Medium
—
us-east-1
i-00dac9a2d32a3cd01
EC2 Instance uses public IP address.
If you do not need your EC2 instance to be reachable from the Internet, remove the public IP address from it.
More info
Low
—
us-east-1
i-00dac9a2d32a3cd01
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-east-1
i-00dac9a2d32a3cd01
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Medium
—
us-east-1
i-0ece894d6d29136f5
EC2 Instance uses public IP address.
If you do not need your EC2 instance to be reachable from the Internet, remove the public IP address from it.
More info
Low
—
us-east-1
i-0ece894d6d29136f5
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-east-1
i-0ece894d6d29136f5
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Medium
—
us-east-1
vol-004919a0d32e05d34
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-east-1
vol-004919a0d32e05d34
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Medium
—
us-east-1
vol-074257a397fadc9ec
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-east-1
vol-074257a397fadc9ec
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Low
—
us-east-1
sg-0398ead5692ea25fb
EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
Low
—
us-east-1
sg-086d6bcb3045b0e06
EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
Low
—
us-east-1
sg-09e3ee11e2cd42ede
EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-1
sg-0be4454dc243daa89
Default security group with 2 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-1
sg-0cf4e19eb2fc096da
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-1
sg-0f1857e87433d40ce
Default security group with 2 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Medium
—
us-east-2
eipalloc-0cc2fb68d9464496b
Elastic IP not associated with any resource.
Delete the unised IP to avoid an hourly charge for an Elastic IP address not associated with any running instance.
More info
Medium
—
us-east-2
eipalloc-0c40ecff557dc093e
Elastic IP not associated with any resource.
Delete the unised IP to avoid an hourly charge for an Elastic IP address not associated with any running instance.
More info
Medium
—
us-east-2
eipalloc-0af2a290d5e8fcc87
Elastic IP not associated with any resource.
Delete the unised IP to avoid an hourly charge for an Elastic IP address not associated with any running instance.
More info
Medium
—
us-east-2
eipalloc-01ab2c85c31e3bb51
Elastic IP not associated with any resource.
Delete the unised IP to avoid an hourly charge for an Elastic IP address not associated with any running instance.
More info
Critical
—
us-east-2
EC2
The number of allocated Elastic IP addresses for use with instances in a VPC has reached its limit: 5 out of 5 addresses are in use.
If you think your architecture warrants additional VPC Elastic IP addresses, you can request a quota increase directly from the Service Quotas console.
More info
Critical
—
us-east-2
sg-005d502860fac8127
The security group allows all IP addresses to access your instance using SSH service over TCP port 22.
Authorize only a specific IP address or range of addresses to access your instance.
More info
Low
—
us-east-2
sg-00d08eb45cd7010d7
EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
Critical
—
us-east-2
sg-00d08eb45cd7010d7
The security group allows all IP addresses to access your instance using SSH service over TCP port 22.
Authorize only a specific IP address or range of addresses to access your instance.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-2
sg-0350acc1c67617b6d
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-2
sg-071bb37c316ae7808
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-2
sg-0a8cef89f1e98930c
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-2
sg-0cbbda7c
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-east-2
sg-0fa59556ef2020a9e
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-west-1
sg-f46b0b82
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Medium
—
us-west-2
EC2ContainerService-Rony-EFC-ECS-Test-EcsInstanceAsg-1BNE3TD6NPE91
Auto Scaling group does not have activity notification configured.
Create activity notification for your Auto Scaling group.
More info
Low
—
us-west-2
i-0548a56d248a067d8
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-west-2
i-0548a56d248a067d8
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Medium
—
us-west-2
i-0362782bc36ed6a41
EC2 Instance uses public IP address.
If you do not need your EC2 instance to be reachable from the Internet, remove the public IP address from it.
More info
Low
—
us-west-2
i-0362782bc36ed6a41
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-west-2
i-0362782bc36ed6a41
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Medium
—
us-west-2
i-0f55b11c76adbbe3d
EC2 Instance uses public IP address.
If you do not need your EC2 instance to be reachable from the Internet, remove the public IP address from it.
More info
Low
—
us-west-2
i-0f55b11c76adbbe3d
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-west-2
i-0f55b11c76adbbe3d
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Low
—
us-west-2
i-087073f185b54ed12
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-west-2
i-087073f185b54ed12
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Medium
—
us-west-2
i-0c1b1df0b7efb0b57
EC2 Instance uses public IP address.
If you do not need your EC2 instance to be reachable from the Internet, remove the public IP address from it.
More info
Low
—
us-west-2
i-0c1b1df0b7efb0b57
No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
Critical
—
us-west-2
i-0c1b1df0b7efb0b57
Insecure Instance Meta Data Service (IMDSv1) was found.
IMDSv1 can be exploited by SSRF or XML XXE attacks, as it happened in Capital One data breach, impacting 106M people. Transition to IMDSv2.
More info
Medium
—
us-west-2
i-0c1b1df0b7efb0b57
Found 1 overlap in the security group rules: "tcp:80 [0.0.0.0/0]" in "eks-cluster-sg-test-fargate-west2-1589044931", "EFS-access-4-Cluster-Rony-EFC-ECS-Test".
To reduce the risk of unintended access to the instance, analyse your security groups and remove any overlaps among the rules.
More info
Medium
—
us-west-2
vol-05830c14eadc21ea2
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-west-2
vol-05830c14eadc21ea2
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Medium
—
us-west-2
vol-06d98619c32de5968
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-west-2
vol-06d98619c32de5968
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Medium
—
us-west-2
vol-0ee3ff4a2100dc2f3
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-west-2
vol-0ee3ff4a2100dc2f3
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Medium
—
us-west-2
vol-0dbacadab7b315e80
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-west-2
vol-0dbacadab7b315e80
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Medium
—
us-west-2
vol-0987ccd97176d01ee
No Lifecycle Policy configured.
Configure Amazon Data Lifecycle Manager to protect data by enforcing regular backups, to retain them as required by auditors or internal compliance, and to create disaster recovery backup policies.
More info
Medium
CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption)
us-west-2
vol-0987ccd97176d01ee
No EBS encryption found.
Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt.
More info
Critical
—
us-west-2
sg-008b20c9103b66b66
The security group allows all IP addresses to access your instance using SSH service over TCP port 22.
Authorize only a specific IP address or range of addresses to access your instance.
More info
Critical
—
us-west-2
sg-00aefbbc4e8c94127
The security group allows all IP addresses to access your instance using SSH service over TCP port 22.
Authorize only a specific IP address or range of addresses to access your instance.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-west-2
sg-08a4e95779202da87
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
—
us-west-2
sg-0a5c0766337509406
EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
Critical
—
us-west-2
sg-0a5c0766337509406
The security group allows all IP addresses to access your instance using SSH service over TCP port 22.
Authorize only a specific IP address or range of addresses to access your instance.
More info
Low
—
us-west-2
sg-0a7a7778280d5d4fd
EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
Critical
—
us-west-2
sg-0a7a7778280d5d4fd
The security group allows all IP addresses to access your instance using SSH service over TCP port 22.
Authorize only a specific IP address or range of addresses to access your instance.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-west-2
sg-0d2059d6f62212dde
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-west-2
sg-0d21142c1e8c610f7
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
us-west-2
sg-b7f7f595
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
ap-south-1
sg-3d5f1d44
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
ap-northeast-2
sg-34ef8e4c
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
ap-southeast-1
sg-7ffd8e36
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
ap-southeast-2
sg-a4bacfef
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
ap-northeast-1
sg-68a91027
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
ca-central-1
sg-19392c7e
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
eu-central-1
sg-577d7728
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
eu-west-1
sg-d77d858c
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
eu-west-2
sg-dc55b6a4
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
eu-west-3
sg-48a3d32a
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
eu-north-1
sg-3e01de5d
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
Low
CIS 5.4 PCI DSS (Networking) HIPAA (Networking)
sa-east-1
sg-07b33375
Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info