terraform resource scans (auto generated)

		Id	Type	Entity	Policy	IaC
0	CKV2_ADO_1	resource	azuredevops_branch_policy_min_reviewers	Ensure at least two approving reviews for PRs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1	CKV2_ADO_1	resource	azuredevops_git_repository	Ensure at least two approving reviews for PRs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
2	CKV_ALI_1	resource	alicloud_oss_bucket	Alibaba Cloud OSS bucket accessible to public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/OSSBucketPublic.py
3	CKV_ALI_2	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/SecurityGroupUnrestrictedIngress22.py
4	CKV_ALI_3	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/SecurityGroupUnrestrictedIngress3389.py
5	CKV_ALI_4	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all regions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/ActionTrailLogAllRegions.py
6	CKV_ALI_5	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all events	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/ActionTrailLogAllEvents.py
7	CKV_ALI_6	resource	alicloud_oss_bucket	Ensure OSS bucket is encrypted with Customer Master Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/OSSBucketEncryptedWithCMK.py
8	CKV_ALI_7	resource	alicloud_disk	Ensure disk is encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/DiskIsEncrypted.py
9	CKV_ALI_8	resource	alicloud_disk	Ensure Disk is encrypted with Customer Master Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/DiskEncryptedWithCMK.py
10	CKV_ALI_9	resource	alicloud_db_instance	Ensure database instance is not public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSIsPublic.py
11	CKV_ALI_10	resource	alicloud_oss_bucket	Ensure OSS bucket has versioning enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/OSSBucketVersioning.py
12	CKV_ALI_11	resource	alicloud_oss_bucket	Ensure OSS bucket has transfer Acceleration enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/OSSBucketTransferAcceleration.py
13	CKV_ALI_12	resource	alicloud_oss_bucket	Ensure the OSS bucket has access logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/OSSBucketAccessLogs.py
14	CKV_ALI_13	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires minimum length of 14 or greater	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyLength.py
15	CKV_ALI_14	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one number	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyNumber.py
16	CKV_ALI_15	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one symbol	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicySymbol.py
17	CKV_ALI_16	resource	alicloud_ram_account_password_policy	Ensure RAM password policy expires passwords within 90 days or less	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyExpiration.py
18	CKV_ALI_17	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one lowercase letter	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyLowercaseLetter.py
19	CKV_ALI_18	resource	alicloud_ram_account_password_policy	Ensure RAM password policy prevents password reuse	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyReuse.py
20	CKV_ALI_19	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one uppercase letter	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyUppcaseLetter.py
21	CKV_ALI_20	resource	alicloud_db_instance	Ensure RDS instance uses SSL	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSInstanceSSL.py
22	CKV_ALI_21	resource	alicloud_api_gateway_api	Ensure API Gateway API Protocol HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/APIGatewayProtocolHTTPS.py
23	CKV_ALI_22	resource	alicloud_db_instance	Ensure Transparent Data Encryption is Enabled on instance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSTransparentDataEncryptionEnabled.py
24	CKV_ALI_23	resource	alicloud_ram_account_password_policy	Ensure Ram Account Password Policy Max Login Attempts not > 5	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyMaxLogin.py
25	CKV_ALI_24	resource	alicloud_ram_security_preference	Ensure RAM enforces MFA	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RAMSecurityEnforceMFA.py
26	CKV_ALI_25	resource	alicloud_db_instance	Ensure RDS Instance SQL Collector Retention Period should be greater than 180	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSRetention.py
27	CKV_ALI_26	resource	alicloud_cs_kubernetes	Ensure Kubernetes installs plugin Terway or Flannel to support standard policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/K8sEnableNetworkPolicies.py
28	CKV_ALI_27	resource	alicloud_kms_key	Ensure KMS Key Rotation is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/KMSKeyRotationIsEnabled.py
29	CKV_ALI_28	resource	alicloud_kms_key	Ensure KMS Keys are enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/KMSKeyIsEnabled.py
30	CKV_ALI_29	resource	alicloud_alb_acl_entry_attachment	Alibaba ALB ACL does not restrict Access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/ALBACLIsUnrestricted.py
31	CKV_ALI_30	resource	alicloud_db_instance	Ensure RDS instance auto upgrades for minor versions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSInstanceAutoUpgrade.py
32	CKV_ALI_31	resource	alicloud_cs_kubernetes_node_pool	Ensure K8s nodepools are set to auto repair	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/K8sNodePoolAutoRepair.py
33	CKV_ALI_32	resource	alicloud_ecs_launch_template	Ensure launch template data disks are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/LaunchTemplateDisksAreEncrypted.py
34	CKV_ALI_33	resource	alicloud_slb_tls_cipher_policy	Alibaba Cloud Cypher Policy are secure	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/TLSPoliciesAreSecure.py
35	CKV_ALI_35	resource	alicloud_db_instance	Ensure RDS instance has log_duration enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSInstanceLogsEnabled.py
36	CKV_ALI_36	resource	alicloud_db_instance	Ensure RDS instance has log_disconnections enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSInstanceLogDisconnections.py
37	CKV_ALI_37	resource	alicloud_db_instance	Ensure RDS instance has log_connections enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/RDSInstanceLogConnections.py
38	CKV_ALI_38	resource	alicloud_log_audit	Ensure log audit is enabled for RDS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/LogAuditRDSEnabled.py
39	CKV_ALI_41	resource	alicloud_mongodb_instance	Ensure MongoDB is deployed inside a VPC	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/MongoDBInsideVPC.py
40	CKV_ALI_42	resource	alicloud_mongodb_instance	Ensure Mongodb instance uses SSL	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/MongoDBInstanceSSL.py
41	CKV_ALI_43	resource	alicloud_mongodb_instance	Ensure MongoDB instance is not public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/MongoDBIsPublic.py
42	CKV_ALI_44	resource	alicloud_mongodb_instance	Ensure MongoDB has Transparent Data Encryption Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/alicloud/MongoDBTransparentDataEncryptionEnabled.py
43	CKV_AWS_1	data	aws_iam_policy_document	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/AdminPolicyDocument.py
44	CKV_AWS_2	resource	aws_alb_listener	Ensure ALB protocol is HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ALBListenerHTTPS.py
45	CKV_AWS_2	resource	aws_lb_listener	Ensure ALB protocol is HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ALBListenerHTTPS.py
46	CKV_AWS_3	resource	aws_ebs_volume	Ensure all data stored in the EBS is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EBSEncryption.py
47	CKV_AWS_5	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchEncryption.py
48	CKV_AWS_5	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchEncryption.py
49	CKV_AWS_6	resource	aws_elasticsearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchNodeToNodeEncryption.py
50	CKV_AWS_6	resource	aws_opensearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchNodeToNodeEncryption.py
51	CKV_AWS_7	resource	aws_kms_key	Ensure rotation for customer created CMKs is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KMSRotation.py
52	CKV_AWS_8	resource	aws_instance	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LaunchConfigurationEBSEncryption.py
53	CKV_AWS_8	resource	aws_launch_configuration	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LaunchConfigurationEBSEncryption.py
54	CKV_AWS_9	resource	aws_iam_account_password_policy	Ensure IAM password policy expires passwords within 90 days or less	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicyExpiration.py
55	CKV_AWS_10	resource	aws_iam_account_password_policy	Ensure IAM password policy requires minimum length of 14 or greater	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicyLength.py
56	CKV_AWS_11	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one lowercase letter	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicyLowercaseLetter.py
57	CKV_AWS_12	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one number	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicyNumber.py
58	CKV_AWS_13	resource	aws_iam_account_password_policy	Ensure IAM password policy prevents password reuse	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicyReuse.py
59	CKV_AWS_14	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one symbol	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicySymbol.py
60	CKV_AWS_15	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one uppercase letter	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/PasswordPolicyUppercaseLetter.py
61	CKV_AWS_16	resource	aws_db_instance	Ensure all data stored in the RDS is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSEncryption.py
62	CKV_AWS_17	resource	aws_db_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSPubliclyAccessible.py
63	CKV_AWS_17	resource	aws_rds_cluster_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSPubliclyAccessible.py
64	CKV_AWS_18	resource	aws_s3_bucket	Ensure the S3 bucket has access logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
65	CKV_AWS_19	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
66	CKV_AWS_19	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
67	CKV_AWS_20	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public READ access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
68	CKV_AWS_20	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public READ access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
69	CKV_AWS_21	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
70	CKV_AWS_21	resource	aws_s3_bucket_versioning	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
71	CKV_AWS_22	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Notebook is encrypted at rest using KMS CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SagemakerNotebookEncryption.py
72	CKV_AWS_23	resource	aws_db_security_group	Ensure every security groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py
73	CKV_AWS_23	resource	aws_elasticache_security_group	Ensure every security groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py
74	CKV_AWS_23	resource	aws_redshift_security_group	Ensure every security groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py
75	CKV_AWS_23	resource	aws_security_group	Ensure every security groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py
76	CKV_AWS_23	resource	aws_security_group_rule	Ensure every security groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py
77	CKV_AWS_24	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py
78	CKV_AWS_24	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py
79	CKV_AWS_25	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py
80	CKV_AWS_25	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py
81	CKV_AWS_26	resource	aws_sns_topic	Ensure all data stored in the SNS topic is encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SNSTopicEncryption.py
82	CKV_AWS_27	resource	aws_sqs_queue	Ensure all data stored in the SQS queue is encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SQSQueueEncryption.py
83	CKV_AWS_28	resource	aws_dynamodb_table	Ensure Dynamodb point in time recovery (backup) is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DynamodbRecovery.py
84	CKV_AWS_29	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtRest.py
85	CKV_AWS_30	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtTransit.py
86	CKV_AWS_31	resource	aws_elasticache_replication_group	Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
87	CKV_AWS_32	resource	aws_ecr_repository_policy	Ensure ECR policy is not set to public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECRPolicy.py
88	CKV_AWS_33	resource	aws_kms_key	Ensure KMS key policy does not contain wildcard (*) principal	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KMSKeyWildcardPrincipal.py
89	CKV_AWS_34	resource	aws_cloudfront_distribution	Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudfrontDistributionEncryption.py
90	CKV_AWS_35	resource	aws_cloudtrail	Ensure CloudTrail logs are encrypted at rest using KMS CMKs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudtrailEncryptionWithCMK.py
91	CKV_AWS_36	resource	aws_cloudtrail	Ensure CloudTrail log file validation is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudtrailLogValidation.py
92	CKV_AWS_37	resource	aws_eks_cluster	Ensure Amazon EKS control plane logging enabled for all log types	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EKSControlPlaneLogging.py
93	CKV_AWS_38	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EKSPublicAccessCIDR.py
94	CKV_AWS_39	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EKSPublicAccess.py
95	CKV_AWS_40	resource	aws_iam_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py
96	CKV_AWS_40	resource	aws_iam_user_policy	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py
97	CKV_AWS_40	resource	aws_iam_user_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py
98	CKV_AWS_41	provider	aws	Ensure no hard coded AWS access key and secret key exists in provider	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/provider/aws/credentials.py
99	CKV_AWS_42	resource	aws_efs_file_system	Ensure EFS is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EFSEncryptionEnabled.py
100	CKV_AWS_43	resource	aws_kinesis_stream	Ensure Kinesis Stream is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KinesisStreamEncryptionType.py
101	CKV_AWS_44	resource	aws_neptune_cluster	Ensure Neptune storage is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NeptuneClusterStorageEncrypted.py
102	CKV_AWS_45	resource	aws_lambda_function	Ensure no hard-coded secrets exist in lambda environment	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaEnvironmentCredentials.py
103	CKV_AWS_46	resource	aws_instance	Ensure no hard-coded secrets exist in EC2 user data	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EC2Credentials.py
104	CKV_AWS_47	resource	aws_dax_cluster	Ensure DAX is encrypted at rest (default is unencrypted)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DAXEncryption.py
105	CKV_AWS_48	resource	aws_mq_broker	Ensure MQ Broker logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerLogging.py
106	CKV_AWS_49	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/StarActionPolicyDocument.py
107	CKV_AWS_50	resource	aws_lambda_function	X-ray tracing is enabled for Lambda	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaXrayEnabled.py
108	CKV_AWS_51	resource	aws_ecr_repository	Ensure ECR Image Tags are immutable	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECRImmutableTags.py
109	CKV_AWS_53	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public ACLS enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3BlockPublicACLs.py
110	CKV_AWS_54	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public policy enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3BlockPublicPolicy.py
111	CKV_AWS_55	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ignore public ACLs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3IgnorePublicACLs.py
112	CKV_AWS_56	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ‘restrict_public_bucket’ enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3RestrictPublicBuckets.py
113	CKV_AWS_57	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
114	CKV_AWS_57	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
115	CKV_AWS_58	resource	aws_eks_cluster	Ensure EKS Cluster has Secrets Encryption Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EKSSecretsEncryption.py
116	CKV_AWS_59	resource	aws_api_gateway_method	Ensure there is no open access to back-end resources through API	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py
117	CKV_AWS_60	resource	aws_iam_role	Ensure IAM role allows only specific services or principals to assume it	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMRoleAllowsPublicAssume.py
118	CKV_AWS_61	resource	aws_iam_role	Ensure AWS IAM policy does not allow assume role permission across all services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMRoleAllowAssumeFromAccount.py
119	CKV_AWS_62	resource	aws_iam_group_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py
120	CKV_AWS_62	resource	aws_iam_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py
121	CKV_AWS_62	resource	aws_iam_role_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py
122	CKV_AWS_62	resource	aws_iam_user_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py
123	CKV_AWS_62	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py
124	CKV_AWS_63	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py
125	CKV_AWS_63	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py
126	CKV_AWS_63	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py
127	CKV_AWS_63	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py
128	CKV_AWS_63	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py
129	CKV_AWS_64	resource	aws_redshift_cluster	Ensure all data stored in the Redshift cluster is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftClusterEncryption.py
130	CKV_AWS_65	resource	aws_ecs_cluster	Ensure container insights are enabled on ECS cluster	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECSClusterContainerInsights.py
131	CKV_AWS_66	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group specifies retention days	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudWatchLogGroupRetention.py
132	CKV_AWS_67	resource	aws_cloudtrail	Ensure CloudTrail is enabled in all Regions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudtrailMultiRegion.py
133	CKV_AWS_68	resource	aws_cloudfront_distribution	CloudFront Distribution should have WAF enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFEnabled.py
134	CKV_AWS_69	resource	aws_mq_broker	Ensure MQ Broker is not publicly exposed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerNotPubliclyExposed.py
135	CKV_AWS_70	resource	aws_s3_bucket	Ensure S3 bucket does not allow an action with any Principal	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3AllowsAnyPrincipal.py
136	CKV_AWS_70	resource	aws_s3_bucket_policy	Ensure S3 bucket does not allow an action with any Principal	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3AllowsAnyPrincipal.py
137	CKV_AWS_71	resource	aws_redshift_cluster	Ensure Redshift Cluster logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftClusterLogging.py
138	CKV_AWS_72	resource	aws_sqs_queue_policy	Ensure SQS policy does not allow ALL (*) actions.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SQSPolicy.py
139	CKV_AWS_73	resource	aws_api_gateway_stage	Ensure API Gateway has X-Ray Tracing enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayXray.py
140	CKV_AWS_74	resource	aws_docdb_cluster	Ensure DocDB is encrypted at rest (default is unencrypted)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DocDBEncryption.py
141	CKV_AWS_75	resource	aws_globalaccelerator_accelerator	Ensure Global Accelerator accelerator has flow logs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlobalAcceleratorAcceleratorFlowLogs.py
142	CKV_AWS_76	resource	aws_api_gateway_stage	Ensure API Gateway has Access Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayAccessLogging.py
143	CKV_AWS_76	resource	aws_apigatewayv2_stage	Ensure API Gateway has Access Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayAccessLogging.py
144	CKV_AWS_77	resource	aws_athena_database	Ensure Athena Database is encrypted at rest (default is unencrypted)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AthenaDatabaseEncryption.py
145	CKV_AWS_78	resource	aws_codebuild_project	Ensure that CodeBuild Project encryption is not disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CodeBuildProjectEncryption.py
146	CKV_AWS_79	resource	aws_instance	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IMDSv1Disabled.py
147	CKV_AWS_79	resource	aws_launch_configuration	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IMDSv1Disabled.py
148	CKV_AWS_79	resource	aws_launch_template	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IMDSv1Disabled.py
149	CKV_AWS_80	resource	aws_msk_cluster	Ensure MSK Cluster logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MSKClusterLogging.py
150	CKV_AWS_81	resource	aws_msk_cluster	Ensure MSK Cluster encryption in rest and transit is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MSKClusterEncryption.py
151	CKV_AWS_82	resource	aws_athena_workgroup	Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AthenaWorkgroupConfiguration.py
152	CKV_AWS_83	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchDomainEnforceHTTPS.py
153	CKV_AWS_83	resource	aws_opensearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchDomainEnforceHTTPS.py
154	CKV_AWS_84	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchDomainLogging.py
155	CKV_AWS_84	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchDomainLogging.py
156	CKV_AWS_85	resource	aws_docdb_cluster	Ensure DocDB Logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DocDBLogging.py
157	CKV_AWS_86	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution has Access Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudfrontDistributionLogging.py
158	CKV_AWS_87	resource	aws_redshift_cluster	Redshift cluster should not be publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshitClusterPubliclyAvailable.py
159	CKV_AWS_88	resource	aws_instance	EC2 instance should not have public IP.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EC2PublicIP.py
160	CKV_AWS_88	resource	aws_launch_template	EC2 instance should not have public IP.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EC2PublicIP.py
161	CKV_AWS_89	resource	aws_dms_replication_instance	DMS replication instance should not be publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DMSReplicationInstancePubliclyAccessible.py
162	CKV_AWS_90	resource	aws_docdb_cluster_parameter_group	Ensure DocDB TLS is not disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DocDBTLS.py
163	CKV_AWS_91	resource	aws_alb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ELBv2AccessLogs.py
164	CKV_AWS_91	resource	aws_lb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ELBv2AccessLogs.py
165	CKV_AWS_92	resource	aws_elb	Ensure the ELB has access logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ELBAccessLogs.py
166	CKV_AWS_93	resource	aws_s3_bucket	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3ProtectAgainstPolicyLockout.py
167	CKV_AWS_93	resource	aws_s3_bucket_policy	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3ProtectAgainstPolicyLockout.py
168	CKV_AWS_94	resource	aws_glue_data_catalog_encryption_settings	Ensure Glue Data Catalog Encryption is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlueDataCatalogEncryption.py
169	CKV_AWS_96	resource	aws_rds_cluster	Ensure all data stored in Aurora is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AuroraEncryption.py
170	CKV_AWS_97	resource	aws_ecs_task_definition	Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECSTaskDefinitionEFSVolumeEncryption.py
171	CKV_AWS_98	resource	aws_sagemaker_endpoint_configuration	Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SagemakerEndpointConfigurationEncryption.py
172	CKV_AWS_99	resource	aws_glue_security_configuration	Ensure Glue Security Configuration Encryption is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlueSecurityConfiguration.py
173	CKV_AWS_100	resource	aws_eks_node_group	Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EKSNodeGroupRemoteAccess.py
174	CKV_AWS_101	resource	aws_neptune_cluster	Ensure Neptune logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NeptuneClusterLogging.py
175	CKV_AWS_102	resource	aws_neptune_cluster_instance	Ensure Neptune Cluster instance is not publicly available	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NeptuneClusterInstancePublic.py
176	CKV_AWS_103	resource	aws_alb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
177	CKV_AWS_103	resource	aws_lb	Ensure that load balancer is using at least TLS 1.2	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
178	CKV_AWS_103	resource	aws_lb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
179	CKV_AWS_104	resource	aws_docdb_cluster_parameter_group	Ensure DocDB has audit logs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DocDBAuditLogs.py
180	CKV_AWS_105	resource	aws_redshift_parameter_group	Ensure Redshift uses SSL	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedShiftSSL.py
181	CKV_AWS_106	resource	aws_ebs_encryption_by_default	Ensure EBS default encryption is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EBSDefaultEncryption.py
182	CKV_AWS_107	data	aws_iam_policy_document	Ensure IAM policies does not allow credentials exposure	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMCredentialsExposure.py
183	CKV_AWS_108	data	aws_iam_policy_document	Ensure IAM policies does not allow data exfiltration	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMDataExfiltration.py
184	CKV_AWS_109	data	aws_iam_policy_document	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMPermissionsManagement.py
185	CKV_AWS_110	data	aws_iam_policy_document	Ensure IAM policies does not allow privilege escalation	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMPrivilegeEscalation.py
186	CKV_AWS_111	data	aws_iam_policy_document	Ensure IAM policies does not allow write access without constraints	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMWriteAccess.py
187	CKV_AWS_112	resource	aws_ssm_document	Ensure Session Manager data is encrypted in transit	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SSMSessionManagerDocumentEncryption.py
188	CKV_AWS_113	resource	aws_ssm_document	Ensure Session Manager logs are enabled and encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SSMSessionManagerDocumentLogging.py
189	CKV_AWS_114	resource	aws_emr_cluster	Ensure that EMR clusters with Kerberos have Kerberos Realm set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EMRClusterKerberosAttributes.py
190	CKV_AWS_115	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaFunctionLevelConcurrentExecutionLimit.py
191	CKV_AWS_116	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaDLQConfigured.py
192	CKV_AWS_117	resource	aws_lambda_function	Ensure that AWS Lambda function is configured inside a VPC	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaInVPC.py
193	CKV_AWS_118	resource	aws_db_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSEnhancedMonitorEnabled.py
194	CKV_AWS_118	resource	aws_rds_cluster_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSEnhancedMonitorEnabled.py
195	CKV_AWS_119	resource	aws_dynamodb_table	Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DynamoDBTablesEncrypted.py
196	CKV_AWS_120	resource	aws_api_gateway_stage	Ensure API Gateway caching is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayCacheEnable.py
197	CKV_AWS_121	resource	aws_config_configuration_aggregator	Ensure AWS Config is enabled in all regions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ConfigConfgurationAggregatorAllRegions.py
198	CKV_AWS_122	resource	aws_sagemaker_notebook_instance	Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SageMakerInternetAccessDisabled.py
199	CKV_AWS_123	resource	aws_vpc_endpoint_service	Ensure that VPC Endpoint Service is configured for Manual Acceptance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/VPCEndpointAcceptanceConfigured.py
200	CKV_AWS_124	resource	aws_cloudformation_stack	Ensure that CloudFormation stacks are sending event notifications to an SNS topic	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudformationStackNotificationArns.py
201	CKV_AWS_126	resource	aws_instance	Ensure that detailed monitoring is enabled for EC2 instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EC2DetailedMonitoringEnabled.py
202	CKV_AWS_127	resource	aws_elb	Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ELBUsesSSL.py
203	CKV_AWS_128	resource	aws_rds_cluster	Ensure that an Amazon RDS Clusters have AWS Identity and Access Management (IAM) authentication enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSEnableIAMAuthentication.py
204	CKV_AWS_129	resource	aws_db_instance	Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DBInstanceLogging.py
205	CKV_AWS_130	resource	aws_subnet	Ensure VPC subnets do not assign public IP by default	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SubnetPublicIP.py
206	CKV_AWS_131	resource	aws_alb	Ensure that ALB drops HTTP headers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ALBDropHttpHeaders.py
207	CKV_AWS_131	resource	aws_lb	Ensure that ALB drops HTTP headers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ALBDropHttpHeaders.py
208	CKV_AWS_133	resource	aws_db_instance	Ensure that RDS instances has backup policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DBInstanceBackupRetentionPeriod.py
209	CKV_AWS_133	resource	aws_rds_cluster	Ensure that RDS instances has backup policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DBInstanceBackupRetentionPeriod.py
210	CKV_AWS_134	resource	aws_elasticache_cluster	Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticCacheAutomaticBackup.py
211	CKV_AWS_135	resource	aws_instance	Ensure that EC2 is EBS optimized	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EC2EBSOptimized.py
212	CKV_AWS_136	resource	aws_ecr_repository	Ensure that ECR repositories are encrypted using KMS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECRRepositoryEncrypted.py
213	CKV_AWS_137	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchInVPC.py
214	CKV_AWS_137	resource	aws_opensearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchInVPC.py
215	CKV_AWS_138	resource	aws_elb	Ensure that ELB is cross-zone-load-balancing enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ELBCrossZoneEnable.py
216	CKV_AWS_139	resource	aws_rds_cluster	Ensure that RDS clusters have deletion protection enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSDeletionProtection.py
217	CKV_AWS_140	resource	aws_rds_global_cluster	Ensure that RDS global clusters are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSClusterEncrypted.py
218	CKV_AWS_141	resource	aws_redshift_cluster	Ensured that redshift cluster allowing version upgrade by default	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftClusterAllowVersionUpgrade.py
219	CKV_AWS_142	resource	aws_redshift_cluster	Ensure that Redshift cluster is encrypted by KMS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftClusterKMSKey.py
220	CKV_AWS_143	resource	aws_s3_bucket	Ensure that S3 bucket has lock configuration enabled by default	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3BucketObjectLock.py
221	CKV_AWS_144	resource	aws_s3_bucket	Ensure that S3 bucket has cross-region replication enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
222	CKV_AWS_144	resource	aws_s3_bucket_replication_configuration	Ensure that S3 bucket has cross-region replication enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
223	CKV_AWS_145	resource	aws_s3_bucket	Ensure that S3 buckets are encrypted with KMS by default	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
224	CKV_AWS_145	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure that S3 buckets are encrypted with KMS by default	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
225	CKV_AWS_146	resource	aws_db_cluster_snapshot	Ensure that RDS database cluster snapshot is encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSClusterSnapshotEncrypted.py
226	CKV_AWS_147	resource	aws_codebuild_project	Ensure that CodeBuild projects are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CodeBuildEncrypted.py
227	CKV_AWS_148	resource	aws_default_vpc	Ensure no default VPC is planned to be provisioned	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/VPCDefaultNetwork.py
228	CKV_AWS_149	resource	aws_secretsmanager_secret	Ensure that Secrets Manager secret is encrypted using KMS CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecretManagerSecretEncrypted.py
229	CKV_AWS_150	resource	aws_alb	Ensure that Load Balancer has deletion protection enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LBDeletionProtection.py
230	CKV_AWS_150	resource	aws_lb	Ensure that Load Balancer has deletion protection enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LBDeletionProtection.py
231	CKV_AWS_152	resource	aws_alb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LBCrossZone.py
232	CKV_AWS_152	resource	aws_lb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LBCrossZone.py
233	CKV_AWS_153	resource	aws_autoscaling_group	Autoscaling groups should supply tags to launch configurations	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AutoScalingTagging.py
234	CKV_AWS_154	resource	aws_redshift_cluster	Ensure Redshift is not deployed outside of a VPC	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftInEc2ClassicMode.py
235	CKV_AWS_155	resource	aws_workspaces_workspace	Ensure that Workspace user volumes are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WorkspaceUserVolumeEncrypted.py
236	CKV_AWS_156	resource	aws_workspaces_workspace	Ensure that Workspace root volumes are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WorkspaceRootVolumeEncrypted.py
237	CKV_AWS_157	resource	aws_db_instance	Ensure that RDS instances have Multi-AZ enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSMultiAZEnabled.py
238	CKV_AWS_158	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group is encrypted by KMS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudWatchLogGroupKMSKey.py
239	CKV_AWS_159	resource	aws_athena_workgroup	Ensure that Athena Workgroup is encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AthenaWorkgroupEncryption.py
240	CKV_AWS_160	resource	aws_timestreamwrite_database	Ensure that Timestream database is encrypted with KMS CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/TimestreamDatabaseKMSKey.py
241	CKV_AWS_161	resource	aws_db_instance	Ensure RDS database has IAM authentication enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSIAMAuthentication.py
242	CKV_AWS_162	resource	aws_rds_cluster	Ensure RDS cluster has IAM authentication enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSClusterIAMAuthentication.py
243	CKV_AWS_163	resource	aws_ecr_repository	Ensure ECR image scanning on push is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECRImageScanning.py
244	CKV_AWS_164	resource	aws_transfer_server	Ensure Transfer Server is not exposed publicly.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/TransferServerIsPublic.py
245	CKV_AWS_165	resource	aws_dynamodb_global_table	Ensure Dynamodb point in time recovery (backup) is enabled for global tables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DynamoDBGlobalTableRecovery.py
246	CKV_AWS_166	resource	aws_backup_vault	Ensure Backup Vault is encrypted at rest using KMS CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/BackupVaultEncrypted.py
247	CKV_AWS_167	resource	aws_glacier_vault	Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlacierVaultAnyPrincipal.py
248	CKV_AWS_168	resource	aws_sqs_queue	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SQSQueuePolicyAnyPrincipal.py
249	CKV_AWS_168	resource	aws_sqs_queue_policy	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SQSQueuePolicyAnyPrincipal.py
250	CKV_AWS_169	resource	aws_sns_topic_policy	Ensure SNS topic policy is not public by only allowing specific services or principals to access it	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SNSTopicPolicyAnyPrincipal.py
251	CKV_AWS_170	resource	aws_qldb_ledger	Ensure QLDB ledger permissions mode is set to STANDARD	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/QLDBLedgerPermissionsMode.py
252	CKV_AWS_171	resource	aws_emr_security_configuration	Ensure Cluster security configuration encryption is using SSE-KMS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EMRClusterIsEncryptedKMS.py
253	CKV_AWS_172	resource	aws_qldb_ledger	Ensure QLDB ledger has deletion protection enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/QLDBLedgerDeletionProtection.py
254	CKV_AWS_173	resource	aws_lambda_function	Check encryption settings for Lambda environmental variable	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaEnvironmentEncryptionSettings.py
255	CKV_AWS_174	resource	aws_cloudfront_distribution	Verify CloudFront Distribution Viewer Certificate is using TLS v1.2	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudfrontTLS12.py
256	CKV_AWS_175	resource	aws_waf_web_acl	Ensure WAF has associated rules	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFHasAnyRules.py
257	CKV_AWS_175	resource	aws_wafregional_web_acl	Ensure WAF has associated rules	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFHasAnyRules.py
258	CKV_AWS_175	resource	aws_wafv2_web_acl	Ensure WAF has associated rules	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFHasAnyRules.py
259	CKV_AWS_176	resource	aws_waf_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFHasLogs.py
260	CKV_AWS_176	resource	aws_wafregional_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFHasLogs.py
261	CKV_AWS_177	resource	aws_kinesis_video_stream	Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KinesisVideoEncryptedWithCMK.py
262	CKV_AWS_178	resource	aws_fsx_ontap_file_system	Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/FSXOntapFSEncryptedWithCMK.py
263	CKV_AWS_179	resource	aws_fsx_windows_file_system	Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/FSXWindowsFSEncryptedWithCMK.py
264	CKV_AWS_180	resource	aws_imagebuilder_component	Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ImagebuilderComponentEncryptedWithCMK.py
265	CKV_AWS_181	resource	aws_s3_object_copy	Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3ObjectCopyEncryptedWithCMK.py
266	CKV_AWS_182	resource	aws_docdb_cluster	Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DocDBEncryptedWithCMK.py
267	CKV_AWS_183	resource	aws_ebs_snapshot_copy	Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EBSSnapshotCopyEncryptedWithCMK.py
268	CKV_AWS_184	resource	aws_efs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EFSFileSystemEncryptedWithCMK.py
269	CKV_AWS_185	resource	aws_kinesis_stream	Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KinesisStreamEncryptedWithCMK.py
270	CKV_AWS_186	resource	aws_s3_bucket_object	Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/S3BucketObjectEncryptedWithCMK.py
271	CKV_AWS_187	resource	aws_sagemaker_domain	Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SagemakerDomainEncryptedWithCMK.py
272	CKV_AWS_188	resource	aws_redshift_cluster	Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftClusterEncryptedWithCMK.py
273	CKV_AWS_189	resource	aws_ebs_volume	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/EBSVolumeEncryptedWithCMK.py
274	CKV_AWS_190	resource	aws_fsx_lustre_file_system	Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LustreFSEncryptedWithCMK.py
275	CKV_AWS_191	resource	aws_elasticache_replication_group	Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptedWithCMK.py
276	CKV_AWS_192	resource	aws_wafv2_web_acl	Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/WAFACLCVE202144228.py
277	CKV_AWS_193	resource	aws_appsync_graphql_api	Ensure AppSync has Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AppSyncLogging.py
278	CKV_AWS_194	resource	aws_appsync_graphql_api	Ensure AppSync has Field-Level logs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AppSyncFieldLevelLogs.py
279	CKV_AWS_195	resource	aws_glue_crawler	Ensure Glue component has a security configuration associated	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlueSecurityConfigurationEnabled.py
280	CKV_AWS_195	resource	aws_glue_dev_endpoint	Ensure Glue component has a security configuration associated	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlueSecurityConfigurationEnabled.py
281	CKV_AWS_195	resource	aws_glue_job	Ensure Glue component has a security configuration associated	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GlueSecurityConfigurationEnabled.py
282	CKV_AWS_196	resource	aws_elasticache_security_group	Ensure no aws_elasticache_security_group resources exist	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticacheHasSecurityGroup.py
283	CKV_AWS_197	resource	aws_mq_broker	Ensure MQ Broker Audit logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerAuditLogging.py
284	CKV_AWS_198	resource	aws_db_security_group	Ensure no aws_db_security_group resources exist	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSHasSecurityGroup.py
285	CKV_AWS_199	resource	aws_imagebuilder_distribution_configuration	Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ImagebuilderDistributionConfigurationEncryptedWithCMK.py
286	CKV_AWS_200	resource	aws_imagebuilder_image_recipe	Ensure that Image Recipe EBS Disk are encrypted with CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ImagebuilderImageRecipeEBSEncrypted.py
287	CKV_AWS_201	resource	aws_memorydb_cluster	Ensure MemoryDB is encrypted at rest using KMS CMKs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MemoryDBEncryptionWithCMK.py
288	CKV_AWS_202	resource	aws_memorydb_cluster	Ensure MemoryDB data is encrypted in transit	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MemoryDBClusterIntransitEncryption.py
289	CKV_AWS_203	resource	aws_fsx_openzfs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/FSXOpenZFSFileSystemEncryptedWithCMK.py
290	CKV_AWS_204	resource	aws_ami	Ensure AMIs are encrypted using KMS CMKs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AMIEncryption.py
291	CKV_AWS_205	resource	aws_ami_launch_permission	Ensure to Limit AMI launch Permissions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AMILaunchIsShared.py
292	CKV_AWS_206	resource	aws_api_gateway_domain_name	Ensure API Gateway Domain uses a modern security Policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayDomainNameTLS.py
293	CKV_AWS_207	resource	aws_mq_broker	Ensure MQ Broker minor version updates are enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerMinorAutoUpgrade.py
294	CKV_AWS_208	resource	aws_mq_broker	Ensure MQBroker version is current	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerVersion.py
295	CKV_AWS_208	resource	aws_mq_configuration	Ensure MQBroker version is current	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerVersion.py
296	CKV_AWS_209	resource	aws_mq_broker	Ensure MQ broker encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MQBrokerEncryptedWithCMK.py
297	CKV_AWS_210	resource	aws_batch_job_definition	Batch job does not define a privileged container	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/BatchJobIsNotPrivileged.py
298	CKV_AWS_211	resource	aws_db_instance	Ensure RDS uses a modern CaCert	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSCACertIsRecent.py
299	CKV_AWS_212	resource	aws_dms_replication_instance	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DMSReplicationInstanceEncryptedWithCMK.py
300	CKV_AWS_213	resource	aws_load_balancer_policy	Ensure ELB Policy uses only secure protocols	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ELBPolicyUsesSecureProtocols.py
301	CKV_AWS_214	resource	aws_appsync_api_cache	Ensure Appsync API Cache is encrypted at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AppsyncAPICacheEncryptionAtRest.py
302	CKV_AWS_215	resource	aws_appsync_api_cache	Ensure Appsync API Cache is encrypted in transit	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AppsyncAPICacheEncryptionInTransit.py
303	CKV_AWS_216	resource	aws_cloudfront_distribution	Ensure Cloudfront distribution is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudfrontDistributionEnabled.py
304	CKV_AWS_217	resource	aws_api_gateway_deployment	Ensure Create before destroy for API deployments	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayDeploymentCreateBeforeDestroy.py
305	CKV_AWS_218	resource	aws_cloudsearch_domain	Ensure that Cloudsearch is using latest TLS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudsearchDomainTLS.py
306	CKV_AWS_219	resource	aws_codepipeline	Ensure Code Pipeline Artifact store is using a KMS CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CodePipelineArtifactsEncrypted.py
307	CKV_AWS_220	resource	aws_cloudsearch_domain	Ensure that Cloudsearch is using https	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudsearchDomainEnforceHttps.py
308	CKV_AWS_221	resource	aws_codeartifact_domain	Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CodeArtifactDomainEncryptedWithCMK.py
309	CKV_AWS_222	resource	aws_dms_replication_instance	Ensure DMS instance gets all minor upgrade automatically	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DMSReplicationInstanceMinorUpgrade.py
310	CKV_AWS_223	resource	aws_ecs_cluster	Ensure ECS Cluster enables logging of ECS Exec	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECSClusterLoggingEnabled.py
311	CKV_AWS_224	resource	aws_ecs_cluster	Ensure Cluster logging with CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECSClusterLoggingEncryptedWithCMK.py
312	CKV_AWS_225	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayMethodSettingsCacheEnabled.py
313	CKV_AWS_226	resource	aws_db_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DBInstanceMinorUpgrade.py
314	CKV_AWS_226	resource	aws_rds_cluster_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DBInstanceMinorUpgrade.py
315	CKV_AWS_227	resource	aws_kms_key	Ensure KMS key is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KMSKeyIsEnabled.py
316	CKV_AWS_228	resource	aws_elasticsearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchTLSPolicy.py
317	CKV_AWS_228	resource	aws_opensearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchTLSPolicy.py
318	CKV_AWS_229	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress21.py
319	CKV_AWS_229	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress21.py
320	CKV_AWS_230	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress20.py
321	CKV_AWS_230	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress20.py
322	CKV_AWS_231	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress3389.py
323	CKV_AWS_231	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress3389.py
324	CKV_AWS_232	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress22.py
325	CKV_AWS_232	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress22.py
326	CKV_AWS_233	resource	aws_acm_certificate	Ensure Create before destroy for ACM certificates	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ACMCertCreateBeforeDestroy.py
327	CKV_AWS_234	resource	aws_acm_certificate	Verify logging preference for ACM certificates	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ACMCertSetLoggingPreference.py
328	CKV_AWS_235	resource	aws_ami_copy	Ensure that copied AMIs are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AMICopyIsEncrypted.py
329	CKV_AWS_236	resource	aws_ami_copy	Ensure AMI copying uses a CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AMICopyUsesCMK.py
330	CKV_AWS_237	resource	aws_api_gateway_rest_api	Ensure Create before destroy for API GATEWAY	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayCreateBeforeDestroy.py
331	CKV_AWS_238	resource	aws_guardduty_detector	Ensure that Guard Duty detector is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/GuarddutyDetectorEnabled.py
332	CKV_AWS_239	resource	aws_dax_cluster	Ensure DAX cluster endpoint is using TLS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DAXEndpointTLS.py
333	CKV_AWS_240	resource	aws_kinesis_firehose_delivery_stream	Ensure Kinesis Firehose delivery stream is encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KinesisFirehoseDeliveryStreamSSE.py
334	CKV_AWS_241	resource	aws_kinesis_firehose_delivery_stream	Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KinesisFirehoseDeliveryStreamUsesCMK.py
335	CKV_AWS_242	resource	aws_mwaa_environment	Ensure MWAA environment has scheduler logs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MWAASchedulerLogsEnabled.py
336	CKV_AWS_243	resource	aws_mwaa_environment	Ensure MWAA environment has worker logs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MWAAWorkerLogsEnabled.py
337	CKV_AWS_244	resource	aws_mwaa_environment	Ensure MWAA environment has webserver logs enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MWAAWebserverLogsEnabled.py
338	CKV_AWS_245	resource	aws_db_instance_automated_backups_replication	Ensure replicated backups are encrypted at rest using KMS CMKs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSInstanceAutoBackupEncryptionWithCMK.py
339	CKV_AWS_246	resource	aws_rds_cluster_activity_stream	Ensure RDS Cluster activity streams are encrypted using KMS CMKs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSClusterActivityStreamEncryptedWithCMK.py
340	CKV_AWS_247	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchEncryptionWithCMK.py
341	CKV_AWS_247	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchEncryptionWithCMK.py
342	CKV_AWS_248	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchDefaultSG.py
343	CKV_AWS_248	resource	aws_opensearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ElasticsearchDefaultSG.py
344	CKV_AWS_249	resource	aws_ecs_task_definition	Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ECSTaskDefinitionRoleCheck.py
345	CKV_AWS_250	resource	aws_db_instance	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSPostgreSQLLogFDWExtension.py
346	CKV_AWS_250	resource	aws_rds_cluster	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RDSPostgreSQLLogFDWExtension.py
347	CKV_AWS_251	resource	aws_cloudtrail	Ensure CloudTrail logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudtrailEnableLogging.py
348	CKV_AWS_252	resource	aws_cloudtrail	Ensure CloudTrail defines an SNS Topic	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudtrailDefinesSNSTopic.py
349	CKV_AWS_253	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DLMEventsCrossRegionEncryption.py
350	CKV_AWS_254	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted with Customer Managed Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DLMEventsCrossRegionEncryptionWithCMK.py
351	CKV_AWS_255	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DLMScheduleCrossRegionEncryption.py
352	CKV_AWS_256	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted using a Customer Managed Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DLMScheduleCrossRegionEncryptionWithCMK.py
353	CKV_AWS_257	resource	aws_codecommit_approval_rule_template	Ensure codecommit branch changes have at least 2 approvals	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CodecommitApprovalsRulesRequireMin2.py
354	CKV_AWS_258	resource	aws_lambda_function_url	Ensure that Lambda function URLs AuthType is not None	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaFunctionURLAuth.py
355	CKV_AWS_259	resource	aws_cloudfront_response_headers_policy	Ensure CloudFront response header policy enforces Strict Transport Security	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/CloudFrontResponseHeaderStrictTransportSecurity.py
356	CKV_AWS_260	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py
357	CKV_AWS_260	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py
358	CKV_AWS_261	resource	aws_alb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LBTargetGroupsDefinesHealthcheck.py
359	CKV_AWS_261	resource	aws_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LBTargetGroupsDefinesHealthcheck.py
360	CKV_AWS_262	resource	aws_kendra_index	Ensure Kendra index Server side encryption uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KendraIndexSSEUsesCMK.py
361	CKV_AWS_263	resource	aws_appflow_flow	Ensure App Flow flow uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AppFlowUsesCMK.py
362	CKV_AWS_264	resource	aws_appflow_connector_profile	Ensure App Flow connector profile uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/AppFlowConnectorProfileUsesCMK.py
363	CKV_AWS_265	resource	aws_keyspaces_table	Ensure Keyspaces Table uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/KeyspacesTableUsesCMK.py
364	CKV_AWS_266	resource	aws_db_snapshot_copy	Ensure App Flow connector profile uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DBSnapshotCopyUsesCMK.py
365	CKV_AWS_267	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s model is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ComprehendEntityRecognizerModelUsesCMK.py
366	CKV_AWS_268	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ComprehendEntityRecognizerVolumeUsesCMK.py
367	CKV_AWS_269	resource	aws_connect_instance_storage_config	Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py
368	CKV_AWS_270	resource	aws_connect_instance_storage_config	Ensure Connect Instance S3 Storage Config uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/ConnectInstanceS3StorageConfigUsesCMK.py
369	CKV_AWS_271	resource	aws_dynamodb_table_replica	Ensure DynamoDB table replica KMS encryption uses CMK	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/DynamoDBTableReplicaKMSUsesCMK.py
370	CKV_AWS_272	resource	aws_lambda_function	Ensure AWS Lambda function is configured to validate code-signing	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/LambdaCodeSigningConfigured.py
371	CKV_AWS_273	resource	aws_iam_user	Ensure access is controlled through SSO and not AWS IAM defined users	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMUserNotUsedForAccess.py
372	CKV_AWS_274	resource	aws_iam_group_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py
373	CKV_AWS_274	resource	aws_iam_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py
374	CKV_AWS_274	resource	aws_iam_role	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py
375	CKV_AWS_274	resource	aws_iam_role_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py
376	CKV_AWS_274	resource	aws_iam_user_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py
377	CKV_AWS_275	data	aws_iam_policy	Disallow policies from using the AWS AdministratorAccess policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMManagedAdminPolicy.py
378	CKV_AWS_276	resource	aws_api_gateway_method_settings	Ensure Data Trace is not enabled in API Gateway Method Settings	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/APIGatewayMethodSettingsDataTrace.py
379	CKV_AWS_277	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngressAny.py
380	CKV_AWS_277	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngressAny.py
381	CKV_AWS_278	resource	aws_memorydb_snapshot	Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/MemoryDBSnapshotEncryptionWithCMK.py
382	CKV_AWS_279	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NeptuneClusterSnapshotEncrypted.py
383	CKV_AWS_280	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/NeptuneClusterSnapshotEncryptedWithCMK.py
384	CKV_AWS_281	resource	aws_redshift_snapshot_copy_grant	Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py
385	CKV_AWS_282	resource	aws_redshiftserverless_namespace	Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/aws/RedshiftServerlessNamespaceKMSKey.py
386	CKV_AWS_283	data	aws_iam_policy_document	Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/data/aws/IAMPublichActionsPolicy.py
387	CKV2_AWS_1	resource	aws_network_acl	Ensure that all NACL are attached to subnets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
388	CKV2_AWS_1	resource	aws_subnet	Ensure that all NACL are attached to subnets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
389	CKV2_AWS_2	resource	aws_ebs_volume	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
390	CKV2_AWS_2	resource	aws_volume_attachment	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
391	CKV2_AWS_3	resource	aws_guardduty_detector	Ensure GuardDuty is enabled to specific org/region	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
392	CKV2_AWS_3	resource	aws_guardduty_organization_configuration	Ensure GuardDuty is enabled to specific org/region	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
393	CKV2_AWS_4	resource	aws_api_gateway_method_settings	Ensure API Gateway stage have logging level defined as appropriate	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
394	CKV2_AWS_4	resource	aws_api_gateway_stage	Ensure API Gateway stage have logging level defined as appropriate	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
395	CKV2_AWS_5	resource	aws_security_group	Ensure that Security Groups are attached to another resource	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
396	CKV2_AWS_6	resource	aws_s3_bucket	Ensure that S3 bucket has a Public Access block	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
397	CKV2_AWS_6	resource	aws_s3_bucket_public_access_block	Ensure that S3 bucket has a Public Access block	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
398	CKV2_AWS_7	resource	aws_emr_cluster	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
399	CKV2_AWS_7	resource	aws_security_group	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
400	CKV2_AWS_8	resource	aws_rds_cluster	Ensure that RDS clusters has backup plan of AWS Backup	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
401	CKV2_AWS_9	resource	aws_backup_selection	Ensure that EBS are added in the backup plans of AWS Backup	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
402	CKV2_AWS_10	resource	aws_cloudtrail	Ensure CloudTrail trails are integrated with CloudWatch Logs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
403	CKV2_AWS_11	resource	aws_vpc	Ensure VPC flow logging is enabled in all VPCs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
404	CKV2_AWS_12	resource	aws_default_security_group	Ensure the default security group of every VPC restricts all traffic	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
405	CKV2_AWS_12	resource	aws_vpc	Ensure the default security group of every VPC restricts all traffic	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
406	CKV2_AWS_14	resource	aws_iam_group	Ensure that IAM groups includes at least one IAM user	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
407	CKV2_AWS_14	resource	aws_iam_group_membership	Ensure that IAM groups includes at least one IAM user	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
408	CKV2_AWS_15	resource	aws_autoscaling_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
409	CKV2_AWS_15	resource	aws_elb	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
410	CKV2_AWS_15	resource	aws_lb_target_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
411	CKV2_AWS_16	resource	aws_appautoscaling_target	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
412	CKV2_AWS_16	resource	aws_dynamodb_table	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
413	CKV2_AWS_18	resource	aws_backup_selection	Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
414	CKV2_AWS_19	resource	aws_eip	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
415	CKV2_AWS_19	resource	aws_eip_association	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
416	CKV2_AWS_20	resource	aws_alb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
417	CKV2_AWS_20	resource	aws_alb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
418	CKV2_AWS_20	resource	aws_lb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
419	CKV2_AWS_20	resource	aws_lb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
420	CKV2_AWS_21	resource	aws_iam_group_membership	Ensure that all IAM users are members of at least one IAM group.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
421	CKV2_AWS_22	resource	aws_iam_user	Ensure an IAM User does not have access to the console	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
422	CKV2_AWS_23	resource	aws_route53_record	Route53 A Record has Attached Resource	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
423	CKV2_AWS_27	resource	aws_rds_cluster	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
424	CKV2_AWS_27	resource	aws_rds_cluster_parameter_group	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
425	CKV2_AWS_28	resource	aws_alb	Ensure public facing ALB are protected by WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
426	CKV2_AWS_28	resource	aws_lb	Ensure public facing ALB are protected by WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
427	CKV2_AWS_29	resource	aws_api_gateway_rest_api	Ensure public API gateway are protected by WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
428	CKV2_AWS_29	resource	aws_api_gateway_stage	Ensure public API gateway are protected by WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
429	CKV2_AWS_30	resource	aws_db_instance	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
430	CKV2_AWS_30	resource	aws_db_parameter_group	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
431	CKV2_AWS_31	resource	aws_wafv2_web_acl	Ensure WAF2 has a Logging Configuration	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
432	CKV2_AWS_32	resource	aws_cloudfront_distribution	Ensure CloudFront distribution has a response headers policy attached	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
433	CKV2_AWS_33	resource	aws_appsync_graphql_api	Ensure AppSync is protected by WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
434	CKV2_AWS_34	resource	aws_ssm_parameter	AWS SSM Parameter should be Encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
435	CKV2_AWS_35	resource	aws_route	AWS NAT Gateways should be utilized for the default route	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
436	CKV2_AWS_35	resource	aws_route_table	AWS NAT Gateways should be utilized for the default route	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
437	CKV2_AWS_36	resource	aws_ssm_parameter	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
438	CKV2_AWS_36	resource	data.http	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
439	CKV2_AWS_37	resource	aws	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
440	CKV2_AWS_37	resource	aws_accessanalyzer_analyzer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
441	CKV2_AWS_37	resource	aws_acm_certificate	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
442	CKV2_AWS_37	resource	aws_acm_certificate_validation	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
443	CKV2_AWS_37	resource	aws_acmpca_certificate_authority	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
444	CKV2_AWS_37	resource	aws_ami	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
445	CKV2_AWS_37	resource	aws_ami_copy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
446	CKV2_AWS_37	resource	aws_ami_from_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
447	CKV2_AWS_37	resource	aws_ami_launch_permission	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
448	CKV2_AWS_37	resource	aws_api_gateway_account	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
449	CKV2_AWS_37	resource	aws_api_gateway_api_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
450	CKV2_AWS_37	resource	aws_api_gateway_authorizer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
451	CKV2_AWS_37	resource	aws_api_gateway_base_path_mapping	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
452	CKV2_AWS_37	resource	aws_api_gateway_client_certificate	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
453	CKV2_AWS_37	resource	aws_api_gateway_deployment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
454	CKV2_AWS_37	resource	aws_api_gateway_documentation_part	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
455	CKV2_AWS_37	resource	aws_api_gateway_documentation_version	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
456	CKV2_AWS_37	resource	aws_api_gateway_domain_name	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
457	CKV2_AWS_37	resource	aws_api_gateway_gateway_response	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
458	CKV2_AWS_37	resource	aws_api_gateway_integration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
459	CKV2_AWS_37	resource	aws_api_gateway_integration_response	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
460	CKV2_AWS_37	resource	aws_api_gateway_method	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
461	CKV2_AWS_37	resource	aws_api_gateway_method_response	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
462	CKV2_AWS_37	resource	aws_api_gateway_method_settings	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
463	CKV2_AWS_37	resource	aws_api_gateway_model	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
464	CKV2_AWS_37	resource	aws_api_gateway_request_validator	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
465	CKV2_AWS_37	resource	aws_api_gateway_resource	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
466	CKV2_AWS_37	resource	aws_api_gateway_rest_api	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
467	CKV2_AWS_37	resource	aws_api_gateway_stage	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
468	CKV2_AWS_37	resource	aws_api_gateway_usage_plan	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
469	CKV2_AWS_37	resource	aws_api_gateway_usage_plan_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
470	CKV2_AWS_37	resource	aws_api_gateway_vpc_link	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
471	CKV2_AWS_37	resource	aws_apigatewayv2_api	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
472	CKV2_AWS_37	resource	aws_apigatewayv2_api_mapping	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
473	CKV2_AWS_37	resource	aws_apigatewayv2_authorizer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
474	CKV2_AWS_37	resource	aws_apigatewayv2_deployment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
475	CKV2_AWS_37	resource	aws_apigatewayv2_domain_name	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
476	CKV2_AWS_37	resource	aws_apigatewayv2_integration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
477	CKV2_AWS_37	resource	aws_apigatewayv2_integration_response	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
478	CKV2_AWS_37	resource	aws_apigatewayv2_model	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
479	CKV2_AWS_37	resource	aws_apigatewayv2_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
480	CKV2_AWS_37	resource	aws_apigatewayv2_route_response	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
481	CKV2_AWS_37	resource	aws_apigatewayv2_stage	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
482	CKV2_AWS_37	resource	aws_apigatewayv2_vpc_link	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
483	CKV2_AWS_37	resource	aws_app_cookie_stickiness_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
484	CKV2_AWS_37	resource	aws_appautoscaling_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
485	CKV2_AWS_37	resource	aws_appautoscaling_scheduled_action	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
486	CKV2_AWS_37	resource	aws_appautoscaling_target	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
487	CKV2_AWS_37	resource	aws_appmesh_mesh	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
488	CKV2_AWS_37	resource	aws_appmesh_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
489	CKV2_AWS_37	resource	aws_appmesh_virtual_node	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
490	CKV2_AWS_37	resource	aws_appmesh_virtual_router	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
491	CKV2_AWS_37	resource	aws_appmesh_virtual_service	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
492	CKV2_AWS_37	resource	aws_appsync_api_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
493	CKV2_AWS_37	resource	aws_appsync_datasource	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
494	CKV2_AWS_37	resource	aws_appsync_function	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
495	CKV2_AWS_37	resource	aws_appsync_graphql_api	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
496	CKV2_AWS_37	resource	aws_appsync_resolver	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
497	CKV2_AWS_37	resource	aws_athena_database	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
498	CKV2_AWS_37	resource	aws_athena_named_query	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
499	CKV2_AWS_37	resource	aws_athena_workgroup	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
500	CKV2_AWS_37	resource	aws_autoscaling_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
501	CKV2_AWS_37	resource	aws_autoscaling_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
502	CKV2_AWS_37	resource	aws_autoscaling_lifecycle_hook	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
503	CKV2_AWS_37	resource	aws_autoscaling_notification	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
504	CKV2_AWS_37	resource	aws_autoscaling_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
505	CKV2_AWS_37	resource	aws_autoscaling_schedule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
506	CKV2_AWS_37	resource	aws_backup_plan	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
507	CKV2_AWS_37	resource	aws_backup_selection	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
508	CKV2_AWS_37	resource	aws_backup_vault	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
509	CKV2_AWS_37	resource	aws_batch_compute_environment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
510	CKV2_AWS_37	resource	aws_batch_job_definition	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
511	CKV2_AWS_37	resource	aws_batch_job_queue	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
512	CKV2_AWS_37	resource	aws_budgets_budget	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
513	CKV2_AWS_37	resource	aws_cloud9_environment_ec2	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
514	CKV2_AWS_37	resource	aws_cloudformation_stack	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
515	CKV2_AWS_37	resource	aws_cloudformation_stack_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
516	CKV2_AWS_37	resource	aws_cloudformation_stack_set_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
517	CKV2_AWS_37	resource	aws_cloudfront_distribution	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
518	CKV2_AWS_37	resource	aws_cloudfront_origin_access_identity	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
519	CKV2_AWS_37	resource	aws_cloudfront_public_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
520	CKV2_AWS_37	resource	aws_cloudhsm_v2_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
521	CKV2_AWS_37	resource	aws_cloudhsm_v2_hsm	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
522	CKV2_AWS_37	resource	aws_cloudtrail	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
523	CKV2_AWS_37	resource	aws_cloudwatch_dashboard	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
524	CKV2_AWS_37	resource	aws_cloudwatch_event_permission	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
525	CKV2_AWS_37	resource	aws_cloudwatch_event_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
526	CKV2_AWS_37	resource	aws_cloudwatch_event_target	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
527	CKV2_AWS_37	resource	aws_cloudwatch_log_destination	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
528	CKV2_AWS_37	resource	aws_cloudwatch_log_destination_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
529	CKV2_AWS_37	resource	aws_cloudwatch_log_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
530	CKV2_AWS_37	resource	aws_cloudwatch_log_metric_filter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
531	CKV2_AWS_37	resource	aws_cloudwatch_log_resource_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
532	CKV2_AWS_37	resource	aws_cloudwatch_log_stream	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
533	CKV2_AWS_37	resource	aws_cloudwatch_log_subscription_filter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
534	CKV2_AWS_37	resource	aws_cloudwatch_metric_alarm	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
535	CKV2_AWS_37	resource	aws_codebuild_project	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
536	CKV2_AWS_37	resource	aws_codebuild_source_credential	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
537	CKV2_AWS_37	resource	aws_codebuild_webhook	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
538	CKV2_AWS_37	resource	aws_codecommit_repository	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
539	CKV2_AWS_37	resource	aws_codecommit_trigger	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
540	CKV2_AWS_37	resource	aws_codedeploy_app	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
541	CKV2_AWS_37	resource	aws_codedeploy_deployment_config	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
542	CKV2_AWS_37	resource	aws_codedeploy_deployment_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
543	CKV2_AWS_37	resource	aws_codepipeline	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
544	CKV2_AWS_37	resource	aws_codepipeline_webhook	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
545	CKV2_AWS_37	resource	aws_codestarnotifications_notification_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
546	CKV2_AWS_37	resource	aws_cognito_identity_pool	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
547	CKV2_AWS_37	resource	aws_cognito_identity_pool_roles_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
548	CKV2_AWS_37	resource	aws_cognito_identity_provider	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
549	CKV2_AWS_37	resource	aws_cognito_resource_server	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
550	CKV2_AWS_37	resource	aws_cognito_user_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
551	CKV2_AWS_37	resource	aws_cognito_user_pool	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
552	CKV2_AWS_37	resource	aws_cognito_user_pool_client	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
553	CKV2_AWS_37	resource	aws_cognito_user_pool_domain	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
554	CKV2_AWS_37	resource	aws_config_aggregate_authorization	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
555	CKV2_AWS_37	resource	aws_config_config_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
556	CKV2_AWS_37	resource	aws_config_configuration_aggregator	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
557	CKV2_AWS_37	resource	aws_config_configuration_recorder	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
558	CKV2_AWS_37	resource	aws_config_configuration_recorder_status	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
559	CKV2_AWS_37	resource	aws_config_delivery_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
560	CKV2_AWS_37	resource	aws_config_organization_custom_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
561	CKV2_AWS_37	resource	aws_config_organization_managed_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
562	CKV2_AWS_37	resource	aws_cur_report_definition	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
563	CKV2_AWS_37	resource	aws_customer_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
564	CKV2_AWS_37	resource	aws_datapipeline_pipeline	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
565	CKV2_AWS_37	resource	aws_datasync_agent	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
566	CKV2_AWS_37	resource	aws_datasync_location_efs	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
567	CKV2_AWS_37	resource	aws_datasync_location_nfs	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
568	CKV2_AWS_37	resource	aws_datasync_location_s3	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
569	CKV2_AWS_37	resource	aws_datasync_location_smb	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
570	CKV2_AWS_37	resource	aws_datasync_task	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
571	CKV2_AWS_37	resource	aws_dax_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
572	CKV2_AWS_37	resource	aws_dax_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
573	CKV2_AWS_37	resource	aws_dax_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
574	CKV2_AWS_37	resource	aws_db_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
575	CKV2_AWS_37	resource	aws_db_event_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
576	CKV2_AWS_37	resource	aws_db_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
577	CKV2_AWS_37	resource	aws_db_instance_role_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
578	CKV2_AWS_37	resource	aws_db_option_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
579	CKV2_AWS_37	resource	aws_db_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
580	CKV2_AWS_37	resource	aws_db_security_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
581	CKV2_AWS_37	resource	aws_db_snapshot	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
582	CKV2_AWS_37	resource	aws_db_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
583	CKV2_AWS_37	resource	aws_default_network_acl	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
584	CKV2_AWS_37	resource	aws_default_route_table	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
585	CKV2_AWS_37	resource	aws_default_security_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
586	CKV2_AWS_37	resource	aws_default_subnet	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
587	CKV2_AWS_37	resource	aws_default_vpc	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
588	CKV2_AWS_37	resource	aws_default_vpc_dhcp_options	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
589	CKV2_AWS_37	resource	aws_devicefarm_project	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
590	CKV2_AWS_37	resource	aws_directory_service_conditional_forwarder	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
591	CKV2_AWS_37	resource	aws_directory_service_directory	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
592	CKV2_AWS_37	resource	aws_directory_service_log_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
593	CKV2_AWS_37	resource	aws_dlm_lifecycle_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
594	CKV2_AWS_37	resource	aws_dms_certificate	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
595	CKV2_AWS_37	resource	aws_dms_endpoint	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
596	CKV2_AWS_37	resource	aws_dms_event_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
597	CKV2_AWS_37	resource	aws_dms_replication_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
598	CKV2_AWS_37	resource	aws_dms_replication_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
599	CKV2_AWS_37	resource	aws_dms_replication_task	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
600	CKV2_AWS_37	resource	aws_docdb_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
601	CKV2_AWS_37	resource	aws_docdb_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
602	CKV2_AWS_37	resource	aws_docdb_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
603	CKV2_AWS_37	resource	aws_docdb_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
604	CKV2_AWS_37	resource	aws_docdb_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
605	CKV2_AWS_37	resource	aws_dx_bgp_peer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
606	CKV2_AWS_37	resource	aws_dx_connection	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
607	CKV2_AWS_37	resource	aws_dx_connection_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
608	CKV2_AWS_37	resource	aws_dx_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
609	CKV2_AWS_37	resource	aws_dx_gateway_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
610	CKV2_AWS_37	resource	aws_dx_gateway_association_proposal	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
611	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
612	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
613	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
614	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
615	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
616	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
617	CKV2_AWS_37	resource	aws_dx_lag	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
618	CKV2_AWS_37	resource	aws_dx_private_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
619	CKV2_AWS_37	resource	aws_dx_public_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
620	CKV2_AWS_37	resource	aws_dx_transit_virtual_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
621	CKV2_AWS_37	resource	aws_dynamodb_global_table	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
622	CKV2_AWS_37	resource	aws_dynamodb_table	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
623	CKV2_AWS_37	resource	aws_dynamodb_table_item	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
624	CKV2_AWS_37	resource	aws_ebs_default_kms_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
625	CKV2_AWS_37	resource	aws_ebs_encryption_by_default	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
626	CKV2_AWS_37	resource	aws_ebs_snapshot	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
627	CKV2_AWS_37	resource	aws_ebs_snapshot_copy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
628	CKV2_AWS_37	resource	aws_ebs_volume	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
629	CKV2_AWS_37	resource	aws_ec2_availability_zone_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
630	CKV2_AWS_37	resource	aws_ec2_capacity_reservation	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
631	CKV2_AWS_37	resource	aws_ec2_client_vpn_authorization_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
632	CKV2_AWS_37	resource	aws_ec2_client_vpn_endpoint	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
633	CKV2_AWS_37	resource	aws_ec2_client_vpn_network_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
634	CKV2_AWS_37	resource	aws_ec2_client_vpn_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
635	CKV2_AWS_37	resource	aws_ec2_fleet	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
636	CKV2_AWS_37	resource	aws_ec2_local_gateway_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
637	CKV2_AWS_37	resource	aws_ec2_local_gateway_route_table_vpc_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
638	CKV2_AWS_37	resource	aws_ec2_tag	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
639	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
640	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
641	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_session	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
642	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_target	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
643	CKV2_AWS_37	resource	aws_ec2_transit_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
644	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
645	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
646	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
647	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
648	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
649	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_propagation	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
650	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
651	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
652	CKV2_AWS_37	resource	aws_ecr_lifecycle_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
653	CKV2_AWS_37	resource	aws_ecr_repository	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
654	CKV2_AWS_37	resource	aws_ecr_repository_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
655	CKV2_AWS_37	resource	aws_ecs_capacity_provider	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
656	CKV2_AWS_37	resource	aws_ecs_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
657	CKV2_AWS_37	resource	aws_ecs_service	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
658	CKV2_AWS_37	resource	aws_ecs_task_definition	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
659	CKV2_AWS_37	resource	aws_efs_access_point	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
660	CKV2_AWS_37	resource	aws_efs_file_system	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
661	CKV2_AWS_37	resource	aws_efs_file_system_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
662	CKV2_AWS_37	resource	aws_efs_mount_target	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
663	CKV2_AWS_37	resource	aws_egress_only_internet_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
664	CKV2_AWS_37	resource	aws_eip	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
665	CKV2_AWS_37	resource	aws_eip_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
666	CKV2_AWS_37	resource	aws_eks_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
667	CKV2_AWS_37	resource	aws_eks_fargate_profile	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
668	CKV2_AWS_37	resource	aws_eks_node_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
669	CKV2_AWS_37	resource	aws_elastic_beanstalk_application	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
670	CKV2_AWS_37	resource	aws_elastic_beanstalk_application_version	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
671	CKV2_AWS_37	resource	aws_elastic_beanstalk_configuration_template	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
672	CKV2_AWS_37	resource	aws_elastic_beanstalk_environment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
673	CKV2_AWS_37	resource	aws_elasticache_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
674	CKV2_AWS_37	resource	aws_elasticache_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
675	CKV2_AWS_37	resource	aws_elasticache_replication_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
676	CKV2_AWS_37	resource	aws_elasticache_security_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
677	CKV2_AWS_37	resource	aws_elasticache_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
678	CKV2_AWS_37	resource	aws_elasticsearch_domain	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
679	CKV2_AWS_37	resource	aws_elasticsearch_domain_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
680	CKV2_AWS_37	resource	aws_elastictranscoder_pipeline	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
681	CKV2_AWS_37	resource	aws_elastictranscoder_preset	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
682	CKV2_AWS_37	resource	aws_elb	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
683	CKV2_AWS_37	resource	aws_elb_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
684	CKV2_AWS_37	resource	aws_emr_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
685	CKV2_AWS_37	resource	aws_emr_instance_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
686	CKV2_AWS_37	resource	aws_emr_security_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
687	CKV2_AWS_37	resource	aws_flow_log	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
688	CKV2_AWS_37	resource	aws_fms_admin_account	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
689	CKV2_AWS_37	resource	aws_fsx_lustre_file_system	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
690	CKV2_AWS_37	resource	aws_fsx_windows_file_system	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
691	CKV2_AWS_37	resource	aws_gamelift_alias	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
692	CKV2_AWS_37	resource	aws_gamelift_build	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
693	CKV2_AWS_37	resource	aws_gamelift_fleet	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
694	CKV2_AWS_37	resource	aws_gamelift_game_session_queue	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
695	CKV2_AWS_37	resource	aws_glacier_vault	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
696	CKV2_AWS_37	resource	aws_glacier_vault_lock	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
697	CKV2_AWS_37	resource	aws_globalaccelerator_accelerator	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
698	CKV2_AWS_37	resource	aws_globalaccelerator_endpoint_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
699	CKV2_AWS_37	resource	aws_globalaccelerator_listener	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
700	CKV2_AWS_37	resource	aws_glue_catalog_database	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
701	CKV2_AWS_37	resource	aws_glue_catalog_table	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
702	CKV2_AWS_37	resource	aws_glue_classifier	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
703	CKV2_AWS_37	resource	aws_glue_connection	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
704	CKV2_AWS_37	resource	aws_glue_crawler	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
705	CKV2_AWS_37	resource	aws_glue_job	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
706	CKV2_AWS_37	resource	aws_glue_security_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
707	CKV2_AWS_37	resource	aws_glue_trigger	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
708	CKV2_AWS_37	resource	aws_glue_workflow	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
709	CKV2_AWS_37	resource	aws_guardduty_detector	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
710	CKV2_AWS_37	resource	aws_guardduty_invite_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
711	CKV2_AWS_37	resource	aws_guardduty_ipset	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
712	CKV2_AWS_37	resource	aws_guardduty_member	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
713	CKV2_AWS_37	resource	aws_guardduty_organization_admin_account	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
714	CKV2_AWS_37	resource	aws_guardduty_organization_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
715	CKV2_AWS_37	resource	aws_guardduty_threatintelset	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
716	CKV2_AWS_37	resource	aws_iam_access_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
717	CKV2_AWS_37	resource	aws_iam_account_alias	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
718	CKV2_AWS_37	resource	aws_iam_account_password_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
719	CKV2_AWS_37	resource	aws_iam_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
720	CKV2_AWS_37	resource	aws_iam_group_membership	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
721	CKV2_AWS_37	resource	aws_iam_group_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
722	CKV2_AWS_37	resource	aws_iam_group_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
723	CKV2_AWS_37	resource	aws_iam_instance_profile	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
724	CKV2_AWS_37	resource	aws_iam_openid_connect_provider	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
725	CKV2_AWS_37	resource	aws_iam_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
726	CKV2_AWS_37	resource	aws_iam_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
727	CKV2_AWS_37	resource	aws_iam_policy_document	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
728	CKV2_AWS_37	resource	aws_iam_role	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
729	CKV2_AWS_37	resource	aws_iam_role_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
730	CKV2_AWS_37	resource	aws_iam_role_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
731	CKV2_AWS_37	resource	aws_iam_saml_provider	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
732	CKV2_AWS_37	resource	aws_iam_server_certificate	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
733	CKV2_AWS_37	resource	aws_iam_service_linked_role	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
734	CKV2_AWS_37	resource	aws_iam_user	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
735	CKV2_AWS_37	resource	aws_iam_user_group_membership	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
736	CKV2_AWS_37	resource	aws_iam_user_login_profile	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
737	CKV2_AWS_37	resource	aws_iam_user_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
738	CKV2_AWS_37	resource	aws_iam_user_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
739	CKV2_AWS_37	resource	aws_iam_user_ssh_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
740	CKV2_AWS_37	resource	aws_inspector_assessment_target	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
741	CKV2_AWS_37	resource	aws_inspector_assessment_template	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
742	CKV2_AWS_37	resource	aws_inspector_resource_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
743	CKV2_AWS_37	resource	aws_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
744	CKV2_AWS_37	resource	aws_internet_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
745	CKV2_AWS_37	resource	aws_iot_certificate	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
746	CKV2_AWS_37	resource	aws_iot_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
747	CKV2_AWS_37	resource	aws_iot_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
748	CKV2_AWS_37	resource	aws_iot_role_alias	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
749	CKV2_AWS_37	resource	aws_iot_thing	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
750	CKV2_AWS_37	resource	aws_iot_thing_principal_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
751	CKV2_AWS_37	resource	aws_iot_thing_type	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
752	CKV2_AWS_37	resource	aws_iot_topic_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
753	CKV2_AWS_37	resource	aws_key_pair	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
754	CKV2_AWS_37	resource	aws_kinesis_analytics_application	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
755	CKV2_AWS_37	resource	aws_kinesis_firehose_delivery_stream	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
756	CKV2_AWS_37	resource	aws_kinesis_stream	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
757	CKV2_AWS_37	resource	aws_kinesis_video_stream	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
758	CKV2_AWS_37	resource	aws_kms_alias	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
759	CKV2_AWS_37	resource	aws_kms_ciphertext	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
760	CKV2_AWS_37	resource	aws_kms_external_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
761	CKV2_AWS_37	resource	aws_kms_grant	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
762	CKV2_AWS_37	resource	aws_kms_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
763	CKV2_AWS_37	resource	aws_lambda_alias	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
764	CKV2_AWS_37	resource	aws_lambda_event_source_mapping	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
765	CKV2_AWS_37	resource	aws_lambda_function	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
766	CKV2_AWS_37	resource	aws_lambda_function_event_invoke_config	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
767	CKV2_AWS_37	resource	aws_lambda_layer_version	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
768	CKV2_AWS_37	resource	aws_lambda_permission	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
769	CKV2_AWS_37	resource	aws_lambda_provisioned_concurrency_config	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
770	CKV2_AWS_37	resource	aws_launch_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
771	CKV2_AWS_37	resource	aws_launch_template	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
772	CKV2_AWS_37	resource	aws_lb	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
773	CKV2_AWS_37	resource	aws_lb_cookie_stickiness_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
774	CKV2_AWS_37	resource	aws_lb_listener	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
775	CKV2_AWS_37	resource	aws_lb_listener_certificate	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
776	CKV2_AWS_37	resource	aws_lb_listener_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
777	CKV2_AWS_37	resource	aws_lb_ssl_negotiation_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
778	CKV2_AWS_37	resource	aws_lb_target_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
779	CKV2_AWS_37	resource	aws_lb_target_group_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
780	CKV2_AWS_37	resource	aws_licensemanager_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
781	CKV2_AWS_37	resource	aws_licensemanager_license_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
782	CKV2_AWS_37	resource	aws_lightsail_domain	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
783	CKV2_AWS_37	resource	aws_lightsail_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
784	CKV2_AWS_37	resource	aws_lightsail_key_pair	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
785	CKV2_AWS_37	resource	aws_lightsail_static_ip	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
786	CKV2_AWS_37	resource	aws_lightsail_static_ip_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
787	CKV2_AWS_37	resource	aws_load_balancer_backend_server_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
788	CKV2_AWS_37	resource	aws_load_balancer_listener_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
789	CKV2_AWS_37	resource	aws_load_balancer_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
790	CKV2_AWS_37	resource	aws_macie_member_account_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
791	CKV2_AWS_37	resource	aws_macie_s3_bucket_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
792	CKV2_AWS_37	resource	aws_main_route_table_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
793	CKV2_AWS_37	resource	aws_media_convert_queue	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
794	CKV2_AWS_37	resource	aws_media_package_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
795	CKV2_AWS_37	resource	aws_media_store_container	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
796	CKV2_AWS_37	resource	aws_media_store_container_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
797	CKV2_AWS_37	resource	aws_mq_broker	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
798	CKV2_AWS_37	resource	aws_mq_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
799	CKV2_AWS_37	resource	aws_msk_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
800	CKV2_AWS_37	resource	aws_msk_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
801	CKV2_AWS_37	resource	aws_nat_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
802	CKV2_AWS_37	resource	aws_neptune_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
803	CKV2_AWS_37	resource	aws_neptune_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
804	CKV2_AWS_37	resource	aws_neptune_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
805	CKV2_AWS_37	resource	aws_neptune_cluster_snapshot	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
806	CKV2_AWS_37	resource	aws_neptune_event_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
807	CKV2_AWS_37	resource	aws_neptune_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
808	CKV2_AWS_37	resource	aws_neptune_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
809	CKV2_AWS_37	resource	aws_network_acl	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
810	CKV2_AWS_37	resource	aws_network_acl_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
811	CKV2_AWS_37	resource	aws_network_interface	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
812	CKV2_AWS_37	resource	aws_network_interface_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
813	CKV2_AWS_37	resource	aws_network_interface_sg_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
814	CKV2_AWS_37	resource	aws_opsworks_application	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
815	CKV2_AWS_37	resource	aws_opsworks_custom_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
816	CKV2_AWS_37	resource	aws_opsworks_ganglia_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
817	CKV2_AWS_37	resource	aws_opsworks_haproxy_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
818	CKV2_AWS_37	resource	aws_opsworks_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
819	CKV2_AWS_37	resource	aws_opsworks_java_app_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
820	CKV2_AWS_37	resource	aws_opsworks_memcached_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
821	CKV2_AWS_37	resource	aws_opsworks_mysql_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
822	CKV2_AWS_37	resource	aws_opsworks_nodejs_app_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
823	CKV2_AWS_37	resource	aws_opsworks_permission	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
824	CKV2_AWS_37	resource	aws_opsworks_php_app_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
825	CKV2_AWS_37	resource	aws_opsworks_rails_app_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
826	CKV2_AWS_37	resource	aws_opsworks_rds_db_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
827	CKV2_AWS_37	resource	aws_opsworks_stack	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
828	CKV2_AWS_37	resource	aws_opsworks_static_web_layer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
829	CKV2_AWS_37	resource	aws_opsworks_user_profile	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
830	CKV2_AWS_37	resource	aws_organizations_account	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
831	CKV2_AWS_37	resource	aws_organizations_organization	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
832	CKV2_AWS_37	resource	aws_organizations_organizational_unit	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
833	CKV2_AWS_37	resource	aws_organizations_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
834	CKV2_AWS_37	resource	aws_organizations_policy_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
835	CKV2_AWS_37	resource	aws_pinpoint_adm_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
836	CKV2_AWS_37	resource	aws_pinpoint_apns_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
837	CKV2_AWS_37	resource	aws_pinpoint_apns_sandbox_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
838	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
839	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_sandbox_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
840	CKV2_AWS_37	resource	aws_pinpoint_app	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
841	CKV2_AWS_37	resource	aws_pinpoint_baidu_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
842	CKV2_AWS_37	resource	aws_pinpoint_email_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
843	CKV2_AWS_37	resource	aws_pinpoint_event_stream	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
844	CKV2_AWS_37	resource	aws_pinpoint_gcm_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
845	CKV2_AWS_37	resource	aws_pinpoint_sms_channel	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
846	CKV2_AWS_37	resource	aws_placement_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
847	CKV2_AWS_37	resource	aws_proxy_protocol_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
848	CKV2_AWS_37	resource	aws_qldb_ledger	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
849	CKV2_AWS_37	resource	aws_quicksight_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
850	CKV2_AWS_37	resource	aws_quicksight_user	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
851	CKV2_AWS_37	resource	aws_ram_principal_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
852	CKV2_AWS_37	resource	aws_ram_resource_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
853	CKV2_AWS_37	resource	aws_ram_resource_share	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
854	CKV2_AWS_37	resource	aws_ram_resource_share_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
855	CKV2_AWS_37	resource	aws_rds_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
856	CKV2_AWS_37	resource	aws_rds_cluster_endpoint	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
857	CKV2_AWS_37	resource	aws_rds_cluster_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
858	CKV2_AWS_37	resource	aws_rds_cluster_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
859	CKV2_AWS_37	resource	aws_rds_global_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
860	CKV2_AWS_37	resource	aws_redshift_cluster	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
861	CKV2_AWS_37	resource	aws_redshift_event_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
862	CKV2_AWS_37	resource	aws_redshift_parameter_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
863	CKV2_AWS_37	resource	aws_redshift_security_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
864	CKV2_AWS_37	resource	aws_redshift_snapshot_copy_grant	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
865	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
866	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
867	CKV2_AWS_37	resource	aws_redshift_subnet_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
868	CKV2_AWS_37	resource	aws_resourcegroups_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
869	CKV2_AWS_37	resource	aws_root	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
870	CKV2_AWS_37	resource	aws_root_access_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
871	CKV2_AWS_37	resource	aws_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
872	CKV2_AWS_37	resource	aws_route53_delegation_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
873	CKV2_AWS_37	resource	aws_route53_health_check	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
874	CKV2_AWS_37	resource	aws_route53_query_log	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
875	CKV2_AWS_37	resource	aws_route53_record	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
876	CKV2_AWS_37	resource	aws_route53_resolver_endpoint	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
877	CKV2_AWS_37	resource	aws_route53_resolver_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
878	CKV2_AWS_37	resource	aws_route53_resolver_rule_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
879	CKV2_AWS_37	resource	aws_route53_vpc_association_authorization	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
880	CKV2_AWS_37	resource	aws_route53_zone	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
881	CKV2_AWS_37	resource	aws_route53_zone_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
882	CKV2_AWS_37	resource	aws_route_table	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
883	CKV2_AWS_37	resource	aws_route_table_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
884	CKV2_AWS_37	resource	aws_s3_access_point	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
885	CKV2_AWS_37	resource	aws_s3_account_public_access_block	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
886	CKV2_AWS_37	resource	aws_s3_bucket	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
887	CKV2_AWS_37	resource	aws_s3_bucket_analytics_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
888	CKV2_AWS_37	resource	aws_s3_bucket_inventory	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
889	CKV2_AWS_37	resource	aws_s3_bucket_metric	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
890	CKV2_AWS_37	resource	aws_s3_bucket_notification	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
891	CKV2_AWS_37	resource	aws_s3_bucket_object	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
892	CKV2_AWS_37	resource	aws_s3_bucket_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
893	CKV2_AWS_37	resource	aws_s3_bucket_public_access_block	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
894	CKV2_AWS_37	resource	aws_sagemaker_endpoint	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
895	CKV2_AWS_37	resource	aws_sagemaker_endpoint_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
896	CKV2_AWS_37	resource	aws_sagemaker_model	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
897	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
898	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance_lifecycle_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
899	CKV2_AWS_37	resource	aws_secretsmanager_secret	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
900	CKV2_AWS_37	resource	aws_secretsmanager_secret_rotation	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
901	CKV2_AWS_37	resource	aws_secretsmanager_secret_version	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
902	CKV2_AWS_37	resource	aws_security_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
903	CKV2_AWS_37	resource	aws_security_group_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
904	CKV2_AWS_37	resource	aws_securityhub_account	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
905	CKV2_AWS_37	resource	aws_securityhub_member	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
906	CKV2_AWS_37	resource	aws_securityhub_product_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
907	CKV2_AWS_37	resource	aws_securityhub_standards_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
908	CKV2_AWS_37	resource	aws_service_discovery_http_namespace	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
909	CKV2_AWS_37	resource	aws_service_discovery_private_dns_namespace	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
910	CKV2_AWS_37	resource	aws_service_discovery_public_dns_namespace	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
911	CKV2_AWS_37	resource	aws_service_discovery_service	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
912	CKV2_AWS_37	resource	aws_servicecatalog_portfolio	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
913	CKV2_AWS_37	resource	aws_servicequotas_service_quota	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
914	CKV2_AWS_37	resource	aws_ses_active_receipt_rule_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
915	CKV2_AWS_37	resource	aws_ses_configuration_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
916	CKV2_AWS_37	resource	aws_ses_domain_dkim	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
917	CKV2_AWS_37	resource	aws_ses_domain_identity	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
918	CKV2_AWS_37	resource	aws_ses_domain_identity_verification	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
919	CKV2_AWS_37	resource	aws_ses_domain_mail_from	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
920	CKV2_AWS_37	resource	aws_ses_email_identity	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
921	CKV2_AWS_37	resource	aws_ses_event_destination	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
922	CKV2_AWS_37	resource	aws_ses_identity_notification_topic	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
923	CKV2_AWS_37	resource	aws_ses_identity_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
924	CKV2_AWS_37	resource	aws_ses_receipt_filter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
925	CKV2_AWS_37	resource	aws_ses_receipt_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
926	CKV2_AWS_37	resource	aws_ses_receipt_rule_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
927	CKV2_AWS_37	resource	aws_ses_template	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
928	CKV2_AWS_37	resource	aws_sfn_activity	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
929	CKV2_AWS_37	resource	aws_sfn_state_machine	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
930	CKV2_AWS_37	resource	aws_shield_protection	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
931	CKV2_AWS_37	resource	aws_simpledb_domain	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
932	CKV2_AWS_37	resource	aws_snapshot_create_volume_permission	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
933	CKV2_AWS_37	resource	aws_sns_platform_application	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
934	CKV2_AWS_37	resource	aws_sns_sms_preferences	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
935	CKV2_AWS_37	resource	aws_sns_topic	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
936	CKV2_AWS_37	resource	aws_sns_topic_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
937	CKV2_AWS_37	resource	aws_sns_topic_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
938	CKV2_AWS_37	resource	aws_spot_datafeed_subscription	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
939	CKV2_AWS_37	resource	aws_spot_fleet_request	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
940	CKV2_AWS_37	resource	aws_spot_instance_request	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
941	CKV2_AWS_37	resource	aws_sqs_queue	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
942	CKV2_AWS_37	resource	aws_sqs_queue_policy	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
943	CKV2_AWS_37	resource	aws_ssm_activation	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
944	CKV2_AWS_37	resource	aws_ssm_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
945	CKV2_AWS_37	resource	aws_ssm_document	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
946	CKV2_AWS_37	resource	aws_ssm_maintenance_window	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
947	CKV2_AWS_37	resource	aws_ssm_maintenance_window_target	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
948	CKV2_AWS_37	resource	aws_ssm_maintenance_window_task	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
949	CKV2_AWS_37	resource	aws_ssm_parameter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
950	CKV2_AWS_37	resource	aws_ssm_patch_baseline	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
951	CKV2_AWS_37	resource	aws_ssm_patch_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
952	CKV2_AWS_37	resource	aws_ssm_resource_data_sync	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
953	CKV2_AWS_37	resource	aws_storagegateway_cache	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
954	CKV2_AWS_37	resource	aws_storagegateway_cached_iscsi_volume	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
955	CKV2_AWS_37	resource	aws_storagegateway_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
956	CKV2_AWS_37	resource	aws_storagegateway_nfs_file_share	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
957	CKV2_AWS_37	resource	aws_storagegateway_smb_file_share	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
958	CKV2_AWS_37	resource	aws_storagegateway_upload_buffer	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
959	CKV2_AWS_37	resource	aws_storagegateway_working_storage	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
960	CKV2_AWS_37	resource	aws_subnet	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
961	CKV2_AWS_37	resource	aws_swf_domain	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
962	CKV2_AWS_37	resource	aws_transfer_server	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
963	CKV2_AWS_37	resource	aws_transfer_ssh_key	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
964	CKV2_AWS_37	resource	aws_transfer_user	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
965	CKV2_AWS_37	resource	aws_volume_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
966	CKV2_AWS_37	resource	aws_vpc	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
967	CKV2_AWS_37	resource	aws_vpc_dhcp_options	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
968	CKV2_AWS_37	resource	aws_vpc_dhcp_options_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
969	CKV2_AWS_37	resource	aws_vpc_endpoint	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
970	CKV2_AWS_37	resource	aws_vpc_endpoint_connection_notification	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
971	CKV2_AWS_37	resource	aws_vpc_endpoint_route_table_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
972	CKV2_AWS_37	resource	aws_vpc_endpoint_service	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
973	CKV2_AWS_37	resource	aws_vpc_endpoint_service_allowed_principal	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
974	CKV2_AWS_37	resource	aws_vpc_endpoint_subnet_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
975	CKV2_AWS_37	resource	aws_vpc_ipv4_cidr_block_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
976	CKV2_AWS_37	resource	aws_vpc_peering_connection	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
977	CKV2_AWS_37	resource	aws_vpc_peering_connection_accepter	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
978	CKV2_AWS_37	resource	aws_vpc_peering_connection_options	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
979	CKV2_AWS_37	resource	aws_vpn_connection	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
980	CKV2_AWS_37	resource	aws_vpn_connection_route	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
981	CKV2_AWS_37	resource	aws_vpn_gateway	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
982	CKV2_AWS_37	resource	aws_vpn_gateway_attachment	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
983	CKV2_AWS_37	resource	aws_vpn_gateway_route_propagation	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
984	CKV2_AWS_37	resource	aws_waf_byte_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
985	CKV2_AWS_37	resource	aws_waf_geo_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
986	CKV2_AWS_37	resource	aws_waf_ipset	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
987	CKV2_AWS_37	resource	aws_waf_rate_based_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
988	CKV2_AWS_37	resource	aws_waf_regex_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
989	CKV2_AWS_37	resource	aws_waf_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
990	CKV2_AWS_37	resource	aws_waf_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
991	CKV2_AWS_37	resource	aws_waf_rule_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
992	CKV2_AWS_37	resource	aws_waf_size_constraint_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
993	CKV2_AWS_37	resource	aws_waf_sql_injection_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
994	CKV2_AWS_37	resource	aws_waf_web_acl	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
995	CKV2_AWS_37	resource	aws_waf_xss_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
996	CKV2_AWS_37	resource	aws_wafregional_byte_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
997	CKV2_AWS_37	resource	aws_wafregional_geo_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
998	CKV2_AWS_37	resource	aws_wafregional_ipset	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
999	CKV2_AWS_37	resource	aws_wafregional_rate_based_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1000	CKV2_AWS_37	resource	aws_wafregional_regex_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1001	CKV2_AWS_37	resource	aws_wafregional_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1002	CKV2_AWS_37	resource	aws_wafregional_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1003	CKV2_AWS_37	resource	aws_wafregional_rule_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1004	CKV2_AWS_37	resource	aws_wafregional_size_constraint_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1005	CKV2_AWS_37	resource	aws_wafregional_sql_injection_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1006	CKV2_AWS_37	resource	aws_wafregional_web_acl	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1007	CKV2_AWS_37	resource	aws_wafregional_web_acl_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1008	CKV2_AWS_37	resource	aws_wafregional_xss_match_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1009	CKV2_AWS_37	resource	aws_wafv2_ip_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1010	CKV2_AWS_37	resource	aws_wafv2_regex_pattern_set	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1011	CKV2_AWS_37	resource	aws_wafv2_rule_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1012	CKV2_AWS_37	resource	aws_wafv2_web_acl	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1013	CKV2_AWS_37	resource	aws_wafv2_web_acl_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1014	CKV2_AWS_37	resource	aws_wafv2_web_acl_logging_configuration	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1015	CKV2_AWS_37	resource	aws_worklink_fleet	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1016	CKV2_AWS_37	resource	aws_worklink_website_certificate_authority_association	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1017	CKV2_AWS_37	resource	aws_workspaces_directory	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1018	CKV2_AWS_37	resource	aws_workspaces_ip_group	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1019	CKV2_AWS_37	resource	aws_workspaces_workspace	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1020	CKV2_AWS_37	resource	aws_xray_sampling_rule	Ensure Codecommit associates an approval rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1021	CKV2_AWS_38	resource	aws_route53_zone	Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1022	CKV2_AWS_39	resource	aws_route53_zone	Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1023	CKV2_AWS_40	resource	aws_iam_group_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1024	CKV2_AWS_40	resource	aws_iam_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1025	CKV2_AWS_40	resource	aws_iam_role_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1026	CKV2_AWS_40	resource	aws_iam_user_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1027	CKV2_AWS_40	resource	aws_ssoadmin_permission_set_inline_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1028	CKV2_AWS_40	resource	data.aws_iam_policy_document	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1029	CKV2_AWS_41	resource	aws_instance	Ensure an IAM role is attached to EC2 instance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1030	CKV2_AWS_42	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution uses custom SSL certificate	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1031	CKV2_AWS_43	resource	aws_s3_bucket_acl	Ensure S3 Bucket does not allow access to all Authenticated users	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1032	CKV2_AWS_44	resource	aws_route	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1033	CKV2_AWS_44	resource	aws_route_table	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1034	CKV_AZURE_1	resource	azurerm_linux_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureInstancePassword.py
1035	CKV_AZURE_1	resource	azurerm_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureInstancePassword.py
1036	CKV_AZURE_2	resource	azurerm_managed_disk	Ensure Azure managed disk has encryption enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureManagedDiskEncryption.py
1037	CKV_AZURE_3	resource	azurerm_storage_account	Ensure that ‘Secure transfer required’ is set to ‘Enabled’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountsTransportEncryption.py
1038	CKV_AZURE_4	resource	azurerm_kubernetes_cluster	Ensure AKS logging to Azure Monitoring is Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSLoggingEnabled.py
1039	CKV_AZURE_5	resource	azurerm_kubernetes_cluster	Ensure RBAC is enabled on AKS clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSRbacEnabled.py
1040	CKV_AZURE_6	resource	azurerm_kubernetes_cluster	Ensure AKS has an API Server Authorized IP Ranges enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSApiServerAuthorizedIpRanges.py
1041	CKV_AZURE_7	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Network Policy configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSNetworkPolicy.py
1042	CKV_AZURE_8	resource	azurerm_kubernetes_cluster	Ensure Kubernetes Dashboard is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSDashboardDisabled.py
1043	CKV_AZURE_9	resource	azurerm_network_security_group	Ensure that RDP access is restricted from the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleRDPAccessRestricted.py
1044	CKV_AZURE_9	resource	azurerm_network_security_rule	Ensure that RDP access is restricted from the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleRDPAccessRestricted.py
1045	CKV_AZURE_10	resource	azurerm_network_security_group	Ensure that SSH access is restricted from the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleSSHAccessRestricted.py
1046	CKV_AZURE_10	resource	azurerm_network_security_rule	Ensure that SSH access is restricted from the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleSSHAccessRestricted.py
1047	CKV_AZURE_11	resource	azurerm_mariadb_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py
1048	CKV_AZURE_11	resource	azurerm_mysql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py
1049	CKV_AZURE_11	resource	azurerm_postgresql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py
1050	CKV_AZURE_11	resource	azurerm_sql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py
1051	CKV_AZURE_12	resource	azurerm_network_watcher_flow_log	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NetworkWatcherFlowLogPeriod.py
1052	CKV_AZURE_13	resource	azurerm_app_service	Ensure App Service Authentication is set on Azure App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceAuthentication.py
1053	CKV_AZURE_13	resource	azurerm_linux_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceAuthentication.py
1054	CKV_AZURE_13	resource	azurerm_windows_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceAuthentication.py
1055	CKV_AZURE_14	resource	azurerm_app_service	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHTTPSOnly.py
1056	CKV_AZURE_14	resource	azurerm_linux_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHTTPSOnly.py
1057	CKV_AZURE_14	resource	azurerm_windows_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHTTPSOnly.py
1058	CKV_AZURE_15	resource	azurerm_app_service	Ensure web app is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py
1059	CKV_AZURE_15	resource	azurerm_linux_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py
1060	CKV_AZURE_15	resource	azurerm_windows_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py
1061	CKV_AZURE_16	resource	azurerm_app_service	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceIdentity.py
1062	CKV_AZURE_16	resource	azurerm_linux_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceIdentity.py
1063	CKV_AZURE_16	resource	azurerm_windows_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceIdentity.py
1064	CKV_AZURE_17	resource	azurerm_app_service	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceClientCertificate.py
1065	CKV_AZURE_17	resource	azurerm_linux_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceClientCertificate.py
1066	CKV_AZURE_17	resource	azurerm_windows_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceClientCertificate.py
1067	CKV_AZURE_18	resource	azurerm_app_service	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHttps20Enabled.py
1068	CKV_AZURE_18	resource	azurerm_linux_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHttps20Enabled.py
1069	CKV_AZURE_18	resource	azurerm_windows_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHttps20Enabled.py
1070	CKV_AZURE_19	resource	azurerm_security_center_subscription_pricing	Ensure that standard pricing tier is selected	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecurityCenterStandardPricing.py
1071	CKV_AZURE_20	resource	azurerm_security_center_contact	Ensure that security contact ‘Phone number’ is set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecurityCenterContactPhone.py
1072	CKV_AZURE_21	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecurityCenterContactEmailAlert.py
1073	CKV_AZURE_22	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecurityCenterContactEmailAlertAdmins.py
1074	CKV_AZURE_23	resource	azurerm_mssql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1075	CKV_AZURE_23	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1076	CKV_AZURE_23	resource	azurerm_sql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1077	CKV_AZURE_24	resource	azurerm_mssql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1078	CKV_AZURE_24	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1079	CKV_AZURE_24	resource	azurerm_sql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1080	CKV_AZURE_25	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Threat Detection types’ is set to ‘All’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerThreatDetectionTypes.py
1081	CKV_AZURE_26	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerEmailAlertsEnabled.py
1082	CKV_AZURE_27	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerEmailAlertsToAdminsEnabled.py
1083	CKV_AZURE_28	resource	azurerm_mysql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MySQLServerSSLEnforcementEnabled.py
1084	CKV_AZURE_29	resource	azurerm_postgresql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLServerSSLEnforcementEnabled.py
1085	CKV_AZURE_30	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLServerLogCheckpointsEnabled.py
1086	CKV_AZURE_31	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLServerLogConnectionsEnabled.py
1087	CKV_AZURE_32	resource	azurerm_postgresql_configuration	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLServerConnectionThrottlingEnabled.py
1088	CKV_AZURE_33	resource	azurerm_storage_account	Ensure Storage logging is enabled for Queue service for read, write and delete requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountLoggingQueueServiceEnabled.py
1089	CKV_AZURE_34	resource	azurerm_storage_container	Ensure that ‘Public access level’ is set to Private for blob containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageBlobServiceContainerPrivateAccess.py
1090	CKV_AZURE_35	resource	azurerm_storage_account	Ensure default network access rule for Storage Accounts is set to deny	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountDefaultNetworkAccessDeny.py
1091	CKV_AZURE_35	resource	azurerm_storage_account_network_rules	Ensure default network access rule for Storage Accounts is set to deny	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountDefaultNetworkAccessDeny.py
1092	CKV_AZURE_36	resource	azurerm_storage_account	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountAzureServicesAccessEnabled.py
1093	CKV_AZURE_36	resource	azurerm_storage_account_network_rules	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountAzureServicesAccessEnabled.py
1094	CKV_AZURE_37	resource	azurerm_monitor_log_profile	Ensure that Activity Log Retention is set 365 days or greater	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MonitorLogProfileRetentionDays.py
1095	CKV_AZURE_38	resource	azurerm_monitor_log_profile	Ensure audit profile captures all the activities	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MonitorLogProfileCategories.py
1096	CKV_AZURE_39	resource	azurerm_role_definition	Ensure that no custom subscription owner roles are created	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CutsomRoleDefinitionSubscriptionOwner.py
1097	CKV_AZURE_40	resource	azurerm_key_vault_key	Ensure that the expiration date is set on all keys	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/KeyExpirationDate.py
1098	CKV_AZURE_41	resource	azurerm_key_vault_secret	Ensure that the expiration date is set on all secrets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecretExpirationDate.py
1099	CKV_AZURE_42	resource	azurerm_key_vault	Ensure the key vault is recoverable	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/KeyvaultRecoveryEnabled.py
1100	CKV_AZURE_43	resource	azurerm_storage_account	Ensure Storage Accounts adhere to the naming rules	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountName.py
1101	CKV_AZURE_44	resource	azurerm_storage_account	Ensure Storage Account is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountMinimumTlsVersion.py
1102	CKV_AZURE_45	resource	azurerm_virtual_machine	Ensure that no sensitive credentials are exposed in VM custom_data	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMCredsInCustomData.py
1103	CKV_AZURE_47	resource	azurerm_mariadb_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MariaDBSSLEnforcementEnabled.py
1104	CKV_AZURE_48	resource	azurerm_mariadb_server	Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MariaDBPublicAccessDisabled.py
1105	CKV_AZURE_49	resource	azurerm_linux_virtual_machine_scale_set	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureScaleSetPassword.py
1106	CKV_AZURE_50	resource	azurerm_linux_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureInstanceExtensions.py
1107	CKV_AZURE_50	resource	azurerm_windows_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureInstanceExtensions.py
1108	CKV_AZURE_52	resource	azurerm_mssql_server	Ensure MSSQL is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MSSQLServerMinTLSVersion.py
1109	CKV_AZURE_53	resource	azurerm_mysql_server	Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MySQLPublicAccessDisabled.py
1110	CKV_AZURE_54	resource	azurerm_mysql_server	Ensure MySQL is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MySQLServerMinTLSVersion.py
1111	CKV_AZURE_55	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnServers.py
1112	CKV_AZURE_56	resource	azurerm_function_app	Ensure that function apps enables Authentication	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppsEnableAuthentication.py
1113	CKV_AZURE_57	resource	azurerm_app_service	Ensure that CORS disallows every resource to access app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDisallowCORS.py
1114	CKV_AZURE_57	resource	azurerm_linux_web_app	Ensure that CORS disallows every resource to access app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDisallowCORS.py
1115	CKV_AZURE_57	resource	azurerm_windows_web_app	Ensure that CORS disallows every resource to access app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDisallowCORS.py
1116	CKV_AZURE_58	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces enables managed virtual networks	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SynapseWorkspaceEnablesManagedVirtualNetworks.py
1117	CKV_AZURE_59	resource	azurerm_storage_account	Ensure that Storage accounts disallow public access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageAccountDisablePublicAccess.py
1118	CKV_AZURE_61	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for App Service	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnAppServices.py
1119	CKV_AZURE_62	resource	azurerm_function_app	Ensure function apps are not accessible from all regions	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppDisallowCORS.py
1120	CKV_AZURE_63	resource	azurerm_app_service	Ensure that App service enables HTTP logging	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHttpLoggingEnabled.py
1121	CKV_AZURE_63	resource	azurerm_linux_web_app	Ensure that App service enables HTTP logging	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHttpLoggingEnabled.py
1122	CKV_AZURE_63	resource	azurerm_windows_web_app	Ensure that App service enables HTTP logging	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceHttpLoggingEnabled.py
1123	CKV_AZURE_64	resource	azurerm_storage_sync	Ensure that Azure File Sync disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/StorageSyncPublicAccessDisabled.py
1124	CKV_AZURE_65	resource	azurerm_app_service	Ensure that App service enables detailed error messages	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDetailedErrorMessagesEnabled.py
1125	CKV_AZURE_65	resource	azurerm_linux_web_app	Ensure that App service enables detailed error messages	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDetailedErrorMessagesEnabled.py
1126	CKV_AZURE_65	resource	azurerm_windows_web_app	Ensure that App service enables detailed error messages	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDetailedErrorMessagesEnabled.py
1127	CKV_AZURE_66	resource	azurerm_app_service	Ensure that App service enables failed request tracing	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceEnableFailedRequest.py
1128	CKV_AZURE_66	resource	azurerm_linux_web_app	Ensure that App service enables failed request tracing	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceEnableFailedRequest.py
1129	CKV_AZURE_66	resource	azurerm_windows_web_app	Ensure that App service enables failed request tracing	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceEnableFailedRequest.py
1130	CKV_AZURE_67	resource	azurerm_function_app	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppHttpVersionLatest.py
1131	CKV_AZURE_67	resource	azurerm_function_app_slot	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppHttpVersionLatest.py
1132	CKV_AZURE_68	resource	azurerm_postgresql_server	Ensure that PostgreSQL server disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLServerPublicAccessDisabled.py
1133	CKV_AZURE_69	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Azure SQL database servers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnSqlServers.py
1134	CKV_AZURE_70	resource	azurerm_function_app	Ensure that Function apps is only accessible over HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py
1135	CKV_AZURE_71	resource	azurerm_app_service	Ensure that Managed identity provider is enabled for app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceIdentityProviderEnabled.py
1136	CKV_AZURE_71	resource	azurerm_linux_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceIdentityProviderEnabled.py
1137	CKV_AZURE_71	resource	azurerm_windows_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceIdentityProviderEnabled.py
1138	CKV_AZURE_72	resource	azurerm_app_service	Ensure that remote debugging is not enabled for app services	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/RemoteDebggingNotEnabled.py
1139	CKV_AZURE_73	resource	azurerm_automation_variable_bool	Ensure that Automation account variables are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AutomationEncrypted.py
1140	CKV_AZURE_73	resource	azurerm_automation_variable_datetime	Ensure that Automation account variables are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AutomationEncrypted.py
1141	CKV_AZURE_73	resource	azurerm_automation_variable_int	Ensure that Automation account variables are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AutomationEncrypted.py
1142	CKV_AZURE_73	resource	azurerm_automation_variable_string	Ensure that Automation account variables are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AutomationEncrypted.py
1143	CKV_AZURE_74	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer (Kusto) uses disk encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/DataExplorerUsesDiskEncryption.py
1144	CKV_AZURE_75	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer uses double encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDataExplorerDoubleEncryptionEnabled.py
1145	CKV_AZURE_76	resource	azurerm_batch_account	Ensure that Azure Batch account uses key vault to encrypt data	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureBatchAccountUsesKeyVaultEncryption.py
1146	CKV_AZURE_77	resource	azurerm_network_security_group	Ensure that UDP Services are restricted from the Internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleUDPAccessRestricted.py
1147	CKV_AZURE_77	resource	azurerm_network_security_rule	Ensure that UDP Services are restricted from the Internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleUDPAccessRestricted.py
1148	CKV_AZURE_78	resource	azurerm_app_service	Ensure FTP deployments are disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceFTPSState.py
1149	CKV_AZURE_78	resource	azurerm_linux_web_app	Ensure FTP deployments are disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceFTPSState.py
1150	CKV_AZURE_78	resource	azurerm_windows_web_app	Ensure FTP deployments are disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceFTPSState.py
1151	CKV_AZURE_79	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for SQL servers on machines	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnSqlServerVMS.py
1152	CKV_AZURE_80	resource	azurerm_app_service	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceDotnetFrameworkVersion.py
1153	CKV_AZURE_81	resource	azurerm_app_service	Ensure that ‘PHP version’ is the latest, if used to run the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServicePHPVersion.py
1154	CKV_AZURE_82	resource	azurerm_app_service	Ensure that ‘Python version’ is the latest, if used to run the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServicePythonVersion.py
1155	CKV_AZURE_83	resource	azurerm_app_service	Ensure that ‘Java version’ is the latest, if used to run the web app	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceJavaVersion.py
1156	CKV_AZURE_84	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Storage	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnStorage.py
1157	CKV_AZURE_85	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Kubernetes	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnKubernetes.py
1158	CKV_AZURE_86	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Container Registries	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnContainerRegistry.py
1159	CKV_AZURE_87	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Key Vault	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureDefenderOnKeyVaults.py
1160	CKV_AZURE_88	resource	azurerm_app_service	Ensure that app services use Azure Files	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceUsedAzureFiles.py
1161	CKV_AZURE_88	resource	azurerm_linux_web_app	Ensure that app services use Azure Files	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceUsedAzureFiles.py
1162	CKV_AZURE_88	resource	azurerm_windows_web_app	Ensure that app services use Azure Files	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceUsedAzureFiles.py
1163	CKV_AZURE_89	resource	azurerm_redis_cache	Ensure that Azure Cache for Redis disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/RedisCachePublicNetworkAccessEnabled.py
1164	CKV_AZURE_91	resource	azurerm_redis_cache	Ensure that only SSL are enabled for Cache for Redis	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/RedisCacheEnableNonSSLPort.py
1165	CKV_AZURE_92	resource	azurerm_linux_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMStorageOsDisk.py
1166	CKV_AZURE_92	resource	azurerm_windows_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMStorageOsDisk.py
1167	CKV_AZURE_93	resource	azurerm_managed_disk	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureManagedDiskEncryptionSet.py
1168	CKV_AZURE_94	resource	azurerm_mysql_server	Ensure that My SQL server enables geo-redundant backups	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MySQLGeoBackupEnabled.py
1169	CKV_AZURE_95	resource	azurerm_virtual_machine_scale_set	Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMScaleSetsAutoOSImagePatchingEnabled.py
1170	CKV_AZURE_96	resource	azurerm_mysql_server	Ensure that MySQL server enables infrastructure encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MySQLEncryptionEnaled.py
1171	CKV_AZURE_97	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMEncryptionAtHostEnabled.py
1172	CKV_AZURE_97	resource	azurerm_windows_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMEncryptionAtHostEnabled.py
1173	CKV_AZURE_98	resource	azurerm_container_group	Ensure that Azure Container group is deployed into virtual network	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureContainerGroupDeployedIntoVirtualNetwork.py
1174	CKV_AZURE_99	resource	azurerm_cosmosdb_account	Ensure Cosmos DB accounts have restricted access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CosmosDBAccountsRestrictedAccess.py
1175	CKV_AZURE_100	resource	azurerm_cosmosdb_account	Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CosmosDBHaveCMK.py
1176	CKV_AZURE_101	resource	azurerm_cosmosdb_account	Ensure that Azure Cosmos DB disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CosmosDBDisablesPublicNetwork.py
1177	CKV_AZURE_102	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables geo-redundant backups	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgressSQLGeoBackupEnabled.py
1178	CKV_AZURE_103	resource	azurerm_data_factory	Ensure that Azure Data Factory uses Git repository for source control	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/DataFactoryUsesGitRepository.py
1179	CKV_AZURE_104	resource	azurerm_data_factory	Ensure that Azure Data factory public network access is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/DataFactoryNoPublicNetworkAccess.py
1180	CKV_AZURE_105	resource	azurerm_data_lake_store	Ensure that Data Lake Store accounts enables encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/DataLakeStoreEncryption.py
1181	CKV_AZURE_106	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain public network access is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/EventgridDomainNetworkAccess.py
1182	CKV_AZURE_107	resource	azurerm_api_management	Ensure that API management services use virtual networks	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/APIServicesUseVirtualNetwork.py
1183	CKV_AZURE_108	resource	azurerm_iothub	Ensure that Azure IoT Hub disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/IoTNoPublicNetworkAccess.py
1184	CKV_AZURE_109	resource	azurerm_key_vault	Ensure that key vault allows firewall rules settings	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/KeyVaultEnablesFirewallRulesSettings.py
1185	CKV_AZURE_110	resource	azurerm_key_vault	Ensure that key vault enables purge protection	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/KeyVaultEnablesPurgeProtection.py
1186	CKV_AZURE_111	resource	azurerm_key_vault	Ensure that key vault enables soft delete	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/KeyVaultEnablesSoftDelete.py
1187	CKV_AZURE_112	resource	azurerm_key_vault_key	Ensure that key vault key is backed by HSM	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/KeyBackedByHSM.py
1188	CKV_AZURE_113	resource	azurerm_mssql_server	Ensure that SQL server disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SQLServerPublicAccessDisabled.py
1189	CKV_AZURE_114	resource	azurerm_key_vault_secret	Ensure that key vault secrets have “content_type” set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecretContentType.py
1190	CKV_AZURE_115	resource	azurerm_kubernetes_cluster	Ensure that AKS enables private clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSEnablesPrivateClusters.py
1191	CKV_AZURE_116	resource	azurerm_kubernetes_cluster	Ensure that AKS uses Azure Policies Add-on	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSUsesAzurePoliciesAddon.py
1192	CKV_AZURE_117	resource	azurerm_kubernetes_cluster	Ensure that AKS uses disk encryption set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSUsesDiskEncryptionSet.py
1193	CKV_AZURE_118	resource	azurerm_network_interface	Ensure that Network Interfaces disable IP forwarding	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NetworkInterfaceEnableIPForwarding.py
1194	CKV_AZURE_119	resource	azurerm_network_interface	Ensure that Network Interfaces don’t use public IPs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1195	CKV_AZURE_120	resource	azurerm_application_gateway	Ensure that Application Gateway enables WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1196	CKV_AZURE_120	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway enables WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1197	CKV_AZURE_121	resource	azurerm_frontdoor	Ensure that Azure Front Door enables WAF	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureFrontDoorEnablesWAF.py
1198	CKV_AZURE_122	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppGWUseWAFMode.py
1199	CKV_AZURE_123	resource	azurerm_frontdoor_firewall_policy	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FrontdoorUseWAFMode.py
1200	CKV_AZURE_124	resource	azurerm_search_service	Ensure that Azure Cognitive Search disables public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureSearchPublicNetworkAccessDisabled.py
1201	CKV_AZURE_125	resource	azurerm_service_fabric_cluster	Ensures that Service Fabric use three levels of protection available	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AzureServiceFabricClusterProtectionLevel.py
1202	CKV_AZURE_126	resource	azurerm_service_fabric_cluster	Ensures that Active Directory is used for authentication for Service Fabric	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ActiveDirectoryUsedAuthenticationServiceFabric.py
1203	CKV_AZURE_127	resource	azurerm_mysql_server	Ensure that My SQL server enables Threat detection policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MySQLTreatDetectionEnabled.py
1204	CKV_AZURE_128	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables Threat detection policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgresSQLTreatDetectionEnabled.py
1205	CKV_AZURE_129	resource	azurerm_mariadb_server	Ensure that MariaDB server enables geo-redundant backups	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MariaDBGeoBackupEnabled.py
1206	CKV_AZURE_130	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables infrastructure encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLEncryptionEnabled.py
1207	CKV_AZURE_131	resource	azurerm_security_center_contact	Ensure that ‘Security contact emails’ is set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SecurityCenterContactEmails.py
1208	CKV_AZURE_132	resource	azurerm_cosmosdb_account	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CosmosDBDisableAccessKeyWrite.py
1209	CKV_AZURE_133	resource	azurerm_frontdoor_firewall_policy	Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FrontDoorWAFACLCVE202144228.py
1210	CKV_AZURE_134	resource	azurerm_cognitive_account	Ensure that Cognitive Services accounts disable public network access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CognitiveServicesDisablesPublicNetwork.py
1211	CKV_AZURE_135	resource	azurerm_web_application_firewall_policy	Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppGatewayWAFACLCVE202144228.py
1212	CKV_AZURE_136	resource	azurerm_postgresql_flexible_server	Ensure that PostgreSQL Flexible server enables geo-redundant backups	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLFlexiServerGeoBackupEnabled.py
1213	CKV_AZURE_137	resource	azurerm_container_registry	Ensure ACR admin account is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACRAdminAccountDisabled.py
1214	CKV_AZURE_138	resource	azurerm_container_registry	Ensures that ACR disables anonymous pulling of images	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACRAnonymousPullDisabled.py
1215	CKV_AZURE_139	resource	azurerm_container_registry	Ensure ACR set to disable public networking	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACRPublicNetworkAccessDisabled.py
1216	CKV_AZURE_140	resource	azurerm_cosmosdb_account	Ensure that Local Authentication is disabled on CosmosDB	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/CosmosDBLocalAuthDisabled.py
1217	CKV_AZURE_141	resource	azurerm_kubernetes_cluster	Ensure AKS local admin account is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSLocalAdminDisabled.py
1218	CKV_AZURE_142	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Local Authentication is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MLCCLADisabled.py
1219	CKV_AZURE_143	resource	azurerm_kubernetes_cluster	Ensure AKS cluster nodes do not have public IP addresses	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSNodePublicIpDisabled.py
1220	CKV_AZURE_144	resource	azurerm_machine_learning_workspace	Ensure that Public Access is disabled for Machine Learning Workspace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MLPublicAccess.py
1221	CKV_AZURE_145	resource	azurerm_function_app	Ensure Function app is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py
1222	CKV_AZURE_146	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLServerLogRetentionEnabled.py
1223	CKV_AZURE_147	resource	azurerm_postgresql_server	Ensure PostgreSQL is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/PostgreSQLMinTLSVersion.py
1224	CKV_AZURE_148	resource	azurerm_redis_cache	Ensure Redis Cache is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/RedisCacheMinTLSVersion.py
1225	CKV_AZURE_149	resource	azurerm_linux_virtual_machine	Ensure that Virtual machine does not enable password authentication	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMDisablePasswordAuthentication.py
1226	CKV_AZURE_149	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine does not enable password authentication	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/VMDisablePasswordAuthentication.py
1227	CKV_AZURE_150	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MLComputeClusterMinNodes.py
1228	CKV_AZURE_151	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/WinVMEncryptionAtHost.py
1229	CKV_AZURE_152	resource	azurerm_api_management	Ensure Client Certificates are enforced for API management	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/APIManagementCertsEnforced.py
1230	CKV_AZURE_153	resource	azurerm_app_service_slot	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceSlotHTTPSOnly.py
1231	CKV_AZURE_154	resource	azurerm_app_service_slot	Ensure the App service slot is using the latest version of TLS encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceSlotMinTLS.py
1232	CKV_AZURE_155	resource	azurerm_app_service_slot	Ensure debugging is disabled for the App service slot	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AppServiceSlotDebugDisabled.py
1233	CKV_AZURE_156	resource	azurerm_mssql_database_extended_auditing_policy	Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/MSSQLServerAuditPolicyLogMonitor.py
1234	CKV_AZURE_157	resource	azurerm_synapse_workspace	Ensure that Synapse workspace has data_exfiltration_protection_enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SynapseWorkspaceEnablesDataExfilProtection.py
1235	CKV_AZURE_158	resource	azurerm_databricks_workspace	Ensure that databricks workspace has not public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/DatabricksWorkspaceIsNotPublic.py
1236	CKV_AZURE_159	resource	azurerm_function_app	Ensure function app builtin logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppEnableLogging.py
1237	CKV_AZURE_159	resource	azurerm_function_app_slot	Ensure function app builtin logging is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/FunctionAppEnableLogging.py
1238	CKV_AZURE_160	resource	azurerm_network_security_group	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleHTTPAccessRestricted.py
1239	CKV_AZURE_160	resource	azurerm_network_security_rule	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/NSGRuleHTTPAccessRestricted.py
1240	CKV_AZURE_161	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal is enabled on for HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SpringCloudAPIPortalHTTPSOnly.py
1241	CKV_AZURE_162	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal Public Access Is Disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/SpringCloudAPIPortalPublicAccessIsDisabled.py
1242	CKV_AZURE_163	resource	azurerm_container_registry	Enable vulnerability scanning for container images.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACRContainerScanEnabled.py
1243	CKV_AZURE_164	resource	azurerm_container_registry	Ensures that ACR uses signed/trusted images	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACRUseSignedImages.py
1244	CKV_AZURE_165	resource	azurerm_container_registry	Ensure geo-replicated container registries to match multi-region container deployments.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACRGeoreplicated.py
1245	CKV_AZURE_166	resource	azurerm_container_registry	Ensure container image quarantine, scan, and mark images verified	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACREnableImageQuarantine.py
1246	CKV_AZURE_167	resource	azurerm_container_registry	Ensure a retention policy is set to cleanup untagged manifests.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/ACREnableRetentionPolicy.py
1247	CKV_AZURE_168	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSMaxPodsMinimum.py
1248	CKV_AZURE_168	resource	azurerm_kubernetes_cluster_node_pool	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSMaxPodsMinimum.py
1249	CKV_AZURE_169	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSPoolTypeIsScaleSet.py
1250	CKV_AZURE_170	resource	azurerm_kubernetes_cluster	Ensure that AKS use the Paid Sku for its SLA	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSIsPaidSku.py
1251	CKV_AZURE_171	resource	azurerm_kubernetes_cluster	Ensure AKS cluster upgrade channel is chosen	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSUpgradeChannel.py
1252	CKV_AZURE_172	resource	azurerm_kubernetes_cluster	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/AKSSecretStoreRotation.py
1253	CKV_AZURE_173	resource	azurerm_api_management	Ensure API management uses at least TLS 1.2	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/azure/APIManagementMinTLS12.py
1254	CKV2_AZURE_1	resource	azurerm_storage_account	Ensure storage for critical data are encrypted with Customer Managed Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1255	CKV2_AZURE_2	resource	azurerm_mssql_server_security_alert_policy	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1256	CKV2_AZURE_2	resource	azurerm_sql_server	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1257	CKV2_AZURE_3	resource	azurerm_mssql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1258	CKV2_AZURE_3	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1259	CKV2_AZURE_3	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1260	CKV2_AZURE_3	resource	azurerm_sql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1261	CKV2_AZURE_4	resource	azurerm_mssql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1262	CKV2_AZURE_4	resource	azurerm_mssql_server_security_alert_policy	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1263	CKV2_AZURE_4	resource	azurerm_mssql_server_vulnerability_assessment	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1264	CKV2_AZURE_4	resource	azurerm_sql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1265	CKV2_AZURE_5	resource	azurerm_mssql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1266	CKV2_AZURE_5	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1267	CKV2_AZURE_5	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1268	CKV2_AZURE_5	resource	azurerm_sql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1269	CKV2_AZURE_6	resource	azurerm_sql_firewall_rule	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1270	CKV2_AZURE_6	resource	azurerm_sql_server	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1271	CKV2_AZURE_7	resource	azurerm_sql_server	Ensure that Azure Active Directory Admin is configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1272	CKV2_AZURE_8	resource	azurerm_monitor_activity_log_alert	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1273	CKV2_AZURE_8	resource	azurerm_storage_account	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1274	CKV2_AZURE_8	resource	azurerm_storage_container	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1275	CKV2_AZURE_9	resource	azurerm_virtual_machine	Ensure Virtual Machines are utilizing Managed Disks	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1276	CKV2_AZURE_10	resource	azurerm_virtual_machine	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1277	CKV2_AZURE_10	resource	azurerm_virtual_machine_extension	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1278	CKV2_AZURE_11	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer encryption at rest uses a customer-managed key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1279	CKV2_AZURE_12	resource	azurerm_virtual_machine	Ensure that virtual machines are backed up using Azure Backup	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1280	CKV2_AZURE_13	resource	azurerm_mssql_server_security_alert_policy	Ensure that sql servers enables data security policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1281	CKV2_AZURE_13	resource	azurerm_sql_server	Ensure that sql servers enables data security policy	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1282	CKV2_AZURE_14	resource	azurerm_managed_disk	Ensure that Unattached disks are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1283	CKV2_AZURE_14	resource	azurerm_virtual_machine	Ensure that Unattached disks are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1284	CKV2_AZURE_15	resource	azurerm_data_factory	Ensure that Azure data factories are encrypted with a customer-managed key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1285	CKV2_AZURE_16	resource	azurerm_mysql_server	Ensure that MySQL server enables customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1286	CKV2_AZURE_16	resource	azurerm_mysql_server_key	Ensure that MySQL server enables customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1287	CKV2_AZURE_17	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1288	CKV2_AZURE_17	resource	azurerm_postgresql_server_key	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1289	CKV2_AZURE_18	resource	azurerm_storage_account	Ensure that Storage Accounts use customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1290	CKV2_AZURE_18	resource	azurerm_storage_account_customer_managed_key	Ensure that Storage Accounts use customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1291	CKV2_AZURE_19	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces have no IP firewall rules attached	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1292	CKV2_AZURE_20	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Table service for read requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1293	CKV2_AZURE_20	resource	azurerm_storage_account	Ensure Storage logging is enabled for Table service for read requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1294	CKV2_AZURE_20	resource	azurerm_storage_table	Ensure Storage logging is enabled for Table service for read requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1295	CKV2_AZURE_21	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Blob service for read requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1296	CKV2_AZURE_21	resource	azurerm_storage_account	Ensure Storage logging is enabled for Blob service for read requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1297	CKV2_AZURE_21	resource	azurerm_storage_container	Ensure Storage logging is enabled for Blob service for read requests	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1298	CKV2_AZURE_22	resource	azurerm_cognitive_account	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1299	CKV2_AZURE_22	resource	azurerm_cognitive_account_customer_managed_key	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1300	CKV_BCW_1	provider	bridgecrew	Ensure no hard coded API token exist in the provider	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/provider/bridgecrew/credentials.py
1301	CKV_DIO_1	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket has versioning enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/digitalocean/SpacesBucketVersioning.py
1302	CKV_DIO_2	resource	digitalocean_droplet	Ensure the droplet specifies an SSH key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/digitalocean/DropletSSHKeys.py
1303	CKV_DIO_3	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket is private	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/digitalocean/SpacesBucketPublicRead.py
1304	CKV_DIO_4	resource	digitalocean_firewall	Ensure the firewall ingress is not wide open	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/digitalocean/FirewallIngressOpen.py
1305	CKV_GCP_1	resource	google_container_cluster	Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEClusterLogging.py
1306	CKV_GCP_2	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted ssh access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress22.py
1307	CKV_GCP_3	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted rdp access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress3389.py
1308	CKV_GCP_4	resource	google_compute_ssl_policy	Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeSSLPolicy.py
1309	CKV_GCP_6	resource	google_sql_database_instance	Ensure all Cloud SQL database instance requires all incoming connections to use SSL	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudSqlDatabaseRequireSsl.py
1310	CKV_GCP_7	resource	google_container_cluster	Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEDisableLegacyAuth.py
1311	CKV_GCP_8	resource	google_container_cluster	Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEMonitoringEnabled.py
1312	CKV_GCP_9	resource	google_container_node_pool	Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKENodePoolAutoRepairEnabled.py
1313	CKV_GCP_10	resource	google_container_node_pool	Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKENodePoolAutoUpgradeEnabled.py
1314	CKV_GCP_11	resource	google_sql_database_instance	Ensure that Cloud SQL database Instances are not open to the world	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudSqlDatabasePubliclyAccessible.py
1315	CKV_GCP_12	resource	google_container_cluster	Ensure Network Policy is enabled on Kubernetes Engine Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKENetworkPolicyEnabled.py
1316	CKV_GCP_13	resource	google_container_cluster	Ensure client certificate authentication to Kubernetes Engine Clusters is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEClientCertificateDisabled.py
1317	CKV_GCP_14	resource	google_sql_database_instance	Ensure all Cloud SQL database instance have backup configuration enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudSqlBackupConfiguration.py
1318	CKV_GCP_15	resource	google_bigquery_dataset	Ensure that BigQuery datasets are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleBigQueryDatasetPublicACL.py
1319	CKV_GCP_16	resource	google_dns_managed_zone	Ensure that DNSSEC is enabled for Cloud DNS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudDNSSECEnabled.py
1320	CKV_GCP_17	resource	google_dns_managed_zone	Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudDNSKeySpecsRSASHA1.py
1321	CKV_GCP_18	resource	google_container_cluster	Ensure GKE Control Plane is not public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEPublicControlPlane.py
1322	CKV_GCP_19	resource	google_container_cluster	Ensure GKE basic auth is disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEBasicAuth.py
1323	CKV_GCP_20	resource	google_container_cluster	Ensure master authorized networks is set to enabled in GKE clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEMasterAuthorizedNetworksEnabled.py
1324	CKV_GCP_21	resource	google_container_cluster	Ensure Kubernetes Clusters are configured with Labels	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEHasLabels.py
1325	CKV_GCP_22	resource	google_container_node_pool	Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEUseCosImage.py
1326	CKV_GCP_23	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Alias IP ranges enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEAliasIpEnabled.py
1327	CKV_GCP_24	resource	google_container_cluster	Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEPodSecurityPolicyEnabled.py
1328	CKV_GCP_25	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Private cluster enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEPrivateClusterConfig.py
1329	CKV_GCP_26	resource	google_compute_subnetwork	Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleSubnetworkLoggingEnabled.py
1330	CKV_GCP_27	resource	google_project	Ensure that the default network does not exist in a project	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleProjectDefaultNetwork.py
1331	CKV_GCP_28	resource	google_storage_bucket_iam_binding	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleStorageBucketNotPublic.py
1332	CKV_GCP_28	resource	google_storage_bucket_iam_member	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleStorageBucketNotPublic.py
1333	CKV_GCP_29	resource	google_storage_bucket	Ensure that Cloud Storage buckets have uniform bucket-level access enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleStorageBucketUniformAccess.py
1334	CKV_GCP_30	resource	google_compute_instance	Ensure that instances are not configured to use the default service account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccount.py
1335	CKV_GCP_30	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccount.py
1336	CKV_GCP_30	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccount.py
1337	CKV_GCP_31	resource	google_compute_instance	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccountFullAccess.py
1338	CKV_GCP_31	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccountFullAccess.py
1339	CKV_GCP_31	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccountFullAccess.py
1340	CKV_GCP_32	resource	google_compute_instance	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py
1341	CKV_GCP_32	resource	google_compute_instance_from_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py
1342	CKV_GCP_32	resource	google_compute_instance_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py
1343	CKV_GCP_33	resource	google_compute_project_metadata	Ensure oslogin is enabled for a Project	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeProjectOSLogin.py
1344	CKV_GCP_34	resource	google_compute_instance	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeInstanceOSLogin.py
1345	CKV_GCP_34	resource	google_compute_instance_from_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeInstanceOSLogin.py
1346	CKV_GCP_34	resource	google_compute_instance_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeInstanceOSLogin.py
1347	CKV_GCP_35	resource	google_compute_instance	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeSerialPorts.py
1348	CKV_GCP_35	resource	google_compute_instance_from_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeSerialPorts.py
1349	CKV_GCP_35	resource	google_compute_instance_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeSerialPorts.py
1350	CKV_GCP_36	resource	google_compute_instance	Ensure that IP forwarding is not enabled on Instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeIPForward.py
1351	CKV_GCP_36	resource	google_compute_instance_from_template	Ensure that IP forwarding is not enabled on Instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeIPForward.py
1352	CKV_GCP_36	resource	google_compute_instance_template	Ensure that IP forwarding is not enabled on Instances	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeIPForward.py
1353	CKV_GCP_37	resource	google_compute_disk	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeDiskEncryption.py
1354	CKV_GCP_38	resource	google_compute_instance	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeBootDiskEncryption.py
1355	CKV_GCP_39	resource	google_compute_instance	Ensure Compute instances are launched with Shielded VM enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeShieldedVM.py
1356	CKV_GCP_39	resource	google_compute_instance_from_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeShieldedVM.py
1357	CKV_GCP_39	resource	google_compute_instance_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeShieldedVM.py
1358	CKV_GCP_40	resource	google_compute_instance	Ensure that Compute instances do not have public IP addresses	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeExternalIP.py
1359	CKV_GCP_40	resource	google_compute_instance_from_template	Ensure that Compute instances do not have public IP addresses	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeExternalIP.py
1360	CKV_GCP_40	resource	google_compute_instance_template	Ensure that Compute instances do not have public IP addresses	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeExternalIP.py
1361	CKV_GCP_41	resource	google_project_iam_binding	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleRoleServiceAccountUser.py
1362	CKV_GCP_41	resource	google_project_iam_member	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleRoleServiceAccountUser.py
1363	CKV_GCP_42	resource	google_project_iam_member	Ensure that Service Account has no Admin privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleProjectAdminServiceAccount.py
1364	CKV_GCP_43	resource	google_kms_crypto_key	Ensure KMS encryption keys are rotated within a period of 90 days	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleKMSRotationPeriod.py
1365	CKV_GCP_44	resource	google_folder_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleFolderImpersonationRole.py
1366	CKV_GCP_44	resource	google_folder_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleFolderImpersonationRole.py
1367	CKV_GCP_45	resource	google_organization_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleOrgImpersonationRole.py
1368	CKV_GCP_45	resource	google_organization_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleOrgImpersonationRole.py
1369	CKV_GCP_46	resource	google_project_iam_binding	Ensure Default Service account is not used at a project level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleProjectMemberDefaultServiceAccount.py
1370	CKV_GCP_46	resource	google_project_iam_member	Ensure Default Service account is not used at a project level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleProjectMemberDefaultServiceAccount.py
1371	CKV_GCP_47	resource	google_organization_iam_binding	Ensure default service account is not used at an organization level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleOrgMemberDefaultServiceAccount.py
1372	CKV_GCP_47	resource	google_organization_iam_member	Ensure default service account is not used at an organization level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleOrgMemberDefaultServiceAccount.py
1373	CKV_GCP_48	resource	google_folder_iam_binding	Ensure Default Service account is not used at a folder level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleFolderMemberDefaultServiceAccount.py
1374	CKV_GCP_48	resource	google_folder_iam_member	Ensure Default Service account is not used at a folder level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleFolderMemberDefaultServiceAccount.py
1375	CKV_GCP_49	resource	google_project_iam_binding	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleProjectImpersonationRole.py
1376	CKV_GCP_49	resource	google_project_iam_member	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleProjectImpersonationRole.py
1377	CKV_GCP_50	resource	google_sql_database_instance	Ensure MySQL database ‘local_infile’ flag is set to ‘off’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudMySqlLocalInfileOff.py
1378	CKV_GCP_51	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogCheckpoints.py
1379	CKV_GCP_52	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogConnection.py
1380	CKV_GCP_53	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogDisconnection.py
1381	CKV_GCP_54	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogLockWaits.py
1382	CKV_GCP_55	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinMessage.py
1383	CKV_GCP_56	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogTemp.py
1384	CKV_GCP_57	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinDuration.py
1385	CKV_GCP_58	resource	google_sql_database_instance	Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudSqlServerCrossDBOwnershipChaining.py
1386	CKV_GCP_59	resource	google_sql_database_instance	Ensure SQL database ‘contained database authentication’ flag is set to ‘off’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudSqlServerContainedDBAuthentication.py
1387	CKV_GCP_60	resource	google_sql_database_instance	Ensure Cloud SQL database does not have public IP	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudSqlServerNoPublicIP.py
1388	CKV_GCP_61	resource	google_container_cluster	Enable VPC Flow Logs and Intranode Visibility	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEEnableVPCFlowLogs.py
1389	CKV_GCP_62	resource	google_storage_bucket	Bucket should log access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudStorageLogging.py
1390	CKV_GCP_63	resource	google_storage_bucket	Bucket should not log to itself	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudStorageSelfLogging.py
1391	CKV_GCP_64	resource	google_container_cluster	Ensure clusters are created with Private Nodes	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEPrivateNodes.py
1392	CKV_GCP_65	resource	google_container_cluster	Manage Kubernetes RBAC users with Google Groups for GKE	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEKubernetesRBACGoogleGroups.py
1393	CKV_GCP_66	resource	google_container_cluster	Ensure use of Binary Authorization	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEBinaryAuthorization.py
1394	CKV_GCP_67	resource	google_container_cluster	Ensure legacy Compute Engine instance metadata APIs are Disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKELegacyInstanceMetadataDisabled.py
1395	CKV_GCP_68	resource	google_container_cluster	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKESecureBootforShieldedNodes.py
1396	CKV_GCP_68	resource	google_container_node_pool	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKESecureBootforShieldedNodes.py
1397	CKV_GCP_69	resource	google_container_cluster	Ensure the GKE Metadata Server is Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEMetadataServerIsEnabled.py
1398	CKV_GCP_69	resource	google_container_node_pool	Ensure the GKE Metadata Server is Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEMetadataServerIsEnabled.py
1399	CKV_GCP_70	resource	google_container_cluster	Ensure the GKE Release Channel is set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEReleaseChannel.py
1400	CKV_GCP_71	resource	google_container_cluster	Ensure Shielded GKE Nodes are Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEEnableShieldedNodes.py
1401	CKV_GCP_72	resource	google_container_cluster	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEEnsureIntegrityMonitoring.py
1402	CKV_GCP_72	resource	google_container_node_pool	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEEnsureIntegrityMonitoring.py
1403	CKV_GCP_73	resource	google_compute_security_policy	Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudArmorWAFACLCVE202144228.py
1404	CKV_GCP_74	resource	google_compute_subnetwork	Ensure that private_ip_google_access is enabled for Subnet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleSubnetworkPrivateGoogleEnabled.py
1405	CKV_GCP_75	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted FTP access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress21.py
1406	CKV_GCP_76	resource	google_compute_subnetwork	Ensure that Private google access is enabled for IPV6	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleSubnetworkIPV6PrivateGoogleEnabled.py
1407	CKV_GCP_77	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow on ftp port	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress20.py
1408	CKV_GCP_78	resource	google_storage_bucket	Ensure Cloud storage has versioning enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudStorageVersioningEnabled.py
1409	CKV_GCP_79	resource	google_sql_database_instance	Ensure SQL database is using latest Major version	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudSqlMajorVersion.py
1410	CKV_GCP_80	resource	google_bigquery_table	Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/BigQueryTableEncryptedWithCMK.py
1411	CKV_GCP_81	resource	google_bigquery_dataset	Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/BigQueryDatasetEncryptedWithCMK.py
1412	CKV_GCP_82	resource	google_kms_crypto_key	Ensure KMS keys are protected from deletion	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleKMSPreventDestroy.py
1413	CKV_GCP_83	resource	google_pubsub_topic	Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudPubSubEncryptedWithCMK.py
1414	CKV_GCP_84	resource	google_artifact_registry_repository	Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/ArtifactRegsitryEncryptedWithCMK.py
1415	CKV_GCP_85	resource	google_bigtable_instance	Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/BigTableInstanceEncryptedWithCMK.py
1416	CKV_GCP_86	resource	google_cloudbuild_worker_pool	Ensure Cloud build workers are private	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudBuildWorkersArePrivate.py
1417	CKV_GCP_87	resource	google_data_fusion_instance	Ensure Data fusion instances are private	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataFusionPrivateInstance.py
1418	CKV_GCP_88	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted mysql access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress3306.py
1419	CKV_GCP_89	resource	google_notebooks_instance	Ensure Vertex AI instances are private	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/VertexAIPrivateInstance.py
1420	CKV_GCP_90	resource	google_dataflow_job	Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataflowJobEncryptedWithCMK.py
1421	CKV_GCP_91	resource	google_dataproc_cluster	Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataprocClusterEncryptedWithCMK.py
1422	CKV_GCP_92	resource	google_vertex_ai_dataset	Ensure Vertex AI datasets uses a CMK (Customer Manager Key)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/VertexAIDatasetEncryptedWithCMK.py
1423	CKV_GCP_93	resource	google_spanner_database	Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/SpannerDatabaseEncryptedWithCMK.py
1424	CKV_GCP_94	resource	google_dataflow_job	Ensure Dataflow jobs are private	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataflowPrivateJob.py
1425	CKV_GCP_95	resource	google_redis_instance	Ensure Memorystore for Redis has AUTH enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/MemorystoreForRedisAuthEnabled.py
1426	CKV_GCP_96	resource	google_vertex_ai_metadata_store	Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/VertexAIMetadataStoreEncryptedWithCMK.py
1427	CKV_GCP_97	resource	google_redis_instance	Ensure Memorystore for Redis uses intransit encryption	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/MemorystoreForRedisInTransitEncryption.py
1428	CKV_GCP_98	resource	google_dataproc_cluster_iam_binding	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataprocPrivateCluster.py
1429	CKV_GCP_98	resource	google_dataproc_cluster_iam_member	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataprocPrivateCluster.py
1430	CKV_GCP_99	resource	google_pubsub_topic_iam_binding	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/PubSubPrivateTopic.py
1431	CKV_GCP_99	resource	google_pubsub_topic_iam_member	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/PubSubPrivateTopic.py
1432	CKV_GCP_100	resource	google_bigquery_table_iam_binding	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/BigQueryPrivateTable.py
1433	CKV_GCP_100	resource	google_bigquery_table_iam_member	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/BigQueryPrivateTable.py
1434	CKV_GCP_101	resource	google_artifact_registry_repository_iam_binding	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/ArtifactRegistryPrivateRepo.py
1435	CKV_GCP_101	resource	google_artifact_registry_repository_iam_member	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/ArtifactRegistryPrivateRepo.py
1436	CKV_GCP_102	resource	google_cloud_run_service_iam_binding	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GCPCloudRunPrivateService.py
1437	CKV_GCP_102	resource	google_cloud_run_service_iam_member	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GCPCloudRunPrivateService.py
1438	CKV_GCP_103	resource	google_dataproc_cluster	Ensure Dataproc Clusters do not have public IPs	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataprocPublicIpCluster.py
1439	CKV_GCP_104	resource	google_data_fusion_instance	Ensure Datafusion has stack driver logging enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataFusionStackdriverLogs.py
1440	CKV_GCP_105	resource	google_data_fusion_instance	Ensure Datafusion has stack driver monitoring enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/DataFusionStackdriverMonitoring.py
1441	CKV_GCP_106	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted http port 80 access	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress80.py
1442	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_binding	Cloud functions should not be public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py
1443	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_member	Cloud functions should not be public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py
1444	CKV_GCP_107	resource	google_cloudfunctions_function_iam_binding	Cloud functions should not be public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py
1445	CKV_GCP_107	resource	google_cloudfunctions_function_iam_member	Cloud functions should not be public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py
1446	CKV_GCP_108	resource	google_sql_database_instance	Ensure hostnames are logged for GCP PostgreSQL databases	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogHostname.py
1447	CKV_GCP_109	resource	google_sql_database_instance	Ensure the GCP PostgreSQL database log levels are set to ERROR or lower	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinErrorStatement.py
1448	CKV_GCP_110	resource	google_sql_database_instance	Ensure pgAudit is enabled for your GCP PostgreSQL database	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlEnablePgaudit.py
1449	CKV_GCP_111	resource	google_sql_database_instance	Ensure GCP PostgreSQL logs SQL statements	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogStatement.py
1450	CKV2_GCP_1	resource	google_project_default_service_accounts	Ensure GKE clusters are not running using the Compute Engine default service account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1451	CKV2_GCP_2	resource	google_compute_network	Ensure legacy networks do not exist for a project	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1452	CKV2_GCP_3	resource	google_service_account_key	Ensure that there are only GCP-managed service account keys for each service account	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1453	CKV2_GCP_4	resource	google_logging_folder_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1454	CKV2_GCP_4	resource	google_logging_organization_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1455	CKV2_GCP_4	resource	google_logging_project_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1456	CKV2_GCP_4	resource	google_storage_bucket	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1457	CKV2_GCP_5	resource	google_project	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1458	CKV2_GCP_5	resource	google_project_iam_audit_config	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1459	CKV2_GCP_6	resource	google_kms_crypto_key	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1460	CKV2_GCP_6	resource	google_kms_crypto_key_iam_binding	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1461	CKV2_GCP_6	resource	google_kms_crypto_key_iam_member	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1462	CKV2_GCP_7	resource	google_sql_database_instance	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1463	CKV2_GCP_7	resource	google_sql_user	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1464	CKV2_GCP_8	resource	google_kms_key_ring	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1465	CKV2_GCP_8	resource	google_kms_key_ring_iam_binding	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1466	CKV2_GCP_8	resource	google_kms_key_ring_iam_member	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1467	CKV2_GCP_9	resource	google_container_registry	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1468	CKV2_GCP_9	resource	google_storage_bucket_iam_binding	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1469	CKV2_GCP_9	resource	google_storage_bucket_iam_member	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1470	CKV2_GCP_10	resource	google_cloudfunctions_function	Ensure GCP Cloud Function HTTP trigger is secured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1471	CKV2_GCP_11	resource	google_project_services	Ensure GCP GCR Container Vulnerability Scanning is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1472	CKV2_GCP_12	resource	google_compute_firewall	Ensure GCP compute firewall ingress does not allow unrestricted access to all ports	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1473	CKV_GIT_1	resource	github_repository	Ensure GitHub repository is Private	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/PrivateRepo.py
1474	CKV_GIT_2	resource	github_repository_webhook	Ensure GitHub repository webhooks are using HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/WebhookInsecureSsl.py
1475	CKV_GIT_3	resource	github_repository	Ensure GitHub repository has vulnerability alerts enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/RepositoryEnableVulnerabilityAlerts.py
1476	CKV_GIT_4	resource	github_actions_environment_secret	Ensure GitHub Actions secrets are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/SecretsEncrypted.py
1477	CKV_GIT_4	resource	github_actions_organization_secret	Ensure GitHub Actions secrets are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/SecretsEncrypted.py
1478	CKV_GIT_4	resource	github_actions_secret	Ensure GitHub Actions secrets are encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/SecretsEncrypted.py
1479	CKV_GIT_5	resource	github_branch_protection	GitHub pull requests should require at least 2 approvals	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/BranchProtectionReviewNumTwo.py
1480	CKV_GIT_5	resource	github_branch_protection_v3	GitHub pull requests should require at least 2 approvals	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/BranchProtectionReviewNumTwo.py
1481	CKV_GIT_6	resource	github_branch_protection	Ensure GitHub branch protection rules requires signed commits	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/BranchProtectionRequireSignedCommits.py
1482	CKV_GIT_6	resource	github_branch_protection_v3	Ensure GitHub branch protection rules requires signed commits	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/BranchProtectionRequireSignedCommits.py
1483	CKV2_GIT_1	resource	github_repository	Ensure each Repository has branch protection associated	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1484	CKV_GLB_1	resource	gitlab_project	Ensure at least two approving reviews are required to merge a GitLab MR	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gitlab/RequireTwoApprovalsToMerge.py
1485	CKV_GLB_2	resource	gitlab_branch_protection	Ensure GitLab branch protection rules does not allow force pushes	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gitlab/ForcePushDisabled.py
1486	CKV_GLB_3	resource	gitlab_project	Ensure GitLab prevent secrets is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gitlab/PreventSecretsEnabled.py
1487	CKV_GLB_4	resource	gitlab_project	Ensure GitLab commits are signed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gitlab/RejectUnsignedCommits.py
1488	CKV_K8S_1	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host process ID namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostPIDPSP.py
1489	CKV_K8S_2	resource	kubernetes_pod_security_policy	Do not admit privileged containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PrivilegedContainerPSP.py
1490	CKV_K8S_3	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host IPC namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostIPCPSP.py
1491	CKV_K8S_4	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host network namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespacePSP.py
1492	CKV_K8S_5	resource	kubernetes_pod_security_policy	Containers should not run with allowPrivilegeEscalation	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalationPSP.py
1493	CKV_K8S_6	resource	kubernetes_pod_security_policy	Do not admit root containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/RootContainerPSP.py
1494	CKV_K8S_7	resource	kubernetes_pod_security_policy	Do not admit containers with the NET_RAW capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DropCapabilitiesPSP.py
1495	CKV_K8S_8	resource	kubernetes_deployment	Liveness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py
1496	CKV_K8S_8	resource	kubernetes_deployment_v1	Liveness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py
1497	CKV_K8S_8	resource	kubernetes_pod	Liveness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py
1498	CKV_K8S_8	resource	kubernetes_pod_v1	Liveness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py
1499	CKV_K8S_9	resource	kubernetes_deployment	Readiness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py
1500	CKV_K8S_9	resource	kubernetes_deployment_v1	Readiness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py
1501	CKV_K8S_9	resource	kubernetes_pod	Readiness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py
1502	CKV_K8S_9	resource	kubernetes_pod_v1	Readiness Probe Should be Configured	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py
1503	CKV_K8S_10	resource	kubernetes_deployment	CPU requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPURequests.py
1504	CKV_K8S_10	resource	kubernetes_deployment_v1	CPU requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPURequests.py
1505	CKV_K8S_10	resource	kubernetes_pod	CPU requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPURequests.py
1506	CKV_K8S_10	resource	kubernetes_pod_v1	CPU requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPURequests.py
1507	CKV_K8S_11	resource	kubernetes_deployment	CPU Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPULimits.py
1508	CKV_K8S_11	resource	kubernetes_deployment_v1	CPU Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPULimits.py
1509	CKV_K8S_11	resource	kubernetes_pod	CPU Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPULimits.py
1510	CKV_K8S_11	resource	kubernetes_pod_v1	CPU Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/CPULimits.py
1511	CKV_K8S_12	resource	kubernetes_deployment	Memory Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py
1512	CKV_K8S_12	resource	kubernetes_deployment_v1	Memory Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py
1513	CKV_K8S_12	resource	kubernetes_pod	Memory Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py
1514	CKV_K8S_12	resource	kubernetes_pod_v1	Memory Limits should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py
1515	CKV_K8S_13	resource	kubernetes_deployment	Memory requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py
1516	CKV_K8S_13	resource	kubernetes_deployment_v1	Memory requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py
1517	CKV_K8S_13	resource	kubernetes_pod	Memory requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py
1518	CKV_K8S_13	resource	kubernetes_pod_v1	Memory requests should be set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py
1519	CKV_K8S_14	resource	kubernetes_deployment	Image Tag should be fixed - not latest or blank	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py
1520	CKV_K8S_14	resource	kubernetes_deployment_v1	Image Tag should be fixed - not latest or blank	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py
1521	CKV_K8S_14	resource	kubernetes_pod	Image Tag should be fixed - not latest or blank	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py
1522	CKV_K8S_14	resource	kubernetes_pod_v1	Image Tag should be fixed - not latest or blank	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py
1523	CKV_K8S_15	resource	kubernetes_deployment	Image Pull Policy should be Always	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py
1524	CKV_K8S_15	resource	kubernetes_deployment_v1	Image Pull Policy should be Always	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py
1525	CKV_K8S_15	resource	kubernetes_pod	Image Pull Policy should be Always	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py
1526	CKV_K8S_15	resource	kubernetes_pod_v1	Image Pull Policy should be Always	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py
1527	CKV_K8S_16	resource	kubernetes_deployment	Do not admit privileged containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py
1528	CKV_K8S_16	resource	kubernetes_deployment_v1	Do not admit privileged containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py
1529	CKV_K8S_16	resource	kubernetes_pod	Do not admit privileged containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py
1530	CKV_K8S_16	resource	kubernetes_pod_v1	Do not admit privileged containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py
1531	CKV_K8S_17	resource	kubernetes_deployment	Do not admit containers wishing to share the host process ID namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py
1532	CKV_K8S_17	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py
1533	CKV_K8S_17	resource	kubernetes_pod	Do not admit containers wishing to share the host process ID namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py
1534	CKV_K8S_17	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py
1535	CKV_K8S_18	resource	kubernetes_deployment	Do not admit containers wishing to share the host IPC namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py
1536	CKV_K8S_18	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py
1537	CKV_K8S_18	resource	kubernetes_pod	Do not admit containers wishing to share the host IPC namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py
1538	CKV_K8S_18	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py
1539	CKV_K8S_19	resource	kubernetes_deployment	Do not admit containers wishing to share the host network namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py
1540	CKV_K8S_19	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host network namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py
1541	CKV_K8S_19	resource	kubernetes_pod	Do not admit containers wishing to share the host network namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py
1542	CKV_K8S_19	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host network namespace	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py
1543	CKV_K8S_20	resource	kubernetes_deployment	Containers should not run with allowPrivilegeEscalation	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py
1544	CKV_K8S_20	resource	kubernetes_deployment_v1	Containers should not run with allowPrivilegeEscalation	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py
1545	CKV_K8S_20	resource	kubernetes_pod	Containers should not run with allowPrivilegeEscalation	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py
1546	CKV_K8S_20	resource	kubernetes_pod_v1	Containers should not run with allowPrivilegeEscalation	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py
1547	CKV_K8S_21	resource	kubernetes_config_map	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1548	CKV_K8S_21	resource	kubernetes_config_map_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1549	CKV_K8S_21	resource	kubernetes_cron_job	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1550	CKV_K8S_21	resource	kubernetes_cron_job_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1551	CKV_K8S_21	resource	kubernetes_daemon_set_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1552	CKV_K8S_21	resource	kubernetes_daemonset	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1553	CKV_K8S_21	resource	kubernetes_deployment	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1554	CKV_K8S_21	resource	kubernetes_deployment_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1555	CKV_K8S_21	resource	kubernetes_ingress	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1556	CKV_K8S_21	resource	kubernetes_ingress_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1557	CKV_K8S_21	resource	kubernetes_job	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1558	CKV_K8S_21	resource	kubernetes_job_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1559	CKV_K8S_21	resource	kubernetes_pod	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1560	CKV_K8S_21	resource	kubernetes_pod_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1561	CKV_K8S_21	resource	kubernetes_replication_controller	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1562	CKV_K8S_21	resource	kubernetes_replication_controller_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1563	CKV_K8S_21	resource	kubernetes_role_binding	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1564	CKV_K8S_21	resource	kubernetes_role_binding_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1565	CKV_K8S_21	resource	kubernetes_secret	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1566	CKV_K8S_21	resource	kubernetes_secret_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1567	CKV_K8S_21	resource	kubernetes_service	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1568	CKV_K8S_21	resource	kubernetes_service_account	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1569	CKV_K8S_21	resource	kubernetes_service_account_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1570	CKV_K8S_21	resource	kubernetes_service_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1571	CKV_K8S_21	resource	kubernetes_stateful_set	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1572	CKV_K8S_21	resource	kubernetes_stateful_set_v1	The default namespace should not be used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py
1573	CKV_K8S_22	resource	kubernetes_deployment	Use read-only filesystem for containers where possible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py
1574	CKV_K8S_22	resource	kubernetes_deployment_v1	Use read-only filesystem for containers where possible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py
1575	CKV_K8S_22	resource	kubernetes_pod	Use read-only filesystem for containers where possible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py
1576	CKV_K8S_22	resource	kubernetes_pod_v1	Use read-only filesystem for containers where possible	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py
1577	CKV_K8S_24	resource	kubernetes_pod_security_policy	Do not allow containers with added capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesPSP.py
1578	CKV_K8S_25	resource	kubernetes_deployment	Minimize the admission of containers with added capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py
1579	CKV_K8S_25	resource	kubernetes_deployment_v1	Minimize the admission of containers with added capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py
1580	CKV_K8S_25	resource	kubernetes_pod	Minimize the admission of containers with added capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py
1581	CKV_K8S_25	resource	kubernetes_pod_v1	Minimize the admission of containers with added capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py
1582	CKV_K8S_26	resource	kubernetes_deployment	Do not specify hostPort unless absolutely necessary	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/HostPort.py
1583	CKV_K8S_26	resource	kubernetes_deployment_v1	Do not specify hostPort unless absolutely necessary	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/HostPort.py
1584	CKV_K8S_26	resource	kubernetes_pod	Do not specify hostPort unless absolutely necessary	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/HostPort.py
1585	CKV_K8S_26	resource	kubernetes_pod_v1	Do not specify hostPort unless absolutely necessary	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/HostPort.py
1586	CKV_K8S_27	resource	kubernetes_daemon_set_v1	Do not expose the docker daemon socket to containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py
1587	CKV_K8S_27	resource	kubernetes_daemonset	Do not expose the docker daemon socket to containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py
1588	CKV_K8S_27	resource	kubernetes_deployment	Do not expose the docker daemon socket to containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py
1589	CKV_K8S_27	resource	kubernetes_deployment_v1	Do not expose the docker daemon socket to containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py
1590	CKV_K8S_27	resource	kubernetes_pod	Do not expose the docker daemon socket to containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py
1591	CKV_K8S_27	resource	kubernetes_pod_v1	Do not expose the docker daemon socket to containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py
1592	CKV_K8S_28	resource	kubernetes_deployment	Minimize the admission of containers with the NET_RAW capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py
1593	CKV_K8S_28	resource	kubernetes_deployment_v1	Minimize the admission of containers with the NET_RAW capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py
1594	CKV_K8S_28	resource	kubernetes_pod	Minimize the admission of containers with the NET_RAW capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py
1595	CKV_K8S_28	resource	kubernetes_pod_v1	Minimize the admission of containers with the NET_RAW capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py
1596	CKV_K8S_29	resource	kubernetes_daemon_set_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py
1597	CKV_K8S_29	resource	kubernetes_daemonset	Apply security context to your pods, deployments and daemon_sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py
1598	CKV_K8S_29	resource	kubernetes_deployment	Apply security context to your pods, deployments and daemon_sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py
1599	CKV_K8S_29	resource	kubernetes_deployment_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py
1600	CKV_K8S_29	resource	kubernetes_pod	Apply security context to your pods, deployments and daemon_sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py
1601	CKV_K8S_29	resource	kubernetes_pod_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py
1602	CKV_K8S_30	resource	kubernetes_deployment	Apply security context to your pods and containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py
1603	CKV_K8S_30	resource	kubernetes_deployment_v1	Apply security context to your pods and containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py
1604	CKV_K8S_30	resource	kubernetes_pod	Apply security context to your pods and containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py
1605	CKV_K8S_30	resource	kubernetes_pod_v1	Apply security context to your pods and containers	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py
1606	CKV_K8S_32	resource	kubernetes_pod_security_policy	Ensure default seccomp profile set to docker/default or runtime/default	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/SeccompPSP.py
1607	CKV_K8S_34	resource	kubernetes_deployment	Ensure that Tiller (Helm v2) is not deployed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Tiller.py
1608	CKV_K8S_34	resource	kubernetes_deployment_v1	Ensure that Tiller (Helm v2) is not deployed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Tiller.py
1609	CKV_K8S_34	resource	kubernetes_pod	Ensure that Tiller (Helm v2) is not deployed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Tiller.py
1610	CKV_K8S_34	resource	kubernetes_pod_v1	Ensure that Tiller (Helm v2) is not deployed	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Tiller.py
1611	CKV_K8S_35	resource	kubernetes_deployment	Prefer using secrets as files over secrets as environment variables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Secrets.py
1612	CKV_K8S_35	resource	kubernetes_deployment_v1	Prefer using secrets as files over secrets as environment variables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Secrets.py
1613	CKV_K8S_35	resource	kubernetes_pod	Prefer using secrets as files over secrets as environment variables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Secrets.py
1614	CKV_K8S_35	resource	kubernetes_pod_v1	Prefer using secrets as files over secrets as environment variables	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/Secrets.py
1615	CKV_K8S_36	resource	kubernetes_pod_security_policy	Minimise the admission of containers with capabilities assigned	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilitiesPSP.py
1616	CKV_K8S_37	resource	kubernetes_deployment	Minimise the admission of containers with capabilities assigned	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py
1617	CKV_K8S_37	resource	kubernetes_deployment_v1	Minimise the admission of containers with capabilities assigned	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py
1618	CKV_K8S_37	resource	kubernetes_pod	Minimise the admission of containers with capabilities assigned	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py
1619	CKV_K8S_37	resource	kubernetes_pod_v1	Minimise the admission of containers with capabilities assigned	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py
1620	CKV_K8S_39	resource	kubernetes_deployment	Do not use the CAP_SYS_ADMIN linux capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py
1621	CKV_K8S_39	resource	kubernetes_deployment_v1	Do not use the CAP_SYS_ADMIN linux capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py
1622	CKV_K8S_39	resource	kubernetes_pod	Do not use the CAP_SYS_ADMIN linux capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py
1623	CKV_K8S_39	resource	kubernetes_pod_v1	Do not use the CAP_SYS_ADMIN linux capability	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py
1624	CKV_K8S_41	resource	kubernetes_service_account	Ensure that default service accounts are not actively used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccount.py
1625	CKV_K8S_41	resource	kubernetes_service_account_v1	Ensure that default service accounts are not actively used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccount.py
1626	CKV_K8S_42	resource	kubernetes_cluster_role_binding	Ensure that default service accounts are not actively used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py
1627	CKV_K8S_42	resource	kubernetes_cluster_role_binding_v1	Ensure that default service accounts are not actively used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py
1628	CKV_K8S_42	resource	kubernetes_role_binding	Ensure that default service accounts are not actively used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py
1629	CKV_K8S_42	resource	kubernetes_role_binding_v1	Ensure that default service accounts are not actively used	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py
1630	CKV_K8S_43	resource	kubernetes_deployment	Image should use digest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageDigest.py
1631	CKV_K8S_43	resource	kubernetes_deployment_v1	Image should use digest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageDigest.py
1632	CKV_K8S_43	resource	kubernetes_pod	Image should use digest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageDigest.py
1633	CKV_K8S_43	resource	kubernetes_pod_v1	Image should use digest	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/ImageDigest.py
1634	CKV_K8S_44	resource	kubernetes_service	Ensure that the Tiller Service (Helm v2) is deleted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/TillerService.py
1635	CKV_K8S_44	resource	kubernetes_service_v1	Ensure that the Tiller Service (Helm v2) is deleted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/TillerService.py
1636	CKV_K8S_49	resource	kubernetes_cluster_role	Minimize wildcard use in Roles and ClusterRoles	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py
1637	CKV_K8S_49	resource	kubernetes_cluster_role_v1	Minimize wildcard use in Roles and ClusterRoles	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py
1638	CKV_K8S_49	resource	kubernetes_role	Minimize wildcard use in Roles and ClusterRoles	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py
1639	CKV_K8S_49	resource	kubernetes_role_v1	Minimize wildcard use in Roles and ClusterRoles	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py
1640	CKV_LIN_1	provider	linode	Ensure no hard coded Linode tokens exist in provider	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/provider/linode/credentials.py
1641	CKV_LIN_2	resource	linode_instance	Ensure SSH key set in authorized_keys	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/linode/authorized_keys.py
1642	CKV_LIN_3	resource	linode_user	Ensure email is set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/linode/user_email_set.py
1643	CKV_LIN_4	resource	linode_user	Ensure username is set	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/linode/user_username_set.py
1644	CKV_LIN_5	resource	linode_firewall	Ensure Inbound Firewall Policy is not set to ACCEPT	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/linode/firewall_inbound_policy.py
1645	CKV_LIN_6	resource	linode_firewall	Ensure Outbound Firewall Policy is not set to ACCEPT	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/linode/firewall_outbound_policy.py
1646	CKV_NCP_1	resource	ncloud_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/LBTargetGroupDefinesHealthCheck.py
1647	CKV_NCP_2	resource	ncloud_access_control_group	Ensure every access control groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/AccessControlGroupRuleDescription.py
1648	CKV_NCP_2	resource	ncloud_access_control_group_rule	Ensure every access control groups rule has a description	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/AccessControlGroupRuleDescription.py
1649	CKV_NCP_3	resource	ncloud_access_control_group_rule	Ensure no security group rules allow outbound traffic to 0.0.0.0/0	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/AccessControlGroupOutboundRule.py
1650	CKV_NCP_4	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort22.py
1651	CKV_NCP_5	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort3389.py
1652	CKV_NCP_6	resource	ncloud_server	Ensure Server instance is encrypted.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/ServerEncryptionVPC.py
1653	CKV_NCP_7	resource	ncloud_launch_configuration	Ensure Basic Block storage is encrypted.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/LaunchConfigurationEncryptionVPC.py
1654	CKV_NCP_8	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 20	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NACLInbound20.py
1655	CKV_NCP_9	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 21	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NACLInbound21.py
1656	CKV_NCP_10	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NACLInbound22.py
1657	CKV_NCP_11	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 3389	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NACLInbound3389.py
1658	CKV_NCP_12	resource	ncloud_network_acl_rule	An inbound Network ACL rule should not allow ALL ports.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NACLPortCheck.py
1659	CKV_NCP_13	resource	ncloud_lb_listener	Ensure LB Listener uses only secure protocols	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/LBListenerUsesSecureProtocols.py
1660	CKV_NCP_14	resource	ncloud_nas_volume	Ensure NAS is securely encrypted	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NASEncryptionEnabled.py
1661	CKV_NCP_15	resource	ncloud_lb_target_group	Ensure Load Balancer Target Group is not using HTTP	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/LBTargetGroupUsingHTTPS.py
1662	CKV_NCP_16	resource	ncloud_lb	Ensure Load Balancer isn’t exposed to the internet	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py
1663	CKV_NCP_19	resource	ncloud_nks_cluster	Ensure Naver Kubernetes Service public endpoint disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NKSPublicAccess.py
1664	CKV_NCP_22	resource	ncloud_nks_cluster	Ensure NKS control plane logging enabled for all log types	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py
1665	CKV_NCP_23	resource	ncloud_public_ip	Ensure Server instance should not have public IP.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/ServerPublicIP.py
1666	CKV_NCP_24	resource	ncloud_lb_listener	Ensure Load Balancer Listener Using HTTPS	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/LBListenerUsingHTTPS.py
1667	CKV_NCP_25	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 80	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort80.py
1668	CKV_NCP_26	resource	ncloud_access_control_group	Ensure Access Control Group has Access Control Group Rule attached	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1669	CKV_OCI_1	provider	oci	Ensure no hard coded OCI private key in provider	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/provider/oci/credentials.py
1670	CKV_OCI_2	resource	oci_core_volume	Ensure OCI Block Storage Block Volume has backup enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/StorageBlockBackupEnabled.py
1671	CKV_OCI_3	resource	oci_core_volume	OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/StorageBlockEncryption.py
1672	CKV_OCI_4	resource	oci_core_instance	Ensure OCI Compute Instance boot volume has in-transit data encryption enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/InstanceBootVolumeIntransitEncryption.py
1673	CKV_OCI_5	resource	oci_core_instance	Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/InstanceMetadataServiceEnabled.py
1674	CKV_OCI_6	resource	oci_core_instance	Ensure OCI Compute Instance has monitoring enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/InstanceMonitoringEnabled.py
1675	CKV_OCI_7	resource	oci_objectstorage_bucket	Ensure OCI Object Storage bucket can emit object events	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/ObjectStorageEmitEvents.py
1676	CKV_OCI_8	resource	oci_objectstorage_bucket	Ensure OCI Object Storage has versioning enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/ObjectStorageVersioning.py
1677	CKV_OCI_9	resource	oci_objectstorage_bucket	Ensure OCI Object Storage is encrypted with Customer Managed Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/ObjectStorageEncryption.py
1678	CKV_OCI_10	resource	oci_objectstorage_bucket	Ensure OCI Object Storage is not Public	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/ObjectStoragePublic.py
1679	CKV_OCI_11	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain lower case	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/IAMPasswordPolicyLowerCase.py
1680	CKV_OCI_12	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Numeric characters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/IAMPasswordPolicyNumeric.py
1681	CKV_OCI_13	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Special characters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/IAMPasswordPolicySpecialCharacters.py
1682	CKV_OCI_14	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Uppercase characters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/IAMPasswordPolicyUpperCase.py
1683	CKV_OCI_15	resource	oci_file_storage_file_system	Ensure OCI File System is Encrypted with a customer Managed Key	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/FileSystemEncryption.py
1684	CKV_OCI_16	resource	oci_core_security_list	Ensure VCN has an inbound security list	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/SecurityListIngress.py
1685	CKV_OCI_17	resource	oci_core_security_list	Ensure VCN inbound security lists are stateless	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/SecurityListIngressStateless.py
1686	CKV_OCI_18	resource	oci_identity_authentication_policy	OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/IAMPasswordLength.py
1687	CKV_OCI_19	resource	oci_core_security_list	Ensure no security list allow ingress from 0.0.0.0:0 to port 22.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/SecurityListUnrestrictedIngress22.py
1688	CKV_OCI_20	resource	oci_core_security_list	Ensure no security list allow ingress from 0.0.0.0:0 to port 3389.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/SecurityListUnrestrictedIngress3389.py
1689	CKV_OCI_21	resource	oci_core_network_security_group_security_rule	Ensure security group has stateless ingress security rules	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/SecurityGroupsIngressStatelessSecurityRules.py
1690	CKV_OCI_22	resource	oci_core_network_security_group_security_rule	Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/oci/AbsSecurityGroupUnrestrictedIngress.py
1691	CKV2_OCI_1	resource	oci_identity_group	Ensure administrator users are not associated with API keys	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1692	CKV2_OCI_1	resource	oci_identity_user	Ensure administrator users are not associated with API keys	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1693	CKV2_OCI_1	resource	oci_identity_user_group_membership	Ensure administrator users are not associated with API keys	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/common/graph/checks_infra/base_check.py
1694	CKV_OPENSTACK_1	provider	openstack	Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/provider/openstack/credentials.py
1695	CKV_OPENSTACK_2	resource	openstack_compute_secgroup_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress22.py
1696	CKV_OPENSTACK_2	resource	openstack_networking_secgroup_rule_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress22.py
1697	CKV_OPENSTACK_3	resource	openstack_compute_secgroup_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress3389.py
1698	CKV_OPENSTACK_3	resource	openstack_networking_secgroup_rule_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress3389.py
1699	CKV_OPENSTACK_4	resource	openstack_compute_instance_v2	Ensure that instance does not use basic credentials	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/openstack/ComputeInstanceAdminPassword.py
1700	CKV_OPENSTACK_5	resource	openstack_fw_rule_v1	Ensure firewall rule set a destination IP	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/openstack/FirewallRuleSetDestinationIP.py
1701	CKV_PAN_1	provider	panos	Ensure no hard coded PAN-OS credentials exist in provider	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/provider/panos/credentials.py
1702	CKV_PAN_2	resource	panos_management_profile	Ensure plain-text management HTTP is not enabled for an Interface Management Profile	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/InterfaceMgmtProfileNoHTTP.py
1703	CKV_PAN_3	resource	panos_management_profile	Ensure plain-text management Telnet is not enabled for an Interface Management Profile	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/InterfaceMgmtProfileNoTelnet.py
1704	CKV_PAN_4	resource	panos_security_policy	Ensure DSRI is not enabled within security policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoDSRI.py
1705	CKV_PAN_4	resource	panos_security_rule_group	Ensure DSRI is not enabled within security policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoDSRI.py
1706	CKV_PAN_5	resource	panos_security_policy	Ensure security rules do not have ‘applications’ set to ‘any’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoApplicationAny.py
1707	CKV_PAN_5	resource	panos_security_rule_group	Ensure security rules do not have ‘applications’ set to ‘any’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoApplicationAny.py
1708	CKV_PAN_6	resource	panos_security_policy	Ensure security rules do not have ‘services’ set to ‘any’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoServiceAny.py
1709	CKV_PAN_6	resource	panos_security_rule_group	Ensure security rules do not have ‘services’ set to ‘any’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoServiceAny.py
1710	CKV_PAN_7	resource	panos_security_policy	Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoSrcAnyDstAny.py
1711	CKV_PAN_7	resource	panos_security_rule_group	Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyNoSrcAnyDstAny.py
1712	CKV_PAN_8	resource	panos_security_policy	Ensure description is populated within security policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyDescription.py
1713	CKV_PAN_8	resource	panos_security_rule_group	Ensure description is populated within security policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyDescription.py
1714	CKV_PAN_9	resource	panos_security_policy	Ensure a Log Forwarding Profile is selected for each security policy rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyLogForwarding.py
1715	CKV_PAN_9	resource	panos_security_rule_group	Ensure a Log Forwarding Profile is selected for each security policy rule	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyLogForwarding.py
1716	CKV_PAN_10	resource	panos_security_policy	Ensure logging at session end is enabled within security policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyLoggingEnabled.py
1717	CKV_PAN_10	resource	panos_security_rule_group	Ensure logging at session end is enabled within security policies	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/PolicyLoggingEnabled.py
1718	CKV_PAN_11	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure encryption algorithms	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/NetworkIPsecAlgorithms.py
1719	CKV_PAN_11	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure encryption algorithms	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/NetworkIPsecAlgorithms.py
1720	CKV_PAN_12	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/NetworkIPsecAuthAlgorithms.py
1721	CKV_PAN_12	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/NetworkIPsecAuthAlgorithms.py
1722	CKV_PAN_13	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure protocols	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/NetworkIPsecProtocols.py
1723	CKV_PAN_13	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure protocols	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/NetworkIPsecProtocols.py
1724	CKV_PAN_14	resource	panos_panorama_zone	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/ZoneProtectionProfile.py
1725	CKV_PAN_14	resource	panos_zone	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/ZoneProtectionProfile.py
1726	CKV_PAN_14	resource	panos_zone_entry	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/ZoneProtectionProfile.py
1727	CKV_PAN_15	resource	panos_panorama_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/ZoneUserIDIncludeACL.py
1728	CKV_PAN_15	resource	panos_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/panos/ZoneUserIDIncludeACL.py
1729	CKV_YC_1	resource	yandex_mdb_clickhouse_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1730	CKV_YC_1	resource	yandex_mdb_elasticsearch_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1731	CKV_YC_1	resource	yandex_mdb_greenplum_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1732	CKV_YC_1	resource	yandex_mdb_kafka_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1733	CKV_YC_1	resource	yandex_mdb_mongodb_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1734	CKV_YC_1	resource	yandex_mdb_mysql_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1735	CKV_YC_1	resource	yandex_mdb_postgresql_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1736	CKV_YC_1	resource	yandex_mdb_redis_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1737	CKV_YC_1	resource	yandex_mdb_sqlserver_cluster	Ensure security group is assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py
1738	CKV_YC_2	resource	yandex_compute_instance	Ensure compute instance does not have public IP.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ComputeVMPublicIP.py
1739	CKV_YC_3	resource	yandex_storage_bucket	Ensure storage bucket is encrypted.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ObjectStorageBucketEncryption.py
1740	CKV_YC_4	resource	yandex_compute_instance	Ensure compute instance does not have serial console enabled.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ComputeVMSerialConsole.py
1741	CKV_YC_5	resource	yandex_kubernetes_cluster	Ensure Kubernetes cluster does not have public IP address.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SPublicIP.py
1742	CKV_YC_6	resource	yandex_kubernetes_node_group	Ensure Kubernetes cluster node group does not have public IP addresses.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SNodeGroupPublicIP.py
1743	CKV_YC_7	resource	yandex_kubernetes_cluster	Ensure Kubernetes cluster auto-upgrade is enabled.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SAutoUpgrade.py
1744	CKV_YC_8	resource	yandex_kubernetes_node_group	Ensure Kubernetes node group auto-upgrade is enabled.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SNodeGroupAutoUpgrade.py
1745	CKV_YC_9	resource	yandex_kms_symmetric_key	Ensure KMS symmetric key is rotated.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/KMSSymmetricKeyRotation.py
1746	CKV_YC_10	resource	yandex_kubernetes_cluster	Ensure etcd database is encrypted with KMS key.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SEtcdKMSEncryption.py
1747	CKV_YC_11	resource	yandex_compute_instance	Ensure security group is assigned to network interface.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ComputeVMSecurityGroup.py
1748	CKV_YC_12	resource	yandex_mdb_clickhouse_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1749	CKV_YC_12	resource	yandex_mdb_elasticsearch_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1750	CKV_YC_12	resource	yandex_mdb_greenplum_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1751	CKV_YC_12	resource	yandex_mdb_kafka_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1752	CKV_YC_12	resource	yandex_mdb_mongodb_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1753	CKV_YC_12	resource	yandex_mdb_mysql_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1754	CKV_YC_12	resource	yandex_mdb_postgresql_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1755	CKV_YC_12	resource	yandex_mdb_sqlserver_cluster	Ensure public IP is not assigned to database cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py
1756	CKV_YC_13	resource	yandex_resourcemanager_cloud_iam_binding	Ensure cloud member does not have elevated access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMCloudElevatedMembers.py
1757	CKV_YC_13	resource	yandex_resourcemanager_cloud_iam_member	Ensure cloud member does not have elevated access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMCloudElevatedMembers.py
1758	CKV_YC_14	resource	yandex_kubernetes_cluster	Ensure security group is assigned to Kubernetes cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SSecurityGroup.py
1759	CKV_YC_15	resource	yandex_kubernetes_node_group	Ensure security group is assigned to Kubernetes node group.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SNodeGroupSecurityGroup.py
1760	CKV_YC_16	resource	yandex_kubernetes_cluster	Ensure network policy is assigned to Kubernetes cluster.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/K8SNetworkPolicy.py
1761	CKV_YC_17	resource	yandex_storage_bucket	Ensure storage bucket does not have public access permissions.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ObjectStorageBucketPublicAccess.py
1762	CKV_YC_18	resource	yandex_compute_instance_group	Ensure compute instance group does not have public IP.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ComputeInstanceGroupPublicIP.py
1763	CKV_YC_19	resource	yandex_vpc_security_group	Ensure security group does not contain allow-all rules.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/VPCSecurityGroupAllowAll.py
1764	CKV_YC_20	resource	yandex_vpc_security_group_rule	Ensure security group rule is not allow-all.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/VPCSecurityGroupRuleAllowAll.py
1765	CKV_YC_21	resource	yandex_organizationmanager_organization_iam_binding	Ensure organization member does not have elevated access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMOrganizationElevatedMembers.py
1766	CKV_YC_21	resource	yandex_organizationmanager_organization_iam_member	Ensure organization member does not have elevated access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMOrganizationElevatedMembers.py
1767	CKV_YC_22	resource	yandex_compute_instance_group	Ensure compute instance group has security group assigned.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/ComputeInstanceGroupSecurityGroup.py
1768	CKV_YC_23	resource	yandex_resourcemanager_folder_iam_binding	Ensure folder member does not have elevated access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMFolderElevatedMembers.py
1769	CKV_YC_23	resource	yandex_resourcemanager_folder_iam_member	Ensure folder member does not have elevated access.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMFolderElevatedMembers.py
1770	CKV_YC_24	resource	yandex_organizationmanager_organization_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py
1771	CKV_YC_24	resource	yandex_organizationmanager_organization_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py
1772	CKV_YC_24	resource	yandex_resourcemanager_cloud_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py
1773	CKV_YC_24	resource	yandex_resourcemanager_cloud_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py
1774	CKV_YC_24	resource	yandex_resourcemanager_folder_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py
1775	CKV_YC_24	resource	yandex_resourcemanager_folder_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py

---