EC2 Low —
us-east-1
i-00dac9a2d32a3cd01 No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low —
us-east-1
i-0ece894d6d29136f5 No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low —
us-east-1
sg-0398ead5692ea25fb EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
EC2 Low —
us-east-1
sg-086d6bcb3045b0e06 EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
EC2 Low —
us-east-1
sg-09e3ee11e2cd42ede EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-1
sg-0be4454dc243daa89 Default security group with 2 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-1
sg-0cf4e19eb2fc096da Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-1
sg-0f1857e87433d40ce Default security group with 2 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low —
us-east-2
sg-00d08eb45cd7010d7 EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-2
sg-0350acc1c67617b6d Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-2
sg-071bb37c316ae7808 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-2
sg-0a8cef89f1e98930c Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-2
sg-0cbbda7c Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-east-2
sg-0fa59556ef2020a9e Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-west-1
sg-f46b0b82 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low —
us-west-2
i-0548a56d248a067d8 No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low —
us-west-2
i-0362782bc36ed6a41 No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low —
us-west-2
i-0f55b11c76adbbe3d No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low —
us-west-2
i-087073f185b54ed12 No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low —
us-west-2
i-0c1b1df0b7efb0b57 No IAM role was found.
Attach an IAM role to EC2 instance to allow your applications to securely make API requests without requiring you to manage the security credentials that the applications use.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-west-2
sg-08a4e95779202da87 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low —
us-west-2
sg-0a5c0766337509406 EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
EC2 Low —
us-west-2
sg-0a7a7778280d5d4fd EC2 security group has the name prefixed with "launch-wizard".
To enforce using secure and custom security groups, make sure your EC2 instances are not associated with security groups prefixed with "launch-wizard".
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-west-2
sg-0d2059d6f62212dde Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-west-2
sg-0d21142c1e8c610f7 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) us-west-2
sg-b7f7f595 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) ap-south-1
sg-3d5f1d44 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) ap-northeast-2
sg-34ef8e4c Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) ap-southeast-1
sg-7ffd8e36 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) ap-southeast-2
sg-a4bacfef Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) ap-northeast-1
sg-68a91027 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) ca-central-1
sg-19392c7e Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) eu-central-1
sg-577d7728 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) eu-west-1
sg-d77d858c Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) eu-west-2
sg-dc55b6a4 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) eu-west-3
sg-48a3d32a Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) eu-north-1
sg-3e01de5d Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
EC2 Low CIS 5.4 PCI DSS (Networking) HIPAA (Networking) sa-east-1
sg-07b33375 Default security group with 1 inbound and 1 outbound rules.
Review inbound and outbound rules for any default security group.
More info
VPC Low —
us-east-1
vpc-07f3b77c454b3c310 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-east-1
vpc-071a12f8ec7613303 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-east-1
vpc-073764f023b9a5efc VPC uses NAT Gateway only in one subnet.
To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.
More info
VPC Low —
us-east-2
vpc-63a01808 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
us-east-2
vpc-63a01808 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-east-2
vpc-02585025ab31219f8 VPC uses NAT Gateway only in one subnet.
To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.
More info
VPC Low —
us-east-2
vpc-054630c200fd16e19 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-east-2
vpc-0d6a54312c6027726 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-east-2
vpc-0c15019aee6c8423e VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-west-1
vpc-72ea2314 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
us-west-1
vpc-72ea2314 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-west-2
vpc-574b182f Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
us-west-2
vpc-574b182f VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
us-west-2
vpc-033848556cef01aca VPC uses NAT Gateway only in one subnet.
To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.
More info
VPC Low —
us-west-2
vpc-0ed42ee2ea7505377 VPC uses NAT Gateway only in one subnet.
To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.
More info
VPC Low —
us-west-2
vpc-05461e6842795a02d VPC uses NAT Gateway only in one subnet.
To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone.
More info
VPC Low —
us-west-2
Default VPC is used for 1 EC2 instance, 0 Load balancers, 0 Lambda functions, 0 RDS Instances, 0 Redshift clusters.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
us-west-2
igw-02d6a1f26040e777f Internet gateway is not in use.
Delete unused VPC Internet Gateways and Egress-Only Internet Gateways.
More info
VPC Low —
ap-south-1
vpc-445cab2f Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
ap-south-1
vpc-445cab2f VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
ap-northeast-2
vpc-b0318fdb Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
ap-northeast-2
vpc-b0318fdb VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
ap-southeast-1
vpc-581ded3e Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
ap-southeast-1
vpc-581ded3e VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
ap-southeast-2
vpc-907296f6 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
ap-southeast-2
vpc-907296f6 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
ap-northeast-1
vpc-82b457e4 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
ap-northeast-1
vpc-82b457e4 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
ca-central-1
vpc-e245678a Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
ca-central-1
vpc-e245678a VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
eu-central-1
vpc-7a4bf010 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
eu-central-1
vpc-7a4bf010 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
eu-west-1
vpc-01d20278 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
eu-west-1
vpc-01d20278 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
eu-west-2
vpc-29227c41 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
eu-west-2
vpc-29227c41 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
eu-west-3
vpc-f943b491 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
eu-west-3
vpc-f943b491 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
eu-north-1
vpc-b93689d0 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
eu-north-1
vpc-b93689d0 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
VPC Low —
sa-east-1
vpc-2425cb42 Default VPC.
A default VPC is designed to quickly deploy resources. For production environment, where parts of the network should be private, consider creating a custom VPC.
More info
VPC Low —
sa-east-1
vpc-2425cb42 VPC is not using Managed NAT Gateway.
Create Managed NAT Gateway to allow EC2 instances in a private VPC subnet to connect to the Internet.
More info
S3 Low PCI DSS 10.2 HIPAA (Audit) us-east-1
cf-templates-lqa4fy3xqyy2-us-west-2 Amazon S3 server access logging is disabled.
Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits.
More info
S3 Low PCI DSS 10.2 HIPAA (Audit) us-east-1
elasticbeanstalk-us-east-1-531239714189 Amazon S3 server access logging is disabled.
Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits.
More info
S3 Low PCI DSS 10.2 HIPAA (Audit) us-east-1
test-collector Amazon S3 server access logging is disabled.
Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits.
More info
S3 Low PCI DSS 10.2 HIPAA (Audit) us-east-1
test-resources Amazon S3 server access logging is disabled.
Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits.
More info
S3 Low PCI DSS 10.2 HIPAA (Audit) us-east-1
test-scanner Amazon S3 server access logging is disabled.
Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits.
More info
S3 Low PCI DSS 10.2 HIPAA (Audit) us-east-1
test-update Amazon S3 server access logging is disabled.
Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits.
More info
IAM Low —
us-east-1
Account password policy for IAM users allows the re-use of the last four passwords or less, not meeting the PCI DSS Requirement 8.2.5.
Set a custom password policy on your AWS account to specify complexity requirements and mandatory rotation periods for your IAM users' passwords.
More info
IAM Low CIS 1.11 us-east-1
Rony IAM user "Rony" has both an access key for programmatic access and a password to sign-in to the AWS Management Console.
Consider creating a separate IAM user for programmatic access.
More info
IAM Low —
us-east-1
Rony IAM user "Rony" has attached IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
Rony IAM user "Rony" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach.
Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials.
More info
IAM Low CIS 1.11 us-east-1
Sergei IAM user "Sergei" has both an access key for programmatic access and a password to sign-in to the AWS Management Console.
Consider creating a separate IAM user for programmatic access.
More info
IAM Low —
us-east-1
Sergei IAM user "Sergei" has inline IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
Sergei IAM user "Sergei" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach.
Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials.
More info
IAM Low —
us-east-1
cloudsploit IAM user "cloudsploit" has attached IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
semaProgrammatic IAM user "semaProgrammatic" has attached IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
semaProgrammatic IAM user "semaProgrammatic" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach.
Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials.
More info
IAM Low —
us-east-1
ses-smtp-user.20210305-143809 IAM user "ses-smtp-user.20210305-143809" has inline IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
SysDigMonitor IAM user "SysDigMonitor" has attached IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
SysDigMonitor IAM user "SysDigMonitor" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach.
Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials.
More info
IAM Low —
us-east-1
test IAM user "test" has inline group policy "test-inline-policy-for-group".
Security best practices in IAM recommend using managed policies instead of inline policies.
More info
IAM Low —
us-east-1
test IAM user "test" has attached IAM policies.
Ensure IAM policies are attached only to groups or roles.
More info
IAM Low —
us-east-1
test IAM user "test" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach.
Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials.
More info
IAM Low —
us-east-1
test2 IAM user "test2" has inline group policy "test-inline-policy-for-group".
Security best practices in IAM recommend using managed policies instead of inline policies.
More info
IAM Low —
us-east-1
test2 IAM user "test2" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach.
Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials.
More info
IAM Low —
us-east-1
AWS-QuickSetup-StackSet-Local-ExecutionRole IAM role "AWS-QuickSetup-StackSet-Local-ExecutionRole" contains managed AdministratorAccess policy.
Consider tightening the IAM role policies by granting them least privilege and avoid the wildcards, if possible.
More info
IAM Low —
us-east-1
service-role/hello-world-python-role-ufk4srq3 IAM role "hello-world-python-role-ufk4srq3" was inactive for more than 90 days.
Consider removing the IAM roles that you are not using.
More info
GuardDuty Low —
us-east-2
2cbbec46d6a31c5d6eb86a9e73f9f0a3 GuardDuty detector is disabled.
Enable GuardDuty for a continuous security monitoring service for VPC Flow Logs, AWS CloudTrail logs, Cloudtrail S3 data event logs, and DNS logs.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-east-1
my-k8s-cluster Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-east-1
my-k8s-cluster Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-east-1
test-cluster Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-east-1
test-cluster Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-east-2
scan-my-fargatecluster Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-east-2
scan-my-fargatecluster Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-east-2
rony-slim-and-mean Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-east-2
rony-slim-and-mean Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-east-2
ronyfargatefeb3rd531 Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-east-2
ronyfargatefeb3rd531 Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-west-2
rony-fargate-west2 Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-west-2
rony-fargate-west2 Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-west-2
rony-west2test-cluster Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-west-2
rony-west2test-cluster Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) us-west-2
test-fargate-west2 Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
us-west-2
test-fargate-west2 Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
EKS Low PCI DSS 10.2 HIPAA (Audit) ap-southeast-2
my-new-cluster Amazon EKS control plane logging is disabled for scheduler, api, authenticator, controllerManager, audit.
Enable control plane logs to be sent to CloudWatch Logs. These logs will make it easy for you to secure and run your clusters.
More info
EKS Low —
ap-southeast-2
my-new-cluster Amazon EKS cluster endpoint has no private access.
Enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC and limit, or completely disable, public access from the internet.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-east-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-east-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 us-east-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-east-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-east-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-east-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-east-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 us-east-2
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-east-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-east-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-west-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-west-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 us-west-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-west-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-west-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-west-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-west-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 us-west-2
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) us-west-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 us-west-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-south-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-south-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 ap-south-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-south-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-south-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-northeast-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-northeast-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 ap-northeast-2
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-northeast-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-northeast-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-southeast-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-southeast-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 ap-southeast-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-southeast-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-southeast-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-southeast-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-southeast-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 ap-southeast-2
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-southeast-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-southeast-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-northeast-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-northeast-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 ap-northeast-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ap-northeast-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ap-northeast-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ca-central-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ca-central-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 ca-central-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) ca-central-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 ca-central-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-central-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-central-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 eu-central-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-central-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-central-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-west-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-west-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 eu-west-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-west-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-west-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-west-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-west-2
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 eu-west-2
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-west-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-west-2
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-west-3
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-west-3
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 eu-west-3
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-west-3
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-west-3
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-north-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-north-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 eu-north-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) eu-north-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 eu-north-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) sa-east-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 sa-east-1
my-trail S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
CloudTrail Low CIS 3.4 sa-east-1
test-trail CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis.
Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs.
More info
CloudTrail Low CIS 3.6 PCI DSS 10.2 HIPAA (Audit) sa-east-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled.
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
More info
CloudTrail Low CIS 2.1.3 sa-east-1
test-trail S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration.
Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete.
More info
DynamoDB Low —
us-east-1
users DynamoDB table uses default encryption with AWS-owned key.
To have full control over the CMK (AWS KMS charges apply), consider using a Customer managed CMK - a key that is stored in your account and is created, owned, and managed by you.
More info
DynamoDB Low —
us-east-2
HelloWorldDatabase DynamoDB table uses default encryption with AWS-owned key.
To have full control over the CMK (AWS KMS charges apply), consider using a Customer managed CMK - a key that is stored in your account and is created, owned, and managed by you.
More info
Kinesis Low —
us-east-1
my-stream Kinesis data stream uses default CMK (aws/kinesis) that is created, managed, and used on your behalf by Kinesis Data Streams.
To have full control over the CMK, consider using a Customer managed CMK for server-side encryption - a key that is stored in your account and is created, owned, and managed by you.
More info
X-Ray Low —
us-east-2
X-Ray encrypts traces and related data at rest by using an AWS managed CMK named "aws/xray".
For more control over the data-at-rest encryption, make sure X-Ray uses a customer managed CMK.
More info