Skip to content

AWS cloudformation

Security audit for AWS cloudformation configs is performed with checkov.

Security rules

Id Type Entity Policy IaC
111 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation
112 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation
113 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation
114 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation
115 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation
116 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
117 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation
118 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
119 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation
120 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation
121 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation
122 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation
123 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation
124 CKV_AWS_23 resource AWS::RDS::DBSecurityGroup Ensure every security groups rule has a description Cloudformation
125 CKV_AWS_23 resource AWS::ElastiCache::SecurityGroup Ensure every security groups rule has a description Cloudformation
126 CKV_AWS_23 resource AWS::Redshift::ClusterSecurityGroup Ensure every security groups rule has a description Cloudformation
127 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation
128 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation
129 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation
130 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation
131 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation
132 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation
133 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation
134 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation
135 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation
136 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation

Last update: May 21, 2020