- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.yaml files (585):

policies/ecc-aws-127-rds_cluster_storage_is_encrypted.yml
policies/ecc-aws-139-iam_access_analyzer_is_enabled.yml
policies/ecc-aws-054-iam_policies_full_administrative_privileges.yml
policies/ecc-aws-594-underutilized_rds_instance_storage.yml
policies/ecc-aws-102-sagemaker_does_not_have_direct_internet_access.yml
policies/ecc-aws-060-cloudtrail_logs_encrypted_using_KMS_CMKs.yml
policies/ecc-aws-365-glue_connection_passwords_encrypted.yml
policies/ecc-aws-524-waf_regional_webacl_not_empty.yml
policies/ecc-aws-044-s3_buckets_without_tags.yml
policies/ecc-aws-302-postgresql_log_parser_stats_flag_is_disabled.yml
policies/ecc-aws-253-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml
policies/ecc-aws-496-ecs_task_definition_pid_mode_check.yml
policies/ecc-aws-003-ensure_vpc_flow_logging_enabled_for_every_vpc.yml
policies/ecc-aws-205-rds_mariadb_logging_enabled.yml
policies/ecc-aws-051-iam_password_policy_passwd_expires_le_90.yml
policies/ecc-aws-591-reserved_rds_instance_payment_failed.yml
policies/ecc-aws-360-ecs_exec_logging_encryption_enabled.yml
policies/ecc-aws-560-unused_sns_topic.yml
policies/ecc-aws-141-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml
policies/ecc-aws-541-glue_job_logging_enabled.yml
policies/ecc-aws-249-rest_api_gateway_contend_encoding_enabled.yml
policies/ecc-aws-578-reserved_ec2_instance_payment_pending.yml
policies/ecc-aws-522-ecs_no_environment_secrets.yml
policies/ecc-aws-392-vpc_endpoint_without_tag_information.yml
policies/ecc-aws-170-security_group_ingress_is_restricted_traffic_to_port_5500.yml
policies/ecc-aws-107-acm_has_no_unused_certificates.yml
policies/ecc-aws-289-autoscaling_group_has_valid_configuration.yml
policies/ecc-aws-156-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml
policies/ecc-aws-458-lambda_functions_enhanced_monitoring_enabled.yml
policies/ecc-aws-366-fsx_lustre_logging_enabled.yml
policies/ecc-aws-009-iam_ssl_or_tls_certificates_expire_in_one_week.yml
policies/ecc-aws-008-iam_ssl_or_tls_certificates_expire_in_one_month.yml
policies/ecc-aws-125-elasticache_redis_clusters_encryption_at_rest.yml
policies/ecc-aws-119-kinesis_streams_encrypted_kms_customer_master_keys.yml
policies/ecc-aws-426-qldb_ledgers_without_tag_information.yml
policies/ecc-aws-048-iam_password_policy_one_symbol.yml
policies/ecc-aws-027-prevent_0-65535_ingress_and_all.yml
policies/ecc-aws-421-lambda_functions_without_tag_information.yml
policies/ecc-aws-542-glue_job_autoscaling_enabled.yml
policies/ecc-aws-490-ec2_token_hop_limit_check.yml
policies/ecc-aws-067-unauthorized_api_calls_alarm_exists.yml
policies/ecc-aws-399-codebuild_without_tag_information.yml
policies/ecc-aws-070-unused_ec2_security_groups.yml
policies/ecc-aws-346-route53_hosted_zone_records_health_check_configured.yml
policies/ecc-aws-329-unused_ec2_access_keys.yml
policies/ecc-aws-517-s3_bucket_acl_prohibited.yml
policies/ecc-aws-391-vpc_without_tag_information.yml
policies/ecc-aws-367-ds_directory_not_open_to_large_scope.yml
policies/ecc-aws-033-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml
policies/ecc-aws-415-iam_user_without_tag_information.yml
policies/ecc-aws-043-s3_bucket_lifecycle.yml
policies/ecc-aws-091-ec2_managed_ssm_patch_compliance.yml
policies/ecc-aws-406-elasticache_clusters_without_tag_information.yml
policies/ecc-aws-155-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml
policies/ecc-aws-537-ecs_containers_nonprivileged.yml
policies/ecc-aws-192-elastic_beanstalk_enhanced_health_reporting_enabled.yml
policies/ecc-aws-396-cloudformation_stacks_without_tag_information.yml
policies/ecc-aws-382-internet_gateway_without_tag_information.yml
policies/ecc-aws-272-elasticache_latest_version.yml
policies/ecc-aws-300-sqs_not_open_to_everyone.yml
policies/ecc-aws-263-unused_virtual_private_gateways.yml
policies/ecc-aws-319-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml
policies/ecc-aws-185-ec2_stopped_instance.yml
policies/ecc-aws-469-alb_desync_mode_check.yml
policies/ecc-aws-013-remove_weak_ciphers_for_clb.yml
policies/ecc-aws-416-iam_role_without_tag_information.yml
policies/ecc-aws-601-auto_scaling_group_statically_configured.yml
policies/ecc-aws-592-reserved_rds_instance_payment_pending.yml
policies/ecc-aws-222-ec2_instance_managed_by_systems_manager.yml
policies/ecc-aws-219-secrets_manager_successful_rotation_check.yml
policies/ecc-aws-535-clb_acm_certificate_required.yml
policies/ecc-aws-309-config_delivery_failed.yml
policies/ecc-aws-259-emr_clusters_in_vpc.yml
policies/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances.yml
policies/ecc-aws-167-security_group_ingress_is_restricted_traffic_to_port_143.yml
policies/ecc-aws-404-eks_without_tag_information.yml
policies/ecc-aws-317-oracle_remote_listener_flag_empty.yml
policies/ecc-aws-510-unused_efs_filesystem.yml
policies/ecc-aws-046-ensure_no_root_account_access_key_exists.yml
policies/ecc-aws-097-network_access_control_lists_changes_alarm_exists.yml
policies/ecc-aws-299-cloudfront_distribution_fieldlevel_encryption.yml
policies/ecc-aws-528-acm_certificate_transparency_logging_enabled.yml
policies/ecc-aws-324-oracle_resource_limit_flag_enabled.yml
policies/ecc-aws-265-elasticache_previous_generation_instances_not_used.yml
policies/ecc-aws-193-alb_drop_invalid_http_header.yml
policies/ecc-aws-529-ebs_attached_volume_delete_on_termination_enabled.yml
policies/ecc-aws-580-reserved_instance_lease_expiration_in_30_days.yml
policies/ecc-aws-254-glue_job_bookmarks_encrypted.yml
policies/ecc-aws-147-ebs_volume_without_encrypt.yml
policies/ecc-aws-243-postgresql_log_checkpoints_flag_enabled.yml
policies/ecc-aws-387-subnet_without_tag_information.yml
policies/ecc-aws-417-msk_clusters_without_tag_information.yml
policies/ecc-aws-409-emr_without_tag_information.yml
policies/ecc-aws-321-oracle_sec_return_server_release_banner_flag_disabled.yml
policies/ecc-aws-484-codedeploy_auto_rollback_monitor_enabled.yml
policies/ecc-aws-173-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml
policies/ecc-aws-486-codedeploy_lambda_allatonce_traffic_shift_disabled.yml
policies/ecc-aws-303-cloudtrail_logs_management_events.yml
policies/ecc-aws-401-dlm_without_tag_information.yml
policies/ecc-aws-571-stopped_rds_instances_removed.yml
policies/ecc-aws-384-network_acl_without_tag_information.yml
policies/ecc-aws-045-iam_password_policy_one_uppercase_letter.yml
policies/ecc-aws-286-workspaces_unused_instances.yml
policies/ecc-aws-352-sns_encrypted_with_kms_cmk.yml
policies/ecc-aws-115-expired_certificates_are_removed_from_acm.yml
policies/ecc-aws-579-reserved_ec2_instance_recent_purchases.yml
policies/ecc-aws-448-mwaa_worker_logs_set_correctly.yml
policies/ecc-aws-581-reserved_instance_lease_expiration_in_7_days.yml
policies/ecc-aws-516-s3_event_notifications_enabled.yml
policies/ecc-aws-418-kinesis_data_stream_without_tag_information.yml
policies/ecc-aws-174-rds_database_cluster_engine_no_default_ports.yml
policies/ecc-aws-129-enable_elb_access_logs.yml
policies/ecc-aws-109-invalid_or_failed_certificates_are_removed_from_acm.yml
policies/ecc-aws-220-secrets_manager_unused_secret.yml
policies/ecc-aws-429-redshift_clusters_without_tag_information.yml
policies/ecc-aws-351-rds_encrypted_with_kms_cmk.yml
policies/ecc-aws-175-rds_instances_storage_is_encrypted.yml
policies/ecc-aws-215-redshift_cluster_automatic_snapshot_enabled.yml
policies/ecc-aws-441-appsync_cache_encrypted_at_rest.yml
policies/ecc-aws-420-kms_key_without_tag_information.yml
policies/ecc-aws-491-ec2_transit_gateway_auto_vpc_attach_disabled.yml
policies/ecc-aws-223-ec2_managed_instance_association_compliance_status_check.yml
policies/ecc-aws-355-redshift_encrypted_with_kms_cmk.yml
policies/ecc-aws-025-instance_without_termination_protection.yml
policies/ecc-aws-505-redshift_default_admin_check.yml
policies/ecc-aws-106-acm_has_certificates_single_domain_names.yml
policies/ecc-aws-470-api_gw_endpoint_type_check.yml
policies/ecc-aws-066-eks_cluster_protected_endpoint_access.yml
policies/ecc-aws-552-dynamodb_tables_unused.yml
policies/ecc-aws-059-config_enabled_all_regions.yml
policies/ecc-aws-268-elasticache_encrypted_at_rest_using_cmk.yml
policies/ecc-aws-316-oracle_global_names_flag_enabled.yml
policies/ecc-aws-630-ec2_ami_not_in_use.yml
policies/ecc-aws-209-rds_aurora_postgresql_logging_enabled.yml
policies/ecc-aws-234-postgresql_debug_print_rewritten_flag_disabled.yml
policies/ecc-aws-172-security_group_ingress_is_restricted_traffic_to_port_8080.yml
policies/ecc-aws-407-beanstalk_without_tag_information.yml
policies/ecc-aws-587-elasticsearch_reserved_instance_payment_failed.yml
policies/ecc-aws-073-unused_eip_should_be_removed.yml
policies/ecc-aws-333-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml
policies/ecc-aws-081-console_auth_failure_alarm_exists.yml
policies/ecc-aws-597-reserved_redshift_node_recent_purchases.yml
policies/ecc-aws-439-qldb_deletion_protection_enabled.yml
policies/ecc-aws-354-redshift_not_using_default_port.yml
policies/ecc-aws-228-ecr_immutable_image_tags.yml
policies/ecc-aws-295-use_secure_ssl_protocols_between_cloudfront_origin.yml
policies/ecc-aws-036-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml
policies/ecc-aws-194-elb_deletion_protection_enabled.yml
policies/ecc-aws-074-elasticsearch_service_domains_in_vpc.yml
policies/ecc-aws-437-s3_bucket_object_lock_enabled.yml
policies/ecc-aws-176-rds_snapshots_storage_is_encrypted.yml
policies/ecc-aws-104-cloudfront_web_distributions_with_geo_restriction_enabled.yml
policies/ecc-aws-344-route53_domain_expires_in_30_days.yml
policies/ecc-aws-148-logging_for_s3_enabled.yml
policies/ecc-aws-241-postgresql_log_statement_flag_set_correctly.yml
policies/ecc-aws-380-eip_without_tag_information.yml
policies/ecc-aws-057-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml
policies/ecc-aws-538-cloudfront_s3_origin_non_existent_bucket.yml
policies/ecc-aws-483-codebuild_project_s3_logs_encrypted.yml
policies/ecc-aws-347-msk_data_encrypted_with_kms_cmk.yml
policies/ecc-aws-334-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml
policies/ecc-aws-389-transit_gateway_attachment_without_tag_information.yml
policies/ecc-aws-464-ecs_exec_logging_enabled.yml
policies/ecc-aws-515-security_hub_enabled.yml
policies/ecc-aws-277-elasticsearch_slow_logs_enabled.yml
policies/ecc-aws-195-alb_http_to_https_redirection_enabled.yml
policies/ecc-aws-566-opensearch_auto_tune_enabled.yml
policies/ecc-aws-248-rest_api_gateway_is_protected_by_waf.yml
policies/ecc-aws-610-idle_ec2_instance.yml
policies/ecc-aws-466-fsx_netapp_ontap_multi_az_enabled.yml
policies/ecc-aws-596-reserved_redshift_node_payment_pending.yml
policies/ecc-aws-331-workspaces_images_not_older_than_90_days.yml
policies/ecc-aws-480-codebuild_project_artifact_encryption.yml
policies/ecc-aws-114-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml
policies/ecc-aws-335-lambda_active_tracing_enabled.yml
policies/ecc-aws-240-postgresql_log_hostname_flag_disabled.yml
policies/ecc-aws-315-oracle_audit_trail_flag_set_correctly.yml
policies/ecc-aws-614-idle_rds_instance.yml
policies/ecc-aws-509-dax_ecnrypted_in_transit.yml
policies/ecc-aws-478-cloudfront_sni_enabled.yml
policies/ecc-aws-572-disabled_kms_keys_removed.yml
policies/ecc-aws-053-cloudtrail_log_validation_enabled.yml
policies/ecc-aws-471-autoscaling_groups_capacity_rebalancing_enabled.yml
policies/ecc-aws-062-security_group_ingress_is_restricted_22.yml
policies/ecc-aws-019-iam_password_policy_password_reuse.yml
policies/ecc-aws-443-appsync_protected_by_waf.yml
policies/ecc-aws-449-redshift_availability_zone_relocation_enabled.yml
policies/ecc-aws-065-encrypted_connection_between_cloudfront_origin.yml
policies/ecc-aws-381-eni_without_tag_information.yml
policies/ecc-aws-323-oracle_trace_files_public.yml
policies/ecc-aws-079-iam_policy_changes_alarm_exist.yml
policies/ecc-aws-158-rds_db_instances_configured_to_copy_tags_to_snapshots.yml
policies/ecc-aws-514-inactive_iam_access_keys_are_not_deleted.yml
policies/ecc-aws-103-cloudfront_web_distributions_use_custom_ssl_certificates.yml
policies/ecc-aws-095-aws_config_configuration_changes_alarm_exists.yml
policies/ecc-aws-402-dms_without_tag_information.yml
policies/ecc-aws-204-rds_mysql_logging_enabled.yml
policies/ecc-aws-206-rds_sql_server_logging_enabled.yml
policies/ecc-aws-301-sqs_dead_letter_queue_enabled.yml
policies/ecc-aws-548-ebs_volumes_are_of_type_gp3_instead_of_gp2.yml
policies/ecc-aws-157-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml
policies/ecc-aws-386-security_group_without_tag_information.yml
policies/ecc-aws-211-rds_cluster_iam_authentication_configured.yml
policies/ecc-aws-503-rds_cluster_default_admin_check.yml
policies/ecc-aws-504-rds_instance_default_admin_check.yml
policies/ecc-aws-130-update_security_policy_of_network_load_balancer.yml
policies/ecc-aws-400-dax_clusters_without_tag_information.yml
policies/ecc-aws-545-step_function_state_machine_logging_enabled.yml
policies/ecc-aws-521-ecs_containers_readonly_access.yml
policies/ecc-aws-349-route53_query_logging_enabled.yml
policies/ecc-aws-138-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
policies/ecc-aws-076-ebs_snapshots_not_publicly_restorable.yml
policies/ecc-aws-531-ebs_default_encryption_enabled.yml
policies/ecc-aws-258-emr_at_rest_and_in_transit_encryption_enabled.yml
policies/ecc-aws-181-dms_replication_not_public.yml
policies/ecc-aws-445-mwaa_scheduler_logs_set_correctly.yml
policies/ecc-aws-199-rds_instance_enhanced_monitoring_enabled.yml
policies/ecc-aws-202-rds_oracle_logging_enabled.yml
policies/ecc-aws-489-ec2_instance_detailed_monitoring_enabled.yml
policies/ecc-aws-164-redshift_clusters_audit_logging_enabled.yml
policies/ecc-aws-186-ec2_instance_no_public_ip.yml
policies/ecc-aws-233-postgresql_debug_print_parse_flag_disabled.yml
policies/ecc-aws-527-waf_global_webacl_not_empty.yml
policies/ecc-aws-279-elasticache_auth_token_rotated_every_90_days.yml
policies/ecc-aws-288-workspaces_instances_are_healthy.yml
policies/ecc-aws-238-postgresql_log_disconnections_flag_enabled.yml
policies/ecc-aws-028-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml
policies/ecc-aws-196-emr_master_nodes_no_public_ip.yml
policies/ecc-aws-553-unused_clb.yml
policies/ecc-aws-178-rest_api_aws_x_ray_enabled.yml
policies/ecc-aws-128-expired_route53_domain_names.yml
policies/ecc-aws-024-ensures_sqs_encryption_is_enabled.yml
policies/ecc-aws-098-network_gateways_changes_alarm_exists.yml
policies/ecc-aws-493-ecs_container_insights_enabled.yml
policies/ecc-aws-379-ebs_snapshot_without_tag_information.yml
policies/ecc-aws-569-asg_propagate_tags_to_ec2_instances.yml
policies/ecc-aws-385-route_table_without_tag_information.yml
policies/ecc-aws-197-elasticsearch_node_to_node_encryption_enabled.yml
policies/ecc-aws-342-route53_domain_automatic_renewal_enabled.yml
policies/ecc-aws-014-clb_uses_https.yml
policies/ecc-aws-310-dms_latest_version.yml
policies/ecc-aws-227-eks_secrets_encrypted.yml
policies/ecc-aws-312-dms_auto_minor_version_upgrade.yml
policies/ecc-aws-151-security_group_ingress_is_restricted_traffic_to_port_20.yml
policies/ecc-aws-075-elasticsearch_service_domains_encryption_at_rest.yml
policies/ecc-aws-189-ec2_instance_should_not_use_multiple_eni.yml
policies/ecc-aws-260-emr_logging_to_s3_enabled.yml
policies/ecc-aws-339-mq_broker_auto_minor_version_upgrade_enabled.yml
policies/ecc-aws-200-rds_cluster_deletion_protection_enabled.yml
policies/ecc-aws-388-transit_gateway_without_tag_information.yml
policies/ecc-aws-218-secrets_manager_rotation_enabled.yml
policies/ecc-aws-465-fsx_daily_automatic_backup_enabled.yml
policies/ecc-aws-348-msk_encryption_in_transit_enabled.yml
policies/ecc-aws-237-postgresql_log_connections_flag_enabled.yml
policies/ecc-aws-589-elasticsearch_reserved_instance_recent_purchases.yml
policies/ecc-aws-375-workspaces_storage_encrypted_with_cmk.yml
policies/ecc-aws-276-rds_aurora_postgresql_cluster_logging_enabled.yml
policies/ecc-aws-364-autoscaling_launch_config_public_ip_disabled.yml
policies/ecc-aws-224-ec2_instance_imdsv2_enabled.yml
policies/ecc-aws-283-elasticsearch_latest_version.yml
policies/ecc-aws-378-ebs_without_tag_information.yml
policies/ecc-aws-235-postgresql_debug_print_plan_flag_disabled.yml
policies/ecc-aws-221-sns_kms_encryption_enabled.yml
policies/ecc-aws-533-key_pair_without_tag_information.yml
policies/ecc-aws-500-lambda_vpc_multi_az_check.yml
policies/ecc-aws-287-autoscaling_group_utilize_multi_az.yml
policies/ecc-aws-586-elasticsearch_general_purpose_ssd_volume.yml
policies/ecc-aws-394-app_flow_without_tag_information.yml
policies/ecc-aws-168-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml
policies/ecc-aws-145-organizations_changes_alarm_exists.yml
policies/ecc-aws-440-appsync_logging_enabled.yml
policies/ecc-aws-190-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml
policies/ecc-aws-001-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml
policies/ecc-aws-124-efs_is_encrypted_using_managed_cmk.yml
policies/ecc-aws-296-rds_mysql_instances_latest_major_version.yml
policies/ecc-aws-232-postgresql_log_rotation_size_flag_set_correctly.yml
policies/ecc-aws-593-reserved_rds_instance_recent_purchases.yml
policies/ecc-aws-180-cloudfront_origin_failover_configured.yml
policies/ecc-aws-030-security_group_ingress_is_restricted_traffic_to_http_port_80.yml
policies/ecc-aws-501-opensearch_access_control_enabled.yml
policies/ecc-aws-376-api_gateway_http_api_and_websocket_api_logs_not_enabled.yml
policies/ecc-aws-495-ecs_task_definition_memory_hard_limit.yml
policies/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1.yml
policies/ecc-aws-604-efs_without_lifecycle_management.yml
policies/ecc-aws-285-xray-encrypted_with_kms_cmk.yml
policies/ecc-aws-307-postgresql_log_min_error_statement_flag_set_correctly.yml
policies/ecc-aws-308-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml
policies/ecc-aws-330-mysql_sql_mode_flag_contains_strict_all_tables.yml
policies/ecc-aws-055-cloudtrail_integrated_with_cloudwatch.yml
policies/ecc-aws-462-lambda_concurrency_enabled.yml
policies/ecc-aws-502-rds_automatic_minor_version_upgrade_enabled.yml
policies/ecc-aws-410-elasticsearch_without_tag_information.yml
policies/ecc-aws-267-elasticache_encrypted_in_transit.yml
policies/ecc-aws-179-cloudfront_default_root_object_configured.yml
policies/ecc-aws-093-ensure_that_sagemaker_in_vpc.yml
policies/ecc-aws-210-rds_instance_iam_authentication_configured.yml
policies/ecc-aws-099-route_table_changes_alarm_exists.yml
policies/ecc-aws-061-kms_key_rotation_is_enabled.yml
policies/ecc-aws-063-security_group_ingress_is_restricted_3389.yml
policies/ecc-aws-475-clb_cross_zone_load_balancing_enabled.yml
policies/ecc-aws-457-glue_spark_ui_monitoring_enabled.yml
policies/ecc-aws-461-lambda_latest_runtime_environment_version.yml
policies/ecc-aws-374-cloudtrail_logs_data_events.yml
policies/ecc-aws-214-redshift_cluster_encrypted_in_transit.yml
policies/ecc-aws-363-kinesis_video_stream_encrypted_with_kms_cmk.yml
policies/ecc-aws-540-glue_job_latest_version.yml
policies/ecc-aws-250-rest_api_gateway_cache_enabled.yml
policies/ecc-aws-022-ebs_volumes_too_old_snapshots.yml
policies/ecc-aws-080-cloudtrail_configuration_changes_alarm_exists.yml
policies/ecc-aws-427-rds_cluster_without_tag_information.yml
policies/ecc-aws-230-ecr_image_scanning_on_push_enabled.yml
policies/ecc-aws-111-alb_is_protected_by_waf_regional.yml
policies/ecc-aws-413-glacier_without_tag_information.yml
policies/ecc-aws-165-ecs_services_public_ip_addresses_not_assigned_automatically.yml
policies/ecc-aws-021-ebs-volume_without_recent_snapshot.yml
policies/ecc-aws-016-ensure_hardware_mfa_is_enabled_for_root_account.yml
policies/ecc-aws-290-workspaces_storage_encrypted.yml
policies/ecc-aws-017-credentials_unused_for_45_days.yml
policies/ecc-aws-089-codebuild_environment_variables_contain_text_credentials.yml
policies/ecc-aws-071-codebuild_project_source_repo_url_check.yml
policies/ecc-aws-121-restrict_outbound_traffic.yml
policies/ecc-aws-547-rds_instance_generation.yml
policies/ecc-aws-270-elasticache_redis_multi_az_enabled.yml
policies/ecc-aws-506-redshift_default_db_name_check.yml
policies/ecc-aws-239-postgresql_log_error_verbosity_flag_set_correctly.yml
policies/ecc-aws-532-imported_and_acm_certificates_expire_in_one_month.yml
policies/ecc-aws-359-rest_api_gateway_access_logging_enabled.yml
policies/ecc-aws-499-iam_group_has_users_check.yml
policies/ecc-aws-015-ensure_mfa_is_enabled_for_the_root_account.yml
policies/ecc-aws-246-transit_gateway_default_route_table_association_disabled.yml
policies/ecc-aws-177-api_gateway_rest_api_stages_ssl_certificates_configured.yml
policies/ecc-aws-377-ami_without_tag_information.yml
policies/ecc-aws-039-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml
policies/ecc-aws-369-workspaces_cloudwatch_integration.yml
policies/ecc-aws-154-elasticsearch_domains_have_at_least_three_data_nodes.yml
policies/ecc-aws-133-guardduty_service_is_enabled.yml
policies/ecc-aws-336-sagemaker_endpoint_configuration_encrypted.yml
policies/ecc-aws-425-mwaa_without_tag_information.yml
policies/ecc-aws-872-access_to_cloudshell_restricted.yml
policies/ecc-aws-431-sns_without_tag_information.yml
policies/ecc-aws-353-redshift_user_activity_logging_enabled.yml
policies/ecc-aws-460-lambda_environment_variables_encrypted_in_transit.yml
policies/ecc-aws-543-cloudfront_realtime_logging_enabled.yml
policies/ecc-aws-476-cloudformation_stack_drift_detection_check.yml
policies/ecc-aws-049-iam_password_policy_one_number.yml
policies/ecc-aws-474-clb-multiple_az.yml
policies/ecc-aws-488-cloudwatch_log_group_retention_period_check.yml
policies/ecc-aws-328-unused_ebs_volumes.yml
policies/ecc-aws-520-autoscaling_launch_config_hop_limit.yml
policies/ecc-aws-423-cloudwatch_log_groups_without_tag_information.yml
policies/ecc-aws-590-rds_general_purpose_ssd_storage_type.yml
policies/ecc-aws-090-rds_snapshot_prohibit_public_access.yml
policies/ecc-aws-225-eks_control_plane_logging_enabled.yml
policies/ecc-aws-411-fsx_without_tag_information.yml
policies/ecc-aws-337-lambda_variables_encrypted_with_kms_cmk.yml
policies/ecc-aws-281-autoscaling_group_cooldown_period.yml
policies/ecc-aws-047-iam_password_policy_one_lowercase_letter.yml
policies/ecc-aws-508-mwaa_latest_version.yml
policies/ecc-aws-549-ec2_instance_previous_generation.yml
policies/ecc-aws-187-ec2_service_use_vpc_endpoints.yml
policies/ecc-aws-314-oracle_audit_sys_operations_flag_enabled.yml
policies/ecc-aws-327-ebs_snapshot_encrypted.yml
policies/ecc-aws-436-kinesis_streams_shard_level_monitoring_enabled.yml
policies/ecc-aws-408-elb_without_tag_information.yml
policies/ecc-aws-184-dynamodb_dax_encryption_enabled.yml
policies/ecc-aws-006-rds_retention_backup_is_at_least_7_days.yml
policies/ecc-aws-362-mwaa_encrypted_with_kms_cmk.yml
policies/ecc-aws-275-rds_aurora_mysql_cluster_logging_enabled.yml
policies/ecc-aws-544-cloudtrail_delivery_failing.yml
policies/ecc-aws-326-ebs_volume_encrypted_with_kms_cmk.yml
policies/ecc-aws-088-s3_bucket_cross_region_replication_enabled.yml
policies/ecc-aws-576-ec2_instance_dedicated_tenancy.yml
policies/ecc-aws-577-reserved_ec2_instance_payment_failed.yml
policies/ecc-aws-582-ecs_service_placement_strategy.yml
policies/ecc-aws-266-elasticache_automatic_backups.yml
policies/ecc-aws-397-cloudfront_distributions_without_tag_information.yml
policies/ecc-aws-026-rds_instance_with_no_backups.yml
policies/ecc-aws-383-nat_gateway_without_tag_information.yml
policies/ecc-aws-018-iam_users_receive_permissions_only_through_groups.yml
policies/ecc-aws-602-cloudwatch_logs_with_no_log_retention_period.yml
policies/ecc-aws-318-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml
policies/ecc-aws-507-sns_topic_message_delivery_notification_enabled.yml
policies/ecc-aws-050-iam_password_min_length_ge_14.yml
policies/ecc-aws-203-rds_postgresql_logging_enabled.yml
policies/ecc-aws-023-clb_access_logging_disabled.yml
policies/ecc-aws-007-rds_high-availability_zone.yml
policies/ecc-aws-212-rds_aurora_mysql_backtracking_enabled.yml
policies/ecc-aws-271-elasticache_redis_auth_enabled.yml
policies/ecc-aws-032-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml
policies/ecc-aws-038-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml
policies/ecc-aws-004-bucket_policy_allows_https_requests.yml
policies/ecc-aws-116-rest_api_gateway_is_set_to_private.yml
policies/ecc-aws-142-s3_buckets_configured_with_block_public_access.yml
policies/ecc-aws-072-autoscaling_group_health_checks.yml
policies/ecc-aws-029-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml
policies/ecc-aws-226-eks_clusters_security_group_traffic_restricted.yml
policies/ecc-aws-304-event_bus_is_exposed_to_everyone.yml
policies/ecc-aws-293-backups_encrypted_with_kms_customer_master_keys.yml
policies/ecc-aws-523-kms_cmk_not_scheduled_for_deletion.yml
policies/ecc-aws-512-elb_internet_facing.yml
policies/ecc-aws-082-cmk_key_disabling_or_deletion_alarm_exists.yml
policies/ecc-aws-434-mq_broker_latest_version.yml
policies/ecc-aws-037-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml
policies/ecc-aws-428-rds_snapshot_without_tag_information.yml
policies/ecc-aws-455-emr_termination_protection_enabled.yml
policies/ecc-aws-152-clb_connection_draining_enabled.yml
policies/ecc-aws-282-elasticsearch_enforces_https.yml
policies/ecc-aws-291-backup_service_compliant_lifecycle_enabled.yml
policies/ecc-aws-140-only_one_active_access_key_available_for_any_single_iam_user.yml
policies/ecc-aws-012-use_secure_ciphers_in_cloudfront_distribution.yml
policies/ecc-aws-085-lambda_in_vpc.yml
policies/ecc-aws-442-appsync_cache_encrypted_in_transit.yml
policies/ecc-aws-447-mwaa_webserver_logs_set_correctly.yml
policies/ecc-aws-405-efs_without_tag_information.yml
policies/ecc-aws-456-emr_imdsv1_disabled.yml
policies/ecc-aws-320-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml
policies/ecc-aws-481-codebuild_project_environment_privileged_check.yml
policies/ecc-aws-069-s3_bucket_should_not_allow_all_actions_from_all_principals.yml
policies/ecc-aws-245-postgresql_log_duration_flag_enabled.yml
policies/ecc-aws-430-sagemaker_instances_without_tag_information.yml
policies/ecc-aws-064-default_security_group_every_vpc_restricts_all_traffic.yml
policies/ecc-aws-511-clb_internet_facing.yml
policies/ecc-aws-031-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml
policies/ecc-aws-208-rds_aurora_mysql_logging_enabled.yml
policies/ecc-aws-435-mq_broker_encrypted_with_kms_cmk.yml
policies/ecc-aws-034-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml
policies/ecc-aws-042-s3_encrypted_using_kms.yml
policies/ecc-aws-123-efs_is_encrypted.yml
policies/ecc-aws-213-rds_cluster_multi_az_enabled.yml
policies/ecc-aws-519-vpc_vpn_2_tunnels_up.yml
policies/ecc-aws-122-dynamodb_is_encrypted_using_managed_cmk.yml
policies/ecc-aws-040-eks_cluster_version_latest.yml
policies/ecc-aws-092-ami_public_access.yml
policies/ecc-aws-257-emr_kerberos_authentication_enabled.yml
policies/ecc-aws-306-postgresql_log_executor_stats_flag_disabled.yml
policies/ecc-aws-332-workspaces_web_access_disabled.yml
policies/ecc-aws-153-elasticsearch_domains_audit_logging_enabled.yml
policies/ecc-aws-261-vpc_unused_internet_gateway.yml
policies/ecc-aws-595-reserved_redshift_node_payment_failed.yml
policies/ecc-aws-513-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml
policies/ecc-aws-229-ecr_repository_kms_encryption_enabled.yml
policies/ecc-aws-094-s3_bucket_policy_changes_alarm_exists.yml
policies/ecc-aws-546-kinesis_streams_retention_period_set_correctly.yml
policies/ecc-aws-530-cloudfront_encryption_in_transit.yml
policies/ecc-aws-588-elasticsearch_reserved_instance_payment_pending.yml
policies/ecc-aws-438-qldb_permission_mode_is_standard.yml
policies/ecc-aws-108-cloudfront_distribution_access_logging.yml
policies/ecc-aws-368-fsx_lustre_retention_period_set_at_least_to_7_days.yml
policies/ecc-aws-357-route53_transfer_lock_enabled.yml
policies/ecc-aws-171-security_group_ingress_is_restricted_traffic_to_port_5601.yml
policies/ecc-aws-343-mq_broker_not_publicly_accessible.yml
policies/ecc-aws-096-security_group_changes_alarm_exists.yml
policies/ecc-aws-350-msk_logging_enabled.yml
policies/ecc-aws-280-elasticsearch_encrypted_with_kms_cmk.yml
policies/ecc-aws-284-autoscaling_group_has_associated_elb.yml
policies/ecc-aws-188-vpc_unused_network_acl.yml
policies/ecc-aws-325-dms_multi_az_enabled.yml
policies/ecc-aws-497-eks_cluster_oldest_supported_version.yml
policies/ecc-aws-498-elbv2_multiple_az.yml
policies/ecc-aws-117-api_key_is_required_on_method_request.yml
policies/ecc-aws-247-transit_gateway_default_route_table_propagation_disabled.yml
policies/ecc-aws-395-auto_scaling_group_without_tag_information.yml
policies/ecc-aws-536-lambda_function_settings_check.yml
policies/ecc-aws-169-security_group_ingress_is_restricted_traffic_to_port_4333.yml
policies/ecc-aws-077-sign_in_without_mfa_alarm_exist.yml
policies/ecc-aws-393-acm_without_tag_information.yml
policies/ecc-aws-087-redshift_cluster_prohibit_public_access.yml
policies/ecc-aws-100-vpc_changes_alarm_exists.yml
policies/ecc-aws-598-redshift_instance_generation.yml
policies/ecc-aws-313-dms_replication_instances_encrypted_with_kms_cmk.yml
policies/ecc-aws-487-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml
policies/ecc-aws-183-dynamodb_tables_pitr_enabled.yml
policies/ecc-aws-518-s3_version_lifecycle_policy_check.yml
policies/ecc-aws-113-managed_policies_instead_of_inline_iam_policies.yml
policies/ecc-aws-403-ecs_without_tag_information.yml
policies/ecc-aws-252-glue_data_catalog_encrypted_at_rest.yml
policies/ecc-aws-242-postgresql_log_destination_flag_set_to_csvlog.yml
policies/ecc-aws-198-elasticsearch_error_logging_to_cloudwatch_enabled.yml
policies/ecc-aws-083-cloud_front_waf_integration.yml
policies/ecc-aws-398-cloudtrail_without_tag_information.yml
policies/ecc-aws-345-mq_broker_open_to_all_ports_protocols.yml
policies/ecc-aws-311-sagemaker_instances_encrypted_with_kms_cmk.yml
policies/ecc-aws-020-instance_without_any_tag.yml
policies/ecc-aws-361-rest_api_gateway_logs_set_correctly.yml
policies/ecc-aws-058-ensure_support_role_created_to_manage_incidents.yml
policies/ecc-aws-583-elb_classic.yml
policies/ecc-aws-453-elasticache_redis_logs_enabled.yml
policies/ecc-aws-273-documentdb_logging_enabled.yml
policies/ecc-aws-217-redshift_cluster_enhanced_vpc_routing_enabled.yml
policies/ecc-aws-494-ecs_fargate_latest_platform_version.yml
policies/ecc-aws-482-codebuild_project_logging_enabled.yml
policies/ecc-aws-166-security_group_ingress_is_restricted_traffic_to_port_135.yml
policies/ecc-aws-492-ecr_private_lifecycle_policy_configured.yml
policies/ecc-aws-244-postgresql_log_lock_waits_flag_enabled.yml
policies/ecc-aws-340-mq_broker_logging_enabled.yml
policies/ecc-aws-035-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml
policies/ecc-aws-126-redshift_instances_are_encrypted.yml
policies/ecc-aws-255-glue_cloudwatch_logs_encrypted.yml
policies/ecc-aws-419-kinesis_video_stream_without_tag_information.yml
policies/ecc-aws-454-elasticache_notifications_enabled.yml
policies/ecc-aws-414-glue_job_without_tag_information.yml
policies/ecc-aws-231-postgresql_log_rotation_age_flag_set_to_60.yml
policies/ecc-aws-201-rds_instance_deletion_protection_enabled.yml
policies/ecc-aws-002-ensure_access_keys_are_rotated_every_90_days.yml
policies/ecc-aws-432-sqs_without_tag_information.yml
policies/ecc-aws-236-postgresql_debug_pretty_print_flag_enabled.yml
policies/ecc-aws-338-sagemaker_instance_root_disabled.yml
policies/ecc-aws-573-unused_nat_gateway.yml
policies/ecc-aws-539-cloudfront_origin_access_control_enabled.yml
policies/ecc-aws-390-peering_connection_without_tag_information.yml
policies/ecc-aws-412-fsx_backup_without_tag_information.yml
policies/ecc-aws-305-postgresql_log_planner_stats_flag_disabled.yml
policies/ecc-aws-422-lightsail_instance_without_tag_information.yml
policies/ecc-aws-446-mwaa_task_logs_set_correctly.yml
policies/ecc-aws-472-autoscaling_launchconfig_requires_imdsv2.yml
policies/ecc-aws-341-sagemaker_network_isolation_enabled.yml
policies/ecc-aws-112-s3_bucket_versioning_mfa_delete_enabled.yml
policies/ecc-aws-149-rds_public_access_disabled.yml
policies/ecc-aws-479-cloudwatch_log_group_encrypted_with_kms_cmk.yml
policies/ecc-aws-120-kinesis_server_data_at_rest_has_sse.yml
policies/ecc-aws-534-autoscaling_launch_template.yml
policies/ecc-aws-101-vpc-subnets_automatic_public_ip_assignment.yml
policies/ecc-aws-191-efs_in_backup_plan.yml
policies/ecc-aws-298-sqs_encrypted_with_kms_cmk.yml
policies/ecc-aws-216-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml
policies/ecc-aws-078-root_usage_alarm_exists.yml
policies/ecc-aws-467-fsx_windows_file_server_multi_az_enabled.yml
policies/ecc-aws-424-mq_brokers_without_tag_information.yml
policies/ecc-aws-322-oracle_sql92_security_flag_enabled.yml
policies/ecc-aws-473-clb_desync_mode_check.yml
policies/ecc-aws-463-bucket_not_dns_compliant.yml
policies/ecc-aws-370-workspaces_maintenance_mode_enabled.yml
policies/ecc-aws-041-rds_without_tag_information.yml
policies/ecc-aws-256-glue_s3_encryption_enabled.yml
policies/ecc-aws-150-api_gateway_rest_api_encryption_at_rest.yml
policies/ecc-aws-444-mwaa_dag_processing_logs_set_correctly.yml
policies/ecc-aws-433-mq_broker_active_deployment_mode.yml
non-compatible/policies/ecc-aws-251-appflow_encrypted_with_kms_cmk.yml
non-compatible/policies/ecc-aws-131-instance_with_unencrypted_service_is_exposed_to_public_internet.yml
non-compatible/policies/ecc-aws-132-public_instance_with_sensitive_service_is_exposed_to_entire_internet.yml
non-compatible/policies/ecc-aws-118-ecs_cluster_have_empty_roles_for_service_task_definitions.yml
non-compatible/policies/ecc-aws-010-http_elb_certificate_expire_in_one_week.yml
non-compatible/policies/ecc-aws-358-cloudtrail_security_trail_enabled.yml
non-compatible/policies/ecc-aws-086-lambda_with_admin_privileges.yml
non-compatible/policies/ecc-aws-269-elasticache_not_using_default_vpc.yml
non-compatible/policies/ecc-aws-459-lambda_code_signing_enabled.yml
non-compatible/policies/ecc-aws-371-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic.yml
non-compatible/policies/ecc-aws-297-elastic_beanstalk_managed_platform_updates.yml
non-compatible/policies/ecc-aws-161-rds_database_parameter_group_events_notification_exists.yml
non-compatible/policies/ecc-aws-134-clb_with_sensitive_service_is_exposed_to_entire_internet.yml
non-compatible/policies/ecc-aws-182-dynamodb_tables_autoscaling_enabled.yml
non-compatible/policies/ecc-aws-468-fsx_openzfs_copy_tags_to_snapshots.yml
non-compatible/policies/ecc-aws-005-rds_not_open_to_large_scope.yml
non-compatible/policies/ecc-aws-294-elastic_beanstalk_notifications_enabled.yml
non-compatible/policies/ecc-aws-477-cloudformation_stack_notification_check.yml
non-compatible/policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml
non-compatible/policies/ecc-aws-052-cloudtrail_enabled_in_all_regions.yml
non-compatible/policies/ecc-aws-450-elastic_beanstalk_imdsv1_disabled.yml
non-compatible/policies/ecc-aws-451-elastic_beanstalk_x_ray_enabled.yml
non-compatible/policies/ecc-aws-105-kinesis_streams_keys_are_rotated.yml
non-compatible/policies/ecc-aws-137-alb_with_unencrypted_service_is_exposed_to_public_internet.yml
non-compatible/policies/ecc-aws-373-workspaces_radius_server_uses_strongest_security_protocol.yml
non-compatible/policies/ecc-aws-136-alb_with_sensitive_service_is_exposed_to_entire_internet.yml
non-compatible/policies/ecc-aws-146-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports.yml
non-compatible/policies/ecc-aws-160-rds_database_instance_events_notification_exists.yml
non-compatible/policies/ecc-aws-363-kinesis_video_stream_encrypted_with_kms_cmk.yml
non-compatible/policies/ecc-aws-162-rds_database_security_group_events_notification_exists.yml
non-compatible/policies/ecc-aws-274-rds_aurora_cluster_logging_enabled.yml
non-compatible/policies/ecc-aws-526-waf_global_rulegroup_not_empty.yml
non-compatible/policies/ecc-aws-144-bucket_object-level_logging_for_read_enabled.yml
non-compatible/policies/ecc-aws-452-elastic_beanstalk_connection_draining_enabled.yml
non-compatible/policies/ecc-aws-262-vpc_endpoint_manual_acceptance.yml
non-compatible/policies/ecc-aws-056-iam_user_with_password_and_unused_access_keys.yml
non-compatible/policies/ecc-aws-372-workspaces_api_requests_flow_through_vpc_endpoint.yml
non-compatible/policies/ecc-aws-011-http_elb_certificate_expire_in_one_month.yml
non-compatible/policies/ecc-aws-163-rds_database_instance_engine_no_default_ports.yml
non-compatible/policies/ecc-aws-485-codedeploy_ec2_minimum_healthy_hosts_configured.yml
non-compatible/policies/ecc-aws-525-waf_global_rule_not_empty.yml
non-compatible/policies/ecc-aws-292-elastic_beanstalk_access_logs_enabled.yml
non-compatible/policies/ecc-aws-278-iam_access_analyzer_findings_are_reviewed_and_resolved.yml
non-compatible/policies/ecc-aws-084-cloudtrail_bucket_logging_enabled.yml
non-compatible/policies/ecc-aws-143-bucket_object-level_logging_for_write_enabled.yml
non-compatible/policies/ecc-aws-135-clb_with_unencrypted_service_is_exposed_to_public_internet.yml
non-compatible/policies/ecc-aws-159-rds_critical_cluster_events_notification_exists.yml
non-compatible/policies/ecc-aws-264-elasticache_no_default_ports.yml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*. files (5):

terraform/ecc-aws-582-ecs_service_placement_strategy/green1/docker/Dockerfile
terraform/ecc-aws-582-ecs_service_placement_strategy/red/docker/Dockerfile
LICENSE
version
version-custodian
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.whitelisted_green files (1):

tests/.whitelisted_green
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.whitelisted_red files (1):

tests/.whitelisted_red
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -