Queries in AWS Compliance

The AWS Compliance mod includes 589 queries:

• account_alternate_contact_security_registered
• account_part_of_organizations
• acm_certificate_expires_30_days
• acm_certificate_no_failed_certificate
• acm_certificate_no_pending_validation_certificate
• acm_certificate_no_wildcard_domain_name
• acm_certificate_not_expired
• acm_certificate_rsa_key_length_2048_bits_or_greater
• acm_certificate_transparency_logging_enabled
• acmpca_root_certificate_authority_disabled
• api_gateway_method_authorization_type_configured
• api_gateway_method_request_parameter_validated
• api_gateway_rest_api_public_endpoint_with_authorizer
• api_gatewayv2_route_authorization_type_configured
• api_gatewayv2_route_authorizer_configured
• apigateway_rest_api_authorizers_configured
• apigateway_rest_api_endpoint_restrict_public_access
• apigateway_rest_api_stage_use_ssl_certificate
• apigateway_rest_api_stage_xray_tracing_enabled
• apigateway_stage_cache_encryption_at_rest_enabled
• apigateway_stage_logging_enabled
• apigateway_stage_use_waf_web_acl
• appstream_fleet_default_internet_access_disabled
• appstream_fleet_idle_disconnect_timeout_600_seconds
• appstream_fleet_max_user_duration_36000_seconds
• appstream_fleet_session_disconnect_timeout_300_seconds
• appsync_graphql_api_field_level_logging_enabled
• athena_workgroup_encryption_at_rest_enabled
• athena_workgroup_enforce_configuration_enabled
• autoscaling_ec2_launch_configuration_no_sensitive_data
• autoscaling_group_multiple_az_configured
• autoscaling_group_no_suspended_process
• autoscaling_group_propagate_tags_to_ec2_instance_enabled
• autoscaling_group_uses_ec2_launch_template
• autoscaling_group_with_lb_use_health_check
• autoscaling_launch_config_hop_limit
• autoscaling_launch_config_public_ip_disabled
• autoscaling_launch_config_requires_imdsv2
• autoscaling_use_multiple_instance_types_in_multiple_az
• backup_plan_min_retention_35_days
• backup_plan_region_configured
• backup_recovery_point_encryption_enabled
• backup_recovery_point_manual_deletion_disabled
• backup_recovery_point_min_retention_35_days
• backup_report_plan_configured
• backup_vault_region_configured
• cloudformation_stack_drift_detection_check
• cloudformation_stack_notifications_enabled
• cloudformation_stack_output_no_secrets
• cloudformation_stack_rollback_enabled
• cloudformation_stack_termination_protection_enabled
• cloudfront_distribution_configured_with_origin_failover
• cloudfront_distribution_custom_origins_encryption_in_transit_enabled
• cloudfront_distribution_default_root_object_configured
• cloudfront_distribution_encryption_in_transit_enabled
• cloudfront_distribution_field_level_encryption_enabled
• cloudfront_distribution_geo_restrictions_enabled
• cloudfront_distribution_latest_tls_version
• cloudfront_distribution_logging_enabled
• cloudfront_distribution_no_deprecated_ssl_protocol
• cloudfront_distribution_no_non_existent_s3_origin
• cloudfront_distribution_non_s3_origins_encryption_in_transit_enabled
• cloudfront_distribution_origin_access_identity_enabled
• cloudfront_distribution_sni_enabled
• cloudfront_distribution_use_custom_ssl_certificate
• cloudfront_distribution_use_secure_cipher
• cloudfront_distribution_waf_enabled
• cloudtrail_bucket_not_public
• cloudtrail_multi_region_read_write_enabled
• cloudtrail_multi_region_trail_enabled
• cloudtrail_multi_region_trail_integrated_with_logs
• cloudtrail_s3_data_events_enabled
• cloudtrail_s3_logging_enabled
• cloudtrail_s3_object_read_events_audit_enabled
• cloudtrail_s3_object_write_events_audit_enabled
• cloudtrail_security_trail_enabled
• cloudtrail_trail_bucket_mfa_enabled
• cloudtrail_trail_enabled
• cloudtrail_trail_enabled_account
• cloudtrail_trail_insight_selectors_and_logging_enabled
• cloudtrail_trail_integrated_with_logs
• cloudtrail_trail_logs_encrypted_with_kms_cmk
• cloudtrail_trail_validation_enabled
• cloudwatch_alarm_action_enabled
• cloudwatch_alarm_action_enabled_check
• cloudwatch_cross_account_sharing
• cloudwatch_log_group_retention_period_365
• codebuild_project_artifact_encryption_enabled
• codebuild_project_build_greater_then_90_days
• codebuild_project_environment_privileged_mode_disabled
• codebuild_project_logging_enabled
• codebuild_project_plaintext_env_variables_no_sensitive_aws_values
• codebuild_project_s3_logs_encryption_enabled
• codebuild_project_source_repo_oauth_configured
• codebuild_project_with_user_controlled_buildspec
• codedeploy_deployment_group_lambda_allatonce_traffic_shift_disabled
• config_configuration_recorder_no_failed_deliver_logs
• config_enabled_all_regions
• dax_cluster_encryption_at_rest_enabled
• directory_service_certificate_expires_90_days
• directory_service_directory_snapshots_limit_2
• directory_service_directory_sns_notifications_enabled
• dlm_ebs_snapshot_lifecycle_policy_enabled
• dms_certificate_not_expired
• dms_endpoint_ssl_configured
• dms_replication_instance_automatic_minor_version_upgrade_enabled
• dms_replication_instance_not_publicly_accessible
• dms_replication_task_source_database_logging_enabled
• dms_replication_task_target_database_logging_enabled
• docdb_cluster_backup_retention_period_7_days
• docdb_cluster_deletion_protection_enabled
• docdb_cluster_encryption_at_rest_enabled
• docdb_cluster_instance_encryption_at_rest_enabled
• docdb_cluster_instance_logging_enabled
• docdb_cluster_snapshot_restrict_public_access
• drs_job_enabled
• dynamodb_table_auto_scaling_enabled
• dynamodb_table_deletion_protection_enabled
• dynamodb_table_encrypted_with_kms
• dynamodb_table_encryption_enabled
• dynamodb_table_in_backup_plan
• dynamodb_table_point_in_time_recovery_enabled
• dynamodb_table_protected_by_backup_plan
• ebs_attached_volume_delete_on_termination_enabled
• ebs_attached_volume_encryption_enabled
• ebs_encryption_by_default_enabled
• ebs_snapshot_encryption_enabled
• ebs_snapshot_not_publicly_restorable
• ebs_volume_encryption_at_rest_enabled
• ebs_volume_in_backup_plan
• ebs_volume_protected_by_backup_plan
• ebs_volume_snapshot_exists
• ebs_volume_unused
• ec2_ami_ebs_encryption_enabled
• ec2_ami_not_older_than_90_days
• ec2_ami_restrict_public_access
• ec2_classic_lb_connection_draining_enabled
• ec2_client_vpn_endpoint_client_connection_logging_enabled
• ec2_ebs_default_encryption_enabled
• ec2_instance_attached_ebs_volume_delete_on_termination_enabled
• ec2_instance_detailed_monitoring_enabled
• ec2_instance_ebs_optimized
• ec2_instance_iam_profile_attached
• ec2_instance_in_vpc
• ec2_instance_no_amazon_key_pair
• ec2_instance_no_high_level_finding_in_inspector_scan
• ec2_instance_no_iam_passrole_and_lambda_invoke_function_access
• ec2_instance_no_iam_role_attached_with_credentials_exposure_access
• ec2_instance_no_iam_role_with_alter_critical_s3_permissions_configuration
• ec2_instance_no_iam_role_with_cloud_log_tampering_access
• ec2_instance_no_iam_role_with_data_destruction_access
• ec2_instance_no_iam_role_with_database_management_write_access
• ec2_instance_no_iam_role_with_defense_evasion_impact_of_aws_security_services_access
• ec2_instance_no_iam_role_with_destruction_kms_access
• ec2_instance_no_iam_role_with_destruction_rds_access
• ec2_instance_no_iam_role_with_elastic_ip_hijacking_access
• ec2_instance_no_iam_role_with_management_level_access
• ec2_instance_no_iam_role_with_new_group_creation_with_attached_policy_access
• ec2_instance_no_iam_role_with_new_role_creation_with_attached_policy_access
• ec2_instance_no_iam_role_with_new_user_creation_with_attached_policy_access
• ec2_instance_no_iam_role_with_org_write_access
• ec2_instance_no_iam_role_with_privilege_escalation_risk_access
• ec2_instance_no_iam_role_with_security_group_write_access
• ec2_instance_no_iam_role_with_write_access_to_resource_based_policies
• ec2_instance_no_iam_role_with_write_permission_on_critical_s3_configuration
• ec2_instance_no_iam_with_write_level_access
• ec2_instance_no_launch_wizard_security_group
• ec2_instance_not_older_than_180_days
• ec2_instance_not_publicly_accessible
• ec2_instance_not_use_multiple_enis
• ec2_instance_protected_by_backup_plan
• ec2_instance_publicly_accessible_iam_profile_attached
• ec2_instance_ssm_managed
• ec2_instance_termination_protection_enabled
• ec2_instance_user_data_no_secrets
• ec2_instance_uses_imdsv2
• ec2_instance_virtualization_type_no_paravirtual
• ec2_launch_template_not_publicly_accessible
• ec2_network_interface_unused
• ec2_stopped_instance_30_days
• ec2_stopped_instance_90_days
• ec2_transit_gateway_auto_cross_account_attachment_disabled
• ecr_repository_image_scan_on_push_enabled
• ecr_repository_lifecycle_policy_configured
• ecr_repository_prohibit_public_access
• ecr_repository_tag_immutability_enabled
• ecs_cluster_container_insights_enabled
• ecs_cluster_container_instance_agent_connected
• ecs_cluster_encryption_at_rest_enabled
• ecs_cluster_instance_in_vpc
• ecs_cluster_no_active_services_count
• ecs_cluster_no_registered_container_instance
• ecs_service_fargate_using_latest_platform_version
• ecs_service_load_balancer_attached
• ecs_service_not_publicly_accessible
• ecs_task_definition_container_environment_no_secret
• ecs_task_definition_container_non_privileged
• ecs_task_definition_container_readonly_root_filesystem
• ecs_task_definition_logging_enabled
• ecs_task_definition_no_host_pid_mode
• ecs_task_definition_no_root_user
• ecs_task_definition_user_for_host_mode_check
• efs_access_point_enforce_root_directory
• efs_access_point_enforce_user_identity
• efs_file_system_encrypt_data_at_rest
• efs_file_system_encrypted_with_cmk
• efs_file_system_enforces_ssl
• efs_file_system_in_backup_plan
• efs_file_system_protected_by_backup_plan
• efs_file_system_restrict_public_access
• eks_cluster_control_plane_audit_logging_enabled
• eks_cluster_endpoint_public_access_restricted
• eks_cluster_endpoint_restrict_public_access
• eks_cluster_no_default_vpc
• eks_cluster_no_multiple_security_groups
• eks_cluster_secrets_encrypted
• eks_cluster_with_latest_kubernetes_version
• elastic_beanstalk_enhanced_health_reporting_enabled
• elastic_beanstalk_environment_logs_to_cloudwatch
• elastic_beanstalk_environment_managed_updates_enabled
• elasticache_cluster_auto_minor_version_upgrade_enabled
• elasticache_cluster_no_default_subnet_group
• elasticache_cluster_no_public_subnet
• elasticache_redis_cluster_automatic_backup_retention_15_days
• elasticache_replication_group_auto_failover_enabled
• elasticache_replication_group_encryption_at_rest_enabled
• elasticache_replication_group_encryption_at_rest_enabled_with_kms_cmk
• elasticache_replication_group_encryption_in_transit_enabled
• elasticache_replication_group_redis_auth_enabled
• elb_application_classic_lb_logging_enabled
• elb_application_classic_network_lb_prohibit_public_access
• elb_application_gateway_network_lb_multiple_az_configured
• elb_application_lb_deletion_protection_enabled
• elb_application_lb_desync_mitigation_mode
• elb_application_lb_drop_http_headers
• elb_application_lb_listener_certificate_expire_30_days
• elb_application_lb_listener_certificate_expire_7_days
• elb_application_lb_redirect_http_request_to_https
• elb_application_lb_waf_enabled
• elb_application_lb_with_outbound_rule
• elb_application_network_lb_use_listeners
• elb_application_network_lb_use_ssl_certificate
• elb_classic_lb_cross_zone_load_balancing_enabled
• elb_classic_lb_desync_mitigation_mode
• elb_classic_lb_multiple_az_configured
• elb_classic_lb_no_registered_instance
• elb_classic_lb_use_ssl_certificate
• elb_classic_lb_use_tls_https_listeners
• elb_classic_lb_with_inbound_rule
• elb_classic_lb_with_outbound_rule
• elb_listener_use_secure_ssl_cipher
• elb_network_lb_tls_listener_security_policy_configured
• elb_tls_listener_protocol_version
• emr_account_public_access_blocked
• emr_cluster_encryption_at_rest_enabled
• emr_cluster_encryption_at_rest_with_cse_cmk
• emr_cluster_encryption_at_rest_with_sse_kms
• emr_cluster_encryption_in_transit_enabled
• emr_cluster_kerberos_enabled
• emr_cluster_local_disk_encrypted_with_cmk
• emr_cluster_local_disk_encryption_enabled
• emr_cluster_master_nodes_no_public_ip
• emr_cluster_security_configuration_enabled
• es_domain_audit_logging_enabled
• es_domain_cognito_authentication_enabled
• es_domain_data_nodes_min_3
• es_domain_dedicated_master_nodes_min_3
• es_domain_encrypted_using_tls_1_2
• es_domain_encryption_at_rest_enabled
• es_domain_error_logging_enabled
• es_domain_in_vpc
• es_domain_internal_user_database_enabled
• es_domain_logs_to_cloudwatch
• es_domain_node_to_node_encryption_enabled
• eventbridge_custom_bus_resource_based_policy_attached
• fsx_file_system_copy_tags_to_backup_and_volume_enabled
• fsx_file_system_protected_by_backup_plan
• gatewayv2_stage_access_logging_enabled
• glacier_vault_restrict_public_access
• glue_connection_ssl_enabled
• glue_data_catalog_encryption_settings_metadata_encryption_enabled
• glue_data_catalog_encryption_settings_password_encryption_enabled
• glue_dev_endpoint_cloudwatch_logs_encryption_enabled
• glue_dev_endpoint_job_bookmarks_encryption_enabled
• glue_dev_endpoint_s3_encryption_enabled
• glue_job_bookmarks_encryption_enabled
• glue_job_cloudwatch_logs_encryption_enabled
• glue_job_s3_encryption_enabled
• guardduty_centrally_configured
• guardduty_enabled
• guardduty_finding_archived
• guardduty_no_high_severity_findings
• iam_access_analyzer_enabled
• iam_access_analyzer_enabled_without_findings
• iam_account_password_policy_min_length_14
• iam_account_password_policy_one_lowercase_letter
• iam_account_password_policy_one_number
• iam_account_password_policy_one_symbol
• iam_account_password_policy_one_uppercase_letter
• iam_account_password_policy_reuse_24
• iam_account_password_policy_strong_min_length_8
• iam_account_password_policy_strong_min_reuse_24
• iam_all_policy_no_service_wild_card
• iam_custom_policy_unattached_no_star_star
• iam_group_not_empty
• iam_group_user_role_no_inline_policies
• iam_inline_policy_no_administrative_privileges
• iam_managed_policy_attached_to_role
• iam_password_policy_expire_90
• iam_policy_all_attached_no_star_star
• iam_policy_custom_attached_no_star_star
• iam_policy_custom_no_assume_role
• iam_policy_custom_no_blocked_kms_actions
• iam_policy_custom_no_permissive_role_assumption
• iam_policy_inline_no_blocked_kms_actions
• iam_policy_no_full_access_to_cloudtrail
• iam_policy_no_full_access_to_kms
• iam_policy_no_star_star
• iam_policy_unused
• iam_role_cross_account_read_only_access_policy
• iam_role_cross_account_write_access_policy
• iam_role_no_administrator_access_policy_attached
• iam_role_unused_60
• iam_root_last_used
• iam_root_user_hardware_mfa_enabled
• iam_root_user_mfa_enabled
• iam_root_user_no_access_keys
• iam_security_audit_role
• iam_server_certificate_not_expired
• iam_support_role
• iam_user_access_key_age_365
• iam_user_access_key_age_90
• iam_user_access_key_unused_45
• iam_user_access_keys_and_password_at_setup
• iam_user_console_access_mfa_enabled
• iam_user_console_access_unused_45
• iam_user_group_role_cloudshell_fullaccess_restricted
• iam_user_hardware_mfa_enabled
• iam_user_in_group
• iam_user_mfa_enabled
• iam_user_no_inline_attached_policies
• iam_user_no_policies
• iam_user_one_active_key
• iam_user_unused_credentials_45
• iam_user_unused_credentials_90
• iam_user_with_administrator_access_mfa_enabled
• kinesis_firehose_delivery_stream_server_side_encryption_enabled
• kinesis_stream_encrypted_with_kms_cmk
• kinesis_stream_server_side_encryption_enabled
• kms_cmk_policy_prohibit_public_access
• kms_cmk_rotation_enabled
• kms_cmk_unused
• kms_key_decryption_restricted_in_iam_customer_managed_policy
• kms_key_decryption_restricted_in_iam_inline_policy
• kms_key_not_pending_deletion
• lambda_function_cloudtrail_logging_enabled
• lambda_function_cloudwatch_insights_enabled
• lambda_function_concurrent_execution_limit_configured
• lambda_function_cors_configuration
• lambda_function_dead_letter_queue_configured
• lambda_function_encryption_enabled
• lambda_function_in_vpc
• lambda_function_logging_config_enabled
• lambda_function_multiple_az_configured
• lambda_function_restrict_public_access
• lambda_function_restrict_public_url
• lambda_function_tracing_enabled
• lambda_function_use_latest_runtime
• lambda_function_variables_no_sensitive_data
• lightsail_instance_ipv6_networking_disabled
• lightsail_instance_rdp_restricted_ip
• lightsail_instance_ssh_rdp_http_ports_disabled
• lightsail_instance_ssh_restricted_ip
• log_group_encryption_at_rest_enabled
• log_metric_filter_bucket_policy
• log_metric_filter_cloudtrail_configuration
• log_metric_filter_config_configuration
• log_metric_filter_console_authentication_failure
• log_metric_filter_console_login_mfa
• log_metric_filter_disable_or_delete_cmk
• log_metric_filter_iam_policy
• log_metric_filter_network_acl
• log_metric_filter_network_gateway
• log_metric_filter_organization
• log_metric_filter_root_login
• log_metric_filter_route_table
• log_metric_filter_security_group
• log_metric_filter_unauthorized_api
• log_metric_filter_vpc
• manual_control
• mq_broker_restrict_public_access
• msk_cluster_encryption_in_transit_with_tls_enabled
• neptune_db_cluster_audit_logging_enabled
• neptune_db_cluster_automated_backup_enabled
• neptune_db_cluster_copy_tags_to_snapshot_enabled
• neptune_db_cluster_deletion_protection_enabled
• neptune_db_cluster_encryption_at_rest_enabled
• neptune_db_cluster_iam_authentication_enabled
• neptune_db_cluster_no_public_subnet
• neptune_db_cluster_snapshot_encryption_at_rest_enabled
• neptune_db_cluster_snapshot_prohibit_public_access
• networkfirewall_firewall_deletion_protection_enabled
• networkfirewall_firewall_in_vpc
• networkfirewall_firewall_logging_enabled
• networkfirewall_firewall_policy_default_stateless_action_check_fragmented_packets
• networkfirewall_firewall_policy_default_stateless_action_check_full_packets
• networkfirewall_firewall_policy_rule_group_not_empty
• networkfirewall_stateless_rule_group_not_empty
• opensearch_domain_audit_logging_enabled
• opensearch_domain_cognito_authentication_enabled_for_kibana
• opensearch_domain_data_node_fault_tolerance
• opensearch_domain_encryption_at_rest_enabled
• opensearch_domain_fine_grained_access_enabled
• opensearch_domain_https_required
• opensearch_domain_in_vpc
• opensearch_domain_internal_user_database_disabled
• opensearch_domain_logs_to_cloudwatch
• opensearch_domain_node_to_node_encryption_enabled
• opensearch_domain_updated_with_latest_service_software_version
• organizational_tag_policies_enabled
• rds_db_cluster_aurora_backtracking_enabled
• rds_db_cluster_aurora_mysql_audit_logging_enabled
• rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability
• rds_db_cluster_aurora_protected_by_backup_plan
• rds_db_cluster_automatic_minor_version_upgrade_enabled
• rds_db_cluster_copy_tags_to_snapshot_enabled
• rds_db_cluster_deletion_protection_enabled
• rds_db_cluster_encrypted_with_cmk
• rds_db_cluster_encryption_at_rest_enabled
• rds_db_cluster_events_subscription
• rds_db_cluster_iam_authentication_enabled
• rds_db_cluster_multiple_az_enabled
• rds_db_cluster_no_default_admin_name
• rds_db_instance_and_cluster_enhanced_monitoring_enabled
• rds_db_instance_and_cluster_no_default_port
• rds_db_instance_automatic_minor_version_upgrade_enabled
• rds_db_instance_backup_enabled
• rds_db_instance_backup_retention_period_less_than_7
• rds_db_instance_ca_certificate_expires_7_days
• rds_db_instance_cloudwatch_logs_enabled
• rds_db_instance_connections_encryption_enabled
• rds_db_instance_copy_tags_to_snapshot_enabled
• rds_db_instance_deletion_protection_enabled
• rds_db_instance_encryption_at_rest_enabled
• rds_db_instance_events_subscription
• rds_db_instance_iam_authentication_enabled
• rds_db_instance_in_backup_plan
• rds_db_instance_in_vpc
• rds_db_instance_logging_enabled
• rds_db_instance_multiple_az_enabled
• rds_db_instance_no_default_admin_name
• rds_db_instance_no_public_subnet
• rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability
• rds_db_instance_prohibit_public_access
• rds_db_instance_protected_by_backup_plan
• rds_db_parameter_group_events_subscription
• rds_db_security_group_events_subscription
• rds_db_snapshot_encrypted_at_rest
• rds_db_snapshot_prohibit_public_access
• redshift_cluster_audit_logging_enabled
• redshift_cluster_automatic_snapshots_min_7_days
• redshift_cluster_automatic_upgrade_major_versions_enabled
• redshift_cluster_encrypted_with_cmk
• redshift_cluster_encryption_in_transit_enabled
• redshift_cluster_encryption_logging_enabled
• redshift_cluster_enhanced_vpc_routing_enabled
• redshift_cluster_kms_enabled
• redshift_cluster_maintenance_settings_check
• redshift_cluster_no_default_admin_name
• redshift_cluster_no_default_database_name
• redshift_cluster_prohibit_public_access
• route53_domain_auto_renew_enabled
• route53_domain_expires_30_days
• route53_domain_expires_7_days
• route53_domain_not_expired
• route53_domain_privacy_protection_enabled
• route53_domain_transfer_lock_enabled
• route53_zone_query_logging_enabled
• s3_access_point_restrict_public_access
• s3_bucket_acls_should_prohibit_user_access
• s3_bucket_cross_region_replication_enabled
• s3_bucket_default_encryption_enabled
• s3_bucket_default_encryption_enabled_kms
• s3_bucket_enforces_ssl
• s3_bucket_event_notifications_enabled
• s3_bucket_lifecycle_policy_enabled
• s3_bucket_logging_enabled
• s3_bucket_mfa_delete_enabled
• s3_bucket_not_accessible_to_all_authenticated_user
• s3_bucket_object_lock_enabled
• s3_bucket_object_logging_enabled
• s3_bucket_policy_restrict_public_access
• s3_bucket_policy_restricts_cross_account_permission_changes
• s3_bucket_protected_by_macie
• s3_bucket_restrict_public_read_access
• s3_bucket_restrict_public_write_access
• s3_bucket_static_website_hosting_disabled
• s3_bucket_versioning_and_lifecycle_policy_enabled
• s3_bucket_versioning_enabled
• s3_public_access_block_account
• s3_public_access_block_bucket
• s3_public_access_block_bucket_account
• sagemaker_endpoint_configuration_encryption_at_rest_enabled
• sagemaker_model_in_vpc
• sagemaker_model_network_isolation_enabled
• sagemaker_notebook_instance_direct_internet_access_disabled
• sagemaker_notebook_instance_encrypted_with_kms_cmk
• sagemaker_notebook_instance_encryption_at_rest_enabled
• sagemaker_notebook_instance_in_vpc
• sagemaker_notebook_instance_root_access_disabled
• sagemaker_training_job_in_vpc
• sagemaker_training_job_inter_container_traffic_encryption_enabled
• sagemaker_training_job_network_isolation_enabled
• sagemaker_training_job_volume_and_data_encryption_enabled
• secretsmanager_secret_automatic_rotation_enabled
• secretsmanager_secret_automatic_rotation_lambda_enabled
• secretsmanager_secret_encrypted_with_kms_cmk
• secretsmanager_secret_last_changed_365_day
• secretsmanager_secret_last_changed_90_day
• secretsmanager_secret_last_used_1_day
• secretsmanager_secret_rotated_as_scheduled
• secretsmanager_secret_unused_90_day
• securityhub_enabled
• sfn_state_machine_logging_enabled
• sns_topic_encrypted_at_rest
• sns_topic_notification_delivery_status_enabled
• sns_topic_policy_prohibit_cross_account_access
• sns_topic_policy_prohibit_public_access
• sns_topic_policy_prohibit_publishing_access
• sns_topic_policy_prohibit_subscription_access
• sqs_queue_dead_letter_queue_configured
• sqs_queue_encrypted_at_rest
• sqs_queue_encrypted_with_kms_cmk
• sqs_queue_policy_prohibit_public_access
• ssm_document_prohibit_public_access
• ssm_managed_instance_compliance_association_compliant
• ssm_managed_instance_compliance_patch_compliant
• ssm_parameter_encryption_enabled
• vpc_configured_to_use_vpc_endpoints
• vpc_default_security_group_restricts_all_traffic
• vpc_eip_associated
• vpc_endpoint_service_acceptance_required_enabled
• vpc_flow_logs_enabled
• vpc_gateway_endpoint_restrict_public_access
• vpc_igw_attached_to_authorized_vpc
• vpc_in_more_than_one_region
• vpc_network_acl_remote_administration
• vpc_network_acl_unused
• vpc_not_in_use
• vpc_peering_connection_no_cross_account_access
• vpc_peering_connection_route_table_least_privilege
• vpc_route_table_restrict_public_access_to_igw
• vpc_security_group_allows_ingress_authorized_ports
• vpc_security_group_allows_ingress_to_cassandra_ports
• vpc_security_group_allows_ingress_to_memcached_port
• vpc_security_group_allows_ingress_to_mongodb_ports
• vpc_security_group_allows_ingress_to_oracle_ports
• vpc_security_group_associated_to_eni
• vpc_security_group_not_uses_launch_wizard_sg
• vpc_security_group_remote_administration
• vpc_security_group_remote_administration_ipv4
• vpc_security_group_remote_administration_ipv6
• vpc_security_group_restrict_ingress_cifs_port_all
• vpc_security_group_restrict_ingress_common_ports_all
• vpc_security_group_restrict_ingress_kafka_port
• vpc_security_group_restrict_ingress_kibana_port
• vpc_security_group_restrict_ingress_rdp_all
• vpc_security_group_restrict_ingress_redis_port
• vpc_security_group_restrict_ingress_ssh_all
• vpc_security_group_restrict_ingress_tcp_udp_all
• vpc_security_group_restricted_common_ports
• vpc_security_group_unused
• vpc_subnet_auto_assign_public_ip_disabled
• vpc_subnet_multi_az_enabled
• vpc_subnet_public_and_private
• vpc_vpn_gateway_per_region_less_then_4
• vpc_vpn_tunnel_up
• waf_regional_rule_condition_attached
• waf_regional_rule_group_rule_attached
• waf_regional_web_acl_rule_attached
• waf_rule_condition_attached
• waf_rule_group_rule_attached
• waf_web_acl_logging_enabled
• waf_web_acl_resource_associated
• waf_web_acl_rule_attached
• wafv2_rule_group_logging_enabled
• wafv2_web_acl_logging_enabled
• wafv2_web_acl_rule_attached
• workspaces_workspace_volume_encryption_enabled