| ๐ผ [EC2.1] Amazon EBS snapshots should not be publicly restorable | | | | |
| ๐ผ [EC2.2] VPC default security groups should not allow inbound or outbound traffic | | | 1 | |
| ๐ผ [EC2.3] Attached Amazon EBS volumes should be encrypted at-rest | | | | |
| ๐ผ [EC2.4] Stopped EC2 instances should be removed after a specified time period | | | | |
| ๐ผ [EC2.6] VPC flow logging should be enabled in all VPCs | | 1 | 1 | |
| ๐ผ [EC2.7] EBS default encryption should be enabled | | 1 | 1 | |
| ๐ผ [EC2.8] EC2 instances should use Instance Metadata Service Version 2 (IMDSv2) | | 1 | 1 | |
| ๐ผ [EC2.9] Amazon EC2 instances should not have a public IPv4 address | | | | |
| ๐ผ [EC2.10] Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service | | | | |
| ๐ผ [EC2.15] Amazon EC2 subnets should not automatically assign public IP addresses | | | | |
| ๐ผ [EC2.16] Unused Network Access Control Lists should be removed | | | | |
| ๐ผ [EC2.17] Amazon EC2 instances should not use multiple ENIs | | | | |
| ๐ผ [EC2.18] Security groups should only allow unrestricted incoming traffic for authorized ports | | | | |
| ๐ผ [EC2.19] Security groups should not allow unrestricted access to ports with high risk | | | 10 | |
| ๐ผ [EC2.20] Both VPN tunnels for an AWS Site-to-Site VPN connection should be up | | | | |
| ๐ผ [EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389 | | | 1 | |
| ๐ผ [EC2.23] Amazon EC2 Transit Gateways should not automatically accept VPC attachment requests | | | | |
| ๐ผ [EC2.24] Amazon EC2 paravirtual instance types should not be used | | | | |
| ๐ผ [EC2.25] Amazon EC2 launch templates should not assign public IPs to network interfaces | | | | |
| ๐ผ [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled | | | | |
| ๐ผ [EC2.55] VPCs should be configured with an interface endpoint for ECR API | | | | |
| ๐ผ [EC2.56] VPCs should be configured with an interface endpoint for Docker Registry | | | | |
| ๐ผ [EC2.57] VPCs should be configured with an interface endpoint for Systems Manager | | | | |
| ๐ผ [EC2.58] VPCs should be configured with an interface endpoint for Systems Manager Incident Manager Contacts | | | | |
| ๐ผ [EC2.60] VPCs should be configured with an interface endpoint for Systems Manager Incident Manager | | | | |
| ๐ผ [EC2.170] EC2 launch templates should use Instance Metadata Service Version 2 (IMDSv2) | | | | |
| ๐ผ [EC2.171] EC2 VPN connections should have logging enabled | | | | |
| ๐ผ [EC2.172] EC2 VPC Block Public Access settings should block internet gateway traffic | | | | |