Skip to content

Terraform

Terraform Queries List

This page contains all queries from Terraform.

ALICLOUD

Below are listed queries related to Terraform ALICLOUD:

Query Severity Category More info
OSS Bucket Allows All Actions From All Principals
ec62a32c-a297-41ca-a850-cab40b42094a
Critical Access Control Query details
Documentation
OSS Bucket Allows Delete Action From All Principals
8c0695d8-2378-4cd6-8243-7fd5894fa574
Critical Access Control Query details
Documentation
OSS Bucket Allows Put Action From All Principals
fe286195-e75c-4359-bd58-00847c4f855a
Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
faaefc15-51a5-419e-bb5e-51a4b5ab3485
Critical Insecure Configurations Query details
Documentation
OSS Bucket Allows List Action From All Principals
88541597-6f88-42c8-bac6-7e0b855e8ff6
High Access Control Query details
Documentation
OSS Bucket Public Access Enabled
62232513-b16f-4010-83d7-51d0e1d45426
High Access Control Query details
Documentation
Ecs Data Disk Kms Key Id Undefined
f262118c-1ac6-4bb3-8495-cc48f1775b85
High Encryption Query details
Documentation
Launch Template Is Not Encrypted
1455cb21-1d48-46d6-8ae3-cef911b71fd5
High Encryption Query details
Documentation
NAS File System Not Encrypted
67bfdff1-31ce-4525-b564-e94368735360
High Encryption Query details
Documentation
NAS File System Without KMS
5f670f9d-b1b4-4c90-8618-2288f1ab9676
High Encryption Query details
Documentation
RDS Instance TDE Status Disabled
44d434ca-a9bf-4203-8828-4c81a8d5a598
High Encryption Query details
Documentation
OSS Bucket Has Static Website
2b13c6ff-b87a-484d-86fd-21ef6e97d426
High Insecure Configurations Query details
Documentation
OSS Bucket Ip Restriction Disabled
6107c530-7178-464a-88bc-df9cdd364ac8
High Networking and Firewall Query details
Documentation
Public Security Group Rule All Ports or Protocols
60587dbd-6b67-432e-90f7-a8cf1892d968
High Networking and Firewall Query details
Documentation
Public Security Group Rule Sensitive Port
2ae9d554-23fb-4065-bfd1-fe43d5f7c419
High Networking and Firewall Query details
Documentation
Public Security Group Rule Unknown Port
dd706080-b7a8-47dc-81fb-3e8184430ec0
High Networking and Firewall Query details
Documentation
ActionTrail Trail OSS Bucket is Publicly Accessible
69b5d7da-a5db-4db9-a42e-90b65d0efb0b
High Observability Query details
Documentation
Ram Policy Admin Access Not Attached to Users Groups Roles
e8e62026-da63-4904-b402-65adfe3ca975
Medium Access Control Query details
Documentation
Ram Policy Attached to User
66505003-7aba-45a1-8d83-5162d5706ef5
Medium Access Control Query details
Documentation
CMK Is Unusable
ed6e3ba0-278f-47b6-a1f5-173576b40b7e
Medium Availability Query details
Documentation
OSS Bucket Versioning Disabled
70919c0b-2548-4e6b-8d7a-3d84ab6dabba
Medium Backup Query details
Documentation
ROS Stack Retention Disabled
4bb06fa1-2114-4a00-b7b5-6aeab8b896f0
Medium Backup Query details
Documentation
ROS Stack Without Template
92d65c51-5d82-4507-a2a1-d252e9706855
Medium Build Process Query details
Documentation
Disk Encryption Disabled
39750e32-3fe9-453b-8c33-dd277acdb2cc
Medium Encryption Query details
Documentation
OSS Bucket Encryption Using CMK Disabled
f20e97f9-4919-43f1-9be9-f203cd339cdd
Medium Encryption Query details
Documentation
SLB Policy With Insecure TLS Version In Use
dbfc834a-56e5-4750-b5da-73fda8e73f70
Medium Encryption Query details
Documentation
CS Kubernetes Node Pool Auto Repair Disabled
81ce9394-013d-4731-8fcc-9d229b474073
Medium Insecure Configurations Query details
Documentation
RDS DB Instance Publicly Accessible
1b4565c0-4877-49ac-ab03-adebbccd42ae
Medium Insecure Configurations Query details
Documentation
ALB Listening on HTTP
ee3b1557-9fb5-4685-a95d-93f1edf2a0d7
Medium Networking and Firewall Query details
Documentation
API Gateway API Protocol Not HTTPS
1bcdf9f0-b1aa-40a4-b8c6-cd7785836843
Medium Networking and Firewall Query details
Documentation
OSS Buckets Secure Transport Disabled
c01d10de-c468-4790-b3a0-fc887a56f289
Medium Networking and Firewall Query details
Documentation
RDS Instance SSL Action Disabled
7a1ee8a9-71be-4b11-bb70-efb62d16863b
Medium Networking and Firewall Query details
Documentation
Action Trail Logging For All Regions Disabled
c065b98e-1515-4991-9dca-b602bd6a2fbb
Medium Observability Query details
Documentation
OSS Bucket Logging Disabled
05db341e-de7d-4972-a106-3e2bd5ee53e1
Medium Observability Query details
Documentation
RDS Instance Events Not Logged
b9c524a4-fe76-4021-a6a2-cb978fb4fde1
Medium Observability Query details
Documentation
RDS Instance Log Connections Disabled
140869ea-25f2-40d4-a595-0c0da135114e
Medium Observability Query details
Documentation
RDS Instance Log Disconnections Disabled
d53f4123-f8d8-4224-8cb3-f920b151cc98
Medium Observability Query details
Documentation
RDS Instance Log Duration Disabled
a597e05a-c065-44e7-9cc8-742f572a504a
Medium Observability Query details
Documentation
VPC Flow Logs Disabled
d2731f3d-a992-44ed-812e-f4f1c2747d71
Medium Observability Query details
Documentation
No ROS Stack Policy
72ceb736-0aee-43ea-a191-3a69ab135681
Medium Resource Management Query details
Documentation
High KMS Key Rotation Period
cb319d87-b90f-485e-a7e7-f2408380f309
Medium Secret Management Query details
Documentation
Ram Account Password Policy Max Login Attempts Unrecommended
e76fd7ab-7333-40c6-a2d8-ea28af4a319e
Medium Secret Management Query details
Documentation
Ram Account Password Policy Max Password Age Unrecommended
2bb13841-7575-439e-8e0a-cccd9ede2fa8
Medium Secret Management Query details
Documentation
RAM Account Password Policy without Reuse Prevention
a8128dd2-89b0-464b-98e9-5d629041dfe0
Medium Secret Management Query details
Documentation
RAM Security Preference Not Enforce MFA Login
dcda2d32-e482-43ee-a926-75eaabeaa4e0
Low Access Control Query details
Documentation
OSS Bucket Transfer Acceleration Disabled
8f98334a-99aa-4d85-b72a-1399ca010413
Low Availability Query details
Documentation
OSS Bucket Lifecycle Rule Disabled
7db8bd7e-9772-478c-9ec5-4bc202c5686f
Low Backup Query details
Documentation
Kubernetes Cluster Without Terway as CNI Network Plugin
b9b7ada8-3868-4a35-854e-6100a2bb863d
Low Networking and Firewall Query details
Documentation
Log Retention Is Not Greater Than 90 Days
ed6cf6ff-9a1f-491c-9f88-e03c0807f390
Low Observability Query details
Documentation
RDS Instance Retention Period Not Recommended
dc158941-28ce-481d-a7fa-dc80761edf46
Low Observability Query details
Documentation
ROS Stack Notifications Disabled
9ef08939-ea40-489c-8851-667870b2ef50
Low Observability Query details
Documentation
Ram Account Password Policy Not Require At Least one Lowercase Character
89143358-cec6-49f5-9392-920c591c669c
Low Secret Management Query details
Documentation
RAM Account Password Policy Not Require at Least one Uppercase Character
5e0fb613-ba9b-44c3-88f0-b44188466bfd
Low Secret Management Query details
Documentation
Ram Account Password Policy Not Required Minimum Length
a9dfec39-a740-4105-bbd6-721ba163c053
Low Secret Management Query details
Documentation
Ram Account Password Policy Not Required Numbers
063234c0-91c0-4ab5-bbd0-47ddb5f23786
Low Secret Management Query details
Documentation
RAM Account Password Policy Not Required Symbols
41a38329-d81b-4be4-aef4-55b2615d3282
Low Secret Management Query details
Documentation

AWS

Below are listed queries related to Terraform AWS:

Query Severity Category More info
Amazon DMS Replication Instance Is Publicly Accessible
030d3b18-1821-45b4-9e08-50efbe7becbb
Critical Access Control Query details
Documentation
ECR Repository Is Publicly Accessible
e86e26fc-489e-44f0-9bcd-97305e4ba69a
Critical Access Control Query details
Documentation
S3 Bucket Access to Any Principal
7af43613-6bb9-4a0e-8c4d-1314b799425e
Critical Access Control Query details
Documentation
S3 Bucket ACL Allows Read Or Write to All Users
38c5ee0d-7f22-4260-ab72-5073048df100
Critical Access Control Query details
Documentation
S3 Bucket ACL Grants WRITE_ACP Permission
64a222aa-7793-4e40-915f-4b302c76e4d4
Critical Access Control Query details
Documentation
S3 Bucket Allows Delete Action From All Principals
ffdf4b37-7703-4dfe-a682-9d2e99bc6c09
Critical Access Control Query details
Documentation
S3 Bucket Allows Put Action From All Principals
d24c0755-c028-44b1-b503-8e719c898832
Critical Access Control Query details
Documentation
S3 Bucket With All Permissions
a4966c4f-9141-48b8-a564-ffe9959945bc
Critical Access Control Query details
Documentation
SNS Topic is Publicly Accessible
b26d2b7e-60f6-413d-a3a1-a57db24aa2b3
Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
35113e6f-2c6b-414d-beec-7a9482d3b2d1
Critical Insecure Configurations Query details
Documentation
DB Security Group With Public Scope
1e0ef61b-ad85-4518-a3d3-85eaad164885
Critical Networking and Firewall Query details
Documentation
RDS Associated with Public Subnet
2f737336-b18a-4602-8ea0-b200312e1ac1
Critical Networking and Firewall Query details
Documentation
CloudWatch Unauthorized Access Alarm Missing
4c18a45b-4ab1-4790-9f83-399ac695f1e5
Critical Observability Query details
Documentation
Cross-Account IAM Assume Role Policy Without ExternalId or MFA
09c35abf-5852-4622-ac7a-b987b331232e
High Access Control Query details
Documentation
ECS Service Admin Role Is Present
3206240f-2e87-4e58-8d24-3e19e7c83d7c
High Access Control Query details
Documentation
IAM Policy Grants Full Permissions
575a2155-6af1-4026-b1af-d5bc8fe2a904
High Access Control Query details
Documentation
IAM Role With Full Privileges
b1ffa705-19a3-4b73-b9d0-0c97d0663842
High Access Control Query details
Documentation
Lambda With Vulnerable Policy
ad9dabc7-7839-4bae-a957-aa9120013f39
High Access Control Query details
Documentation
MSK Broker Is Publicly Accessible
54378d69-dd7c-4b08-a43e-80d563396857
High Access Control Query details
Documentation
Neptune Cluster Instance is Publicly Accessible
9ba198e0-fef4-464a-8a4d-75ea55300de7
High Access Control Query details
Documentation
Neptune Cluster With IAM Database Authentication Disabled
c91d7ea0-d4d1-403b-8fe1-c9961ac082c5
High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to Any Authenticated User
57b9893d-33b1-4419-bcea-a717ea87e139
High Access Control Query details
Documentation
S3 Bucket Allows Get Action From All Principals
1df37f4b-7197-45ce-83f8-9994d2fcf885
High Access Control Query details
Documentation
S3 Bucket Allows List Action From All Principals
66c6f96f-2d9e-417e-a998-9058aeeecd44
High Access Control Query details
Documentation
S3 Bucket Allows Public Policy
1a4bc881-9f69-4d44-8c9a-d37d08f54c50
High Access Control Query details
Documentation
S3 Bucket Public ACL Overridden By Public Access Block
bf878b1a-7418-4de3-b13c-3a86cf894920
High Access Control Query details
Documentation
Secrets Manager With Vulnerable Policy
fa00ce45-386d-4718-8392-fb485e1f3c5b
High Access Control Query details
Documentation
SES Policy With Allowed IAM Actions
34b921bd-90a0-402e-a0a5-dc73371fd963
High Access Control Query details
Documentation
SQS Policy Allows All Actions
816ea8cf-d589-442d-a917-2dd0ce0e45e3
High Access Control Query details
Documentation
SQS Queue Exposed
abb06e5f-ef9a-4a99-98c6-376d396bfcdf
High Access Control Query details
Documentation
AmazonMQ Broker Encryption Disabled
3db3f534-e3a3-487f-88c7-0a9fbf64b702
High Encryption Query details
Documentation
API Gateway Method Settings Cache Not Encrypted
b7c9a40c-23e4-4a2d-8d39-a3352f10f288
High Encryption Query details
Documentation
Athena Database Not Encrypted
b2315cae-b110-4426-81e0-80bb8640cdd3
High Encryption Query details
Documentation
Athena Workgroup Not Encrypted
d364984a-a222-4b5f-a8b0-e23ab19ebff3
High Encryption Query details
Documentation
Aurora With Disabled at Rest Encryption
1a690d1d-0ae7-49fa-b2db-b75ae0dd1d3e
High Encryption Query details
Documentation
Config Rule For Encrypted Volumes Disabled
abdb29d4-5ca1-4e91-800b-b3569bbd788c
High Encryption Query details
Documentation
DAX Cluster Not Encrypted
f11aec39-858f-4b6f-b946-0a1bf46c0c87
High Encryption Query details
Documentation
DB Instance Storage Not Encrypted
08bd0760-8752-44e1-9779-7bb369b2b4e4
High Encryption Query details
Documentation
DOCDB Cluster Not Encrypted
bc1f9009-84a0-490f-ae09-3e0ea6d74ad6
High Encryption Query details
Documentation
DOCDB Cluster Without KMS
4766d3ea-241c-4ee6-93ff-c380c996bd1a
High Encryption Query details
Documentation
DynamoDB Table Not Encrypted
ce089fd4-1406-47bd-8aad-c259772bb294
High Encryption Query details
Documentation
EBS Default Encryption Disabled
3d3f6270-546b-443c-adb4-bb6fb2187ca6
High Encryption Query details
Documentation
EBS Volume Encryption Disabled
cc997676-481b-4e93-aa81-d19f8c5e9b12
High Encryption Query details
Documentation
EBS Volume Snapshot Not Encrypted
e6b4b943-6883-47a9-9739-7ada9568f8ca
High Encryption Query details
Documentation
ECS Task Definition Volume Not Encrypted
4d46ff3b-7160-41d1-a310-71d6d370b08f
High Encryption Query details
Documentation
EFS Not Encrypted
48207659-729f-4b5c-9402-f884257d794f
High Encryption Query details
Documentation
EKS Cluster Encryption Disabled
63ebcb19-2739-4d3f-aa5c-e8bbb9b85281
High Encryption Query details
Documentation
ElastiCache Replication Group Not Encrypted At Rest
76976de7-c7b1-4f64-a94f-90c1345914c2
High Encryption Query details
Documentation
ElasticSearch Encryption With KMS Disabled
7af2f4a3-00d9-47f3-8d15-ca0888f4e5b2
High Encryption Query details
Documentation
ElasticSearch Not Encrypted At Rest
24e16922-4330-4e9d-be8a-caa90299466a
High Encryption Query details
Documentation
ELB Using Weak Ciphers
4a800e14-c94a-442d-9067-5a2e9f6c0a4c
High Encryption Query details
Documentation
Glue Data Catalog Encryption Disabled
01d50b14-e933-4c99-b314-6d08cd37ad35
High Encryption Query details
Documentation
Glue Security Configuration Encryption Disabled
ad5b4e97-2850-4adf-be17-1d293e0b85ee
High Encryption Query details
Documentation
Kinesis Not Encrypted With KMS
862fe4bf-3eec-4767-a517-40f378886b88
High Encryption Query details
Documentation
Kinesis SSE Not Configured
5c6dd5e7-1fe0-4cae-8f81-4c122717cef3
High Encryption Query details
Documentation
Launch Configuration Is Not Encrypted
4de9de27-254e-424f-bd70-4c1e95790838
High Encryption Query details
Documentation
MSK Cluster Encryption Disabled
6db52fa6-d4da-4608-908a-89f0c59e743e
High Encryption Query details
Documentation
Neptune Database Cluster Encryption Disabled
98d59056-f745-4ef5-8613-32bca8d40b7e
High Encryption Query details
Documentation
RDS Database Cluster not Encrypted
656880aa-1388-488f-a6d4-8f73c23149b2
High Encryption Query details
Documentation
RDS Storage Not Encrypted
3199c26c-7871-4cb3-99c2-10a59244ce7f
High Encryption Query details
Documentation
Redis Not Compliant
254c932d-e3bf-44b2-bc9d-eb5fdb09f8d4
High Encryption Query details
Documentation
Redshift Not Encrypted
cfdcabb0-fc06-427c-865b-c59f13e898ce
High Encryption Query details
Documentation
S3 Bucket Object Not Encrypted
5fb49a69-8d46-4495-a2f8-9c8c622b2b6e
High Encryption Query details
Documentation
Sagemaker Endpoint Configuration Encryption Disabled
58b35504-0287-4154-bf69-02c0573deab8
High Encryption Query details
Documentation
Sagemaker Notebook Instance Without KMS
f3674e0c-f6be-43fa-b71c-bf346d1aed99
High Encryption Query details
Documentation
SNS Topic Not Encrypted
28545147-2fc6-42d5-a1f9-cf226658e591
High Encryption Query details
Documentation
User Data Contains Encoded Private Key
443488f5-c734-460b-a36d-5b3f330174dc
High Encryption Query details
Documentation
Workspaces Workspace Volume Not Encrypted
b9033580-6886-401a-8631-5f19f5bb24c7
High Encryption Query details
Documentation
Batch Job Definition With Privileged Container Properties
66cd88ac-9ddf-424a-b77e-e55e17630bee
High Insecure Configurations Query details
Documentation
DB Security Group Has Public Interface
f0d8781f-99bf-4958-9917-d39283b168a0
High Insecure Configurations Query details
Documentation
KMS Key With Vulnerable Policy
7ebc9038-0bde-479a-acc4-6ed7b6758899
High Insecure Configurations Query details
Documentation
Lambda Function With Privileged Role
1b3af2f9-af8c-4dfc-a0f1-a03adb70deb2
High Insecure Configurations Query details
Documentation
MQ Broker Is Publicly Accessible
4eb5f791-c861-4afd-9f94-f2a6a3fe49cb
High Insecure Configurations Query details
Documentation
Redshift Publicly Accessible
af173fde-95ea-4584-b904-bb3923ac4bda
High Insecure Configurations Query details
Documentation
Root Account Has Active Access Keys
970d224d-b42a-416b-81f9-8f4dfe70c4bc
High Insecure Configurations Query details
Documentation
S3 Static Website Host Enabled
42bb6b7f-6d54-4428-b707-666f669d94fb
High Insecure Configurations Query details
Documentation
DB Security Group Open To Large Scope
4f615f3e-fb9c-4fad-8b70-2e9f781806ce
High Networking and Firewall Query details
Documentation
Default Security Groups With Unrestricted Traffic
46883ce1-dc3e-4b17-9195-c6a601624c73
High Networking and Firewall Query details
Documentation
Network ACL With Unrestricted Access To RDP
a20be318-cac7-457b-911d-04cc6e812c25
High Networking and Firewall Query details
Documentation
Remote Desktop Port Open To Internet
151187cb-0efc-481c-babd-ad24e3c9bc22
High Networking and Firewall Query details
Documentation
Route53 Record Undefined
25db74bf-fa3b-44da-934e-8c3e005c0453
High Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Entire Network
381c3f2a-ef6f-4eff-99f7-b169cda3422c
High Networking and Firewall Query details
Documentation
Unknown Port Exposed To Internet
590d878b-abdc-428f-895a-e2b68a0e1998
High Networking and Firewall Query details
Documentation
Unrestricted Security Group Ingress
4728cd65-a20c-49da-8b31-9c08b423e4db
High Networking and Firewall Query details
Documentation
VPC Default Security Group Accepts All Traffic
9a4ef195-74b9-4c58-b8ed-2b2fe4353a75
High Networking and Firewall Query details
Documentation
VPC Peering Route Table with Unrestricted CIDR
b3a41501-f712-4c4f-81e5-db9a7dc0e34e
High Networking and Firewall Query details
Documentation
CloudTrail Log Files S3 Bucket is Publicly Accessible
bd0088a5-c133-4b20-b129-ec9968b16ef3
High Observability Query details
Documentation
Hardcoded AWS Access Key
d7b9d850-3e06-4a75-852f-c46c2e92240b
High Secret Management Query details
Documentation
Hardcoded AWS Access Key In Lambda
1402afd8-a95c-4e84-8b0b-6fb43758e6ce
High Secret Management Query details
Documentation
AMI Shared With Multiple Accounts
ba4e0031-3e9d-4d7d-b0d6-bd8f003f8698
Medium Access Control Query details
Documentation
API Gateway Method Does Not Contains An API Key
671211c5-5d2a-4e97-8867-30fc28b02216
Medium Access Control Query details
Documentation
API Gateway Without Configured Authorizer
0a96ce49-4163-4ee6-8169-eb3b0797d694
Medium Access Control Query details
Documentation
Certificate Has Expired
c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6
Medium Access Control Query details
Documentation
EC2 Instance Using Default Security Group
f1adc521-f79a-4d71-b55b-a68294687432
Medium Access Control Query details
Documentation
EFS With Vulnerable Policy
fae52418-bb8b-4ac2-b287-0b9082d6a3fd
Medium Access Control Query details
Documentation
Elasticsearch Domain With Vulnerable Policy
16c4216a-50d3-4785-bfb2-4adb5144a8ba
Medium Access Control Query details
Documentation
Elasticsearch Without IAM Authentication
e7530c3c-b7cf-4149-8db9-d037a0b5268e
Medium Access Control Query details
Documentation
Glue With Vulnerable Policy
d25edb51-07fb-4a73-97d4-41cecdc53a22
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole'
9b0ffadc-a61f-4c2a-b1e6-68fab60f6267
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole'
15e6ad8c-f420-49a6-bafb-074f5eb1ec74
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole'
7d544dad-8a6c-431c-84c1-5f07fe9afc0e
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'glue:UpdateDevEndpoint'
8f3c16b3-354d-45db-8ad5-5066778a9485
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AddUserToGroup'
970ed7a2-0aca-4425-acf1-0453c9ecbca1
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AttachGroupPolicy'
70b42736-efee-4bce-80d5-50358ed94990
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AttachRolePolicy'
3dd96caa-0b5f-4a85-b929-acfac4646cc2
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AttachUserPolicy'
db78d14b-10e5-4e6e-84b1-dace6327b1ec
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:CreateAccessKey'
846646e3-2af1-428c-ac5d-271eccfa6faf
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:CreateLoginProfile'
04c686f1-e0cd-4812-88e1-4e038410074c
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:CreatePolicyVersion'
ec49cbfd-fae4-45f3-81b1-860526d66e3f
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:PutGroupPolicy'
e77c89f6-9c85-49ea-b95b-5f960fe5be92
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:PutRolePolicy'
c0c1e744-0f37-445e-924a-1846f0839f69
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:PutUserPolicy'
60263b4a-6801-4587-911d-919c37ed733b
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion'
7782d4b3-e23e-432b-9742-d9528432e771
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole'
78f1ec6f-5659-41ea-bd48-d0a142dce4f2
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:UpdateLoginProfile'
ad296c0d-8131-4d6b-b030-1b0e73a99ad3
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction'
034d0aee-620f-4bf7-b7fb-efdf661fdb9e
Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'lambda:UpdateFunctionCode'
571254d8-aa6a-432e-9725-535d3ef04d69
Medium Access Control Query details
Documentation
IAM Access Key Is Exposed
7081f85c-b94d-40fd-8b45-a4f1cac75e46
Medium Access Control Query details
Documentation
IAM Group Without Users
fc101ca7-c9dd-4198-a1eb-0fbe92e80044
Medium Access Control Query details
Documentation
IAM Policies Attached To User
b4378389-a9aa-44ee-91e7-ef183f11079e
Medium Access Control Query details
Documentation
IAM Policies With Full Privileges
2f37c4a3-58b9-4afe-8a87-d7f1d2286f84
Medium Access Control Query details
Documentation
IAM Policy Grants 'AssumeRole' Permission Across All Services
bcdcbdc6-a350-4855-ae7c-d1e6436f7c97
Medium Access Control Query details
Documentation
IAM Role Allows All Principals To Assume
12b7e704-37f0-4d1e-911a-44bf60c48c21
Medium Access Control Query details
Documentation
IAM Role Policy passRole Allows All
e39bee8c-fe54-4a3f-824d-e5e2d1cca40a
Medium Access Control Query details
Documentation
IAM User With Access To Console
9ec311bf-dfd9-421f-8498-0b063c8bc552
Medium Access Control Query details
Documentation
Lambda Permission Principal Is Wildcard
e08ed7eb-f3ef-494d-9d22-2e3db756a347
Medium Access Control Query details
Documentation
Policy Without Principal
bbe3dd3d-fea9-4b68-a785-cfabe2bbbc54
Medium Access Control Query details
Documentation
Public and Private EC2 Share Role
c53c7a89-f9d7-4c7b-8b66-8a555be99593
Medium Access Control Query details
Documentation
Public Lambda via API Gateway
3ef8696c-e4ae-4872-92c7-520bb44dfe77
Medium Access Control Query details
Documentation
REST API With Vulnerable Policy
b161c11b-a59b-4431-9a29-4e19f63e6b27
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole'
be2aa235-bd93-4b68-978a-1cc65d49082f
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole'
30b88745-eebe-4ecb-a3a9-5cf886e96204
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole'
0a592060-8166-49f5-8e65-99ac6dce9871
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'glue:UpdateDevEndpoint'
eda48c88-2b7d-4e34-b6ca-04c0194aee17
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AddUserToGroup'
b8a31292-509d-4b61-bc40-13b167db7e9c
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AttachGroupPolicy'
f906113d-cdc0-415a-ba60-609cc6daaf4d
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AttachRolePolicy'
f465fff1-0a0f-457d-aa4d-1bddb6f204ff
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AttachUserPolicy'
7c96920c-6fd0-449d-9a52-0aa431b6beaf
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:CreateAccessKey'
5b4d4aee-ac94-4810-9611-833636e5916d
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:CreateLoginProfile'
9a205ba3-0dd1-42eb-8d54-2ffec836b51a
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:CreatePolicyVersion'
ee49557d-750c-4cc1-aa95-94ab36cbefde
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:PutGroupPolicy'
d6047119-a0b2-4b59-a4f2-127a36fb685b
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:PutRolePolicy'
eb64f1e9-f67d-4e35-8a3c-3d6a2f9efea7
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:PutUserPolicy'
8f75840d-9ee7-42f3-b203-b40e3979eb12
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion'
118281d0-6471-422e-a7c5-051bc667926e
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole'
f1173d8c-3264-4148-9fdb-61181e031b51
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:UpdateLoginProfile'
35ccf766-0e4d-41ed-9ec4-2dab155082b4
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction'
fa62ac4f-f5b9-45b9-97c1-625c8b6253ca
Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'lambda:UpdateFunctionCode'
c583f0f9-7dfd-476b-a056-f47c62b47b46
Medium Access Control Query details
Documentation
S3 Bucket Allows Public ACL
d0cc8694-fcad-43ff-ac86-32331d7e867f
Medium Access Control Query details
Documentation
SNS Topic Publicity Has Allow and NotAction Simultaneously
5ea624e4-c8b1-4bb3-87a4-4235a776adcc
Medium Access Control Query details
Documentation
SQS Policy With Public Access
730675f9-52ed-49b6-8ead-0acb5dd7df7f
Medium Access Control Query details
Documentation
SSO Identity User Unsafe Creation
4003118b-046b-4640-b200-b8c7a4c8b89f
Medium Access Control Query details
Documentation
SSO Policy with full privileges
132a8c31-9837-4203-9fd1-15ca210c7b73
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole'
19ffbe31-9d72-4379-9768-431195eae328
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole'
89561b03-cb35-44a9-a7e9-8356e71606f4
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole'
94fbe150-27e3-4eba-9ca6-af32865e4503
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'glue:UpdateDevEndpoint'
9b877bd8-94b4-4c10-a060-8e0436cc09fa
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AddUserToGroup'
bf9d42c7-c2f9-4dfe-942c-c8cc8249a081
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AttachGroupPolicy'
6d23d87e-1c5b-4308-b224-92624300f29b
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AttachRolePolicy'
e227091e-2228-4b40-b046-fc13650d8e88
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AttachUserPolicy'
70cb518c-d990-46f6-bc05-44a5041493d6
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:CreateAccessKey'
113208f2-a886-4526-9ecc-f3218600e12c
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:CreateLoginProfile'
0fd7d920-4711-46bd-aff2-d307d82cd8b7
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:CreatePolicyVersion'
1743f5f1-0bb0-4934-acef-c80baa5dadfa
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:PutGroupPolicy'
8bfbf7ab-d5e8-4100-8618-798956e101e0
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:PutRolePolicy'
eeb4d37a-3c59-4789-a00c-1509bc3af1e5
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:PutUserPolicy'
0c10d7da-85c4-4d62-b2a8-d6c104f1bd77
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion'
43a41523-386a-4cb1-becb-42af6b414433
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole'
33627268-1445-4385-988a-318fd9d1a512
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:UpdateLoginProfile'
6deb34e2-5d9c-499a-801b-ea6d9eda894f
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction'
8055dec2-efb8-4fe6-8837-d9bed6ff202a
Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'lambda:UpdateFunctionCode'
b69247e5-7e73-464e-ba74-ec9b715c6e12
Medium Access Control Query details
Documentation
Auto Scaling Group With No Associated ELB
8e94dced-9bcc-4203-8eb7-7e41202b2505
Medium Availability Query details
Documentation
CMK Is Unusable
7350fa23-dcf7-4938-916d-6a60b0c73b50
Medium Availability Query details
Documentation
ElastiCache Nodes Not Created Across Multi AZ
6db03a91-f933-4f13-ab38-a8b87a7de54d
Medium Availability Query details
Documentation
ElastiCache Redis Cluster Without Backup
8fdb08a0-a868-4fdf-9c27-ccab0237f1ab
Medium Backup Query details
Documentation
RDS Cluster With Backup Disabled
e542bd46-58c4-4e0f-a52a-1fb4f9548e02
Medium Backup Query details
Documentation
RDS With Backup Disabled
1dc73fb4-5b51-430c-8c5f-25dcf9090b02
Medium Backup Query details
Documentation
S3 Bucket Without Versioning
568a4d22-3517-44a6-a7ad-6a7eed88722c
Medium Backup Query details
Documentation
Stack Retention Disabled
6e0e2f68-3fd9-4cd8-a5e4-e2213ef0df97
Medium Backup Query details
Documentation
ALB Not Dropping Invalid Headers
6e3fd2ed-5c83-4c68-9679-7700d224d379
Medium Best Practices Query details
Documentation
AMI Not Encrypted
8bbb242f-6e38-4127-86d4-d8f0b2687ae2
Medium Encryption Query details
Documentation
CA Certificate Identifier Is Outdated
9f40c07e-699e-4410-8856-3ba0f2e3a2dd
Medium Encryption Query details
Documentation
Cloudfront Viewer Protocol Policy Allows HTTP
55af1353-2f62-4fa0-a8e1-a210ca2708f5
Medium Encryption Query details
Documentation
CloudWatch Log Group Without KMS
0afbcfe9-d341-4b92-a64c-7e6de0543879
Medium Encryption Query details
Documentation
ElastiCache Replication Group Not Encrypted At Transit
1afbb3fa-cf6c-4a3d-b730-95e9f4df343e
Medium Encryption Query details
Documentation
Elasticsearch Domain Not Encrypted Node To Node
967eb3e6-26fc-497d-8895-6428beb6e8e2
Medium Encryption Query details
Documentation
ELB Using Insecure Protocols
126c1788-23c2-4a10-906c-ef179f4f96ec
Medium Encryption Query details
Documentation
IAM Database Auth Not Enabled
88fd05e0-ac0e-43d2-ba6d-fc0ba60ae1a6
Medium Encryption Query details
Documentation
S3 Bucket Policy Accepts HTTP Requests
4bc4dd4c-7d8d-405e-a0fb-57fa4c31b4d9
Medium Encryption Query details
Documentation
Secretsmanager Secret Encrypted With AWS Managed Key
b0d3ef3f-845d-4b1b-83d6-63a5a380375f
Medium Encryption Query details
Documentation
Secretsmanager Secret Without KMS
a2f548f2-188c-4fff-b172-e9a6acb216bd
Medium Encryption Query details
Documentation
Secure Ciphers Disabled
5c0003fb-9aa0-42c1-9da3-eb0e332bef21
Medium Encryption Query details
Documentation
SNS Topic Encrypted With AWS Managed Key
b1a72f66-2236-4f3b-87ba-0da1b366956f
Medium Encryption Query details
Documentation
SQS With SSE Disabled
6e8849c1-3aa7-40e3-9063-b85ee300f29f
Medium Encryption Query details
Documentation
SSM Session Transit Encryption Disabled
ce60cc6b-6831-4bd7-84a2-cc7f8ee71433
Medium Encryption Query details
Documentation
ALB Deletion Protection Disabled
afecd1f1-6378-4f7e-bb3b-60c35801fdd4
Medium Insecure Configurations Query details
Documentation
API Gateway With Open Access
15ccec05-5476-4890-ad19-53991eba1db8
Medium Insecure Configurations Query details
Documentation
API Gateway Without Security Policy
4e1cc5d3-2811-4fb2-861c-ee9b3cb7f90b
Medium Insecure Configurations Query details
Documentation
API Gateway Without SSL Certificate
0b4869fc-a842-4597-aa00-1294df425440
Medium Insecure Configurations Query details
Documentation
Certificate RSA Key Bytes Lower Than 256
874d68a3-bfbe-4a4b-aaa0-9e74d7da634b
Medium Insecure Configurations Query details
Documentation
CloudFront Without Minimum Protocol TLS 1.2
00e5e55e-c2ff-46b3-a757-a7a1cd802456
Medium Insecure Configurations Query details
Documentation
ECR Image Tag Not Immutable
d1846b12-20c5-4d45-8798-fc35b79268eb
Medium Insecure Configurations Query details
Documentation
ECS Task Definition Network Mode Not Recommended
9f4a9409-9c60-4671-be96-9716dbf63db1
Medium Insecure Configurations Query details
Documentation
EKS Cluster Has Public Access
42f4b905-3736-4213-bfe9-c0660518cda8
Medium Insecure Configurations Query details
Documentation
IAM User Has Too Many Access Keys
3561130e-9c5f-485b-9e16-2764c82763e5
Medium Insecure Configurations Query details
Documentation
No Password Policy Enabled
b592ffd4-0577-44b6-bd35-8c5ee81b5918
Medium Insecure Configurations Query details
Documentation
S3 Bucket with Unsecured CORS Rule
98a8f708-121b-455b-ae2f-da3fb59d17e1
Medium Insecure Configurations Query details
Documentation
S3 Bucket Without Ignore Public ACL
4fa66806-0dd9-4f8d-9480-3174d39c7c91
Medium Insecure Configurations Query details
Documentation
S3 Bucket Without Restriction Of Public Bucket
1ec253ab-c220-4d63-b2de-5b40e0af9293
Medium Insecure Configurations Query details
Documentation
Service Control Policies Disabled
5ba6229c-8057-433e-91d0-21cf13569ca9
Medium Insecure Configurations Query details
Documentation
Default VPC Exists
96ed3526-0179-4c73-b1b2-372fde2e0d13
Medium Insecure Defaults Query details
Documentation
Vulnerable Default SSL Certificate
3a1e94df-6847-4c0e-a3b6-6c6af4e128ef
Medium Insecure Defaults Query details
Documentation
ALB Is Not Integrated With WAF
0afa6ab8-a047-48cf-be07-93a2f8c34cf7
Medium Networking and Firewall Query details
Documentation
ALB Listening on HTTP
de7f5e83-da88-4046-871f-ea18504b1d43
Medium Networking and Firewall Query details
Documentation
API Gateway Endpoint Config is Not Private
6b2739db-9c49-4db7-b980-7816e0c248c1
Medium Networking and Firewall Query details
Documentation
API Gateway without WAF
a186e82c-1078-4a7b-85d8-579561fde884
Medium Networking and Firewall Query details
Documentation
CloudFront Without WAF
1419b4c6-6d5c-4534-9cf6-6a5266085333
Medium Networking and Firewall Query details
Documentation
EC2 Instance Has Public IP
5a2486aa-facf-477d-a5c1-b010789459ce
Medium Networking and Firewall Query details
Documentation
EKS Cluster Has Public Access CIDRs
61cf9883-1752-4768-b18c-0d57f2737709
Medium Networking and Firewall Query details
Documentation
EKS node group remote access disabled
ba40ace1-a047-483c-8a8d-bc2d3a67a82d
Medium Networking and Firewall Query details
Documentation
Elasticsearch with HTTPS disabled
2e9e0729-66d5-4148-9d39-5e6fb4bf2a4e
Medium Networking and Firewall Query details
Documentation
HTTP Port Open To Internet
ffac8a12-322e-42c1-b9b9-81ff85c39ef7
Medium Networking and Firewall Query details
Documentation
Network ACL With Unrestricted Access To SSH
3af7f2fd-06e6-4dab-b996-2912bea19ba4
Medium Networking and Firewall Query details
Documentation
Security Group With Unrestricted Access To SSH
65905cec-d691-4320-b320-2000436cb696
Medium Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Small Public Network
e35c16a2-d54e-419d-8546-a804d8e024d0
Medium Networking and Firewall Query details
Documentation
SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
54c417bf-c762-48b9-9d31-b3d87047e3f0
Medium Networking and Firewall Query details
Documentation
VPC Subnet Assigns Public IP
52f04a44-6bfa-4c41-b1d3-4ae99a2de05c
Medium Networking and Firewall Query details
Documentation
VPC Without Network Firewall
fd632aaf-b8a1-424d-a4d1-0de22fd3247a
Medium Networking and Firewall Query details
Documentation
API Gateway Access Logging Disabled
1b6799eb-4a7a-4b04-9001-8cceb9999326
Medium Observability Query details
Documentation
API Gateway Deployment Without Access Log Setting
625abc0e-f980-4ac9-a775-f7519ee34296
Medium Observability Query details
Documentation
API Gateway With CloudWatch Logging Disabled
982aa526-6970-4c59-8b9b-2ce7e019fe36
Medium Observability Query details
Documentation
CloudFront Logging Disabled
94690d79-b3b0-43de-b656-84ebef5753e5
Medium Observability Query details
Documentation
CloudTrail Log Files S3 Bucket with Logging Disabled
ee9e50e8-b2ed-4176-ad42-8fc0cf7593f4
Medium Observability Query details
Documentation
CloudTrail Logging Disabled
4bb76f17-3d63-4529-bdca-2b454529d774
Medium Observability Query details
Documentation
CloudWatch AWS Config Configuration Changes Alarm Missing
5b8d7527-de8e-4114-b9dd-9d988f1f418f
Medium Observability Query details
Documentation
CloudWatch Changes To NACL Alarm Missing
0a8e8dc5-b6fc-44fc-b5a1-969ec950f9b0
Medium Observability Query details
Documentation
Cloudwatch Cloudtrail Configuration Changes Alarm Missing
0f6cbf69-41bb-47dc-93f3-3844640bf480
Medium Observability Query details
Documentation
CloudWatch Disabling Or Scheduled Deletion Of Customer Created CMK Alarm Missing
56a585f5-555c-48b2-8395-e64e4740a9cf
Medium Observability Query details
Documentation
CloudWatch Logging Disabled
7dbba512-e244-42dc-98bb-422339827967
Medium Observability Query details
Documentation
CloudWatch Management Console Auth Failed Alarm Missing
5864d189-ee9a-4009-ac0c-8a582e6b7919
Medium Observability Query details
Documentation
CloudWatch Metrics Disabled
081069cb-588b-4ce1-884c-2a1ce3029fe5
Medium Observability Query details
Documentation
CloudWatch Root Account Use Missing
8b1b1e67-6248-4dca-bbad-93486bb181c0
Medium Observability Query details
Documentation
CloudWatch S3 policy Change Alarm Missing
27c6a499-895a-4dc7-9617-5c485218db13
Medium Observability Query details
Documentation
Cloudwatch Security Group Changes Alarm Missing
4beaf898-9f8b-4237-89e2-5ffdc7ee6006
Medium Observability Query details
Documentation
CloudWatch VPC Changes Alarm Missing
9d0d4512-1959-43a2-a17f-72360ff06d1b
Medium Observability Query details
Documentation
DocDB Logging Is Disabled
56f6a008-1b14-4af4-b9b2-ab7cf7e27641
Medium Observability Query details
Documentation
EC2 Instance Monitoring Disabled
23b70e32-032e-4fa6-ba5c-82f56b9980e6
Medium Observability Query details
Documentation
EKS cluster logging is not enabled
37304d3f-f852-40b8-ae3f-725e87a7cedf
Medium Observability Query details
Documentation
Elasticsearch Log Disabled
acb6b4e2-a086-4f35-aefd-4db6ea51ada2
Medium Observability Query details
Documentation
ELB Access Log Disabled
20018359-6fd7-4d05-ab26-d4dffccbdf79
Medium Observability Query details
Documentation
Global Accelerator Flow Logs Disabled
96e8183b-e985-457b-90cd-61c0503a3369
Medium Observability Query details
Documentation
GuardDuty Detector Disabled
704dadd3-54fc-48ac-b6a0-02f170011473
Medium Observability Query details
Documentation
Missing Cluster Log Types
66f130d9-b81d-4e8e-9b08-da74b9c891df
Medium Observability Query details
Documentation
MQ Broker Logging Disabled
31245f98-a6a9-4182-9fc1-45482b9d030a
Medium Observability Query details
Documentation
MSK Cluster Logging Disabled
2f56b7ab-7fba-4e93-82f0-247e5ddeb239
Medium Observability Query details
Documentation
Neptune Logging Is Disabled
45cff7b6-3b80-40c1-ba7b-2cf480678bb8
Medium Observability Query details
Documentation
RDS Without Logging
8d7f7b8c-6c7c-40f8-baa6-62006c6c7b56
Medium Observability Query details
Documentation
Redshift Cluster Logging Disabled
15ffbacc-fa42-4f6f-a57d-2feac7365caa
Medium Observability Query details
Documentation
S3 Bucket Logging Disabled
f861041c-8c9f-4156-acfc-5e6e524f5884
Medium Observability Query details
Documentation
S3 Bucket Object Level CloudTrail Logging Disabled
a8fc2180-b3ac-4c93-bd0d-a55b974e4b07
Medium Observability Query details
Documentation
Stack Notifications Disabled
b72d0026-f649-4c91-a9ea-15d8f681ac09
Medium Observability Query details
Documentation
VPC FlowLogs Disabled
f83121ea-03da-434f-9277-9cd247ab3047
Medium Observability Query details
Documentation
No Stack Policy
2f01fb2d-828a-499d-b98e-b83747305052
Medium Resource Management Query details
Documentation
Authentication Without MFA
3ddfa124-6407-4845-a501-179f90c65097
Low Access Control Query details
Documentation
CloudWatch Logs Destination With Vulnerable Policy
db0ec4c4-852c-46a2-b4f3-7ec13cdb12a8
Low Access Control Query details
Documentation
EC2 Instance Using API Keys
0b93729a-d882-4803-bdc3-ac429a21f158
Low Access Control Query details
Documentation
SSO Permission With Inadequate User Session Duration
ce9dfce0-5fc8-433b-944a-3b16153111a8
Low Access Control Query details
Documentation
Autoscaling Groups Supply Tags
ba48df05-eaa1-4d64-905e-4a4b051e7587
Low Availability Query details
Documentation
ECS Service Without Running Tasks
91f16d09-689e-4926-aca7-155157f634ed
Low Availability Query details
Documentation
Automatic Minor Upgrades Disabled
3b6d777b-76e3-4133-80a3-0d6f667ade7f
Low Best Practices Query details
Documentation
CDN Configuration Is Missing
1bc367f6-901d-4870-ad0c-71d79762ef52
Low Best Practices Query details
Documentation
Cognito UserPool Without MFA
ec28bf61-a474-4dbe-b414-6dd3a067d6f0
Low Best Practices Query details
Documentation
ECR Repository Without Policy
69e7c320-b65d-41bb-be02-d63ecc0bcc9d
Low Best Practices Query details
Documentation
IAM Access Analyzer Not Enabled
e592a0c5-5bdb-414c-9066-5dba7cdea370
Low Best Practices Query details
Documentation
IAM Password Without Minimum Length
1bc1c685-e593-450e-88fb-19db4c82aa1d
Low Best Practices Query details
Documentation
Lambda IAM InvokeFunction Misconfigured
0ca1017d-3b80-423e-bb9c-6cd5898d34bd
Low Best Practices Query details
Documentation
Lambda Permission Misconfigured
75ec6890-83af-4bf1-9f16-e83726df0bd0
Low Best Practices Query details
Documentation
Misconfigured Password Policy Expiration
ce60d060-efb8-4bfd-9cf7-ff8945d00d90
Low Best Practices Query details
Documentation
Password Without Reuse Prevention
89806cdc-9c2e-4bd1-a0dc-53f339bcfb2a
Low Best Practices Query details
Documentation
Stack Without Template
91bea7b8-0c31-4863-adc9-93f6177266c4
Low Build Process Query details
Documentation
API Gateway With Invalid Compression
ed35928e-195c-4405-a252-98ccb664ab7b
Low Encryption Query details
Documentation
CloudTrail Log Files Not Encrypted With KMS
5d9e3164-9265-470c-9a10-57ae454ac0c7
Low Encryption Query details
Documentation
CodeBuild Project Encrypted With AWS Managed Key
3deec14b-03d2-4d27-9670-7d79322e3340
Low Encryption Query details
Documentation
DOCDB Cluster Encrypted With AWS Managed Key
2134641d-30a4-4b16-8ffc-2cd4c4ffd15d
Low Encryption Query details
Documentation
ECR Repository Not Encrypted With CMK
0e32d561-4b5a-4664-a6e3-a3fa85649157
Low Encryption Query details
Documentation
EFS Without KMS
25d251f3-f348-4f95-845c-1090e41a615c
Low Encryption Query details
Documentation
AWS Password Policy With Unchangeable Passwords
9ef7d25d-9764-4224-9968-fa321c56ef76
Low Insecure Configurations Query details
Documentation
IAM User Policy Without MFA
b5681959-6c09-4f55-b42b-c40fa12d03ec
Low Insecure Configurations Query details
Documentation
Instance With No VPC
a31a5a29-718a-4ff4-8001-a69e5e4d029e
Low Insecure Configurations Query details
Documentation
Redis Disabled
4bd15dd9-8d5e-4008-8532-27eb0c3706d3
Low Insecure Configurations Query details
Documentation
Redshift Cluster Without VPC
0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3
Low Insecure Configurations Query details
Documentation
S3 Bucket Without Enabled MFA Delete
c5b31ab9-0f26-4a49-b8aa-4cc064392f4d
Low Insecure Configurations Query details
Documentation
Dynamodb VPC Endpoint Without Route Table Association
0bc534c5-13d1-4353-a7fe-b8665d5c1d7d
Low Networking and Firewall Query details
Documentation
EC2 Instance Using Default VPC
7e4a6e76-568d-43ef-8c4e-36dea481bff1
Low Networking and Firewall Query details
Documentation
ElastiCache Using Default Port
5d89db57-8b51-4b38-bb76-b9bd42bd40f0
Low Networking and Firewall Query details
Documentation
ElastiCache Without VPC
8c849af7-a399-46f7-a34c-32d3dc96f1fc
Low Networking and Firewall Query details
Documentation
EMR Without VPC
2b3c8a6d-9856-43e6-ab1d-d651094f03b4
Low Networking and Firewall Query details
Documentation
RDS Using Default Port
bca7cc4d-b3a4-4345-9461-eb69c68fcd26
Low Networking and Firewall Query details
Documentation
Redshift Using Default Port
41abc6cc-dde1-4217-83d3-fb5f0cc09d8f
Low Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Wide Private Network
92fe237e-074c-4262-81a4-2077acb928c1
Low Networking and Firewall Query details
Documentation
Shield Advanced Not In Use
084c6686-2a70-4710-91b1-000393e54c12
Low Networking and Firewall Query details
Documentation
SQS VPC Endpoint Without DNS Resolution
e9b7acf9-9ba0-4837-a744-31e7df1e434d
Low Networking and Firewall Query details
Documentation
API Gateway Deployment Without API Gateway UsagePlan Associated
b3a59b8e-94a3-403e-b6e2-527abaf12034
Low Observability Query details
Documentation
API Gateway X-Ray Disabled
5813ef56-fa94-406a-b35d-977d4a56ff2b
Low Observability Query details
Documentation
CloudTrail Log File Validation Disabled
52ffcfa6-6c70-4ea6-8376-d828d3961669
Low Observability Query details
Documentation
CloudTrail Multi Region Disabled
8173d5eb-96b5-4aa6-a71b-ecfa153c123d
Low Observability Query details
Documentation
CloudTrail Not Integrated With CloudWatch
17b30f8f-8dfb-4597-adf6-57600b6cf25e
Low Observability Query details
Documentation
CloudTrail SNS Topic Name Undefined
482b7d26-0bdb-4b5f-bf6f-545826c0a3dd
Low Observability Query details
Documentation
CloudWatch Console Sign-in Without MFA Alarm Missing
44ceb4fa-0897-4fd2-b676-30e7a58f2933
Low Observability Query details
Documentation
CloudWatch IAM Policy Changes Alarm Missing
eaaba502-2f94-411a-a3c2-83d63cc1776d
Low Observability Query details
Documentation
CloudWatch Network Gateways Changes Alarm Missing
6b6874fe-4c2f-4eea-8b90-7cceaa4a125e
Low Observability Query details
Documentation
CloudWatch Route Table Changes Alarm Missing
2285e608-ddbc-47f3-ba54-ce7121e31216
Low Observability Query details
Documentation
CMK Rotation Disabled
22fbfeac-7b5a-421a-8a27-7a2178bb910b
Low Observability Query details
Documentation
Configuration Aggregator to All Regions Disabled
ac5a0bc0-a54c-45aa-90c3-15f7703b9132
Low Observability Query details
Documentation
ECS Cluster with Container Insights Disabled
97cb0688-369a-4d26-b1f7-86c4c91231bc
Low Observability Query details
Documentation
ElasticSearch Without Slow Logs
e979fcbc-df6c-422d-9458-c33d65e71c45
Low Observability Query details
Documentation
KMS Key With No Deletion Window
0b530315-0ea4-497f-b34c-4ff86268f59d
Low Observability Query details
Documentation
Lambda Functions Without X-Ray Tracing
8152e0cf-d2f0-47ad-96d5-d003a76eabd1
Low Observability Query details
Documentation
Unscanned ECR Image
9630336b-3fed-4096-8173-b9afdfe346a7
Low Observability Query details
Documentation
API Gateway Stage Without API Gateway UsagePlan Associated
c999cf62-0920-40f8-8dda-0caccd66ed7e
Low Resource Management Query details
Documentation
Security Group Not Used
4849211b-ac39-479e-ae78-5694d506cb24
Info Access Control Query details
Documentation
DynamoDB Table Point In Time Recovery Disabled
741f1291-47ac-4a85-a07b-3d32a9d6bd3e
Info Best Practices Query details
Documentation
EC2 Not EBS Optimized
60224630-175a-472a-9e23-133827040766
Info Best Practices Query details
Documentation
Resource Not Using Tags
e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10
Info Best Practices Query details
Documentation
Security Group Rule Without Description
68eb4bf3-f9bf-463d-b5cf-e029bb446d2e
Info Best Practices Query details
Documentation
Security Group Without Description
cb3f5ed6-0d18-40de-a93d-b3538db31e8c
Info Best Practices Query details
Documentation
CloudWatch AWS Organizations Changes Missing Alarm
38b85c45-e772-4de8-a247-69619ca137b3
Info Observability Query details
Documentation
CloudWatch Without Retention Period Specified
ef0b316a-211e-42f1-888e-64efe172b755
Info Observability Query details
Documentation

AWS_BOM

Below are listed queries related to Terraform AWS_BOM:

Query Severity Category More info
BOM - AWS DynamoDB
23edf35f-7c22-4ff9-87e6-0ca74261cfbf
Trace Bill Of Materials Query details
Documentation
BOM - AWS EBS
86571149-eef3-4280-a645-01e60df854b0
Trace Bill Of Materials Query details
Documentation
BOM - AWS EFS
f53f16d6-46a9-4277-9fbe-617b1e24cdca
Trace Bill Of Materials Query details
Documentation
BOM - AWS Elasticache
54229498-850b-4f78-b3a7-218d24ef2c37
Trace Bill Of Materials Query details
Documentation
BOM - AWS Kinesis
0e59d33e-bba2-4037-8f88-9765647ca7ad
Trace Bill Of Materials Query details
Documentation
BOM - AWS MQ
fcb1b388-f558-4b7f-9b6e-f4e98abb7380
Trace Bill Of Materials Query details
Documentation
BOM - AWS MSK
051f2063-2517-4295-ad8e-ba88c1bf5cfc
Trace Bill Of Materials Query details
Documentation
BOM - AWS RDS
12933609-c5bf-44b4-9a41-a6467c3b685b
Trace Bill Of Materials Query details
Documentation
BOM - AWS S3 Buckets
2d16c3fb-35ba-4ec0-b4e4-06ee3cbd4045
Trace Bill Of Materials Query details
Documentation
BOM - AWS SNS
eccc4d59-74b9-4974-86f1-74386e0c7f33
Trace Bill Of Materials Query details
Documentation
BOM - AWS SQS
baecd2da-492a-4d59-b9dc-29540a1398e0
Trace Bill Of Materials Query details
Documentation

AZURE

Below are listed queries related to Terraform AZURE:

Query Severity Category More info
CosmosDB Account IP Range Filter Not Set
c2a3efb6-8a58-481c-82f2-bfddf34bb4b7
Critical Networking and Firewall Query details
Documentation
Redis Entirely Accessible
fd8da341-6760-4450-b26c-9f6d8850575e
Critical Networking and Firewall Query details
Documentation
Redis Publicly Accessible
5089d055-53ff-421b-9482-a5267bdce629
Critical Networking and Firewall Query details
Documentation
SQLServer Ingress From Any IP
25c0ea09-f1c5-4380-b055-3b83863f2bb8
Critical Networking and Firewall Query details
Documentation
Unrestricted SQL Server Access
d7ba74da-2da0-4d4b-83c8-2fd72a3f6c28
Critical Networking and Firewall Query details
Documentation
Public Storage Account
17f75827-0684-48f4-8747-61129c7e4198
High Access Control Query details
Documentation
Storage Container Is Publicly Accessible
dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299
High Access Control Query details
Documentation
Azure Container Registry With No Locks
a187ac47-8163-42ce-8a63-c115236be6fb
High Insecure Configurations Query details
Documentation
Security Group is Not Configured
5c822443-e1ea-46b8-84eb-758ec602e844
High Insecure Configurations Query details
Documentation
MariaDB Server Public Network Access Enabled
7f0a8696-7159-4337-ad0d-8a3ab4a78195
High Networking and Firewall Query details
Documentation
MSSQL Server Public Network Access Enabled
ade36cf4-329f-4830-a83d-9db72c800507
High Networking and Firewall Query details
Documentation
MySQL Server Public Access Enabled
f118890b-2468-42b1-9ce9-af35146b425b
High Networking and Firewall Query details
Documentation
RDP Is Exposed To The Internet
efbf6449-5ec5-4cfe-8f15-acc51e0d787c
High Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Entire Network
594c198b-4d79-41b8-9b36-fde13348b619
High Networking and Firewall Query details
Documentation
Admin User Enabled For Container Registry
b897dfbf-322c-45a8-b67c-1e698beeaa51
Medium Access Control Query details
Documentation
AKS RBAC Disabled
86f92117-eed8-4614-9c6c-b26da20ff37f
Medium Access Control Query details
Documentation
App Service Authentication Disabled
c7fc1481-2899-4490-bbd8-544a3a61a2f3
Medium Access Control Query details
Documentation
Function App Authentication Disabled
e65a0733-94a0-4826-82f4-df529f4c593f
Medium Access Control Query details
Documentation
Role Assignment Not Limit Guest User Permissions
8e75e431-449f-49e9-b56a-c8f1378025cf
Medium Access Control Query details
Documentation
Role Definition Allows Custom Role Creation
3fa5900f-9aac-4982-96b2-a6143d9c99fb
Medium Access Control Query details
Documentation
Storage Share File Allows All ACL Permissions
48bbe0fd-57e4-4678-a4a1-119e79c90fc3
Medium Access Control Query details
Documentation
Storage Table Allows All ACL Permissions
3ac3e75c-6374-4a32-8ba0-6ed69bda404e
Medium Access Control Query details
Documentation
Azure Instance Using Basic Authentication
dafe30ec-325d-4516-85d1-e8e6776f012c
Medium Best Practices Query details
Documentation
Key Vault Secrets Content Type Undefined
f8e08a38-fc6e-4915-abbe-a7aadf1d59ef
Medium Best Practices Query details
Documentation
Security Contact Email
34664094-59e0-4524-b69f-deaa1a68cce3
Medium Best Practices Query details
Documentation
App Service Not Using Latest TLS Encryption Version
b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643
Medium Encryption Query details
Documentation
Encryption On Managed Disk Disabled
a99130ab-4c0e-43aa-97f8-78d4fcb30024
Medium Encryption Query details
Documentation
Function App Not Using Latest TLS Encryption Version
45fc717a-bd86-415c-bdd8-677901be1aa6
Medium Encryption Query details
Documentation
MySQL SSL Connection Disabled
73e42469-3a86-4f39-ad78-098f325b4e9f
Medium Encryption Query details
Documentation
SSL Enforce Disabled
0437633b-daa6-4bbc-8526-c0d2443b946e
Medium Encryption Query details
Documentation
Storage Account Not Forcing HTTPS
12944ec4-1fa0-47be-8b17-42a034f937c2
Medium Encryption Query details
Documentation
Storage Account Not Using Latest TLS Encryption Version
8263f146-5e03-43e0-9cfe-db960d56d1e7
Medium Encryption Query details
Documentation
AD Admin Not Configured For SQL Server
a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b
Medium Insecure Configurations Query details
Documentation
AKS Private Cluster Disabled
599318f2-6653-4569-9e21-041d06c63a89
Medium Insecure Configurations Query details
Documentation
App Service FTPS Enforce Disabled
85da374f-b00f-4832-9d44-84a1ca1e89f8
Medium Insecure Configurations Query details
Documentation
App Service HTTP2 Disabled
525b53be-62ed-4244-b4df-41aecfcb4071
Medium Insecure Configurations Query details
Documentation
Azure App Service Client Certificate Disabled
a81573f9-3691-4d83-88a0-7d4af63e17a3
Medium Insecure Configurations Query details
Documentation
Function App Client Certificates Unrequired
9bb3c639-5edf-458c-8ee5-30c17c7d671d
Medium Insecure Configurations Query details
Documentation
Function App FTPS Enforce Disabled
9dab0179-433d-4dff-af8f-0091025691df
Medium Insecure Configurations Query details
Documentation
Function App HTTP2 Disabled
ace823d1-4432-4dee-945b-cdf11a5a6bd0
Medium Insecure Configurations Query details
Documentation
Function App Managed Identity Disabled
c87749b3-ff10-41f5-9df2-c421e8151759
Medium Insecure Configurations Query details
Documentation
Network Watcher Flow Disabled
b90842e5-6779-44d4-9760-972f4c03ba1c
Medium Insecure Configurations Query details
Documentation
Redis Cache Allows Non SSL Connections
e29a75e6-aba3-4896-b42d-b87818c16b58
Medium Insecure Configurations Query details
Documentation
Redis Not Updated Regularly
b947809d-dd2f-4de9-b724-04d101c515aa
Medium Insecure Configurations Query details
Documentation
Security Center Pricing Tier Is Not Standard
819d50fd-1cdf-45c3-9936-be408aaad93e
Medium Insecure Configurations Query details
Documentation
Small Flow Logs Retention Period
7750fcca-dd03-4d38-b663-4b70289bcfd4
Medium Insecure Configurations Query details
Documentation
VM Not Attached To Network
bbf6b3df-4b65-4f87-82cc-da9f30f8c033
Medium Insecure Configurations Query details
Documentation
Web App Accepting Traffic Other Than HTTPS
11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe
Medium Insecure Configurations Query details
Documentation
Default Azure Storage Account Network Access Is Too Permissive
a5613650-32ec-4975-a305-31af783153ea
Medium Insecure Defaults Query details
Documentation
Azure Cognitive Search Public Network Access Enabled
4a9e0f00-0765-4f72-a0d4-d31110b78279
Medium Networking and Firewall Query details
Documentation
Firewall Rule Allows Too Many Hosts To Access Redis Cache
a829b715-cf75-4e92-b645-54c9b739edfb
Medium Networking and Firewall Query details
Documentation
Network Interfaces IP Forwarding Enabled
4216ebac-d74c-4423-b437-35025cb88af5
Medium Networking and Firewall Query details
Documentation
Network Interfaces With Public IP
c1573577-e494-4417-8854-7e119368dc8b
Medium Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Small Public Network
e9dee01f-2505-4df2-b9bf-7804d1fd9082
Medium Networking and Firewall Query details
Documentation
SSH Is Exposed To The Internet
3e3c175e-aadf-4e2b-a464-3fdac5748d24
Medium Networking and Firewall Query details
Documentation
Trusted Microsoft Services Not Enabled
5400f379-a347-4bdd-a032-446465fdcc6f
Medium Networking and Firewall Query details
Documentation
WAF Is Disabled For Azure Application Gateway
2e48d91c-50e4-45c8-9312-27b625868a72
Medium Networking and Firewall Query details
Documentation
Email Alerts Disabled
9db38e87-f6aa-4b5e-a1ec-7266df259409
Medium Observability Query details
Documentation
Log Retention Is Not Set
ffb02aca-0d12-475e-b77c-a726f7aeff4b
Medium Observability Query details
Documentation
MSSQL Server Auditing Disabled
609839ae-bd81-4375-9910-5bce72ae7b92
Medium Observability Query details
Documentation
PostgreSQL Log Checkpoints Disabled
3790d386-be81-4dcf-9850-eaa7df6c10d9
Medium Observability Query details
Documentation
PostgreSQL Log Connections Not Set
c640d783-10c5-4071-b6c1-23507300d333
Medium Observability Query details
Documentation
PostgreSQL Log Disconnections Not Set
07f7134f-9f37-476e-8664-670c218e4702
Medium Observability Query details
Documentation
PostgreSQL Log Duration Not Set
16e0879a-c4ae-4ff8-a67d-a2eed5d67b8f
Medium Observability Query details
Documentation
PostgreSQL Server Without Connection Throttling
2b3c671f-1b76-4741-8789-ed1fe0785dc4
Medium Observability Query details
Documentation
SQL Server Auditing Disabled
f7e296b0-6660-4bc5-8f87-22ac4a815edf
Medium Observability Query details
Documentation
Vault Auditing Disabled
38c71c00-c177-4cd7-8d36-cd1007cdb190
Medium Observability Query details
Documentation
PostgreSQL Server Threat Detection Policy Disabled
c407c3cf-c409-4b29-b590-db5f4138d332
Medium Resource Management Query details
Documentation
SQL Database Audit Disabled
83a229ba-483e-47c6-8db7-dc96969bce5a
Medium Resource Management Query details
Documentation
Key Expiration Not Set
4d080822-5ee2-49a4-8984-68f3d4c890fc
Medium Secret Management Query details
Documentation
Secret Expiration Not Set
dfa20ffa-f476-428f-a490-424b41e91c7f
Medium Secret Management Query details
Documentation
Azure Active Directory Authentication
a21c8da9-41bf-40cf-941d-330cf0d11fc7
Low Access Control Query details
Documentation
Virtual Network with DDoS Protection Plan disabled
b4cc2c52-34a6-4b43-b57c-4bdeb4514a5a
Low Availability Query details
Documentation
Geo Redundancy Is Disabled
8b042c30-e441-453f-b162-7696982ebc58
Low Backup Query details
Documentation
MariaDB Server Geo-redundant Backup Disabled
0a70d5f3-1ecd-4c8e-9292-928fc9a8c4f1
Low Backup Query details
Documentation
AKS Uses Azure Policies Add-On Disabled
43789711-161b-4708-b5bb-9d1c626f7492
Low Best Practices Query details
Documentation
App Service Without Latest PHP Version
96fe318e-d631-4156-99fa-9080d57280ae
Low Best Practices Query details
Documentation
App Service Without Latest Python Version
cc4aaa9d-1070-461a-b519-04e00f42db8a
Low Best Practices Query details
Documentation
SQL Server Predictable Active Directory Account Name
bcd3fc01-5902-4f2a-b05a-227f9bbf5450
Low Best Practices Query details
Documentation
SQL Server Predictable Admin Account Name
2ab6de9a-0136-415c-be92-79d2e4fd750f
Low Best Practices Query details
Documentation
Cosmos DB Account Without Tags
56dad03e-e94f-4dd6-93a4-c253a03ff7a0
Low Build Process Query details
Documentation
AKS Disk Encryption Set ID Undefined
b17d8bb8-4c08-4785-867e-cb9e62a622aa
Low Encryption Query details
Documentation
PostgreSQL Server Infrastructure Encryption Disabled
6425c98b-ca4e-41fe-896a-c78772c131f8
Low Encryption Query details
Documentation
AKS Network Policy Misconfigured
f5342045-b935-402d-adf1-8dbbd09c0eef
Low Insecure Configurations Query details
Documentation
Dashboard Is Enabled
61c3cb8b-0715-47e4-b788-86dde40dd2db
Low Insecure Configurations Query details
Documentation
Azure Front Door WAF Disabled
835a4f2f-df43-437d-9943-545ccfc55961
Low Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Wide Private Network
c6c7b33d-d7f6-4ab8-8c82-ca0431ecdb7e
Low Networking and Firewall Query details
Documentation
Small Activity Log Retention Period
2b856bf9-8e8c-4005-875f-303a8cba3918
Low Observability Query details
Documentation
Small MSSQL Audit Retention Period
9c301481-e6ec-44f7-8a49-8ec63e2969ea
Low Observability Query details
Documentation
Small MSSQL Server Audit Retention
59acb56b-2b10-4c2c-ba38-f2223c3f5cfc
Low Observability Query details
Documentation
Small PostgreSQL DB Server Log Retention Period
261a83f8-dd72-4e8c-b5e1-ebf06e8fe606
Low Observability Query details
Documentation
App Service Managed Identity Disabled
b61cce4b-0cc4-472b-8096-15617a6d769b
Low Resource Management Query details
Documentation
SQL Server Alert Email Disabled
55975007-f6e7-4134-83c3-298f1fe4b519
Info Best Practices Query details
Documentation

DATABRICKS

Below are listed queries related to Terraform DATABRICKS:

Query Severity Category More info
Beta - Databricks Cluster or Job With None Or Insecure Permission(s)
a4edb7e1-c0e0-4f7f-9d7c-d1b603e81ad5
High Insecure Configurations Query details
Documentation
Beta - Unrestricted Databricks ACL
2c4fe4a9-f44b-4c70-b09b-5b75cd251805
High Networking and Firewall Query details
Documentation
Beta - Job's Task is Legacy (spark_submit_task)
375cdab9-3f94-4ae0-b1e3-8fbdf9cdf4d7
Medium Best Practices Query details
Documentation
Beta - Indefinitely Databricks OBO Token Lifetime
23e1f5f0-12b7-4d7e-9087-f60f42ccd514
Medium Insecure Defaults Query details
Documentation
Beta - Indefinitely Databricks Token Lifetime
7d05ca25-91b4-42ee-b6f6-b06611a87ce8
Medium Insecure Defaults Query details
Documentation
Beta - Databricks Autoscale Badly Setup
953c0cc6-5f30-44cb-a803-bf4ef2571be8
Medium Resource Management Query details
Documentation
Beta - Databricks Group Without User Or Instance Profile
23c3067a-8cc9-480c-b645-7c1e0ad4bf60
Low Access Control Query details
Documentation
Beta - Check Databricks Cluster AWS Attribute Best Practices
b0749c53-e3ff-4d09-bbe4-dca94e2e7a38
Low Best Practices Query details
Documentation
Beta - Check Databricks Cluster Azure Attribute Best Practices
38028698-e663-4ef7-aa92-773fef0ca86f
Low Best Practices Query details
Documentation
Beta - Check Databricks Cluster GCP Attribute Best Practices
539e4557-d2b5-4d57-a001-cb01140a4e2d
Low Best Practices Query details
Documentation
Beta - Check use no LTS Spark Version
5a627dfa-a4dd-4020-a4c6-5f3caf4abcd6
Low Best Practices Query details
Documentation

GCP

Below are listed queries related to Terraform GCP:

Query Severity Category More info
Cloud Storage Anonymous or Publicly Accessible
a6cd52a1-3056-4910-96a5-894de9f3f3b3
Critical Access Control Query details
Documentation
SQL DB Instance Publicly Accessible
b187edca-b81e-4fdc-aff4-aab57db45edb
Critical Insecure Configurations Query details
Documentation
BigQuery Dataset Is Public
e576ce44-dd03-4022-a8c0-3906acca2ab4
High Access Control Query details
Documentation
Google Project IAM Binding Service Account has Token Creator or Account User Role
617ef6ff-711e-4bd7-94ae-e965911b1b40
High Access Control Query details
Documentation
Google Project IAM Member Service Account Has Admin Role
84d36481-fd63-48cb-838e-635c44806ec2
High Access Control Query details
Documentation
Google Project IAM Member Service Account has Token Creator or Account User Role
c68b4e6d-4e01-4ca1-b256-1e18e875785c
High Access Control Query details
Documentation
KMS Crypto Key is Publicly Accessible
16cc87d1-dd47-4f46-b3ce-4dfcac8fd2f5
High Encryption Query details
Documentation
SQL DB Instance With SSL Disabled
02474449-71aa-40a1-87ae-e14497747b00
High Encryption Query details
Documentation
GKE Legacy Authorization Enabled
5baa92d2-d8ee-4c75-88a4-52d9d8bb8067
High Insecure Configurations Query details
Documentation
Google Storage Bucket Level Access Disabled
bb0db090-5509-4853-a827-75ced0b3caa0
High Insecure Configurations Query details
Documentation
RDP Access Is Not Restricted
678fd659-96f2-454a-a2a0-c2571f83a4a3
High Networking and Firewall Query details
Documentation
Cloud Storage Bucket Is Publicly Accessible
c010082c-76e0-4b91-91d9-6e8439e455dd
Medium Access Control Query details
Documentation
KMS Admin and CryptoKey Roles In Use
92e4464a-4139-4d57-8742-b5acc0347680
Medium Access Control Query details
Documentation
OSLogin Disabled
32ecd6eb-0711-421f-9627-1a28d9eff217
Medium Access Control Query details
Documentation
VM With Full Cloud Access
bc280331-27b9-4acb-a010-018e8098aa5d
Medium Access Control Query details
Documentation
SQL DB Instance Backup Disabled
cf3c7631-cd1e-42f3-8801-a561214a6e79
Medium Backup Query details
Documentation
Disk Encryption Disabled
b1d51728-7270-4991-ac2f-fc26e2695b38
Medium Encryption Query details
Documentation
DNSSEC Using RSASHA1
ccc3100c-0fdd-4a5e-9908-c10107291860
Medium Encryption Query details
Documentation
Google Compute SSL Policy Weak Cipher In Use
14a457f0-473d-4d1d-9e37-6d99b355b336
Medium Encryption Query details
Documentation
Cloud DNS Without DNSSEC
5ef61c88-bbb4-4725-b1df-55d23c9676bb
Medium Insecure Configurations Query details
Documentation
Google Container Node Pool Auto Repair Disabled
acfdbec6-4a17-471f-b412-169d77553332
Medium Insecure Configurations Query details
Documentation
Google Project Auto Create Network Disabled
59571246-3f62-4965-a96f-c7d97e269351
Medium Insecure Configurations Query details
Documentation
IP Aliasing Disabled
c606ba1d-d736-43eb-ac24-e16108f3a9e0
Medium Insecure Configurations Query details
Documentation
Network Policy Disabled
11e7550e-c4b6-472e-adff-c698f157cdd7
Medium Insecure Configurations Query details
Documentation
OSLogin Is Disabled For VM Instance
d0b4d550-c001-46c3-bbdb-d5d75d33f05f
Medium Insecure Configurations Query details
Documentation
Pod Security Policy Disabled
9192e0f9-eca5-4056-9282-ae2a736a4088
Medium Insecure Configurations Query details
Documentation
Private Cluster Disabled
6ccb85d7-0420-4907-9380-50313f80946b
Medium Insecure Configurations Query details
Documentation
Shielded GKE Nodes Disabled
579a0727-9c29-4d58-8195-fc5802a8bdb4
Medium Insecure Configurations Query details
Documentation
Shielded VM Disabled
1b44e234-3d73-41a8-9954-0b154135280e
Medium Insecure Configurations Query details
Documentation
GKE Using Default Service Account
1c8eef02-17b1-4a3e-b01d-dcc3292d2c38
Medium Insecure Defaults Query details
Documentation
Using Default Service Account
3cb4af0b-056d-4fb1-8b95-fdc4593625ff
Medium Insecure Defaults Query details
Documentation
Google Compute Network Using Default Firewall Rule
40abce54-95b1-478c-8e5f-ea0bf0bb0e33
Medium Networking and Firewall Query details
Documentation
Google Compute Network Using Firewall Rule that Allows All Ports
22ef1d26-80f8-4a6c-8c15-f35aab3cac78
Medium Networking and Firewall Query details
Documentation
IP Forwarding Enabled
f34c0c25-47b4-41eb-9c79-249b4dd47b89
Medium Networking and Firewall Query details
Documentation
Serial Ports Are Enabled For VM Instances
97fa667a-d05b-4f16-9071-58b939f34751
Medium Networking and Firewall Query details
Documentation
SSH Access Is Not Restricted
c4dcdcdf-10dd-4bf4-b4a0-8f6239e6aaa0
Medium Networking and Firewall Query details
Documentation
Cloud Storage Bucket Logging Not Enabled
d6cabc3a-d57e-48c2-b341-bf3dd4f4a120
Medium Observability Query details
Documentation
Cloud Storage Bucket Versioning Disabled
e7e961ac-d17e-4413-84bc-8a1fbe242944
Medium Observability Query details
Documentation
Google Compute Subnetwork Logging Disabled
40430747-442d-450a-a34f-dc57149f4609
Medium Observability Query details
Documentation
Stackdriver Logging Disabled
4c7ebcb2-eae2-461e-bc83-456ee2d4f694
Medium Observability Query details
Documentation
Stackdriver Monitoring Disabled
30e8dfd2-3591-4d19-8d11-79e93106c93d
Medium Observability Query details
Documentation
Node Auto Upgrade Disabled
b139213e-7d24-49c2-8025-c18faa21ecaa
Medium Resource Management Query details
Documentation
Service Account with Improper Privileges
cefdad16-0dd5-4ac5-8ed2-a37502c78672
Medium Resource Management Query details
Documentation
High Google KMS Crypto Key Rotation Period
d8c57c4e-bf6f-4e32-a2bf-8643532de77b
Medium Secret Management Query details
Documentation
Project-wide SSH Keys Are Enabled In VM Instances
3e4d5ce6-3280-4027-8010-c26eeea1ec01
Medium Secret Management Query details
Documentation
User with IAM Role
704fcc44-a58f-4af5-82e2-93f2a58ef918
Low Access Control Query details
Documentation
Outdated GKE Version
128df7ec-f185-48bc-8913-ce756a3ccb85
Low Best Practices Query details
Documentation
Cluster Labels Disabled
65c1bc7a-4835-4ac4-a2b6-13d310b0648d
Low Insecure Configurations Query details
Documentation
COS Node Image Not Used
8a893e46-e267-485a-8690-51f39951de58
Low Insecure Configurations Query details
Documentation
Legacy Client Certificate Auth Enabled
73fb21a1-b19a-45b1-b648-b47b1678681e
Low Insecure Configurations Query details
Documentation
Not Proper Email Account In Use
9356962e-4a4f-4d06-ac59-dc8008775eaa
Low Insecure Configurations Query details
Documentation
Google Compute Network Using Firewall Rule that Allows Port Range
e6f61c37-106b-449f-a5bb-81bfcaceb8b4
Low Networking and Firewall Query details
Documentation
Google Compute Subnetwork with Private Google Access Disabled
ee7b93c1-b3f8-4a3b-9588-146d481814f5
Low Networking and Firewall Query details
Documentation
IAM Audit Not Properly Configured
89fe890f-b480-460c-8b6b-7d8b1468adb4
Low Observability Query details
Documentation

GCP_BOM

Below are listed queries related to Terraform GCP_BOM:

Query Severity Category More info
BOM - GCP Dataflow
895ed0d9-6fec-4567-8614-d7a74b599a53
Trace Bill Of Materials Query details
Documentation
BOM - GCP FI
c9d81239-c818-4869-9917-1570c62b81fd
Trace Bill Of Materials Query details
Documentation
BOM - GCP PD
dd7d70aa-a6ec-460d-b5d2-38b40253b16f
Trace Bill Of Materials Query details
Documentation
BOM - GCP PST
4b82202a-b18e-4891-a1eb-a0989850bbb3
Trace Bill Of Materials Query details
Documentation
BOM - GCP Redis
bc75ce52-a60a-4660-b533-bce837a5019b
Trace Bill Of Materials Query details
Documentation
BOM - GCP SB
2f06d22c-56bd-4f73-8a51-db001fcf2150
Trace Bill Of Materials Query details
Documentation

GITHUB

Below are listed queries related to Terraform GITHUB:

Query Severity Category More info
Github Organization Webhook With SSL Disabled
ce7c874e-1b88-450b-a5e4-cb76ada3c8a9
Medium Encryption Query details
Documentation
GitHub Repository Set To Public
15d8a7fd-465a-4d15-a868-add86552f17b
Medium Insecure Configurations Query details
Documentation

KUBERNETES

Below are listed queries related to Terraform KUBERNETES:

Query Severity Category More info
Non Kube System Pod With Host Mount
86a947ea-f577-4efb-a8b0-5fc00257d521
High Access Control Query details
Documentation
Cluster Allows Unsafe Sysctls
a9174d31-d526-4ad9-ace4-ce7ddbf52e03
High Insecure Configurations Query details
Documentation
Container Is Privileged
87065ef8-de9b-40d8-9753-f4a4303e27a4
High Insecure Configurations Query details
Documentation
Container Runs Unmasked
0ad60203-c050-4115-83b6-b94bde92541d
High Insecure Configurations Query details
Documentation
Containers With Sys Admin Capabilities
3f55386d-75cd-4e9a-ac47-167b26c04724
High Insecure Configurations Query details
Documentation
Privilege Escalation Allowed
c878abb4-cca5-4724-92b9-289be68bd47c
High Insecure Configurations Query details
Documentation
PSP Allows Containers To Share The Host Network Namespace
4950837c-0ce5-4e42-9bee-a25eae73740b
High Insecure Configurations Query details
Documentation
PSP Allows Privilege Escalation
2bff9906-4e9b-4f71-9346-8ebedfdf43ef
High Insecure Configurations Query details
Documentation
PSP Allows Sharing Host IPC
51bed0ac-a8ae-407a-895e-90c6cb0610ce
High Insecure Configurations Query details
Documentation
PSP Set To Privileged
a6a4d4fc-4e8f-47d1-969f-e9d4a084f3b9
High Insecure Configurations Query details
Documentation
PSP With Added Capabilities
48388bd2-7201-4dcc-b56d-e8a9efa58fad
High Insecure Configurations Query details
Documentation
Tiller (Helm v2) Is Deployed
ca2fba76-c1a7-4afd-be67-5249f861cb0e
High Insecure Configurations Query details
Documentation
Workload Mounting With Sensitive OS Directory
a737be28-37d8-4bff-aa6d-1be8aa0a0015
High Insecure Configurations Query details
Documentation
Volume Mount With OS Directory Write Permissions
a62a99d1-8196-432f-8f80-3c100b05d62a
High Resource Management Query details
Documentation
Docker Daemon Socket is Exposed to Containers
4e203a65-c8d8-49a2-b749-b124d43c9dc1
Medium Access Control Query details
Documentation
Missing App Armor Config
bd6bd46c-57db-4887-956d-d372f21291b6
Medium Access Control Query details
Documentation
Permissive Access to Create Pods
522d4a64-4dc9-44bd-9240-7d8a0d5cb5ba
Medium Access Control Query details
Documentation
RBAC Roles with Read Secrets Permissions
826abb30-3cd5-4e0b-a93b-67729b4f7e63
Medium Access Control Query details
Documentation
Readiness Probe Is Not Configured
8657197e-3f87-4694-892b-8144701d83c1
Medium Availability Query details
Documentation
Root Containers Admitted
4c415497-7410-4559-90e8-f2c8ac64ee38
Medium Best Practices Query details
Documentation
Incorrect Volume Claim Access Mode ReadWriteOnce
26b047a9-0329-48fd-8fb7-05bbe5ba80ee
Medium Build Process Query details
Documentation
Container Host Pid Is True
587d5d82-70cf-449b-9817-f60f9bccb88c
Medium Insecure Configurations Query details
Documentation
Container Resources Limits Undefined
60af03ff-a421-45c8-b214-6741035476fa
Medium Insecure Configurations Query details
Documentation
Containers With Added Capabilities
fe771ff7-ba15-4f8f-ad7a-8aa232b49a28
Medium Insecure Configurations Query details
Documentation
Ingress Controller Exposes Workload
e2c83c1f-84d7-4467-966c-ed41fd015bb9
Medium Insecure Configurations Query details
Documentation
NET_RAW Capabilities Disabled for PSP
9aa32890-ac1a-45ee-81ca-5164e2098556
Medium Insecure Configurations Query details
Documentation
NET_RAW Capabilities Not Being Dropped
e5587d53-a673-4a6b-b3f2-ba07ec274def
Medium Insecure Configurations Query details
Documentation
Seccomp Profile Is Not Configured
455f2e0c-686d-4fcb-8b5f-3f953f12c43c
Medium Insecure Configurations Query details
Documentation
Role Binding To Default Service Account
3360c01e-c8c0-4812-96a2-a6329b9b7f9f
Medium Insecure Defaults Query details
Documentation
Service Account Name Undefined Or Empty
24b132df-5cc7-4823-8029-f898e1c50b72
Medium Insecure Defaults Query details
Documentation
Service Account Token Automount Not Disabled
a9a13d4f-f17a-491b-b074-f54bffffcb4a
Medium Insecure Defaults Query details
Documentation
Service With External Load Balancer
2a52567c-abb8-4651-a038-52fa27c77aed
Medium Networking and Firewall Query details
Documentation
Memory Limits Not Defined
fd097ed0-7fe6-4f58-8b71-fef9f0820a21
Medium Resource Management Query details
Documentation
Memory Requests Not Defined
21719347-d02b-497d-bda4-04a03c8e5b61
Medium Resource Management Query details
Documentation
Shared Host IPC Namespace
e94d3121-c2d1-4e34-a295-139bfeb73ea3
Medium Resource Management Query details
Documentation
Shared Host Network Namespace
ac1564a3-c324-4747-9fa1-9dfc234dace0
Medium Resource Management Query details
Documentation
Service Account Allows Access Secrets
07fc3413-e572-42f7-9877-5c8fc6fccfb5
Medium Secret Management Query details
Documentation
Shared Service Account
f74b9c43-161a-4799-bc95-0b0ec81801b9
Medium Secret Management Query details
Documentation
Cluster Admin Rolebinding With Superuser Permissions
17172bc2-56fb-4f17-916f-a014147706cd
Low Access Control Query details
Documentation
Deployment Without PodDisruptionBudget
a05331ee-1653-45cb-91e6-13637a76e4f0
Low Availability Query details
Documentation
HPA Targets Invalid Object
17e52ca3-ddd0-4610-9d56-ce107442e110
Low Availability Query details
Documentation
StatefulSet Without PodDisruptionBudget
7249e3b0-9231-4af3-bc5f-5daf4988ecbf
Low Availability Query details
Documentation
StatefulSet Without Service Name
420e6360-47bb-46f6-9072-b20ed22c842d
Low Availability Query details
Documentation
Metadata Label Is Invalid
bc3dabb6-fd50-40f8-b9ba-7429c9f1fb0e
Low Best Practices Query details
Documentation
No Drop Capabilities for Containers
21cef75f-289f-470e-8038-c7cee0664164
Low Best Practices Query details
Documentation
Root Container Not Mounted As Read-only
d532566b-8d9d-4f3b-80bd-361fe802f9c2
Low Build Process Query details
Documentation
StatefulSet Requests Storage
fcc2612a-1dfe-46e4-8ce6-0320959f0040
Low Build Process Query details
Documentation
Default Service Account In Use
737a0dd9-0aaa-4145-8118-f01778262b8a
Low Insecure Configurations Query details
Documentation
Image Pull Policy Of The Container Is Not Set To Always
aa737abf-6b1d-4aba-95aa-5c160bd7f96e
Low Insecure Configurations Query details
Documentation
Image Without Digest
228c4c19-feeb-4c18-848c-800ac70fdfb7
Low Insecure Configurations Query details
Documentation
Pod or Container Without Security Context
ad69e38a-d92e-4357-a8da-f2f29d545883
Low Insecure Configurations Query details
Documentation
Using Default Namespace
abcb818b-5af7-4d72-aba9-6dd84956b451
Low Insecure Configurations Query details
Documentation
Network Policy Is Not Targeting Any Pod
b80b14c6-aaa2-4876-b651-8a48b6c32fbf
Low Networking and Firewall Query details
Documentation
Service Type is NodePort
5c281bf8-d9bb-47f2-b909-3f6bb11874ad
Low Networking and Firewall Query details
Documentation
Workload Host Port Not Specified
4e74cf4f-ff65-4c1a-885c-67ab608206ce
Low Networking and Firewall Query details
Documentation
CPU Limits Not Set
5f4735ce-b9ba-4d95-a089-a37a767b716f
Low Resource Management Query details
Documentation
CPU Requests Not Set
577ac19c-6a77-46d7-9f14-e049cdd15ec2
Low Resource Management Query details
Documentation
CronJob Deadline Not Configured
58876b44-a690-4e9f-9214-7735fa0dd15d
Low Resource Management Query details
Documentation
Deployment Has No PodAntiAffinity
461ed7e4-f8d5-4bc1-b3c6-64ddb4fd00a3
Low Resource Management Query details
Documentation
Secrets As Environment Variables
6d8f1a10-b6cd-48f0-b960-f7c535d5cdb8
Low Secret Management Query details
Documentation
Invalid Image
e76cca7c-c3f9-4fc9-884c-b2831168ebd8
Low Supply-Chain Query details
Documentation
Liveness Probe Is Not Defined
5b6d53dd-3ba3-4269-b4d7-f82e880e43c3
Info Availability Query details
Documentation

NIFCLOUD

Below are listed queries related to Terraform NIFCLOUD:

Query Severity Category More info
Nifcloud RDB Has Public DB Access
fb387023-e4bb-42a8-9a70-6708aa7ff21b
High Access Control Query details
Documentation
Nifcloud Computing Has Public Ingress Security Group Rule
b2ea2367-8dc9-4231-a035-d0b28bfa3dde
High Networking and Firewall Query details
Documentation
Nifcloud Computing Undefined Security Group To Instance
89218b48-75c9-4cb3-aaba-5299e852e8bc
High Networking and Firewall Query details
Documentation
Nifcloud NAS Has Public Ingress NAS Security Group Rule
8d7758a7-d9cd-499a-a83e-c9bdcbff728d
High Networking and Firewall Query details
Documentation
Nifcloud RDB Has Public DB Ingress Security Group Rule
a0b846e8-815f-4f15-b660-bc4ab9fa1e1a
High Networking and Firewall Query details
Documentation
Nifcloud Router Undefined Security Group
e7dada38-af20-4899-8955-dabea84ab1f0
High Networking and Firewall Query details
Documentation
Nifcloud VPN Gateway Undefined Security Group
b3535a48-910c-47f8-8b3b-14222f29ef80
High Networking and Firewall Query details
Documentation
Nifcloud LB Using Insecure TLS Policy ID
944439c7-b4b8-476a-8f83-14641ea876ba
Medium Encryption Query details
Documentation
Nifcloud LB Using Insecure TLS Policy Name
675e8eaa-2754-42b7-bf33-bfa295d1601d
Medium Encryption Query details
Documentation
Nifcloud ELB Listener Using HTTP Protocol
afcb0771-4f94-44ed-ad4a-9f73f11ce6e0
Medium Networking and Firewall Query details
Documentation
Nifcloud ELB Using HTTP Protocol
e2de2b80-2fc2-4502-a764-40930dfcc70a
Medium Networking and Firewall Query details
Documentation
Nifcloud LB Listener Using HTTP Port
9f751a80-31f0-43a3-926c-20772791a038
Medium Networking and Firewall Query details
Documentation
Nifcloud LB Using HTTP Port
94e47f3f-b90b-43a1-a36d-521580bae863
Medium Networking and Firewall Query details
Documentation
Nifcloud Low RDB Backup Retention Period
e5071f76-cbe7-468d-bb2b-d10f02d2b713
Low Backup Query details
Documentation
Nifcloud DNS Has Verified Record
a1defcb6-55e8-4511-8c2a-30b615b0e057
Low Insecure Configurations Query details
Documentation
Nifcloud Computing Has Common Private Network
df58dd45-8009-43c2-90f7-c90eb9d53ed9
Low Networking and Firewall Query details
Documentation
Nifcloud ELB Has Common Private Network
5061f84c-ab66-4660-90b9-680c9df346c0
Low Networking and Firewall Query details
Documentation
Nifcloud NAS Has Common Private Network
4b801c38-ebb4-4c81-984b-1ba525d43adf
Low Networking and Firewall Query details
Documentation
Nifcloud RDB Has Common Private Network
9bf57c23-fbab-4222-85f3-3f207a53c6a8
Low Networking and Firewall Query details
Documentation
Nifcloud Router Has Common Private Network
30c2760c-740e-4672-9d7f-2c29e0cb385d
Low Networking and Firewall Query details
Documentation
Nifcloud Computing Undefined Description To Security Group
41c127a9-3a85-4bc3-a333-ed374eb9c3e4
Info Best Practices Query details
Documentation
Nifcloud Computing Undefined Description To Security Group Rule
e4610872-0b1c-4fb7-ab57-d81c0afdb291
Info Best Practices Query details
Documentation
Nifcloud NAS Undefined Description To NAS Security Group
e840c54a-7a4c-405f-b8c1-c49a54b87d11
Info Best Practices Query details
Documentation
Nifcloud RDB Undefined Description To DB Security Group
940ddce2-26bd-4e31-a9b4-382714f73231
Info Best Practices Query details
Documentation

SHARED (V2/V3)

Below are listed queries related to Terraform SHARED (V2/V3):

Query Severity Category More info
Generic Git Module Without Revision
3a81fc06-566f-492a-91dd-7448e409e2cd
Info Best Practices Query details
Documentation
Name Is Not Snake Case
1e434b25-8763-4b00-a5ca-ca03b7abbb66
Info Best Practices Query details
Documentation
Output Without Description
59312e8a-a64e-41e7-a252-618533dd1ea8
Info Best Practices Query details
Documentation
Variable Without Description
2a153952-2544-4687-bcc9-cc8fea814a9b
Info Best Practices Query details
Documentation
Variable Without Type
fc5109bf-01fd-49fb-8bde-4492b543c34a
Info Best Practices Query details
Documentation

TENCENTCLOUD

Below are listed queries related to Terraform TENCENTCLOUD:

Query Severity Category More info
Beta - CLB Listener Using Insecure Protocols
fe08b81c-12e9-4b5e-9006-4218fca750fd
High Encryption Query details
Documentation
Beta - TKE Cluster Encryption Protection Disabled
3ed47402-e322-465f-a0f0-8681135a17b0
High Encryption Query details
Documentation
Beta - CDB Instance Internet Service Enabled
5d820574-4a60-4916-b049-0810b8629731
High Insecure Configurations Query details
Documentation
Beta - CVM Instance Has Public IP
a74b4602-a62c-4a02-956a-e19f86ea24b5
High Networking and Firewall Query details
Documentation
Beta - Security Group Rule Set Accepts All Traffic
d135a36e-c474-452f-b891-76db1e6d1cd5
High Networking and Firewall Query details
Documentation
Beta - CDB Instance Without Backup Policy
ca94be07-7de3-4ae7-85ef-67e0462ec694
Medium Backup Query details
Documentation
Beta - CLB Instance Log Setting Disabled
ada01ed1-b10c-4f2a-b110-b20fa4f9baa6
Medium Encryption Query details
Documentation
Beta - Disk Encryption Disabled
1ee0f202-31da-49ba-bbce-04a989912e4b
Medium Encryption Query details
Documentation
Beta - TKE Cluster Has Public Access
df6928ed-02f4-421f-9a67-a529860dd7e7
Medium Insecure Configurations Query details
Documentation
Beta - CVM Instance Using Default Security Group
93bb2065-63ec-45a2-a466-f106b56f2e32
Low Access Control Query details
Documentation
Beta - CVM Instance Using User Data
5bb6fa08-5e84-4760-a54a-cdcd66626976
Low Access Control Query details
Documentation
Beta - CDB Instance Internet Using Default Intranet Port
18d6aa4b-7570-4d95-9c75-90363ef1abd9
Low Insecure Configurations Query details
Documentation
Beta - CVM Instance Using Default VPC
b4e75c5c-83d5-4568-90e3-57ed5ec4051b
Low Networking and Firewall Query details
Documentation
Beta - TKE Cluster Log Agent Is Not Enabled
fe405074-7e18-40f9-9aef-024aa1d0a889
Low Observability Query details
Documentation
Beta - VPC Flow Logs Disabled
a3240001-40db-47b7-abb9-2bcd6a04c430
Low Observability Query details
Documentation
Beta - CVM Instance Disable Monitor Service
966ed4f7-b8a5-4e8d-b2bf-098657c98960
Info Observability Query details
Documentation