cloudformation
Non-encrypted confidential information - Redshift Cluster - cloudformation
Need Encryption of confidential information in AWS Redshift Cluster Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS Redshift cluster resources for managing Amazon Redshift clusters Description Non compliant code ...
Traceability Loss - API Gateway - cloudformation
Need Enhancement of traceability and logging capabilities in API Gateway Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code Resources: MyRestApi: ...
Non-encrypted confidential information - EBS Volumes - cloudformation
Need Secure encryption of confidential information stored in EBS volumes Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of aws-sdk for interacting with Amazon Web Services (AWS) services Description Non compliant code ...
Non-encrypted confidential information - EFS - cloudformation
Need Secure encryption of confidential information in AWS Elastic File System (EFS) using Customer Managed Keys (CMKs) Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS resources such as EFS and KMS Description Non ...
Traceability Loss - AWS - cloudformation
Need Enhancement of traceability and logging in AWS instances Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS resources such as EC2, ELB, and S3 Description Non compliant code Resources: MyInstance: Type: ...
Insecure service configuration - KMS - cloudformation
Need Enforce automatic key rotation for KMS service Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS KMS Key for encryption and decryption of data Description Non compliant code Resources: MyKmsKey: Type: AWS::KMS::Key ...
Insufficient data authenticity validation - CloudTrail Logs - cloudformation
Need Improved data authenticity validation for CloudTrail Logs Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS CloudTrail for logging and monitoring AWS API activity Usage of AWS S3 Bucket for storing and retrieving ...
Use of an insecure channel - HTTP - cloudformation
Need Secure transmission of client information Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code Resources: WebSecurityGroup: Type: ...
Weak credential policy - Password strength - cloudformation
Need Implementation of a strong password policy Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS IAM for managing user access and permissions Description Non compliant code Resources: WeakIAMUser: Type: AWS::IAM::User ...
Insecure service configuration - Bucket - cloudformation
Need Enabling secure service configuration for S3 buckets Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS native service to manage infrastructure as code Description Non compliant code Resources: InsecureBucket: Type: ...
Insecure service configuration - EC2 - cloudformation
Need Secure configuration of EC2 instances Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS native service to manage infrastructure as code Description Non compliant code Resources: InsecureInstance: Type: ...
Insecure protocol allowed in security group - cloudformation
Need Detection and prevention of insecure communication protocols Context Usage of AWS CloudFormation (IaC) to define infrastructure Definition of EC2 Security Groups using AWS::EC2::SecurityGroup Evaluation of ingress rules that permit communication ...
Excessive privileges - Wildcards - cloudformation
Need Restriction of privileges and removal of wildcard usage Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS IAM Roles for managing access and permissions in AWS services Usage of AWS IAM Role Policy for defining ...
Insecure service configuration - Certificates - cloudformation
Need Ensure proper validation and configuration of X.509 certificates in AWS services Context Usage of CloudFormation for Infrastructure as Code (IaC) Configuration of services using TLS/SSL certificates Description Non compliant code Resources: ...
Use of an insecure channel - Cloud Infrastructure - cloudformation
Need Secure communication channels for data transmission in AWS Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code Parameters: AccessKey: Type: ...
Lack of protection against deletion - DynamoDB - cloudformation
Need Implementation of data backup and recovery mechanisms for DynamoDB instances Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services (AWS) services Description Non compliant ...
Lack of protection against deletion - ELB - cloudformation
Need Enable Deletion Protection for Elastic Load Balancing Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS::ElasticLoadBalancing::LoadBalancer for managing and configuring AWS Elastic Load Balancer Description Non ...
Lack of protection against deletion - RDS - cloudformation
Need Implementation of safeguards to prevent accidental or unauthorized deletion of databases in Amazon Web Services RDS. Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services ...
Non-encrypted hard drives - cloudformation
Need Implementation of full disk encryption Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code AWSTemplateFormatVersion: '2010-09-09' ...
Non-encrypted confidential information - DB - cloudformation
Need Secure storage of confidential information in the database Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code Resources: InsecureDB: Type: ...
Unauthorized access to files - Cloud Storage Services - cloudformation
Need Prevent unauthorized access to cloud storage services configured with CloudFormation Context Risk of publicly exposed cloud storage resources Potential unauthorized access to files stored in cloud storage services Description Non compliant code ...
Insecure service configuration - Security Groups - cloudformation
Need Secure configuration of EC2 Security Groups Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS native services to manage EC2 resources Description Non compliant code Resources: InsecureEC2Instance: Type: ...
Insecure service configuration - AWS Security Groups - cloudformation
Need Secure configuration of AWS security groups Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS Security Groups for network access control Description Non compliant code Resources: InsecureSecurityGroup: Type: ...
Unrestricted access between network segments - RDS - cloudformation
Need Restrict access between network segments for RDS instances Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS::RDS::DBInstance for managing and interacting with AWS RDS database instances Description Non compliant code ...
Non-encrypted confidential information - S3 Server Side Encryption - cloudformation
Need Enforcement of Server-Side Encryption for all S3 buckets Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Ensuring data security in Amazon S3 buckets Description Non compliant code Resources: InsecureS3Bucket: Type: ...
Lack of multi-factor authentication - cloudformation
Need Ensure IAM policies enforce Multi-Factor Authentication (MFA) to prevent unauthorized access and privilege escalation. Context AWS CloudFormation used for defining IAM policies Multi-Factor Authentication (MFA) is essential for secure access ...
Improper authorization control for web services - RDS - cloudformation
Need Enhancement of authorization controls for web services - RDS Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code AWSTemplateFormatVersion: ...
Insecure HTTP methods enabled - cloudformation
Need Restrict HTTP methods to only those necessary for the application's functionality to prevent security risks. Context HTTP methods define how clients interact with a server, but some methods can introduce security risks if not properly ...
Excessive privileges - AWS - cloudformation
Need Restriction of privileges to the minimum necessary level Context Usage of CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code AWSTemplateFormatVersion: ...
Unrestricted access between network segments - AWS - cloudformation
Need Enforce restricted access between network segments in AWS Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS::EC2::SecurityGroup for managing network access in AWS Description Non compliant code Resources: ...
Insecure encryption algorithm - SSL/TLS - cloudformation
Need Implementation of secure encryption algorithms and disabling insecure TLS protocol versions. Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS::ElasticLoadBalancingV2::Listener for managing load balancer listeners ...
Privilege escalation - cloudformation
Need Enhancement of role-based access control to prevent unauthorized privilege escalation Context Usage of AWS CloudFormation for Infrastructure as Code (IaC) Usage of AWS SDK for interacting with Amazon Web Services Description Non compliant code ...