 CKV_K8S_4 resource kubernetes_pod_security_policy Do not admit containers wishing to share the host network namespace Terraform
1382 CKV_K8S_5 resource kubernetes_pod_security_policy Containers should not run with allowPrivilegeEscalation Terraform
1383 CKV_K8S_6 resource kubernetes_pod_security_policy Do not admit root containers Terraform
1384 CKV_K8S_7 resource kubernetes_pod_security_policy Do not admit containers with the NET_RAW capability Terraform
1385 CKV_K8S_8 resource kubernetes_pod Liveness Probe Should be Configured Terraform
1386 CKV_K8S_9 resource kubernetes_pod Readiness Probe Should be Configured Terraform
1387 CKV_K8S_10 resource kubernetes_pod CPU requests should be set Terraform
1388 CKV_K8S_11 resource kubernetes_pod CPU Limits should be set Terraform
1389 CKV_K8S_12 resource kubernetes_pod Memory Limits should be set Terraform
1390 CKV_K8S_13 resource kubernetes_pod Memory requests should be set Terraform
1391 CKV_K8S_14 resource kubernetes_pod Image Tag should be fixed - not latest or blank Terraform
1392 CKV_K8S_15 resource kubernetes_pod Image Pull Policy should be Always Terraform
1393 CKV_K8S_16 resource kubernetes_pod Do not admit privileged containers Terraform
1394 CKV_K8S_17 resource kubernetes_pod Do not admit containers wishing to share the host process ID namespace Terraform
1395 CKV_K8S_18 resource kubernetes_pod Do not admit containers wishing to share the host IPC namespace Terraform
1396 CKV_K8S_19 resource kubernetes_pod Do not admit containers wishing to share the host network namespace Terraform
1397 CKV_K8S_20 resource kubernetes_pod Containers should not run with allowPrivilegeEscalation Terraform
1398 CKV_K8S_21 resource kubernetes_config_map The default namespace should not be used Terraform
1399 CKV_K8S_21 resource kubernetes_cron_job The default namespace should not be used Terraform
1400 CKV_K8S_21 resource kubernetes_daemonset The default namespace should not be used Terraform
1401 CKV_K8S_21 resource kubernetes_deployment The default namespace should not be used Terraform
1402 CKV_K8S_21 resource kubernetes_ingress The default namespace should not be used Terraform
1403 CKV_K8S_21 resource kubernetes_job The default namespace should not be used Terraform
1404 CKV_K8S_21 resource kubernetes_pod The default namespace should not be used Terraform
1405 CKV_K8S_21 resource kubernetes_replication_controller The default namespace should not be used Terraform
1406 CKV_K8S_21 resource kubernetes_role_binding The default namespace should not be used Terraform
1407 CKV_K8S_21 resource kubernetes_secret The default namespace should not be used Terraform
1408 CKV_K8S_21 resource kubernetes_service The default namespace should not be used Terraform
1409 CKV_K8S_21 resource kubernetes_service_account The default namespace should not be used Terraform
1410 CKV_K8S_21 resource kubernetes_stateful_set The default namespace should not be used Terraform
1411 CKV_K8S_22 resource kubernetes_pod Use read-only filesystem for containers where possible Terraform
1412 CKV_K8S_24 resource kubernetes_pod_security_policy Do not allow containers with added capability Terraform
1413 CKV_K8S_25 resource kubernetes_pod Minimize the admission of containers with added capability Terraform
1414 CKV_K8S_26 resource kubernetes_pod Do not specify hostPort unless absolutely necessary Terraform
1415 CKV_K8S_27 resource kubernetes_daemonset Do not expose the docker daemon socket to containers Terraform
1416 CKV_K8S_27 resource kubernetes_deployment Do not expose the docker daemon socket to containers Terraform
1417 CKV_K8S_27 resource kubernetes_pod Do not expose the docker daemon socket to containers Terraform
1418 CKV_K8S_28 resource kubernetes_pod Minimize the admission of containers with the NET_RAW capability Terraform
1419 CKV_K8S_29 resource kubernetes_daemonset Apply security context to your pods and containers Terraform
1420 CKV_K8S_29 resource kubernetes_deployment Apply security context to your pods and containers Terraform
1421 CKV_K8S_29 resource kubernetes_pod Apply security context to your pods and containers Terraform
1422 CKV_K8S_30 resource kubernetes_pod Apply security context to your pods and containers Terraform
1423 CKV_K8S_32 resource kubernetes_pod_security_policy Ensure default seccomp profile set to docker/default or runtime/default Terraform
1424 CKV_K8S_34 resource kubernetes_pod Ensure that Tiller (Helm v2) is not deployed Terraform
1425 CKV_K8S_35 resource kubernetes_pod Prefer using secrets as files over secrets as environment variables Terraform
1426 CKV_K8S_36 resource kubernetes_pod_security_policy Minimise the admission of containers with capabilities assigned Terraform
1427 CKV_K8S_37 resource kubernetes_pod Minimise the admission of containers with capabilities assigned Terraform
1428 CKV_K8S_39 resource kubernetes_pod Do not use the CAP_SYS_ADMIN linux capability Terraform
1429 CKV_K8S_41 resource kubernetes_service_account Ensure that default service accounts are not actively used Terraform
1430 CKV_K8S_42 resource kubernetes_cluster_role_binding Ensure that default service accounts are not actively used Terraform
1431 CKV_K8S_42 resource kubernetes_role_binding Ensure that default service accounts are not actively used Terraform
1432 CKV_K8S_43 resource kubernetes_pod Image should use digest Terraform
1433 CKV_K8S_44 resource kubernetes_service Ensure that the Tiller Service (Helm v2) is deleted Terraform
1434 CKV_K8S_49 resource kubernetes_cluster_role Minimize wildcard use in Roles and ClusterRoles Terraform
1435 CKV_K8S_49 resource kubernetes_role Minimize wildcard use in Roles and ClusterRoles Terraform
1436 CKV_LIN_1 provider linode Ensure no hard coded Linode tokens exist in provider Terraform
1437 CKV_LIN_2 resource linode_instance Ensure SSH key set in authorized_keys Terraform
1438 CKV_LIN_3 resource linode_user Ensure email is set Terraform
1439 CKV_LIN_4 resource linode_user Ensure username is set Terraform
1440 CKV_LIN_5 resource linode_firewall Ensure Inbound Firewall Policy is not set to ACCEPT Terraform
1441 CKV_LIN_6 resource linode_firewall Ensure Outbound Firewall Policy is not set to ACCEPT Terraform
1442 CKV_OCI_1 provider oci Ensure no hard coded OCI private key in provider Terraform
1443 CKV_OCI_2 resource oci_core_volume Ensure OCI Block Storage Block Volume has backup enabled Terraform
1444 CKV_OCI_3 resource oci_core_volume OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) Terraform
1445 CKV_OCI_4 resource oci_core_instance Ensure OCI Compute Instance boot volume has in-transit data encryption enabled Terraform
1446 CKV_OCI_5 resource oci_core_instance Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled Terraform
1447 CKV_OCI_6 resource oci_core_instance Ensure OCI Compute Instance has monitoring enabled Terraform
1448 CKV_OCI_7 resource oci_objectstorage_bucket Ensure OCI Object Storage bucket can emit object events Terraform
1449 CKV_OCI_8 resource oci_objectstorage_bucket Ensure OCI Object Storage has versioning enabled Terraform
1450 CKV_OCI_9 resource oci_objectstorage_bucket Ensure OCI Object Storage is encrypted with Customer Managed Key Terraform
1451 CKV_OCI_10 resource oci_objectstorage_bucket Ensure OCI Object Storage is not Public Terraform
1452 CKV_OCI_11 resource oci_identity_authentication_policy OCI IAM password policy - must contain lower case Terraform
1453 CKV_OCI_12 resource oci_identity_authentication_policy OCI IAM password policy - must contain Numeric characters Terraform
1454 CKV_OCI_13 resource oci_identity_authentication_policy OCI IAM password policy - must contain Special characters Terraform
1455 CKV_OCI_14 resource oci_identity_authentication_policy OCI IAM password policy - must contain Uppercase characters Terraform
1456 CKV_OCI_15 resource oci_file_storage_file_system Ensure OCI File System is Encrypted with a customer Managed Key Terraform
1457 CKV_OCI_16 resource oci_core_security_list Ensure VCN has an inbound security list Terraform
1458 CKV_OCI_17 resource oci_core_security_list Ensure VCN inbound security lists are stateless Terraform
1459 CKV_OCI_18 resource oci_identity_authentication_policy OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters Terraform
1460 CKV_OCI_19 resource oci_core_security_list Ensure no security list allow ingress from 0.0.0.0:0 to port 22. Terraform
1461 CKV_OCI_20 resource oci_core_security_list Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. Terraform
1462 CKV_OCI_21 resource oci_core_network_security_group_security_rule Ensure security group has stateless ingress security rules Terraform
1463 CKV_OCI_22 resource oci_core_network_security_group_security_rule Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 Terraform
1464 CKV2_OCI_1 resource oci_identity_group Ensure administrator users are not associated with API keys Terraform
1465 CKV2_OCI_1 resource oci_identity_user Ensure administrator users are not associated with API keys Terraform
1466 CKV2_OCI_1 resource oci_identity_user_group_membership Ensure administrator users are not associated with API keys Terraform
1467 CKV_OPENSTACK_1 provider openstack Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider Terraform
1468 CKV_OPENSTACK_2 resource openstack_compute_secgroup_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) Terraform
1469 CKV_OPENSTACK_2 resource openstack_networking_secgroup_rule_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) Terraform
1470 CKV_OPENSTACK_3 resource openstack_compute_secgroup_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) Terraform
1471 CKV_OPENSTACK_3 resource openstack_networking_secgroup_rule_v2 Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) Terraform
1472 CKV_OPENSTACK_4 resource openstack_compute_instance_v2 Ensure that instance does not use basic credentials Terraform
1473 CKV_OPENSTACK_5 resource openstack_fw_rule_v1 Ensure firewall rule set a destination IP Terraform
1474 CKV_PAN_1 provider panos Ensure no hard coded PAN-OS credentials exist in provider Terraform
1475 CKV_PAN_2 resource panos_management_profile Ensure plain-text management HTTP is not enabled for an Interface Management Profile Terraform
1476 CKV_PAN_3 resource panos_management_profile Ensure plain-text management Telnet is not enabled for an Interface Management Profile Terraform
1477 CKV_PAN_4 resource panos_security_policy Ensure DSRI is not enabled within security policies Terraform
1478 CKV_PAN_4 resource panos_security_rule_group Ensure DSRI is not enabled within security policies Terraform
1479 CKV_PAN_5 resource panos_security_policy Ensure security rules do not have ‘applications’ set to ‘any’ Terraform
1480 CKV_PAN_5 resource panos_security_rule_group Ensure security rules do not have ‘applications’ set to ‘any’ Terraform
1481 CKV_PAN_6 resource panos_security_policy Ensure security rules do not have ‘services’ set to ‘any’ Terraform
1482 CKV_PAN_6 resource panos_security_rule_group Ensure security rules do not have ‘services’ set to ‘any’ Terraform
1483 CKV_PAN_7 resource panos_security_policy Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’ Terraform
1484 CKV_PAN_7 resource panos_security_rule_group Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’ Terraform
1485 CKV_PAN_8 resource panos_security_policy Ensure description is populated within security policies Terraform
1486 CKV_PAN_8 resource panos_security_rule_group Ensure description is populated within security policies Terraform
1487 CKV_PAN_9 resource panos_security_policy Ensure a Log Forwarding Profile is selected for each security policy rule Terraform
1488 CKV_PAN_9 resource panos_security_rule_group Ensure a Log Forwarding Profile is selected for each security policy rule Terraform
1489 CKV_PAN_10 resource panos_security_policy Ensure logging at session end is enabled within security policies Terraform
1490 CKV_PAN_10 resource panos_security_rule_group Ensure logging at session end is enabled within security policies Terraform
1491 CKV_PAN_11 resource panos_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure encryption algorithms Terraform
1492 CKV_PAN_11 resource panos_panorama_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure encryption algorithms Terraform
1493 CKV_PAN_12 resource panos_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure authentication algorithms Terraform
1494 CKV_PAN_12 resource panos_panorama_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure authentication algorithms Terraform
1495 CKV_PAN_13 resource panos_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure protocols Terraform
1496 CKV_PAN_13 resource panos_panorama_ipsec_crypto_profile Ensure IPsec profiles do not specify use of insecure protocols Terraform
1497 CKV_PAN_14 resource panos_panorama_zone Ensure a Zone Protection Profile is defined within Security Zones Terraform
1498 CKV_PAN_14 resource panos_zone Ensure a Zone Protection Profile is defined within Security Zones Terraform
1499 CKV_PAN_14 resource panos_zone_entry Ensure a Zone Protection Profile is defined within Security Zones Terraform
1500 CKV_PAN_15 resource panos_panorama_zone Ensure an Include ACL is defined for a Zone when User-ID is enabled Terraform
1501 CKV_PAN_15 resource panos_zone Ensure an Include ACL is defined for a Zone when User-ID is enabled Terraform
1502 CKV_YC_1 resource yandex_mdb_clickhouse_cluster Ensure security group is assigned to database cluster. Terraform
1503 CKV_YC_1 resource yandex_mdb_elasticsearch_cluster Ensure security group is assigned to database cluster. Terraform
1504 CKV_YC_1 resource yandex_mdb_greenplum_cluster Ensure security group is assigned to database cluster. Terraform
1505 CKV_YC_1 resource yandex_mdb_kafka_cluster Ensure security group is assigned to database cluster. Terraform
1506 CKV_YC_1 resource yandex_mdb_mongodb_cluster Ensure security group is assigned to database cluster. Terraform
1507 CKV_YC_1 resource yandex_mdb_mysql_cluster Ensure security group is assigned to database cluster. Terraform
1508 CKV_YC_1 resource yandex_mdb_postgresql_cluster Ensure security group is assigned to database cluster. Terraform
1509 CKV_YC_1 resource yandex_mdb_redis_cluster Ensure security group is assigned to database cluster. Terraform
1510 CKV_YC_1 resource yandex_mdb_sqlserver_cluster Ensure security group is assigned to database cluster. Terraform
1511 CKV_YC_2 resource yandex_compute_instance Ensure compute instance does not have public IP. Terraform
1512 CKV_YC_3 resource yandex_storage_bucket Ensure storage bucket is encrypted. Terraform
1513 CKV_YC_4 resource yandex_compute_instance Ensure compute instance does not have serial console enabled. Terraform
1514 CKV_YC_5 resource yandex_kubernetes_cluster Ensure Kubernetes cluster does not have public IP address. Terraform
1515 CKV_YC_6 resource yandex_kubernetes_node_group Ensure Kubernetes cluster node group does not have public IP addresses. Terraform
1516 CKV_YC_7 resource yandex_kubernetes_cluster Ensure Kubernetes cluster auto-upgrade is enabled. Terraform
1517 CKV_YC_8 resource yandex_kubernetes_node_group Ensure Kubernetes node group auto-upgrade is enabled. Terraform
1518 CKV_YC_9 resource yandex_kms_symmetric_key Ensure KMS symmetric key is rotated. Terraform
1519 CKV_YC_10 resource yandex_kubernetes_cluster Ensure etcd database is encrypted with KMS key. Terraform
1520 CKV_YC_11 resource yandex_compute_instance Ensure security group is assigned to network interface. Terraform
1521 CKV_YC_12 resource yandex_mdb_clickhouse_cluster Ensure public IP is not assigned to database cluster. Terraform
1522 CKV_YC_12 resource yandex_mdb_elasticsearch_cluster Ensure public IP is not assigned to database cluster. Terraform
1523 CKV_YC_12 resource yandex_mdb_greenplum_cluster Ensure public IP is not assigned to database cluster. Terraform
1524 CKV_YC_12 resource yandex_mdb_kafka_cluster Ensure public IP is not assigned to database cluster. Terraform
1525 CKV_YC_12 resource yandex_mdb_mongodb_cluster Ensure public IP is not assigned to database cluster. Terraform
1526 CKV_YC_12 resource yandex_mdb_mysql_cluster Ensure public IP is not assigned to database cluster. Terraform
1527 CKV_YC_12 resource yandex_mdb_postgresql_cluster Ensure public IP is not assigned to database cluster. Terraform
1528 CKV_YC_12 resource yandex_mdb_sqlserver_cluster Ensure public IP is not assigned to database cluster. Terraform
1529 CKV_YC_13 resource yandex_resourcemanager_cloud_iam_binding Ensure cloud member does not have elevated access. Terraform
1530 CKV_YC_13 resource yandex_resourcemanager_cloud_iam_member Ensure cloud member does not have elevated access. Terraform
1531 CKV_YC_14 resource yandex_kubernetes_cluster Ensure security group is assigned to Kubernetes cluster. Terraform
1532 CKV_YC_15 resource yandex_kubernetes_node_group Ensure security group is assigned to Kubernetes node group. Terraform
1533 CKV_YC_16 resource yandex_kubernetes_cluster Ensure network policy is assigned to Kubernetes cluster. Terraform
1534 CKV_YC_17 resource yandex_storage_bucket Ensure storage bucket does not have public access permissions. Terraform
1535 CKV_YC_18 resource yandex_compute_instance_group Ensure compute instance group does not have public IP. Terraform
1536 CKV_YC_19 resource yandex_vpc_security_group Ensure security group does not contain allow-all rules. Terraform
1537 CKV_YC_20 resource yandex_vpc_security_group_rule Ensure security group rule is not allow-all. Terraform
1538 CKV_YC_21 resource yandex_organizationmanager_organization_iam_binding Ensure organization member does not have elevated access. Terraform
1539 CKV_YC_21 resource yandex_organizationmanager_organization_iam_member Ensure organization member does not have elevated access. Terraform
1540 CKV_YC_22 resource yandex_compute_instance_group Ensure compute instance group has security group assigned. Terraform
1541 CKV_YC_23 resource yandex_resourcemanager_folder_iam_binding Ensure folder member does not have elevated access. Terraform
1542 CKV_YC_23 resource yandex_resourcemanager_folder_iam_member Ensure folder member does not have elevated access. Terraform
1543 CKV_YC_24 resource yandex_organizationmanager_organization_iam_binding Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform
1544 CKV_YC_24 resource yandex_organizationmanager_organization_iam_member Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform
1545 CKV_YC_24 resource yandex_resourcemanager_cloud_iam_binding Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform
1546 CKV_YC_24 resource yandex_resourcemanager_cloud_iam_member Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform
1547 CKV_YC_24 resource yandex_resourcemanager_folder_iam_binding Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform
1548 CKV_YC_24 resource yandex_resourcemanager_folder_iam_member Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. Terraform

Powered By

  • Slack Community
  • About Bridgecrew
  • Platform
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy