Jump to Content

Home Guides API Reference

Guides

Home Guides API Reference

All

Pages

Start typing to search…

First Steps

Getting Started
Gain Visibility
Discovery and Review
Continuous Compliance

How-To

Apply Your License
Choosing a Framework
Define Organizational Units
Enable Serverless Protection
Export Public IP Addresses
Filters and Grouping
Prioritize with Risk Management
Setup Continuous Compliance
Using Webhooks

Best Practice

Automating Compliance
Serverless Security Considerations

aws

Amazon EC2 Instance
Simple Storage Service (S3)
AWS Lambda
Amazon Elastic File System (EFS)
AWS EcrRepository
Elastic Load Balancing (ELB)
Amazon RDS
IAM Server Certificate
Application Load Balancer
Amazon Redshift
- Use KMS CMK customer-managed keys for Redshift clusters
- Ensure AWS Redshift instances are encrypted
Amazon CloudFront
Amazon Elastic Container Service - Cluster
- ECS Cluster At-Rest Encryption
- Prefer using IAM roles for tasks rather than using IAM roles for an instance
Amazon Kinesis
Amazon ElastiCache
AWS Certificate Manager
Amazon DynamoDB
- Ensure that AWS DynamoDB is encrypted using customer-managed CMK
- Ensure Amazon DynamoDB tables have continuous backups enabled
Amazon SageMaker
- Ensure SageMaker Notebook Instance Data Encryption is enabled
- Ensure that SageMaker Notebook Instance Data Encryption with KMS CMKs is enabled
Amazon API Gateway
- Ensure that an API Key is required on a Method Request
Network Load Balancer
- Ensure to update the Security Policy of the Network Load Balancer
IAM Group
EMR Cluster
- Ensure in-transit and at-rest encryption is enabled for Amazon EMR clusters
- Ensure AWS Elastic MapReduce (EMR) clusters capture detailed log data to Amazon S3
Simple Queue Service (SQS)
Amazon ElasticSearch service
SNS Topic
Amazon Secrets Manager
Amazon Systems Manager Parameter
- Ensure that sensitive parameters are encrypted
Amazon Elastic Block Storage (EBS)
- Ensure EBS volume encryption is enabled
Amazon Route 53
Route53RecordSetGroup
- Ensure S3 Bucket exists for CNAME records routing traffic to an S3 Bucket website endpoint
- Ensure S3 Bucket exists for A records routing traffic to an S3 Bucket website endpoint
IAM User
AWS Identity and Access Management (IAM)
IAM Role
Amazon Elastic Container Service
IAM Policy
Amazon VPC Endpoints
- Ensure that VPC Endpoint policy does not provide excessive permissions
IAM SAML Identity Provider
- Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
Region
CloudTrail
AWS Key Management Service (KMS)
- Ensure rotation for customer created CMKs is enabled
EKS Cluster
- Ensure that AWS EKS Cluster control plane logging is enabled
AWS Network-Firewall
- Ensure Network firewall flow logging is enabled
- Ensure Network firewall alerts logging is enabled
Amazon VPC

Powered by

Ensure whether IAM users are members of at least one IAM group

It is recommended to make sure that user belongs to at least one group, it will helps to control the permissions

Updated 6 months ago

Ensure inactive user for 30 days or greater are disabled

Ensure IAM User do not have administrator privileges