AC_AWS_0453 | Ensure one target group is configured to listen on HTTPS for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0454 | Ensure one HTTPS listener is configured for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0455 | Ensure monitoring is enabled for AWS Launch Configuration | AWS | Logging and Monitoring | HIGH |
AC_AWS_0456 | Ensure IMDSv1 is disabled for AWS EC2 instances in AWS Launch Configuration | AWS | Infrastructure Security | HIGH |
AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |
AC_AWS_0458 | Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AWS_0459 | Ensure detailed monitoring is enabled for AWS EC2 instances | AWS | Compliance Validation | LOW |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |
AC_AWS_0461 | Ensure AWS ECR Repository uses KMS for server-side encryption | AWS | Data Protection | MEDIUM |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0463 | Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) Volumes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0464 | Ensure database retention is enabled for Amazon Relational Database Service (Amazon RDS) cluster | AWS | Resilience | MEDIUM |
AC_AWS_0465 | Ensure secrets are encrypted using AWS KMS key for AWS Secrets Manager | AWS | Data Protection | MEDIUM |
AC_AWS_0466 | Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0467 | Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
AC_AWS_0468 | Ensure encryption is enabled for AWS Athena Database | AWS | Data Protection | HIGH |
AC_AWS_0469 | Ensure EMR cluster is Configured with Kerberos Authentication | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0471 | Ensure correct combination of JSON policy elements is used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0472 | Ensure only uppercase letters, lowercase letters and numbers are used in Sid element in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0474 | Ensure global condition key is not used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0475 | Ensure redundant resources are not used for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0477 | Ensure there is no IAM policy with invalid global condition keys | AWS | Identity and Access Management | LOW |
AC_AWS_0478 | Ensure that IP range is specified in CIDR format for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0479 | Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0480 | Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0481 | Ensure there is no policy with invalid principal format for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0482 | Ensure there is no policy with invalid principal key for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0483 | Ensure there is no policy with an invalid principal format for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0484 | Ensure there is no policy with an invalid principal key for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0485 | Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0486 | Ensure there is no policy with an invalid principal key for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
AC_AWS_0487 | Ensure there is no IAM policy with multiple condition boolean values | AWS | Identity and Access Management | LOW |
AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
AC_AWS_0489 | Ensure Creation of SLR with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
AC_AWS_0491 | Ensure CloudTrail created sns policy have a condition key with either aws:SourceArn or aws:SourceAccount condition key used in Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0493 | Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0495 | Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0496 | Ensure IAM Policies were not configured with versions in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0498 | Ensure there is no IAM policy with invalid condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0499 | Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0500 | Ensure condition value does not use wildcards (* and ?) without like operator | AWS | Identity and Access Management | LOW |
AC_AWS_0501 | Ensure Adding a valid base64-encoded string value for the condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0502 | Ensure valid account number format is used in Amazon Simple Notification Service (SNS) Topic | AWS | Security Best Practices | LOW |