VPC High —
us-east-1
vpc-07f3b77c454b3c310 VPC has only one subnet.
For high availability, use multiple subnets in different availability zones. Separate public and private subnets will help securing services that don't need public access.
More info
S3 High —
us-east-1
cf-templates-lqa4fy3xqyy2-us-west-2 Amazon S3 bucket versioning is disabled.
Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite.
More info
S3 High —
us-east-1
elasticbeanstalk-us-east-1-531239714189 Amazon S3 bucket versioning is disabled.
Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite.
More info
S3 High —
us-east-1
test-collector Amazon S3 bucket versioning is disabled.
Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite.
More info
S3 High —
us-east-1
test-scanner Amazon S3 bucket versioning is disabled.
Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite.
More info
S3 High —
us-east-1
test-update Amazon S3 bucket versioning is disabled.
Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite.
More info
IAM High —
us-east-1
amplify-login-lambda-69749404 IAM role "amplify-login-lambda-69749404" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
AWS-QuickSetup-StackSet-Local-ExecutionRole IAM role "AWS-QuickSetup-StackSet-Local-ExecutionRole" must require either MFA or an external ID to designate who can assume the role. The role's misconfigured account is: "arn:aws:iam::531239714189:role/AWS-QuickSetup-StackSet-Local-AdministrationRole".
Update the IAM role, making sure it uses either MFA or an external ID to designate who can assume the role.
More info
IAM High —
us-east-1
service-role/AWSDataLifecycleManagerDefaultRoleForAMIManagement IAM role "AWSDataLifecycleManagerDefaultRoleForAMIManagement" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
service-role/DAXtoDynamoDB IAM role "DAXtoDynamoDB" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
ecsSpotFleetRole IAM role "ecsSpotFleetRole" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
EMR_AutoScaling_DefaultRole IAM role "EMR_AutoScaling_DefaultRole" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
service-role/KinesisFirehoseServiceRole-stream3-us-east-1-1614218937171 IAM role "KinesisFirehoseServiceRole-stream3-us-east-1-1614218937171" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
my-test-role-no-policies IAM role "my-test-role-no-policies" must require either MFA or an external ID to designate who can assume the role. The role's misconfigured account is: "arn:aws:iam::531239714189:root".
Update the IAM role, making sure it uses either MFA or an external ID to designate who can assume the role.
More info
IAM High —
us-east-1
my-test-role-no-policies IAM role "my-test-role-no-policies" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
service-role/StepFunctions-HelloWorld-role-3938622e IAM role "StepFunctions-HelloWorld-role-3938622e" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
service-role/test-role-5z4s12tw IAM role "test-role-5z4s12tw" was never used.
Consider removing the IAM roles that you are not using.
More info
IAM High —
us-east-1
service-role/test-role-e90ltcu0 IAM role "test-role-e90ltcu0" was never used.
Consider removing the IAM roles that you are not using.
More info
Simple Email Service High —
us-west-2
prevasio.io DomainKeys Identified Mail (DKIM) signing for the domain is disabled.
Enable DKIM to authenticate your email, by entering the specified records into your DNS settings.
More info
CloudTrail High —
us-east-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-east-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-east-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-east-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-west-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-west-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-west-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
us-west-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-south-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-south-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-northeast-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-northeast-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-southeast-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-southeast-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-southeast-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-southeast-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-northeast-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ap-northeast-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ca-central-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
ca-central-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-central-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-central-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-west-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-west-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-west-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-west-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-west-3
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-west-3
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-north-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
eu-north-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
sa-east-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
CloudTrail High —
sa-east-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail, but it has no S3 Object Lock.
S3 Object Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) us-east-2
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) us-east-2
dynamodb SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) us-west-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) us-west-2
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) ap-south-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) ap-northeast-2
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) ap-southeast-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) ap-southeast-2
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) ap-northeast-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) ca-central-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) eu-central-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) eu-west-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) eu-west-2
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) eu-west-3
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) eu-north-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
SNS High PCI DSS 3.5 HIPAA (Encryption) sa-east-1
Sophos-Optix-flowlogs-s3-sns-topic SNS topic is not encrypted
For additional confidentiality, ensure server-side encryption (SSE) is used to store sensitive data in encrypted topics.
More info
CloudFront High PCI DSS 4.2 HIPAA (Encryption) us-east-1
EABCW25ZCESFI CloudFront distribution is not configured to enforce encryption (using HTTPS) for data in transit.
HIPAA compliance requires all data to be transmitted over secure channels. Edit distribution's behaviour and set its viewer protocol policy to "HTTPS Only".
More info
CloudFront High PCI DSS 10.2 HIPAA (Audit) us-east-1
EABCW25ZCESFI CloudFront distribution is not configured to save access logs to an Amazon S3 bucket.
Enable distribution's access logs to comply with HIPAA (requires access logging for auditing purposes) and PCI DSS (Requirement 10: track and monitor all access to network resources and cardholder data).
More info
SageMaker High —
us-east-1
encrypted-notebook SageMaker notebook instance is publicly accessible.
Make sure SageMaker notebook does not allow direct internet access. By preventing direct internet access, you can keep sensitive data from being accessed by unauthorized users.
More info
SageMaker High PCI DSS 3.5 HIPAA (Encryption) us-east-1
my-motebook-instance SageMaker notebook data is not encrypted.
To help protect data at rest, ensure encryption with AWS Key Management Service (AWS KMS) is enabled for your SageMaker notebook.
More info
SageMaker High —
us-east-1
my-motebook-instance SageMaker notebook instance is publicly accessible.
Make sure SageMaker notebook does not allow direct internet access. By preventing direct internet access, you can keep sensitive data from being accessed by unauthorized users.
More info
Athena High PCI DSS 3.5 HIPAA (Encryption) us-east-1
test-workgroup Athena workgroup uses no encryption at rest.
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, enable encryption at rest for the Athena workgroup.
More info
API Gateway High —
us-east-1
5pxmae2re2 API Gateway has no Web Application Firewall (WAF) enabled in the stage: "beta".
Enable WAF to protect your APIs from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks.
More info
API Gateway High —
us-east-2
s87eelcsz6 API Gateway has no client SSL certificate enabled in the stage: "dev".
Add a client SSL certificates to verify the requester's authenticity.
More info
API Gateway High —
us-east-2
s87eelcsz6 API Gateway has no active tracing with X-ray enabled in the stage: "dev".
Enable X-Ray tracing option in the stage's settings.
More info
API Gateway High PCI DSS 10.2 HIPAA (Audit) us-east-2
s87eelcsz6 API Gateway has neither ERROR nor INFO level of logging enabled in the stage: "dev".
Enable either ERROR or INFO level of logging in the stage's settings.
More info
API Gateway High —
us-east-2
s87eelcsz6 API Gateway has not configured to cache or the cache is not encrypted in the stage: "dev".
Enable API cache and the "Encrypt cache data" options in the stage's settings.
More info
API Gateway High —
us-west-2
lrybev4omj API Gateway has no Web Application Firewall (WAF) enabled in the stage: "test".
Enable WAF to protect your APIs from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks.
More info
API Gateway High —
us-west-2
lrybev4omj API Gateway has no client SSL certificate enabled in the stage: "test".
Add a client SSL certificates to verify the requester's authenticity.
More info
API Gateway High —
us-west-2
lrybev4omj API Gateway has no active tracing with X-ray enabled in the stage: "test".
Enable X-Ray tracing option in the stage's settings.
More info
SQS High PCI DSS 3.5 HIPAA (Encryption) us-east-1
test-execution-queue-collector SQS queue is not encrypted.
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, enable encryption with KMS for all SQS queues.
More info
SQS High PCI DSS 3.5 HIPAA (Encryption) us-east-1
test-queue.fifo SQS queue is not encrypted.
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, enable encryption with KMS for all SQS queues.
More info
Certificate Manager High —
us-east-1
e06529ef-2812-446e-b5cf-9238ab9e0cfd ACM certificate validation for "prevasio.com" is using email validation method.
Make sure AWS Certificate Manager (ACM) can automatically renew SSL/TLS certificates before they expire by using DNS.
More info
Comprehend High PCI DSS 3.5 HIPAA (Encryption) us-east-1
d82797322f0833a4b7811a1d178fca1f Output result encryption for your Comprehend analysis job "my-job2" is disabled.
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your output data is encrypted with a KMS customer-managed key (CMK).
More info
Comprehend High PCI DSS 3.5 HIPAA (Encryption) us-east-1
d82797322f0833a4b7811a1d178fca1f Comprehend analysis job "my-job2" has encryption for the data in the storage volume is disabled.
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your data in the storage volume is encrypted with a KMS customer-managed key (CMK).
More info
Route 53 High —
us-east-1
Z05513561EBVL6AJGPJJY Route53 hosted zone contains DNS A records with unused IP address: 127.0.0.1.
Update the hosted zone's DNS records to delete any unused entries.
More info
Route 53 High —
us-east-1
Z02864622OQ7CZDHNSXB7 Route53 hosted zone contains DNS A records with unused IP address: 44.192.32.79.
Update the hosted zone's DNS records to delete any unused entries.
More info