| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AppSync.5] AWS AppSync GraphQL APIs should not be authenticated with API keys | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AutoScaling.3] Auto Scaling group launch configurations should configure EC2 instances to require Instance Metadata Service Version 2 (IMDSv2) | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AutoScaling.5] Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addresses | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.1] Database Migration Service replication instances should not be public | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.10] DMS endpoints for Neptune databases should have IAM authorization enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.11] DMS endpoints for MongoDB should have an authentication mechanism enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.3] Amazon DocumentDB manual cluster snapshots should not be public | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.1] Amazon EBS snapshots should not be publicly restorable | | | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.8] EC2 instances should use Instance Metadata Service Version 2 (IMDSv2) | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.9] Amazon EC2 instances should not have a public IPv4 address | | | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.10] Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service | | | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.15] Amazon EC2 subnets should not automatically assign public IP addresses | | | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.25] Amazon EC2 launch templates should not assign public IPs to network interfaces | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.55] VPCs should be configured with an interface endpoint for ECR API | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.56] VPCs should be configured with an interface endpoint for Docker Registry | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.57] VPCs should be configured with an interface endpoint for Systems Manager | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.58] VPCs should be configured with an interface endpoint for Systems Manager Incident Manager Contacts | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.60] VPCs should be configured with an interface endpoint for Systems Manager Incident Manager | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.1] Amazon ECS task definitions should have secure networking modes and user definitions. | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.2] ECS services should not have public IP addresses assigned to them automatically | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.4] ECS containers should run as non-privileged | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.5] ECS containers should be limited to read-only access to root filesystems | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.1] EKS cluster endpoints should not be publicly accessible | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.6] ElastiCache (Redis OSS) replication groups of earlier versions should have Redis OSS AUTH enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EMR.1] Amazon EMR cluster primary nodes should not have public IP addresses | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EMR.2] Amazon EMR block public access setting should be enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.2] Elasticsearch domains should not be publicly accessible | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EventBridge.3] EventBridge custom event buses should have a resource-based policy attached | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.1] IAM policies should not allow full "*" administrative privileges | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.2] IAM users should not have IAM policies attached | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.4] IAM root user access key should not exist | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.8] Unused IAM user credentials should be removed | | | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [KMS.1] IAM customer managed policies should not allow decryption actions on all KMS keys | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [KMS.2] IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Lambda.1] Lambda function policies should prohibit public access | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.3] Neptune DB cluster snapshots should not be public | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.7] Neptune DB clusters should have IAM database authentication enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.2] OpenSearch domains should not be publicly accessible | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.7] OpenSearch domains should have fine-grained access control enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.1] RDS snapshot should be private | | 1 | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.10] IAM authentication should be configured for RDS instances | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.12] IAM authentication should be configured for RDS clusters | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.1] Amazon Redshift clusters should prohibit public access | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.1] S3 general purpose buckets should have block public access settings enabled | | | 1 | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.2] S3 general purpose buckets should block public read access | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.3] S3 general purpose buckets should block public write access | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.12] ACLs should not be used to manage user access to S3 general purpose buckets | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.19] S3 access points should have block public access settings enabled | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SageMaker.1] Amazon SageMaker AI notebook instances should not have direct internet access | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SageMaker.2] SageMaker AI notebook instances should be launched in a custom VPC | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SageMaker.3] Users should not have root access to SageMaker AI notebook instances | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ServiceCatalog.1] Service Catalog portfolios should be shared within an AWS organization only | | | | |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SSM.4] SSM documents should not be public | | | | |