| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [AppSync.5] AWS AppSync GraphQL APIs should not be authenticated with API keys | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [ECS.1] Amazon ECS task definitions should have secure networking modes and user definitions. | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [ECS.4] ECS containers should run as non-privileged | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [ECS.5] ECS containers should be limited to read-only access to root filesystems | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [ElastiCache.6] ElastiCache (Redis OSS) replication groups of earlier versions should have Redis OSS AUTH enabled | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [EventBridge.3] EventBridge custom event buses should have a resource-based policy attached | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.1] IAM policies should not allow full "*" administrative privileges | | 1 | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.2] IAM users should not have IAM policies attached | | 1 | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.3] IAM users' access keys should be rotated every 90 days or less | | 1 | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.4] IAM root user access key should not exist | | 1 | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.5] MFA should be enabled for all IAM users that have a console password | | | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.6] Hardware MFA should be enabled for the root user | | | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.7] Password policies for IAM users should have strong configurations | | 1 | 2 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.8] Unused IAM user credentials should be removed | | | 1 | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [KMS.1] IAM customer managed policies should not allow decryption actions on all KMS keys | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [KMS.2] IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [Neptune.7] Neptune DB clusters should have IAM database authentication enabled | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [Opensearch.7] OpenSearch domains should have fine-grained access control enabled | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [RDS.10] IAM authentication should be configured for RDS instances | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [RDS.12] IAM authentication should be configured for RDS clusters | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [S3.12] ACLs should not be used to manage user access to S3 general purpose buckets | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [SageMaker.3] Users should not have root access to SageMaker AI notebook instances | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [SecretsManager.1] Secrets Manager secrets should have automatic rotation enabled | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [SecretsManager.2] Secrets Manager secrets configured with automatic rotation should rotate successfully | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [SecretsManager.3] Remove unused Secrets Manager secrets | | | | |
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [SecretsManager.4] Secrets Manager secrets should be rotated within a specified number of days | | | | |