Terraform
Terraform Queries List¶
This page contains all queries from Terraform.
ALICLOUD¶
Below are listed queries related to Terraform ALICLOUD:
Query | Severity | Category | More info |
---|---|---|---|
OSS Bucket Allows All Actions From All Principals ec62a32c-a297-41ca-a850-cab40b42094a |
Critical | Access Control | Query details Documentation |
OSS Bucket Allows Delete Action From All Principals 8c0695d8-2378-4cd6-8243-7fd5894fa574 |
Critical | Access Control | Query details Documentation |
OSS Bucket Allows Put Action From All Principals fe286195-e75c-4359-bd58-00847c4f855a |
Critical | Access Control | Query details Documentation |
RDS DB Instance Publicly Accessible faaefc15-51a5-419e-bb5e-51a4b5ab3485 |
Critical | Insecure Configurations | Query details Documentation |
OSS Bucket Allows List Action From All Principals 88541597-6f88-42c8-bac6-7e0b855e8ff6 |
High | Access Control | Query details Documentation |
OSS Bucket Public Access Enabled 62232513-b16f-4010-83d7-51d0e1d45426 |
High | Access Control | Query details Documentation |
Ecs Data Disk Kms Key Id Undefined f262118c-1ac6-4bb3-8495-cc48f1775b85 |
High | Encryption | Query details Documentation |
Launch Template Is Not Encrypted 1455cb21-1d48-46d6-8ae3-cef911b71fd5 |
High | Encryption | Query details Documentation |
NAS File System Not Encrypted 67bfdff1-31ce-4525-b564-e94368735360 |
High | Encryption | Query details Documentation |
NAS File System Without KMS 5f670f9d-b1b4-4c90-8618-2288f1ab9676 |
High | Encryption | Query details Documentation |
RDS Instance TDE Status Disabled 44d434ca-a9bf-4203-8828-4c81a8d5a598 |
High | Encryption | Query details Documentation |
OSS Bucket Has Static Website 2b13c6ff-b87a-484d-86fd-21ef6e97d426 |
High | Insecure Configurations | Query details Documentation |
OSS Bucket Ip Restriction Disabled 6107c530-7178-464a-88bc-df9cdd364ac8 |
High | Networking and Firewall | Query details Documentation |
Public Security Group Rule All Ports or Protocols 60587dbd-6b67-432e-90f7-a8cf1892d968 |
High | Networking and Firewall | Query details Documentation |
Public Security Group Rule Sensitive Port 2ae9d554-23fb-4065-bfd1-fe43d5f7c419 |
High | Networking and Firewall | Query details Documentation |
Public Security Group Rule Unknown Port dd706080-b7a8-47dc-81fb-3e8184430ec0 |
High | Networking and Firewall | Query details Documentation |
ActionTrail Trail OSS Bucket is Publicly Accessible 69b5d7da-a5db-4db9-a42e-90b65d0efb0b |
High | Observability | Query details Documentation |
Ram Policy Admin Access Not Attached to Users Groups Roles e8e62026-da63-4904-b402-65adfe3ca975 |
Medium | Access Control | Query details Documentation |
Ram Policy Attached to User 66505003-7aba-45a1-8d83-5162d5706ef5 |
Medium | Access Control | Query details Documentation |
CMK Is Unusable ed6e3ba0-278f-47b6-a1f5-173576b40b7e |
Medium | Availability | Query details Documentation |
OSS Bucket Versioning Disabled 70919c0b-2548-4e6b-8d7a-3d84ab6dabba |
Medium | Backup | Query details Documentation |
ROS Stack Retention Disabled 4bb06fa1-2114-4a00-b7b5-6aeab8b896f0 |
Medium | Backup | Query details Documentation |
ROS Stack Without Template 92d65c51-5d82-4507-a2a1-d252e9706855 |
Medium | Build Process | Query details Documentation |
Disk Encryption Disabled 39750e32-3fe9-453b-8c33-dd277acdb2cc |
Medium | Encryption | Query details Documentation |
OSS Bucket Encryption Using CMK Disabled f20e97f9-4919-43f1-9be9-f203cd339cdd |
Medium | Encryption | Query details Documentation |
SLB Policy With Insecure TLS Version In Use dbfc834a-56e5-4750-b5da-73fda8e73f70 |
Medium | Encryption | Query details Documentation |
CS Kubernetes Node Pool Auto Repair Disabled 81ce9394-013d-4731-8fcc-9d229b474073 |
Medium | Insecure Configurations | Query details Documentation |
RDS DB Instance Publicly Accessible 1b4565c0-4877-49ac-ab03-adebbccd42ae |
Medium | Insecure Configurations | Query details Documentation |
ALB Listening on HTTP ee3b1557-9fb5-4685-a95d-93f1edf2a0d7 |
Medium | Networking and Firewall | Query details Documentation |
API Gateway API Protocol Not HTTPS 1bcdf9f0-b1aa-40a4-b8c6-cd7785836843 |
Medium | Networking and Firewall | Query details Documentation |
OSS Buckets Secure Transport Disabled c01d10de-c468-4790-b3a0-fc887a56f289 |
Medium | Networking and Firewall | Query details Documentation |
RDS Instance SSL Action Disabled 7a1ee8a9-71be-4b11-bb70-efb62d16863b |
Medium | Networking and Firewall | Query details Documentation |
Action Trail Logging For All Regions Disabled c065b98e-1515-4991-9dca-b602bd6a2fbb |
Medium | Observability | Query details Documentation |
OSS Bucket Logging Disabled 05db341e-de7d-4972-a106-3e2bd5ee53e1 |
Medium | Observability | Query details Documentation |
RDS Instance Events Not Logged b9c524a4-fe76-4021-a6a2-cb978fb4fde1 |
Medium | Observability | Query details Documentation |
RDS Instance Log Connections Disabled 140869ea-25f2-40d4-a595-0c0da135114e |
Medium | Observability | Query details Documentation |
RDS Instance Log Disconnections Disabled d53f4123-f8d8-4224-8cb3-f920b151cc98 |
Medium | Observability | Query details Documentation |
RDS Instance Log Duration Disabled a597e05a-c065-44e7-9cc8-742f572a504a |
Medium | Observability | Query details Documentation |
VPC Flow Logs Disabled d2731f3d-a992-44ed-812e-f4f1c2747d71 |
Medium | Observability | Query details Documentation |
No ROS Stack Policy 72ceb736-0aee-43ea-a191-3a69ab135681 |
Medium | Resource Management | Query details Documentation |
High KMS Key Rotation Period cb319d87-b90f-485e-a7e7-f2408380f309 |
Medium | Secret Management | Query details Documentation |
Ram Account Password Policy Max Login Attempts Unrecommended e76fd7ab-7333-40c6-a2d8-ea28af4a319e |
Medium | Secret Management | Query details Documentation |
Ram Account Password Policy Max Password Age Unrecommended 2bb13841-7575-439e-8e0a-cccd9ede2fa8 |
Medium | Secret Management | Query details Documentation |
RAM Account Password Policy without Reuse Prevention a8128dd2-89b0-464b-98e9-5d629041dfe0 |
Medium | Secret Management | Query details Documentation |
RAM Security Preference Not Enforce MFA Login dcda2d32-e482-43ee-a926-75eaabeaa4e0 |
Low | Access Control | Query details Documentation |
OSS Bucket Transfer Acceleration Disabled 8f98334a-99aa-4d85-b72a-1399ca010413 |
Low | Availability | Query details Documentation |
OSS Bucket Lifecycle Rule Disabled 7db8bd7e-9772-478c-9ec5-4bc202c5686f |
Low | Backup | Query details Documentation |
Kubernetes Cluster Without Terway as CNI Network Plugin b9b7ada8-3868-4a35-854e-6100a2bb863d |
Low | Networking and Firewall | Query details Documentation |
Log Retention Is Not Greater Than 90 Days ed6cf6ff-9a1f-491c-9f88-e03c0807f390 |
Low | Observability | Query details Documentation |
RDS Instance Retention Period Not Recommended dc158941-28ce-481d-a7fa-dc80761edf46 |
Low | Observability | Query details Documentation |
ROS Stack Notifications Disabled 9ef08939-ea40-489c-8851-667870b2ef50 |
Low | Observability | Query details Documentation |
Ram Account Password Policy Not Require At Least one Lowercase Character 89143358-cec6-49f5-9392-920c591c669c |
Low | Secret Management | Query details Documentation |
RAM Account Password Policy Not Require at Least one Uppercase Character 5e0fb613-ba9b-44c3-88f0-b44188466bfd |
Low | Secret Management | Query details Documentation |
Ram Account Password Policy Not Required Minimum Length a9dfec39-a740-4105-bbd6-721ba163c053 |
Low | Secret Management | Query details Documentation |
Ram Account Password Policy Not Required Numbers 063234c0-91c0-4ab5-bbd0-47ddb5f23786 |
Low | Secret Management | Query details Documentation |
RAM Account Password Policy Not Required Symbols 41a38329-d81b-4be4-aef4-55b2615d3282 |
Low | Secret Management | Query details Documentation |
AWS¶
Below are listed queries related to Terraform AWS:
Query | Severity | Category | More info |
---|---|---|---|
Amazon DMS Replication Instance Is Publicly Accessible 030d3b18-1821-45b4-9e08-50efbe7becbb |
Critical | Access Control | Query details Documentation |
ECR Repository Is Publicly Accessible e86e26fc-489e-44f0-9bcd-97305e4ba69a |
Critical | Access Control | Query details Documentation |
S3 Bucket Access to Any Principal 7af43613-6bb9-4a0e-8c4d-1314b799425e |
Critical | Access Control | Query details Documentation |
S3 Bucket ACL Allows Read Or Write to All Users 38c5ee0d-7f22-4260-ab72-5073048df100 |
Critical | Access Control | Query details Documentation |
S3 Bucket ACL Grants WRITE_ACP Permission 64a222aa-7793-4e40-915f-4b302c76e4d4 |
Critical | Access Control | Query details Documentation |
S3 Bucket Allows Delete Action From All Principals ffdf4b37-7703-4dfe-a682-9d2e99bc6c09 |
Critical | Access Control | Query details Documentation |
S3 Bucket Allows Put Action From All Principals d24c0755-c028-44b1-b503-8e719c898832 |
Critical | Access Control | Query details Documentation |
S3 Bucket With All Permissions a4966c4f-9141-48b8-a564-ffe9959945bc |
Critical | Access Control | Query details Documentation |
SNS Topic is Publicly Accessible b26d2b7e-60f6-413d-a3a1-a57db24aa2b3 |
Critical | Access Control | Query details Documentation |
RDS DB Instance Publicly Accessible 35113e6f-2c6b-414d-beec-7a9482d3b2d1 |
Critical | Insecure Configurations | Query details Documentation |
DB Security Group With Public Scope 1e0ef61b-ad85-4518-a3d3-85eaad164885 |
Critical | Networking and Firewall | Query details Documentation |
RDS Associated with Public Subnet 2f737336-b18a-4602-8ea0-b200312e1ac1 |
Critical | Networking and Firewall | Query details Documentation |
CloudWatch Unauthorized Access Alarm Missing 4c18a45b-4ab1-4790-9f83-399ac695f1e5 |
Critical | Observability | Query details Documentation |
Cross-Account IAM Assume Role Policy Without ExternalId or MFA 09c35abf-5852-4622-ac7a-b987b331232e |
High | Access Control | Query details Documentation |
ECS Service Admin Role Is Present 3206240f-2e87-4e58-8d24-3e19e7c83d7c |
High | Access Control | Query details Documentation |
IAM Policy Grants Full Permissions 575a2155-6af1-4026-b1af-d5bc8fe2a904 |
High | Access Control | Query details Documentation |
IAM Role With Full Privileges b1ffa705-19a3-4b73-b9d0-0c97d0663842 |
High | Access Control | Query details Documentation |
Lambda With Vulnerable Policy ad9dabc7-7839-4bae-a957-aa9120013f39 |
High | Access Control | Query details Documentation |
MSK Broker Is Publicly Accessible 54378d69-dd7c-4b08-a43e-80d563396857 |
High | Access Control | Query details Documentation |
Neptune Cluster Instance is Publicly Accessible 9ba198e0-fef4-464a-8a4d-75ea55300de7 |
High | Access Control | Query details Documentation |
Neptune Cluster With IAM Database Authentication Disabled c91d7ea0-d4d1-403b-8fe1-c9961ac082c5 |
High | Access Control | Query details Documentation |
S3 Bucket ACL Allows Read to Any Authenticated User 57b9893d-33b1-4419-bcea-a717ea87e139 |
High | Access Control | Query details Documentation |
S3 Bucket Allows Get Action From All Principals 1df37f4b-7197-45ce-83f8-9994d2fcf885 |
High | Access Control | Query details Documentation |
S3 Bucket Allows List Action From All Principals 66c6f96f-2d9e-417e-a998-9058aeeecd44 |
High | Access Control | Query details Documentation |
S3 Bucket Allows Public Policy 1a4bc881-9f69-4d44-8c9a-d37d08f54c50 |
High | Access Control | Query details Documentation |
S3 Bucket Public ACL Overridden By Public Access Block bf878b1a-7418-4de3-b13c-3a86cf894920 |
High | Access Control | Query details Documentation |
Secrets Manager With Vulnerable Policy fa00ce45-386d-4718-8392-fb485e1f3c5b |
High | Access Control | Query details Documentation |
SES Policy With Allowed IAM Actions 34b921bd-90a0-402e-a0a5-dc73371fd963 |
High | Access Control | Query details Documentation |
SQS Policy Allows All Actions 816ea8cf-d589-442d-a917-2dd0ce0e45e3 |
High | Access Control | Query details Documentation |
SQS Queue Exposed abb06e5f-ef9a-4a99-98c6-376d396bfcdf |
High | Access Control | Query details Documentation |
AmazonMQ Broker Encryption Disabled 3db3f534-e3a3-487f-88c7-0a9fbf64b702 |
High | Encryption | Query details Documentation |
API Gateway Method Settings Cache Not Encrypted b7c9a40c-23e4-4a2d-8d39-a3352f10f288 |
High | Encryption | Query details Documentation |
Athena Database Not Encrypted b2315cae-b110-4426-81e0-80bb8640cdd3 |
High | Encryption | Query details Documentation |
Athena Workgroup Not Encrypted d364984a-a222-4b5f-a8b0-e23ab19ebff3 |
High | Encryption | Query details Documentation |
Aurora With Disabled at Rest Encryption 1a690d1d-0ae7-49fa-b2db-b75ae0dd1d3e |
High | Encryption | Query details Documentation |
Config Rule For Encrypted Volumes Disabled abdb29d4-5ca1-4e91-800b-b3569bbd788c |
High | Encryption | Query details Documentation |
DAX Cluster Not Encrypted f11aec39-858f-4b6f-b946-0a1bf46c0c87 |
High | Encryption | Query details Documentation |
DB Instance Storage Not Encrypted 08bd0760-8752-44e1-9779-7bb369b2b4e4 |
High | Encryption | Query details Documentation |
DOCDB Cluster Not Encrypted bc1f9009-84a0-490f-ae09-3e0ea6d74ad6 |
High | Encryption | Query details Documentation |
DOCDB Cluster Without KMS 4766d3ea-241c-4ee6-93ff-c380c996bd1a |
High | Encryption | Query details Documentation |
DynamoDB Table Not Encrypted ce089fd4-1406-47bd-8aad-c259772bb294 |
High | Encryption | Query details Documentation |
EBS Default Encryption Disabled 3d3f6270-546b-443c-adb4-bb6fb2187ca6 |
High | Encryption | Query details Documentation |
EBS Volume Encryption Disabled cc997676-481b-4e93-aa81-d19f8c5e9b12 |
High | Encryption | Query details Documentation |
EBS Volume Snapshot Not Encrypted e6b4b943-6883-47a9-9739-7ada9568f8ca |
High | Encryption | Query details Documentation |
ECS Task Definition Volume Not Encrypted 4d46ff3b-7160-41d1-a310-71d6d370b08f |
High | Encryption | Query details Documentation |
EFS Not Encrypted 48207659-729f-4b5c-9402-f884257d794f |
High | Encryption | Query details Documentation |
EKS Cluster Encryption Disabled 63ebcb19-2739-4d3f-aa5c-e8bbb9b85281 |
High | Encryption | Query details Documentation |
ElastiCache Replication Group Not Encrypted At Rest 76976de7-c7b1-4f64-a94f-90c1345914c2 |
High | Encryption | Query details Documentation |
ElasticSearch Encryption With KMS Disabled 7af2f4a3-00d9-47f3-8d15-ca0888f4e5b2 |
High | Encryption | Query details Documentation |
ElasticSearch Not Encrypted At Rest 24e16922-4330-4e9d-be8a-caa90299466a |
High | Encryption | Query details Documentation |
ELB Using Weak Ciphers 4a800e14-c94a-442d-9067-5a2e9f6c0a4c |
High | Encryption | Query details Documentation |
Glue Data Catalog Encryption Disabled 01d50b14-e933-4c99-b314-6d08cd37ad35 |
High | Encryption | Query details Documentation |
Glue Security Configuration Encryption Disabled ad5b4e97-2850-4adf-be17-1d293e0b85ee |
High | Encryption | Query details Documentation |
Kinesis Not Encrypted With KMS 862fe4bf-3eec-4767-a517-40f378886b88 |
High | Encryption | Query details Documentation |
Kinesis SSE Not Configured 5c6dd5e7-1fe0-4cae-8f81-4c122717cef3 |
High | Encryption | Query details Documentation |
Launch Configuration Is Not Encrypted 4de9de27-254e-424f-bd70-4c1e95790838 |
High | Encryption | Query details Documentation |
MSK Cluster Encryption Disabled 6db52fa6-d4da-4608-908a-89f0c59e743e |
High | Encryption | Query details Documentation |
Neptune Database Cluster Encryption Disabled 98d59056-f745-4ef5-8613-32bca8d40b7e |
High | Encryption | Query details Documentation |
RDS Database Cluster not Encrypted 656880aa-1388-488f-a6d4-8f73c23149b2 |
High | Encryption | Query details Documentation |
RDS Storage Not Encrypted 3199c26c-7871-4cb3-99c2-10a59244ce7f |
High | Encryption | Query details Documentation |
Redis Not Compliant 254c932d-e3bf-44b2-bc9d-eb5fdb09f8d4 |
High | Encryption | Query details Documentation |
Redshift Not Encrypted cfdcabb0-fc06-427c-865b-c59f13e898ce |
High | Encryption | Query details Documentation |
S3 Bucket Object Not Encrypted 5fb49a69-8d46-4495-a2f8-9c8c622b2b6e |
High | Encryption | Query details Documentation |
Sagemaker Endpoint Configuration Encryption Disabled 58b35504-0287-4154-bf69-02c0573deab8 |
High | Encryption | Query details Documentation |
Sagemaker Notebook Instance Without KMS f3674e0c-f6be-43fa-b71c-bf346d1aed99 |
High | Encryption | Query details Documentation |
SNS Topic Not Encrypted 28545147-2fc6-42d5-a1f9-cf226658e591 |
High | Encryption | Query details Documentation |
User Data Contains Encoded Private Key 443488f5-c734-460b-a36d-5b3f330174dc |
High | Encryption | Query details Documentation |
Workspaces Workspace Volume Not Encrypted b9033580-6886-401a-8631-5f19f5bb24c7 |
High | Encryption | Query details Documentation |
Batch Job Definition With Privileged Container Properties 66cd88ac-9ddf-424a-b77e-e55e17630bee |
High | Insecure Configurations | Query details Documentation |
DB Security Group Has Public Interface f0d8781f-99bf-4958-9917-d39283b168a0 |
High | Insecure Configurations | Query details Documentation |
KMS Key With Vulnerable Policy 7ebc9038-0bde-479a-acc4-6ed7b6758899 |
High | Insecure Configurations | Query details Documentation |
Lambda Function With Privileged Role 1b3af2f9-af8c-4dfc-a0f1-a03adb70deb2 |
High | Insecure Configurations | Query details Documentation |
MQ Broker Is Publicly Accessible 4eb5f791-c861-4afd-9f94-f2a6a3fe49cb |
High | Insecure Configurations | Query details Documentation |
Redshift Publicly Accessible af173fde-95ea-4584-b904-bb3923ac4bda |
High | Insecure Configurations | Query details Documentation |
Root Account Has Active Access Keys 970d224d-b42a-416b-81f9-8f4dfe70c4bc |
High | Insecure Configurations | Query details Documentation |
S3 Static Website Host Enabled 42bb6b7f-6d54-4428-b707-666f669d94fb |
High | Insecure Configurations | Query details Documentation |
DB Security Group Open To Large Scope 4f615f3e-fb9c-4fad-8b70-2e9f781806ce |
High | Networking and Firewall | Query details Documentation |
Default Security Groups With Unrestricted Traffic 46883ce1-dc3e-4b17-9195-c6a601624c73 |
High | Networking and Firewall | Query details Documentation |
Network ACL With Unrestricted Access To RDP a20be318-cac7-457b-911d-04cc6e812c25 |
High | Networking and Firewall | Query details Documentation |
Remote Desktop Port Open To Internet 151187cb-0efc-481c-babd-ad24e3c9bc22 |
High | Networking and Firewall | Query details Documentation |
Route53 Record Undefined 25db74bf-fa3b-44da-934e-8c3e005c0453 |
High | Networking and Firewall | Query details Documentation |
Sensitive Port Is Exposed To Entire Network 381c3f2a-ef6f-4eff-99f7-b169cda3422c |
High | Networking and Firewall | Query details Documentation |
Unknown Port Exposed To Internet 590d878b-abdc-428f-895a-e2b68a0e1998 |
High | Networking and Firewall | Query details Documentation |
Unrestricted Security Group Ingress 4728cd65-a20c-49da-8b31-9c08b423e4db |
High | Networking and Firewall | Query details Documentation |
VPC Default Security Group Accepts All Traffic 9a4ef195-74b9-4c58-b8ed-2b2fe4353a75 |
High | Networking and Firewall | Query details Documentation |
VPC Peering Route Table with Unrestricted CIDR b3a41501-f712-4c4f-81e5-db9a7dc0e34e |
High | Networking and Firewall | Query details Documentation |
CloudTrail Log Files S3 Bucket is Publicly Accessible bd0088a5-c133-4b20-b129-ec9968b16ef3 |
High | Observability | Query details Documentation |
Hardcoded AWS Access Key d7b9d850-3e06-4a75-852f-c46c2e92240b |
High | Secret Management | Query details Documentation |
Hardcoded AWS Access Key In Lambda 1402afd8-a95c-4e84-8b0b-6fb43758e6ce |
High | Secret Management | Query details Documentation |
AMI Shared With Multiple Accounts ba4e0031-3e9d-4d7d-b0d6-bd8f003f8698 |
Medium | Access Control | Query details Documentation |
API Gateway Method Does Not Contains An API Key 671211c5-5d2a-4e97-8867-30fc28b02216 |
Medium | Access Control | Query details Documentation |
API Gateway Without Configured Authorizer 0a96ce49-4163-4ee6-8169-eb3b0797d694 |
Medium | Access Control | Query details Documentation |
Certificate Has Expired c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6 |
Medium | Access Control | Query details Documentation |
EC2 Instance Using Default Security Group f1adc521-f79a-4d71-b55b-a68294687432 |
Medium | Access Control | Query details Documentation |
EFS With Vulnerable Policy fae52418-bb8b-4ac2-b287-0b9082d6a3fd |
Medium | Access Control | Query details Documentation |
Elasticsearch Domain With Vulnerable Policy 16c4216a-50d3-4785-bfb2-4adb5144a8ba |
Medium | Access Control | Query details Documentation |
Elasticsearch Without IAM Authentication e7530c3c-b7cf-4149-8db9-d037a0b5268e |
Medium | Access Control | Query details Documentation |
Glue With Vulnerable Policy d25edb51-07fb-4a73-97d4-41cecdc53a22 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' 9b0ffadc-a61f-4c2a-b1e6-68fab60f6267 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 15e6ad8c-f420-49a6-bafb-074f5eb1ec74 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 7d544dad-8a6c-431c-84c1-5f07fe9afc0e |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' 8f3c16b3-354d-45db-8ad5-5066778a9485 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:AddUserToGroup' 970ed7a2-0aca-4425-acf1-0453c9ecbca1 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:AttachGroupPolicy' 70b42736-efee-4bce-80d5-50358ed94990 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:AttachRolePolicy' 3dd96caa-0b5f-4a85-b929-acfac4646cc2 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:AttachUserPolicy' db78d14b-10e5-4e6e-84b1-dace6327b1ec |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:CreateAccessKey' 846646e3-2af1-428c-ac5d-271eccfa6faf |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:CreateLoginProfile' 04c686f1-e0cd-4812-88e1-4e038410074c |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:CreatePolicyVersion' ec49cbfd-fae4-45f3-81b1-860526d66e3f |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:PutGroupPolicy' e77c89f6-9c85-49ea-b95b-5f960fe5be92 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:PutRolePolicy' c0c1e744-0f37-445e-924a-1846f0839f69 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:PutUserPolicy' 60263b4a-6801-4587-911d-919c37ed733b |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 7782d4b3-e23e-432b-9742-d9528432e771 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' 78f1ec6f-5659-41ea-bd48-d0a142dce4f2 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'iam:UpdateLoginProfile' ad296c0d-8131-4d6b-b030-1b0e73a99ad3 |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' 034d0aee-620f-4bf7-b7fb-efdf661fdb9e |
Medium | Access Control | Query details Documentation |
Group With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' 571254d8-aa6a-432e-9725-535d3ef04d69 |
Medium | Access Control | Query details Documentation |
IAM Access Key Is Exposed 7081f85c-b94d-40fd-8b45-a4f1cac75e46 |
Medium | Access Control | Query details Documentation |
IAM Group Without Users fc101ca7-c9dd-4198-a1eb-0fbe92e80044 |
Medium | Access Control | Query details Documentation |
IAM Policies Attached To User b4378389-a9aa-44ee-91e7-ef183f11079e |
Medium | Access Control | Query details Documentation |
IAM Policies With Full Privileges 2f37c4a3-58b9-4afe-8a87-d7f1d2286f84 |
Medium | Access Control | Query details Documentation |
IAM Policy Grants 'AssumeRole' Permission Across All Services bcdcbdc6-a350-4855-ae7c-d1e6436f7c97 |
Medium | Access Control | Query details Documentation |
IAM Role Allows All Principals To Assume 12b7e704-37f0-4d1e-911a-44bf60c48c21 |
Medium | Access Control | Query details Documentation |
IAM Role Policy passRole Allows All e39bee8c-fe54-4a3f-824d-e5e2d1cca40a |
Medium | Access Control | Query details Documentation |
IAM User With Access To Console 9ec311bf-dfd9-421f-8498-0b063c8bc552 |
Medium | Access Control | Query details Documentation |
Lambda Permission Principal Is Wildcard e08ed7eb-f3ef-494d-9d22-2e3db756a347 |
Medium | Access Control | Query details Documentation |
Policy Without Principal bbe3dd3d-fea9-4b68-a785-cfabe2bbbc54 |
Medium | Access Control | Query details Documentation |
Public and Private EC2 Share Role c53c7a89-f9d7-4c7b-8b66-8a555be99593 |
Medium | Access Control | Query details Documentation |
Public Lambda via API Gateway 3ef8696c-e4ae-4872-92c7-520bb44dfe77 |
Medium | Access Control | Query details Documentation |
REST API With Vulnerable Policy b161c11b-a59b-4431-9a29-4e19f63e6b27 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' be2aa235-bd93-4b68-978a-1cc65d49082f |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 30b88745-eebe-4ecb-a3a9-5cf886e96204 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 0a592060-8166-49f5-8e65-99ac6dce9871 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' eda48c88-2b7d-4e34-b6ca-04c0194aee17 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:AddUserToGroup' b8a31292-509d-4b61-bc40-13b167db7e9c |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:AttachGroupPolicy' f906113d-cdc0-415a-ba60-609cc6daaf4d |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:AttachRolePolicy' f465fff1-0a0f-457d-aa4d-1bddb6f204ff |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:AttachUserPolicy' 7c96920c-6fd0-449d-9a52-0aa431b6beaf |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:CreateAccessKey' 5b4d4aee-ac94-4810-9611-833636e5916d |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:CreateLoginProfile' 9a205ba3-0dd1-42eb-8d54-2ffec836b51a |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:CreatePolicyVersion' ee49557d-750c-4cc1-aa95-94ab36cbefde |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:PutGroupPolicy' d6047119-a0b2-4b59-a4f2-127a36fb685b |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:PutRolePolicy' eb64f1e9-f67d-4e35-8a3c-3d6a2f9efea7 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:PutUserPolicy' 8f75840d-9ee7-42f3-b203-b40e3979eb12 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 118281d0-6471-422e-a7c5-051bc667926e |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' f1173d8c-3264-4148-9fdb-61181e031b51 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'iam:UpdateLoginProfile' 35ccf766-0e4d-41ed-9ec4-2dab155082b4 |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' fa62ac4f-f5b9-45b9-97c1-625c8b6253ca |
Medium | Access Control | Query details Documentation |
Role With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' c583f0f9-7dfd-476b-a056-f47c62b47b46 |
Medium | Access Control | Query details Documentation |
S3 Bucket Allows Public ACL d0cc8694-fcad-43ff-ac86-32331d7e867f |
Medium | Access Control | Query details Documentation |
SNS Topic Publicity Has Allow and NotAction Simultaneously 5ea624e4-c8b1-4bb3-87a4-4235a776adcc |
Medium | Access Control | Query details Documentation |
SQS Policy With Public Access 730675f9-52ed-49b6-8ead-0acb5dd7df7f |
Medium | Access Control | Query details Documentation |
SSO Identity User Unsafe Creation 4003118b-046b-4640-b200-b8c7a4c8b89f |
Medium | Access Control | Query details Documentation |
SSO Policy with full privileges 132a8c31-9837-4203-9fd1-15ca210c7b73 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' 19ffbe31-9d72-4379-9768-431195eae328 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 89561b03-cb35-44a9-a7e9-8356e71606f4 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 94fbe150-27e3-4eba-9ca6-af32865e4503 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' 9b877bd8-94b4-4c10-a060-8e0436cc09fa |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:AddUserToGroup' bf9d42c7-c2f9-4dfe-942c-c8cc8249a081 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:AttachGroupPolicy' 6d23d87e-1c5b-4308-b224-92624300f29b |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:AttachRolePolicy' e227091e-2228-4b40-b046-fc13650d8e88 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:AttachUserPolicy' 70cb518c-d990-46f6-bc05-44a5041493d6 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:CreateAccessKey' 113208f2-a886-4526-9ecc-f3218600e12c |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:CreateLoginProfile' 0fd7d920-4711-46bd-aff2-d307d82cd8b7 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:CreatePolicyVersion' 1743f5f1-0bb0-4934-acef-c80baa5dadfa |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:PutGroupPolicy' 8bfbf7ab-d5e8-4100-8618-798956e101e0 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:PutRolePolicy' eeb4d37a-3c59-4789-a00c-1509bc3af1e5 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:PutUserPolicy' 0c10d7da-85c4-4d62-b2a8-d6c104f1bd77 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 43a41523-386a-4cb1-becb-42af6b414433 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' 33627268-1445-4385-988a-318fd9d1a512 |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'iam:UpdateLoginProfile' 6deb34e2-5d9c-499a-801b-ea6d9eda894f |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' 8055dec2-efb8-4fe6-8837-d9bed6ff202a |
Medium | Access Control | Query details Documentation |
User With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' b69247e5-7e73-464e-ba74-ec9b715c6e12 |
Medium | Access Control | Query details Documentation |
Auto Scaling Group With No Associated ELB 8e94dced-9bcc-4203-8eb7-7e41202b2505 |
Medium | Availability | Query details Documentation |
CMK Is Unusable 7350fa23-dcf7-4938-916d-6a60b0c73b50 |
Medium | Availability | Query details Documentation |
ElastiCache Nodes Not Created Across Multi AZ 6db03a91-f933-4f13-ab38-a8b87a7de54d |
Medium | Availability | Query details Documentation |
ElastiCache Redis Cluster Without Backup 8fdb08a0-a868-4fdf-9c27-ccab0237f1ab |
Medium | Backup | Query details Documentation |
RDS Cluster With Backup Disabled e542bd46-58c4-4e0f-a52a-1fb4f9548e02 |
Medium | Backup | Query details Documentation |
RDS With Backup Disabled 1dc73fb4-5b51-430c-8c5f-25dcf9090b02 |
Medium | Backup | Query details Documentation |
S3 Bucket Without Versioning 568a4d22-3517-44a6-a7ad-6a7eed88722c |
Medium | Backup | Query details Documentation |
Stack Retention Disabled 6e0e2f68-3fd9-4cd8-a5e4-e2213ef0df97 |
Medium | Backup | Query details Documentation |
ALB Not Dropping Invalid Headers 6e3fd2ed-5c83-4c68-9679-7700d224d379 |
Medium | Best Practices | Query details Documentation |
AMI Not Encrypted 8bbb242f-6e38-4127-86d4-d8f0b2687ae2 |
Medium | Encryption | Query details Documentation |
CA Certificate Identifier Is Outdated 9f40c07e-699e-4410-8856-3ba0f2e3a2dd |
Medium | Encryption | Query details Documentation |
Cloudfront Viewer Protocol Policy Allows HTTP 55af1353-2f62-4fa0-a8e1-a210ca2708f5 |
Medium | Encryption | Query details Documentation |
CloudWatch Log Group Without KMS 0afbcfe9-d341-4b92-a64c-7e6de0543879 |
Medium | Encryption | Query details Documentation |
ElastiCache Replication Group Not Encrypted At Transit 1afbb3fa-cf6c-4a3d-b730-95e9f4df343e |
Medium | Encryption | Query details Documentation |
Elasticsearch Domain Not Encrypted Node To Node 967eb3e6-26fc-497d-8895-6428beb6e8e2 |
Medium | Encryption | Query details Documentation |
ELB Using Insecure Protocols 126c1788-23c2-4a10-906c-ef179f4f96ec |
Medium | Encryption | Query details Documentation |
IAM Database Auth Not Enabled 88fd05e0-ac0e-43d2-ba6d-fc0ba60ae1a6 |
Medium | Encryption | Query details Documentation |
S3 Bucket Policy Accepts HTTP Requests 4bc4dd4c-7d8d-405e-a0fb-57fa4c31b4d9 |
Medium | Encryption | Query details Documentation |
Secretsmanager Secret Encrypted With AWS Managed Key b0d3ef3f-845d-4b1b-83d6-63a5a380375f |
Medium | Encryption | Query details Documentation |
Secretsmanager Secret Without KMS a2f548f2-188c-4fff-b172-e9a6acb216bd |
Medium | Encryption | Query details Documentation |
Secure Ciphers Disabled 5c0003fb-9aa0-42c1-9da3-eb0e332bef21 |
Medium | Encryption | Query details Documentation |
SNS Topic Encrypted With AWS Managed Key b1a72f66-2236-4f3b-87ba-0da1b366956f |
Medium | Encryption | Query details Documentation |
SQS With SSE Disabled 6e8849c1-3aa7-40e3-9063-b85ee300f29f |
Medium | Encryption | Query details Documentation |
SSM Session Transit Encryption Disabled ce60cc6b-6831-4bd7-84a2-cc7f8ee71433 |
Medium | Encryption | Query details Documentation |
ALB Deletion Protection Disabled afecd1f1-6378-4f7e-bb3b-60c35801fdd4 |
Medium | Insecure Configurations | Query details Documentation |
API Gateway With Open Access 15ccec05-5476-4890-ad19-53991eba1db8 |
Medium | Insecure Configurations | Query details Documentation |
API Gateway Without Security Policy 4e1cc5d3-2811-4fb2-861c-ee9b3cb7f90b |
Medium | Insecure Configurations | Query details Documentation |
API Gateway Without SSL Certificate 0b4869fc-a842-4597-aa00-1294df425440 |
Medium | Insecure Configurations | Query details Documentation |
Certificate RSA Key Bytes Lower Than 256 874d68a3-bfbe-4a4b-aaa0-9e74d7da634b |
Medium | Insecure Configurations | Query details Documentation |
CloudFront Without Minimum Protocol TLS 1.2 00e5e55e-c2ff-46b3-a757-a7a1cd802456 |
Medium | Insecure Configurations | Query details Documentation |
ECR Image Tag Not Immutable d1846b12-20c5-4d45-8798-fc35b79268eb |
Medium | Insecure Configurations | Query details Documentation |
ECS Task Definition Network Mode Not Recommended 9f4a9409-9c60-4671-be96-9716dbf63db1 |
Medium | Insecure Configurations | Query details Documentation |
EKS Cluster Has Public Access 42f4b905-3736-4213-bfe9-c0660518cda8 |
Medium | Insecure Configurations | Query details Documentation |
IAM User Has Too Many Access Keys 3561130e-9c5f-485b-9e16-2764c82763e5 |
Medium | Insecure Configurations | Query details Documentation |
No Password Policy Enabled b592ffd4-0577-44b6-bd35-8c5ee81b5918 |
Medium | Insecure Configurations | Query details Documentation |
S3 Bucket with Unsecured CORS Rule 98a8f708-121b-455b-ae2f-da3fb59d17e1 |
Medium | Insecure Configurations | Query details Documentation |
S3 Bucket Without Ignore Public ACL 4fa66806-0dd9-4f8d-9480-3174d39c7c91 |
Medium | Insecure Configurations | Query details Documentation |
S3 Bucket Without Restriction Of Public Bucket 1ec253ab-c220-4d63-b2de-5b40e0af9293 |
Medium | Insecure Configurations | Query details Documentation |
Service Control Policies Disabled 5ba6229c-8057-433e-91d0-21cf13569ca9 |
Medium | Insecure Configurations | Query details Documentation |
Default VPC Exists 96ed3526-0179-4c73-b1b2-372fde2e0d13 |
Medium | Insecure Defaults | Query details Documentation |
Vulnerable Default SSL Certificate 3a1e94df-6847-4c0e-a3b6-6c6af4e128ef |
Medium | Insecure Defaults | Query details Documentation |
ALB Is Not Integrated With WAF 0afa6ab8-a047-48cf-be07-93a2f8c34cf7 |
Medium | Networking and Firewall | Query details Documentation |
ALB Listening on HTTP de7f5e83-da88-4046-871f-ea18504b1d43 |
Medium | Networking and Firewall | Query details Documentation |
API Gateway Endpoint Config is Not Private 6b2739db-9c49-4db7-b980-7816e0c248c1 |
Medium | Networking and Firewall | Query details Documentation |
API Gateway without WAF a186e82c-1078-4a7b-85d8-579561fde884 |
Medium | Networking and Firewall | Query details Documentation |
CloudFront Without WAF 1419b4c6-6d5c-4534-9cf6-6a5266085333 |
Medium | Networking and Firewall | Query details Documentation |
EC2 Instance Has Public IP 5a2486aa-facf-477d-a5c1-b010789459ce |
Medium | Networking and Firewall | Query details Documentation |
EKS Cluster Has Public Access CIDRs 61cf9883-1752-4768-b18c-0d57f2737709 |
Medium | Networking and Firewall | Query details Documentation |
EKS node group remote access disabled ba40ace1-a047-483c-8a8d-bc2d3a67a82d |
Medium | Networking and Firewall | Query details Documentation |
Elasticsearch with HTTPS disabled 2e9e0729-66d5-4148-9d39-5e6fb4bf2a4e |
Medium | Networking and Firewall | Query details Documentation |
HTTP Port Open To Internet ffac8a12-322e-42c1-b9b9-81ff85c39ef7 |
Medium | Networking and Firewall | Query details Documentation |
Network ACL With Unrestricted Access To SSH 3af7f2fd-06e6-4dab-b996-2912bea19ba4 |
Medium | Networking and Firewall | Query details Documentation |
Security Group With Unrestricted Access To SSH 65905cec-d691-4320-b320-2000436cb696 |
Medium | Networking and Firewall | Query details Documentation |
Sensitive Port Is Exposed To Small Public Network e35c16a2-d54e-419d-8546-a804d8e024d0 |
Medium | Networking and Firewall | Query details Documentation |
SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible 54c417bf-c762-48b9-9d31-b3d87047e3f0 |
Medium | Networking and Firewall | Query details Documentation |
VPC Subnet Assigns Public IP 52f04a44-6bfa-4c41-b1d3-4ae99a2de05c |
Medium | Networking and Firewall | Query details Documentation |
VPC Without Network Firewall fd632aaf-b8a1-424d-a4d1-0de22fd3247a |
Medium | Networking and Firewall | Query details Documentation |
API Gateway Access Logging Disabled 1b6799eb-4a7a-4b04-9001-8cceb9999326 |
Medium | Observability | Query details Documentation |
API Gateway Deployment Without Access Log Setting 625abc0e-f980-4ac9-a775-f7519ee34296 |
Medium | Observability | Query details Documentation |
API Gateway With CloudWatch Logging Disabled 982aa526-6970-4c59-8b9b-2ce7e019fe36 |
Medium | Observability | Query details Documentation |
CloudFront Logging Disabled 94690d79-b3b0-43de-b656-84ebef5753e5 |
Medium | Observability | Query details Documentation |
CloudTrail Log Files S3 Bucket with Logging Disabled ee9e50e8-b2ed-4176-ad42-8fc0cf7593f4 |
Medium | Observability | Query details Documentation |
CloudTrail Logging Disabled 4bb76f17-3d63-4529-bdca-2b454529d774 |
Medium | Observability | Query details Documentation |
CloudWatch AWS Config Configuration Changes Alarm Missing 5b8d7527-de8e-4114-b9dd-9d988f1f418f |
Medium | Observability | Query details Documentation |
CloudWatch Changes To NACL Alarm Missing 0a8e8dc5-b6fc-44fc-b5a1-969ec950f9b0 |
Medium | Observability | Query details Documentation |
Cloudwatch Cloudtrail Configuration Changes Alarm Missing 0f6cbf69-41bb-47dc-93f3-3844640bf480 |
Medium | Observability | Query details Documentation |
CloudWatch Disabling Or Scheduled Deletion Of Customer Created CMK Alarm Missing 56a585f5-555c-48b2-8395-e64e4740a9cf |
Medium | Observability | Query details Documentation |
CloudWatch Logging Disabled 7dbba512-e244-42dc-98bb-422339827967 |
Medium | Observability | Query details Documentation |
CloudWatch Management Console Auth Failed Alarm Missing 5864d189-ee9a-4009-ac0c-8a582e6b7919 |
Medium | Observability | Query details Documentation |
CloudWatch Metrics Disabled 081069cb-588b-4ce1-884c-2a1ce3029fe5 |
Medium | Observability | Query details Documentation |
CloudWatch Root Account Use Missing 8b1b1e67-6248-4dca-bbad-93486bb181c0 |
Medium | Observability | Query details Documentation |
CloudWatch S3 policy Change Alarm Missing 27c6a499-895a-4dc7-9617-5c485218db13 |
Medium | Observability | Query details Documentation |
Cloudwatch Security Group Changes Alarm Missing 4beaf898-9f8b-4237-89e2-5ffdc7ee6006 |
Medium | Observability | Query details Documentation |
CloudWatch VPC Changes Alarm Missing 9d0d4512-1959-43a2-a17f-72360ff06d1b |
Medium | Observability | Query details Documentation |
DocDB Logging Is Disabled 56f6a008-1b14-4af4-b9b2-ab7cf7e27641 |
Medium | Observability | Query details Documentation |
EC2 Instance Monitoring Disabled 23b70e32-032e-4fa6-ba5c-82f56b9980e6 |
Medium | Observability | Query details Documentation |
EKS cluster logging is not enabled 37304d3f-f852-40b8-ae3f-725e87a7cedf |
Medium | Observability | Query details Documentation |
Elasticsearch Log Disabled acb6b4e2-a086-4f35-aefd-4db6ea51ada2 |
Medium | Observability | Query details Documentation |
ELB Access Log Disabled 20018359-6fd7-4d05-ab26-d4dffccbdf79 |
Medium | Observability | Query details Documentation |
Global Accelerator Flow Logs Disabled 96e8183b-e985-457b-90cd-61c0503a3369 |
Medium | Observability | Query details Documentation |
GuardDuty Detector Disabled 704dadd3-54fc-48ac-b6a0-02f170011473 |
Medium | Observability | Query details Documentation |
Missing Cluster Log Types 66f130d9-b81d-4e8e-9b08-da74b9c891df |
Medium | Observability | Query details Documentation |
MQ Broker Logging Disabled 31245f98-a6a9-4182-9fc1-45482b9d030a |
Medium | Observability | Query details Documentation |
MSK Cluster Logging Disabled 2f56b7ab-7fba-4e93-82f0-247e5ddeb239 |
Medium | Observability | Query details Documentation |
Neptune Logging Is Disabled 45cff7b6-3b80-40c1-ba7b-2cf480678bb8 |
Medium | Observability | Query details Documentation |
RDS Without Logging 8d7f7b8c-6c7c-40f8-baa6-62006c6c7b56 |
Medium | Observability | Query details Documentation |
Redshift Cluster Logging Disabled 15ffbacc-fa42-4f6f-a57d-2feac7365caa |
Medium | Observability | Query details Documentation |
S3 Bucket Logging Disabled f861041c-8c9f-4156-acfc-5e6e524f5884 |
Medium | Observability | Query details Documentation |
S3 Bucket Object Level CloudTrail Logging Disabled a8fc2180-b3ac-4c93-bd0d-a55b974e4b07 |
Medium | Observability | Query details Documentation |
Stack Notifications Disabled b72d0026-f649-4c91-a9ea-15d8f681ac09 |
Medium | Observability | Query details Documentation |
VPC FlowLogs Disabled f83121ea-03da-434f-9277-9cd247ab3047 |
Medium | Observability | Query details Documentation |
No Stack Policy 2f01fb2d-828a-499d-b98e-b83747305052 |
Medium | Resource Management | Query details Documentation |
Authentication Without MFA 3ddfa124-6407-4845-a501-179f90c65097 |
Low | Access Control | Query details Documentation |
CloudWatch Logs Destination With Vulnerable Policy db0ec4c4-852c-46a2-b4f3-7ec13cdb12a8 |
Low | Access Control | Query details Documentation |
EC2 Instance Using API Keys 0b93729a-d882-4803-bdc3-ac429a21f158 |
Low | Access Control | Query details Documentation |
SSO Permission With Inadequate User Session Duration ce9dfce0-5fc8-433b-944a-3b16153111a8 |
Low | Access Control | Query details Documentation |
Autoscaling Groups Supply Tags ba48df05-eaa1-4d64-905e-4a4b051e7587 |
Low | Availability | Query details Documentation |
ECS Service Without Running Tasks 91f16d09-689e-4926-aca7-155157f634ed |
Low | Availability | Query details Documentation |
Automatic Minor Upgrades Disabled 3b6d777b-76e3-4133-80a3-0d6f667ade7f |
Low | Best Practices | Query details Documentation |
CDN Configuration Is Missing 1bc367f6-901d-4870-ad0c-71d79762ef52 |
Low | Best Practices | Query details Documentation |
Cognito UserPool Without MFA ec28bf61-a474-4dbe-b414-6dd3a067d6f0 |
Low | Best Practices | Query details Documentation |
ECR Repository Without Policy 69e7c320-b65d-41bb-be02-d63ecc0bcc9d |
Low | Best Practices | Query details Documentation |
IAM Access Analyzer Not Enabled e592a0c5-5bdb-414c-9066-5dba7cdea370 |
Low | Best Practices | Query details Documentation |
IAM Password Without Minimum Length 1bc1c685-e593-450e-88fb-19db4c82aa1d |
Low | Best Practices | Query details Documentation |
Lambda IAM InvokeFunction Misconfigured 0ca1017d-3b80-423e-bb9c-6cd5898d34bd |
Low | Best Practices | Query details Documentation |
Lambda Permission Misconfigured 75ec6890-83af-4bf1-9f16-e83726df0bd0 |
Low | Best Practices | Query details Documentation |
Misconfigured Password Policy Expiration ce60d060-efb8-4bfd-9cf7-ff8945d00d90 |
Low | Best Practices | Query details Documentation |
Password Without Reuse Prevention 89806cdc-9c2e-4bd1-a0dc-53f339bcfb2a |
Low | Best Practices | Query details Documentation |
Stack Without Template 91bea7b8-0c31-4863-adc9-93f6177266c4 |
Low | Build Process | Query details Documentation |
API Gateway With Invalid Compression ed35928e-195c-4405-a252-98ccb664ab7b |
Low | Encryption | Query details Documentation |
CloudTrail Log Files Not Encrypted With KMS 5d9e3164-9265-470c-9a10-57ae454ac0c7 |
Low | Encryption | Query details Documentation |
CodeBuild Project Encrypted With AWS Managed Key 3deec14b-03d2-4d27-9670-7d79322e3340 |
Low | Encryption | Query details Documentation |
DOCDB Cluster Encrypted With AWS Managed Key 2134641d-30a4-4b16-8ffc-2cd4c4ffd15d |
Low | Encryption | Query details Documentation |
ECR Repository Not Encrypted With CMK 0e32d561-4b5a-4664-a6e3-a3fa85649157 |
Low | Encryption | Query details Documentation |
EFS Without KMS 25d251f3-f348-4f95-845c-1090e41a615c |
Low | Encryption | Query details Documentation |
AWS Password Policy With Unchangeable Passwords 9ef7d25d-9764-4224-9968-fa321c56ef76 |
Low | Insecure Configurations | Query details Documentation |
IAM User Policy Without MFA b5681959-6c09-4f55-b42b-c40fa12d03ec |
Low | Insecure Configurations | Query details Documentation |
Instance With No VPC a31a5a29-718a-4ff4-8001-a69e5e4d029e |
Low | Insecure Configurations | Query details Documentation |
Redis Disabled 4bd15dd9-8d5e-4008-8532-27eb0c3706d3 |
Low | Insecure Configurations | Query details Documentation |
Redshift Cluster Without VPC 0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3 |
Low | Insecure Configurations | Query details Documentation |
S3 Bucket Without Enabled MFA Delete c5b31ab9-0f26-4a49-b8aa-4cc064392f4d |
Low | Insecure Configurations | Query details Documentation |
Dynamodb VPC Endpoint Without Route Table Association 0bc534c5-13d1-4353-a7fe-b8665d5c1d7d |
Low | Networking and Firewall | Query details Documentation |
EC2 Instance Using Default VPC 7e4a6e76-568d-43ef-8c4e-36dea481bff1 |
Low | Networking and Firewall | Query details Documentation |
ElastiCache Using Default Port 5d89db57-8b51-4b38-bb76-b9bd42bd40f0 |
Low | Networking and Firewall | Query details Documentation |
ElastiCache Without VPC 8c849af7-a399-46f7-a34c-32d3dc96f1fc |
Low | Networking and Firewall | Query details Documentation |
EMR Without VPC 2b3c8a6d-9856-43e6-ab1d-d651094f03b4 |
Low | Networking and Firewall | Query details Documentation |
RDS Using Default Port bca7cc4d-b3a4-4345-9461-eb69c68fcd26 |
Low | Networking and Firewall | Query details Documentation |
Redshift Using Default Port 41abc6cc-dde1-4217-83d3-fb5f0cc09d8f |
Low | Networking and Firewall | Query details Documentation |
Sensitive Port Is Exposed To Wide Private Network 92fe237e-074c-4262-81a4-2077acb928c1 |
Low | Networking and Firewall | Query details Documentation |
Shield Advanced Not In Use 084c6686-2a70-4710-91b1-000393e54c12 |
Low | Networking and Firewall | Query details Documentation |
SQS VPC Endpoint Without DNS Resolution e9b7acf9-9ba0-4837-a744-31e7df1e434d |
Low | Networking and Firewall | Query details Documentation |
API Gateway Deployment Without API Gateway UsagePlan Associated b3a59b8e-94a3-403e-b6e2-527abaf12034 |
Low | Observability | Query details Documentation |
API Gateway X-Ray Disabled 5813ef56-fa94-406a-b35d-977d4a56ff2b |
Low | Observability | Query details Documentation |
CloudTrail Log File Validation Disabled 52ffcfa6-6c70-4ea6-8376-d828d3961669 |
Low | Observability | Query details Documentation |
CloudTrail Multi Region Disabled 8173d5eb-96b5-4aa6-a71b-ecfa153c123d |
Low | Observability | Query details Documentation |
CloudTrail Not Integrated With CloudWatch 17b30f8f-8dfb-4597-adf6-57600b6cf25e |
Low | Observability | Query details Documentation |
CloudTrail SNS Topic Name Undefined 482b7d26-0bdb-4b5f-bf6f-545826c0a3dd |
Low | Observability | Query details Documentation |
CloudWatch Console Sign-in Without MFA Alarm Missing 44ceb4fa-0897-4fd2-b676-30e7a58f2933 |
Low | Observability | Query details Documentation |
CloudWatch IAM Policy Changes Alarm Missing eaaba502-2f94-411a-a3c2-83d63cc1776d |
Low | Observability | Query details Documentation |
CloudWatch Network Gateways Changes Alarm Missing 6b6874fe-4c2f-4eea-8b90-7cceaa4a125e |
Low | Observability | Query details Documentation |
CloudWatch Route Table Changes Alarm Missing 2285e608-ddbc-47f3-ba54-ce7121e31216 |
Low | Observability | Query details Documentation |
CMK Rotation Disabled 22fbfeac-7b5a-421a-8a27-7a2178bb910b |
Low | Observability | Query details Documentation |
Configuration Aggregator to All Regions Disabled ac5a0bc0-a54c-45aa-90c3-15f7703b9132 |
Low | Observability | Query details Documentation |
ECS Cluster with Container Insights Disabled 97cb0688-369a-4d26-b1f7-86c4c91231bc |
Low | Observability | Query details Documentation |
ElasticSearch Without Slow Logs e979fcbc-df6c-422d-9458-c33d65e71c45 |
Low | Observability | Query details Documentation |
KMS Key With No Deletion Window 0b530315-0ea4-497f-b34c-4ff86268f59d |
Low | Observability | Query details Documentation |
Lambda Functions Without X-Ray Tracing 8152e0cf-d2f0-47ad-96d5-d003a76eabd1 |
Low | Observability | Query details Documentation |
Unscanned ECR Image 9630336b-3fed-4096-8173-b9afdfe346a7 |
Low | Observability | Query details Documentation |
API Gateway Stage Without API Gateway UsagePlan Associated c999cf62-0920-40f8-8dda-0caccd66ed7e |
Low | Resource Management | Query details Documentation |
Security Group Not Used 4849211b-ac39-479e-ae78-5694d506cb24 |
Info | Access Control | Query details Documentation |
DynamoDB Table Point In Time Recovery Disabled 741f1291-47ac-4a85-a07b-3d32a9d6bd3e |
Info | Best Practices | Query details Documentation |
EC2 Not EBS Optimized 60224630-175a-472a-9e23-133827040766 |
Info | Best Practices | Query details Documentation |
Resource Not Using Tags e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10 |
Info | Best Practices | Query details Documentation |
Security Group Rule Without Description 68eb4bf3-f9bf-463d-b5cf-e029bb446d2e |
Info | Best Practices | Query details Documentation |
Security Group Without Description cb3f5ed6-0d18-40de-a93d-b3538db31e8c |
Info | Best Practices | Query details Documentation |
CloudWatch AWS Organizations Changes Missing Alarm 38b85c45-e772-4de8-a247-69619ca137b3 |
Info | Observability | Query details Documentation |
CloudWatch Without Retention Period Specified ef0b316a-211e-42f1-888e-64efe172b755 |
Info | Observability | Query details Documentation |
AWS_BOM¶
Below are listed queries related to Terraform AWS_BOM:
Query | Severity | Category | More info |
---|---|---|---|
BOM - AWS DynamoDB 23edf35f-7c22-4ff9-87e6-0ca74261cfbf |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS EBS 86571149-eef3-4280-a645-01e60df854b0 |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS EFS f53f16d6-46a9-4277-9fbe-617b1e24cdca |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS Elasticache 54229498-850b-4f78-b3a7-218d24ef2c37 |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS Kinesis 0e59d33e-bba2-4037-8f88-9765647ca7ad |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS MQ fcb1b388-f558-4b7f-9b6e-f4e98abb7380 |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS MSK 051f2063-2517-4295-ad8e-ba88c1bf5cfc |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS RDS 12933609-c5bf-44b4-9a41-a6467c3b685b |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS S3 Buckets 2d16c3fb-35ba-4ec0-b4e4-06ee3cbd4045 |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS SNS eccc4d59-74b9-4974-86f1-74386e0c7f33 |
Trace | Bill Of Materials | Query details Documentation |
BOM - AWS SQS baecd2da-492a-4d59-b9dc-29540a1398e0 |
Trace | Bill Of Materials | Query details Documentation |
AZURE¶
Below are listed queries related to Terraform AZURE:
Query | Severity | Category | More info |
---|---|---|---|
CosmosDB Account IP Range Filter Not Set c2a3efb6-8a58-481c-82f2-bfddf34bb4b7 |
Critical | Networking and Firewall | Query details Documentation |
Redis Entirely Accessible fd8da341-6760-4450-b26c-9f6d8850575e |
Critical | Networking and Firewall | Query details Documentation |
Redis Publicly Accessible 5089d055-53ff-421b-9482-a5267bdce629 |
Critical | Networking and Firewall | Query details Documentation |
SQLServer Ingress From Any IP 25c0ea09-f1c5-4380-b055-3b83863f2bb8 |
Critical | Networking and Firewall | Query details Documentation |
Unrestricted SQL Server Access d7ba74da-2da0-4d4b-83c8-2fd72a3f6c28 |
Critical | Networking and Firewall | Query details Documentation |
Public Storage Account 17f75827-0684-48f4-8747-61129c7e4198 |
High | Access Control | Query details Documentation |
Storage Container Is Publicly Accessible dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299 |
High | Access Control | Query details Documentation |
Azure Container Registry With No Locks a187ac47-8163-42ce-8a63-c115236be6fb |
High | Insecure Configurations | Query details Documentation |
Security Group is Not Configured 5c822443-e1ea-46b8-84eb-758ec602e844 |
High | Insecure Configurations | Query details Documentation |
MariaDB Server Public Network Access Enabled 7f0a8696-7159-4337-ad0d-8a3ab4a78195 |
High | Networking and Firewall | Query details Documentation |
MSSQL Server Public Network Access Enabled ade36cf4-329f-4830-a83d-9db72c800507 |
High | Networking and Firewall | Query details Documentation |
MySQL Server Public Access Enabled f118890b-2468-42b1-9ce9-af35146b425b |
High | Networking and Firewall | Query details Documentation |
RDP Is Exposed To The Internet efbf6449-5ec5-4cfe-8f15-acc51e0d787c |
High | Networking and Firewall | Query details Documentation |
Sensitive Port Is Exposed To Entire Network 594c198b-4d79-41b8-9b36-fde13348b619 |
High | Networking and Firewall | Query details Documentation |
Admin User Enabled For Container Registry b897dfbf-322c-45a8-b67c-1e698beeaa51 |
Medium | Access Control | Query details Documentation |
AKS RBAC Disabled 86f92117-eed8-4614-9c6c-b26da20ff37f |
Medium | Access Control | Query details Documentation |
App Service Authentication Disabled c7fc1481-2899-4490-bbd8-544a3a61a2f3 |
Medium | Access Control | Query details Documentation |
Function App Authentication Disabled e65a0733-94a0-4826-82f4-df529f4c593f |
Medium | Access Control | Query details Documentation |
Role Assignment Not Limit Guest User Permissions 8e75e431-449f-49e9-b56a-c8f1378025cf |
Medium | Access Control | Query details Documentation |
Role Definition Allows Custom Role Creation 3fa5900f-9aac-4982-96b2-a6143d9c99fb |
Medium | Access Control | Query details Documentation |
Storage Share File Allows All ACL Permissions 48bbe0fd-57e4-4678-a4a1-119e79c90fc3 |
Medium | Access Control | Query details Documentation |
Storage Table Allows All ACL Permissions 3ac3e75c-6374-4a32-8ba0-6ed69bda404e |
Medium | Access Control | Query details Documentation |
Azure Instance Using Basic Authentication dafe30ec-325d-4516-85d1-e8e6776f012c |
Medium | Best Practices | Query details Documentation |
Key Vault Secrets Content Type Undefined f8e08a38-fc6e-4915-abbe-a7aadf1d59ef |
Medium | Best Practices | Query details Documentation |
Security Contact Email 34664094-59e0-4524-b69f-deaa1a68cce3 |
Medium | Best Practices | Query details Documentation |
App Service Not Using Latest TLS Encryption Version b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643 |
Medium | Encryption | Query details Documentation |
Encryption On Managed Disk Disabled a99130ab-4c0e-43aa-97f8-78d4fcb30024 |
Medium | Encryption | Query details Documentation |
Function App Not Using Latest TLS Encryption Version 45fc717a-bd86-415c-bdd8-677901be1aa6 |
Medium | Encryption | Query details Documentation |
MySQL SSL Connection Disabled 73e42469-3a86-4f39-ad78-098f325b4e9f |
Medium | Encryption | Query details Documentation |
SSL Enforce Disabled 0437633b-daa6-4bbc-8526-c0d2443b946e |
Medium | Encryption | Query details Documentation |
Storage Account Not Forcing HTTPS 12944ec4-1fa0-47be-8b17-42a034f937c2 |
Medium | Encryption | Query details Documentation |
Storage Account Not Using Latest TLS Encryption Version 8263f146-5e03-43e0-9cfe-db960d56d1e7 |
Medium | Encryption | Query details Documentation |
AD Admin Not Configured For SQL Server a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b |
Medium | Insecure Configurations | Query details Documentation |
AKS Private Cluster Disabled 599318f2-6653-4569-9e21-041d06c63a89 |
Medium | Insecure Configurations | Query details Documentation |
App Service FTPS Enforce Disabled 85da374f-b00f-4832-9d44-84a1ca1e89f8 |
Medium | Insecure Configurations | Query details Documentation |
App Service HTTP2 Disabled 525b53be-62ed-4244-b4df-41aecfcb4071 |
Medium | Insecure Configurations | Query details Documentation |
Azure App Service Client Certificate Disabled a81573f9-3691-4d83-88a0-7d4af63e17a3 |
Medium | Insecure Configurations | Query details Documentation |
Function App Client Certificates Unrequired 9bb3c639-5edf-458c-8ee5-30c17c7d671d |
Medium | Insecure Configurations | Query details Documentation |
Function App FTPS Enforce Disabled 9dab0179-433d-4dff-af8f-0091025691df |
Medium | Insecure Configurations | Query details Documentation |
Function App HTTP2 Disabled ace823d1-4432-4dee-945b-cdf11a5a6bd0 |
Medium | Insecure Configurations | Query details Documentation |
Function App Managed Identity Disabled c87749b3-ff10-41f5-9df2-c421e8151759 |
Medium | Insecure Configurations | Query details Documentation |
Network Watcher Flow Disabled b90842e5-6779-44d4-9760-972f4c03ba1c |
Medium | Insecure Configurations | Query details Documentation |
Redis Cache Allows Non SSL Connections e29a75e6-aba3-4896-b42d-b87818c16b58 |
Medium | Insecure Configurations | Query details Documentation |
Redis Not Updated Regularly b947809d-dd2f-4de9-b724-04d101c515aa |
Medium | Insecure Configurations | Query details Documentation |
Security Center Pricing Tier Is Not Standard 819d50fd-1cdf-45c3-9936-be408aaad93e |
Medium | Insecure Configurations | Query details Documentation |
Small Flow Logs Retention Period 7750fcca-dd03-4d38-b663-4b70289bcfd4 |
Medium | Insecure Configurations | Query details Documentation |
VM Not Attached To Network bbf6b3df-4b65-4f87-82cc-da9f30f8c033 |
Medium | Insecure Configurations | Query details Documentation |
Web App Accepting Traffic Other Than HTTPS 11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe |
Medium | Insecure Configurations | Query details Documentation |
Default Azure Storage Account Network Access Is Too Permissive a5613650-32ec-4975-a305-31af783153ea |
Medium | Insecure Defaults | Query details Documentation |
Azure Cognitive Search Public Network Access Enabled 4a9e0f00-0765-4f72-a0d4-d31110b78279 |
Medium | Networking and Firewall | Query details Documentation |
Firewall Rule Allows Too Many Hosts To Access Redis Cache a829b715-cf75-4e92-b645-54c9b739edfb |
Medium | Networking and Firewall | Query details Documentation |
Network Interfaces IP Forwarding Enabled 4216ebac-d74c-4423-b437-35025cb88af5 |
Medium | Networking and Firewall | Query details Documentation |
Network Interfaces With Public IP c1573577-e494-4417-8854-7e119368dc8b |
Medium | Networking and Firewall | Query details Documentation |
Sensitive Port Is Exposed To Small Public Network e9dee01f-2505-4df2-b9bf-7804d1fd9082 |
Medium | Networking and Firewall | Query details Documentation |
SSH Is Exposed To The Internet 3e3c175e-aadf-4e2b-a464-3fdac5748d24 |
Medium | Networking and Firewall | Query details Documentation |
Trusted Microsoft Services Not Enabled 5400f379-a347-4bdd-a032-446465fdcc6f |
Medium | Networking and Firewall | Query details Documentation |
WAF Is Disabled For Azure Application Gateway 2e48d91c-50e4-45c8-9312-27b625868a72 |
Medium | Networking and Firewall | Query details Documentation |
Email Alerts Disabled 9db38e87-f6aa-4b5e-a1ec-7266df259409 |
Medium | Observability | Query details Documentation |
Log Retention Is Not Set ffb02aca-0d12-475e-b77c-a726f7aeff4b |
Medium | Observability | Query details Documentation |
MSSQL Server Auditing Disabled 609839ae-bd81-4375-9910-5bce72ae7b92 |
Medium | Observability | Query details Documentation |
PostgreSQL Log Checkpoints Disabled 3790d386-be81-4dcf-9850-eaa7df6c10d9 |
Medium | Observability | Query details Documentation |
PostgreSQL Log Connections Not Set c640d783-10c5-4071-b6c1-23507300d333 |
Medium | Observability | Query details Documentation |
PostgreSQL Log Disconnections Not Set 07f7134f-9f37-476e-8664-670c218e4702 |
Medium | Observability | Query details Documentation |
PostgreSQL Log Duration Not Set 16e0879a-c4ae-4ff8-a67d-a2eed5d67b8f |
Medium | Observability | Query details Documentation |
PostgreSQL Server Without Connection Throttling 2b3c671f-1b76-4741-8789-ed1fe0785dc4 |
Medium | Observability | Query details Documentation |
SQL Server Auditing Disabled f7e296b0-6660-4bc5-8f87-22ac4a815edf |
Medium | Observability | Query details Documentation |
Vault Auditing Disabled 38c71c00-c177-4cd7-8d36-cd1007cdb190 |
Medium | Observability | Query details Documentation |
PostgreSQL Server Threat Detection Policy Disabled c407c3cf-c409-4b29-b590-db5f4138d332 |
Medium | Resource Management | Query details Documentation |
SQL Database Audit Disabled 83a229ba-483e-47c6-8db7-dc96969bce5a |
Medium | Resource Management | Query details Documentation |
Key Expiration Not Set 4d080822-5ee2-49a4-8984-68f3d4c890fc |
Medium | Secret Management | Query details Documentation |
Secret Expiration Not Set dfa20ffa-f476-428f-a490-424b41e91c7f |
Medium | Secret Management | Query details Documentation |
Azure Active Directory Authentication a21c8da9-41bf-40cf-941d-330cf0d11fc7 |
Low | Access Control | Query details Documentation |
Virtual Network with DDoS Protection Plan disabled b4cc2c52-34a6-4b43-b57c-4bdeb4514a5a |
Low | Availability | Query details Documentation |
Geo Redundancy Is Disabled 8b042c30-e441-453f-b162-7696982ebc58 |
Low | Backup | Query details Documentation |
MariaDB Server Geo-redundant Backup Disabled 0a70d5f3-1ecd-4c8e-9292-928fc9a8c4f1 |
Low | Backup | Query details Documentation |
AKS Uses Azure Policies Add-On Disabled 43789711-161b-4708-b5bb-9d1c626f7492 |
Low | Best Practices | Query details Documentation |
App Service Without Latest PHP Version 96fe318e-d631-4156-99fa-9080d57280ae |
Low | Best Practices | Query details Documentation |
App Service Without Latest Python Version cc4aaa9d-1070-461a-b519-04e00f42db8a |
Low | Best Practices | Query details Documentation |
SQL Server Predictable Active Directory Account Name bcd3fc01-5902-4f2a-b05a-227f9bbf5450 |
Low | Best Practices | Query details Documentation |
SQL Server Predictable Admin Account Name 2ab6de9a-0136-415c-be92-79d2e4fd750f |
Low | Best Practices | Query details Documentation |
Cosmos DB Account Without Tags 56dad03e-e94f-4dd6-93a4-c253a03ff7a0 |
Low | Build Process | Query details Documentation |
AKS Disk Encryption Set ID Undefined b17d8bb8-4c08-4785-867e-cb9e62a622aa |
Low | Encryption | Query details Documentation |
PostgreSQL Server Infrastructure Encryption Disabled 6425c98b-ca4e-41fe-896a-c78772c131f8 |
Low | Encryption | Query details Documentation |
AKS Network Policy Misconfigured f5342045-b935-402d-adf1-8dbbd09c0eef |
Low | Insecure Configurations | Query details Documentation |
Dashboard Is Enabled 61c3cb8b-0715-47e4-b788-86dde40dd2db |
Low | Insecure Configurations | Query details Documentation |
Azure Front Door WAF Disabled 835a4f2f-df43-437d-9943-545ccfc55961 |
Low | Networking and Firewall | Query details Documentation |
Sensitive Port Is Exposed To Wide Private Network c6c7b33d-d7f6-4ab8-8c82-ca0431ecdb7e |
Low | Networking and Firewall | Query details Documentation |
Small Activity Log Retention Period 2b856bf9-8e8c-4005-875f-303a8cba3918 |
Low | Observability | Query details Documentation |
Small MSSQL Audit Retention Period 9c301481-e6ec-44f7-8a49-8ec63e2969ea |
Low | Observability | Query details Documentation |
Small MSSQL Server Audit Retention 59acb56b-2b10-4c2c-ba38-f2223c3f5cfc |
Low | Observability | Query details Documentation |
Small PostgreSQL DB Server Log Retention Period 261a83f8-dd72-4e8c-b5e1-ebf06e8fe606 |
Low | Observability | Query details Documentation |
App Service Managed Identity Disabled b61cce4b-0cc4-472b-8096-15617a6d769b |
Low | Resource Management | Query details Documentation |
SQL Server Alert Email Disabled 55975007-f6e7-4134-83c3-298f1fe4b519 |
Info | Best Practices | Query details Documentation |
DATABRICKS¶
Below are listed queries related to Terraform DATABRICKS:
Query | Severity | Category | More info |
---|---|---|---|
Beta - Databricks Cluster or Job With None Or Insecure Permission(s) a4edb7e1-c0e0-4f7f-9d7c-d1b603e81ad5 |
High | Insecure Configurations | Query details Documentation |
Beta - Unrestricted Databricks ACL 2c4fe4a9-f44b-4c70-b09b-5b75cd251805 |
High | Networking and Firewall | Query details Documentation |
Beta - Job's Task is Legacy (spark_submit_task) 375cdab9-3f94-4ae0-b1e3-8fbdf9cdf4d7 |
Medium | Best Practices | Query details Documentation |
Beta - Indefinitely Databricks OBO Token Lifetime 23e1f5f0-12b7-4d7e-9087-f60f42ccd514 |
Medium | Insecure Defaults | Query details Documentation |
Beta - Indefinitely Databricks Token Lifetime 7d05ca25-91b4-42ee-b6f6-b06611a87ce8 |
Medium | Insecure Defaults | Query details Documentation |
Beta - Databricks Autoscale Badly Setup 953c0cc6-5f30-44cb-a803-bf4ef2571be8 |
Medium | Resource Management | Query details Documentation |
Beta - Databricks Group Without User Or Instance Profile 23c3067a-8cc9-480c-b645-7c1e0ad4bf60 |
Low | Access Control | Query details Documentation |
Beta - Check Databricks Cluster AWS Attribute Best Practices b0749c53-e3ff-4d09-bbe4-dca94e2e7a38 |
Low | Best Practices | Query details Documentation |
Beta - Check Databricks Cluster Azure Attribute Best Practices 38028698-e663-4ef7-aa92-773fef0ca86f |
Low | Best Practices | Query details Documentation |
Beta - Check Databricks Cluster GCP Attribute Best Practices 539e4557-d2b5-4d57-a001-cb01140a4e2d |
Low | Best Practices | Query details Documentation |
Beta - Check use no LTS Spark Version 5a627dfa-a4dd-4020-a4c6-5f3caf4abcd6 |
Low | Best Practices | Query details Documentation |
GCP¶
Below are listed queries related to Terraform GCP:
Query | Severity | Category | More info |
---|---|---|---|
Cloud Storage Anonymous or Publicly Accessible a6cd52a1-3056-4910-96a5-894de9f3f3b3 |
Critical | Access Control | Query details Documentation |
SQL DB Instance Publicly Accessible b187edca-b81e-4fdc-aff4-aab57db45edb |
Critical | Insecure Configurations | Query details Documentation |
BigQuery Dataset Is Public e576ce44-dd03-4022-a8c0-3906acca2ab4 |
High | Access Control | Query details Documentation |
Google Project IAM Binding Service Account has Token Creator or Account User Role 617ef6ff-711e-4bd7-94ae-e965911b1b40 |
High | Access Control | Query details Documentation |
Google Project IAM Member Service Account Has Admin Role 84d36481-fd63-48cb-838e-635c44806ec2 |
High | Access Control | Query details Documentation |
Google Project IAM Member Service Account has Token Creator or Account User Role c68b4e6d-4e01-4ca1-b256-1e18e875785c |
High | Access Control | Query details Documentation |
KMS Crypto Key is Publicly Accessible 16cc87d1-dd47-4f46-b3ce-4dfcac8fd2f5 |
High | Encryption | Query details Documentation |
SQL DB Instance With SSL Disabled 02474449-71aa-40a1-87ae-e14497747b00 |
High | Encryption | Query details Documentation |
GKE Legacy Authorization Enabled 5baa92d2-d8ee-4c75-88a4-52d9d8bb8067 |
High | Insecure Configurations | Query details Documentation |
Google Storage Bucket Level Access Disabled bb0db090-5509-4853-a827-75ced0b3caa0 |
High | Insecure Configurations | Query details Documentation |
RDP Access Is Not Restricted 678fd659-96f2-454a-a2a0-c2571f83a4a3 |
High | Networking and Firewall | Query details Documentation |
Cloud Storage Bucket Is Publicly Accessible c010082c-76e0-4b91-91d9-6e8439e455dd |
Medium | Access Control | Query details Documentation |
KMS Admin and CryptoKey Roles In Use 92e4464a-4139-4d57-8742-b5acc0347680 |
Medium | Access Control | Query details Documentation |
OSLogin Disabled 32ecd6eb-0711-421f-9627-1a28d9eff217 |
Medium | Access Control | Query details Documentation |
VM With Full Cloud Access bc280331-27b9-4acb-a010-018e8098aa5d |
Medium | Access Control | Query details Documentation |
SQL DB Instance Backup Disabled cf3c7631-cd1e-42f3-8801-a561214a6e79 |
Medium | Backup | Query details Documentation |
Disk Encryption Disabled b1d51728-7270-4991-ac2f-fc26e2695b38 |
Medium | Encryption | Query details Documentation |
DNSSEC Using RSASHA1 ccc3100c-0fdd-4a5e-9908-c10107291860 |
Medium | Encryption | Query details Documentation |
Google Compute SSL Policy Weak Cipher In Use 14a457f0-473d-4d1d-9e37-6d99b355b336 |
Medium | Encryption | Query details Documentation |
Cloud DNS Without DNSSEC 5ef61c88-bbb4-4725-b1df-55d23c9676bb |
Medium | Insecure Configurations | Query details Documentation |
Google Container Node Pool Auto Repair Disabled acfdbec6-4a17-471f-b412-169d77553332 |
Medium | Insecure Configurations | Query details Documentation |
Google Project Auto Create Network Disabled 59571246-3f62-4965-a96f-c7d97e269351 |
Medium | Insecure Configurations | Query details Documentation |
IP Aliasing Disabled c606ba1d-d736-43eb-ac24-e16108f3a9e0 |
Medium | Insecure Configurations | Query details Documentation |
Network Policy Disabled 11e7550e-c4b6-472e-adff-c698f157cdd7 |
Medium | Insecure Configurations | Query details Documentation |
OSLogin Is Disabled For VM Instance d0b4d550-c001-46c3-bbdb-d5d75d33f05f |
Medium | Insecure Configurations | Query details Documentation |
Pod Security Policy Disabled 9192e0f9-eca5-4056-9282-ae2a736a4088 |
Medium | Insecure Configurations | Query details Documentation |
Private Cluster Disabled 6ccb85d7-0420-4907-9380-50313f80946b |
Medium | Insecure Configurations | Query details Documentation |
Shielded GKE Nodes Disabled 579a0727-9c29-4d58-8195-fc5802a8bdb4 |
Medium | Insecure Configurations | Query details Documentation |
Shielded VM Disabled 1b44e234-3d73-41a8-9954-0b154135280e |
Medium | Insecure Configurations | Query details Documentation |
GKE Using Default Service Account 1c8eef02-17b1-4a3e-b01d-dcc3292d2c38 |
Medium | Insecure Defaults | Query details Documentation |
Using Default Service Account 3cb4af0b-056d-4fb1-8b95-fdc4593625ff |
Medium | Insecure Defaults | Query details Documentation |
Google Compute Network Using Default Firewall Rule 40abce54-95b1-478c-8e5f-ea0bf0bb0e33 |
Medium | Networking and Firewall | Query details Documentation |
Google Compute Network Using Firewall Rule that Allows All Ports 22ef1d26-80f8-4a6c-8c15-f35aab3cac78 |
Medium | Networking and Firewall | Query details Documentation |
IP Forwarding Enabled f34c0c25-47b4-41eb-9c79-249b4dd47b89 |
Medium | Networking and Firewall | Query details Documentation |
Serial Ports Are Enabled For VM Instances 97fa667a-d05b-4f16-9071-58b939f34751 |
Medium | Networking and Firewall | Query details Documentation |
SSH Access Is Not Restricted c4dcdcdf-10dd-4bf4-b4a0-8f6239e6aaa0 |
Medium | Networking and Firewall | Query details Documentation |
Cloud Storage Bucket Logging Not Enabled d6cabc3a-d57e-48c2-b341-bf3dd4f4a120 |
Medium | Observability | Query details Documentation |
Cloud Storage Bucket Versioning Disabled e7e961ac-d17e-4413-84bc-8a1fbe242944 |
Medium | Observability | Query details Documentation |
Google Compute Subnetwork Logging Disabled 40430747-442d-450a-a34f-dc57149f4609 |
Medium | Observability | Query details Documentation |
Stackdriver Logging Disabled 4c7ebcb2-eae2-461e-bc83-456ee2d4f694 |
Medium | Observability | Query details Documentation |
Stackdriver Monitoring Disabled 30e8dfd2-3591-4d19-8d11-79e93106c93d |
Medium | Observability | Query details Documentation |
Node Auto Upgrade Disabled b139213e-7d24-49c2-8025-c18faa21ecaa |
Medium | Resource Management | Query details Documentation |
Service Account with Improper Privileges cefdad16-0dd5-4ac5-8ed2-a37502c78672 |
Medium | Resource Management | Query details Documentation |
High Google KMS Crypto Key Rotation Period d8c57c4e-bf6f-4e32-a2bf-8643532de77b |
Medium | Secret Management | Query details Documentation |
Project-wide SSH Keys Are Enabled In VM Instances 3e4d5ce6-3280-4027-8010-c26eeea1ec01 |
Medium | Secret Management | Query details Documentation |
User with IAM Role 704fcc44-a58f-4af5-82e2-93f2a58ef918 |
Low | Access Control | Query details Documentation |
Outdated GKE Version 128df7ec-f185-48bc-8913-ce756a3ccb85 |
Low | Best Practices | Query details Documentation |
Cluster Labels Disabled 65c1bc7a-4835-4ac4-a2b6-13d310b0648d |
Low | Insecure Configurations | Query details Documentation |
COS Node Image Not Used 8a893e46-e267-485a-8690-51f39951de58 |
Low | Insecure Configurations | Query details Documentation |
Legacy Client Certificate Auth Enabled 73fb21a1-b19a-45b1-b648-b47b1678681e |
Low | Insecure Configurations | Query details Documentation |
Not Proper Email Account In Use 9356962e-4a4f-4d06-ac59-dc8008775eaa |
Low | Insecure Configurations | Query details Documentation |
Google Compute Network Using Firewall Rule that Allows Port Range e6f61c37-106b-449f-a5bb-81bfcaceb8b4 |
Low | Networking and Firewall | Query details Documentation |
Google Compute Subnetwork with Private Google Access Disabled ee7b93c1-b3f8-4a3b-9588-146d481814f5 |
Low | Networking and Firewall | Query details Documentation |
IAM Audit Not Properly Configured 89fe890f-b480-460c-8b6b-7d8b1468adb4 |
Low | Observability | Query details Documentation |
GCP_BOM¶
Below are listed queries related to Terraform GCP_BOM:
Query | Severity | Category | More info |
---|---|---|---|
BOM - GCP Dataflow 895ed0d9-6fec-4567-8614-d7a74b599a53 |
Trace | Bill Of Materials | Query details Documentation |
BOM - GCP FI c9d81239-c818-4869-9917-1570c62b81fd |
Trace | Bill Of Materials | Query details Documentation |
BOM - GCP PD dd7d70aa-a6ec-460d-b5d2-38b40253b16f |
Trace | Bill Of Materials | Query details Documentation |
BOM - GCP PST 4b82202a-b18e-4891-a1eb-a0989850bbb3 |
Trace | Bill Of Materials | Query details Documentation |
BOM - GCP Redis bc75ce52-a60a-4660-b533-bce837a5019b |
Trace | Bill Of Materials | Query details Documentation |
BOM - GCP SB 2f06d22c-56bd-4f73-8a51-db001fcf2150 |
Trace | Bill Of Materials | Query details Documentation |
GITHUB¶
Below are listed queries related to Terraform GITHUB:
Query | Severity | Category | More info |
---|---|---|---|
Github Organization Webhook With SSL Disabled ce7c874e-1b88-450b-a5e4-cb76ada3c8a9 |
Medium | Encryption | Query details Documentation |
GitHub Repository Set To Public 15d8a7fd-465a-4d15-a868-add86552f17b |
Medium | Insecure Configurations | Query details Documentation |
KUBERNETES¶
Below are listed queries related to Terraform KUBERNETES:
Query | Severity | Category | More info |
---|---|---|---|
Non Kube System Pod With Host Mount 86a947ea-f577-4efb-a8b0-5fc00257d521 |
High | Access Control | Query details Documentation |
Cluster Allows Unsafe Sysctls a9174d31-d526-4ad9-ace4-ce7ddbf52e03 |
High | Insecure Configurations | Query details Documentation |
Container Is Privileged 87065ef8-de9b-40d8-9753-f4a4303e27a4 |
High | Insecure Configurations | Query details Documentation |
Container Runs Unmasked 0ad60203-c050-4115-83b6-b94bde92541d |
High | Insecure Configurations | Query details Documentation |
Containers With Sys Admin Capabilities 3f55386d-75cd-4e9a-ac47-167b26c04724 |
High | Insecure Configurations | Query details Documentation |
Privilege Escalation Allowed c878abb4-cca5-4724-92b9-289be68bd47c |
High | Insecure Configurations | Query details Documentation |
PSP Allows Containers To Share The Host Network Namespace 4950837c-0ce5-4e42-9bee-a25eae73740b |
High | Insecure Configurations | Query details Documentation |
PSP Allows Privilege Escalation 2bff9906-4e9b-4f71-9346-8ebedfdf43ef |
High | Insecure Configurations | Query details Documentation |
PSP Allows Sharing Host IPC 51bed0ac-a8ae-407a-895e-90c6cb0610ce |
High | Insecure Configurations | Query details Documentation |
PSP Set To Privileged a6a4d4fc-4e8f-47d1-969f-e9d4a084f3b9 |
High | Insecure Configurations | Query details Documentation |
PSP With Added Capabilities 48388bd2-7201-4dcc-b56d-e8a9efa58fad |
High | Insecure Configurations | Query details Documentation |
Tiller (Helm v2) Is Deployed ca2fba76-c1a7-4afd-be67-5249f861cb0e |
High | Insecure Configurations | Query details Documentation |
Workload Mounting With Sensitive OS Directory a737be28-37d8-4bff-aa6d-1be8aa0a0015 |
High | Insecure Configurations | Query details Documentation |
Volume Mount With OS Directory Write Permissions a62a99d1-8196-432f-8f80-3c100b05d62a |
High | Resource Management | Query details Documentation |
Docker Daemon Socket is Exposed to Containers 4e203a65-c8d8-49a2-b749-b124d43c9dc1 |
Medium | Access Control | Query details Documentation |
Missing App Armor Config bd6bd46c-57db-4887-956d-d372f21291b6 |
Medium | Access Control | Query details Documentation |
Permissive Access to Create Pods 522d4a64-4dc9-44bd-9240-7d8a0d5cb5ba |
Medium | Access Control | Query details Documentation |
RBAC Roles with Read Secrets Permissions 826abb30-3cd5-4e0b-a93b-67729b4f7e63 |
Medium | Access Control | Query details Documentation |
Readiness Probe Is Not Configured 8657197e-3f87-4694-892b-8144701d83c1 |
Medium | Availability | Query details Documentation |
Root Containers Admitted 4c415497-7410-4559-90e8-f2c8ac64ee38 |
Medium | Best Practices | Query details Documentation |
Incorrect Volume Claim Access Mode ReadWriteOnce 26b047a9-0329-48fd-8fb7-05bbe5ba80ee |
Medium | Build Process | Query details Documentation |
Container Host Pid Is True 587d5d82-70cf-449b-9817-f60f9bccb88c |
Medium | Insecure Configurations | Query details Documentation |
Container Resources Limits Undefined 60af03ff-a421-45c8-b214-6741035476fa |
Medium | Insecure Configurations | Query details Documentation |
Containers With Added Capabilities fe771ff7-ba15-4f8f-ad7a-8aa232b49a28 |
Medium | Insecure Configurations | Query details Documentation |
Ingress Controller Exposes Workload e2c83c1f-84d7-4467-966c-ed41fd015bb9 |
Medium | Insecure Configurations | Query details Documentation |
NET_RAW Capabilities Disabled for PSP 9aa32890-ac1a-45ee-81ca-5164e2098556 |
Medium | Insecure Configurations | Query details Documentation |
NET_RAW Capabilities Not Being Dropped e5587d53-a673-4a6b-b3f2-ba07ec274def |
Medium | Insecure Configurations | Query details Documentation |
Seccomp Profile Is Not Configured 455f2e0c-686d-4fcb-8b5f-3f953f12c43c |
Medium | Insecure Configurations | Query details Documentation |
Role Binding To Default Service Account 3360c01e-c8c0-4812-96a2-a6329b9b7f9f |
Medium | Insecure Defaults | Query details Documentation |
Service Account Name Undefined Or Empty 24b132df-5cc7-4823-8029-f898e1c50b72 |
Medium | Insecure Defaults | Query details Documentation |
Service Account Token Automount Not Disabled a9a13d4f-f17a-491b-b074-f54bffffcb4a |
Medium | Insecure Defaults | Query details Documentation |
Service With External Load Balancer 2a52567c-abb8-4651-a038-52fa27c77aed |
Medium | Networking and Firewall | Query details Documentation |
Memory Limits Not Defined fd097ed0-7fe6-4f58-8b71-fef9f0820a21 |
Medium | Resource Management | Query details Documentation |
Memory Requests Not Defined 21719347-d02b-497d-bda4-04a03c8e5b61 |
Medium | Resource Management | Query details Documentation |
Shared Host IPC Namespace e94d3121-c2d1-4e34-a295-139bfeb73ea3 |
Medium | Resource Management | Query details Documentation |
Shared Host Network Namespace ac1564a3-c324-4747-9fa1-9dfc234dace0 |
Medium | Resource Management | Query details Documentation |
Service Account Allows Access Secrets 07fc3413-e572-42f7-9877-5c8fc6fccfb5 |
Medium | Secret Management | Query details Documentation |
Shared Service Account f74b9c43-161a-4799-bc95-0b0ec81801b9 |
Medium | Secret Management | Query details Documentation |
Cluster Admin Rolebinding With Superuser Permissions 17172bc2-56fb-4f17-916f-a014147706cd |
Low | Access Control | Query details Documentation |
Deployment Without PodDisruptionBudget a05331ee-1653-45cb-91e6-13637a76e4f0 |
Low | Availability | Query details Documentation |
HPA Targets Invalid Object 17e52ca3-ddd0-4610-9d56-ce107442e110 |
Low | Availability | Query details Documentation |
StatefulSet Without PodDisruptionBudget 7249e3b0-9231-4af3-bc5f-5daf4988ecbf |
Low | Availability | Query details Documentation |
StatefulSet Without Service Name 420e6360-47bb-46f6-9072-b20ed22c842d |
Low | Availability | Query details Documentation |
Metadata Label Is Invalid bc3dabb6-fd50-40f8-b9ba-7429c9f1fb0e |
Low | Best Practices | Query details Documentation |
No Drop Capabilities for Containers 21cef75f-289f-470e-8038-c7cee0664164 |
Low | Best Practices | Query details Documentation |
Root Container Not Mounted As Read-only d532566b-8d9d-4f3b-80bd-361fe802f9c2 |
Low | Build Process | Query details Documentation |
StatefulSet Requests Storage fcc2612a-1dfe-46e4-8ce6-0320959f0040 |
Low | Build Process | Query details Documentation |
Default Service Account In Use 737a0dd9-0aaa-4145-8118-f01778262b8a |
Low | Insecure Configurations | Query details Documentation |
Image Pull Policy Of The Container Is Not Set To Always aa737abf-6b1d-4aba-95aa-5c160bd7f96e |
Low | Insecure Configurations | Query details Documentation |
Image Without Digest 228c4c19-feeb-4c18-848c-800ac70fdfb7 |
Low | Insecure Configurations | Query details Documentation |
Pod or Container Without Security Context ad69e38a-d92e-4357-a8da-f2f29d545883 |
Low | Insecure Configurations | Query details Documentation |
Using Default Namespace abcb818b-5af7-4d72-aba9-6dd84956b451 |
Low | Insecure Configurations | Query details Documentation |
Network Policy Is Not Targeting Any Pod b80b14c6-aaa2-4876-b651-8a48b6c32fbf |
Low | Networking and Firewall | Query details Documentation |
Service Type is NodePort 5c281bf8-d9bb-47f2-b909-3f6bb11874ad |
Low | Networking and Firewall | Query details Documentation |
Workload Host Port Not Specified 4e74cf4f-ff65-4c1a-885c-67ab608206ce |
Low | Networking and Firewall | Query details Documentation |
CPU Limits Not Set 5f4735ce-b9ba-4d95-a089-a37a767b716f |
Low | Resource Management | Query details Documentation |
CPU Requests Not Set 577ac19c-6a77-46d7-9f14-e049cdd15ec2 |
Low | Resource Management | Query details Documentation |
CronJob Deadline Not Configured 58876b44-a690-4e9f-9214-7735fa0dd15d |
Low | Resource Management | Query details Documentation |
Deployment Has No PodAntiAffinity 461ed7e4-f8d5-4bc1-b3c6-64ddb4fd00a3 |
Low | Resource Management | Query details Documentation |
Secrets As Environment Variables 6d8f1a10-b6cd-48f0-b960-f7c535d5cdb8 |
Low | Secret Management | Query details Documentation |
Invalid Image e76cca7c-c3f9-4fc9-884c-b2831168ebd8 |
Low | Supply-Chain | Query details Documentation |
Liveness Probe Is Not Defined 5b6d53dd-3ba3-4269-b4d7-f82e880e43c3 |
Info | Availability | Query details Documentation |
NIFCLOUD¶
Below are listed queries related to Terraform NIFCLOUD:
Query | Severity | Category | More info |
---|---|---|---|
Nifcloud RDB Has Public DB Access fb387023-e4bb-42a8-9a70-6708aa7ff21b |
High | Access Control | Query details Documentation |
Nifcloud Computing Has Public Ingress Security Group Rule b2ea2367-8dc9-4231-a035-d0b28bfa3dde |
High | Networking and Firewall | Query details Documentation |
Nifcloud Computing Undefined Security Group To Instance 89218b48-75c9-4cb3-aaba-5299e852e8bc |
High | Networking and Firewall | Query details Documentation |
Nifcloud NAS Has Public Ingress NAS Security Group Rule 8d7758a7-d9cd-499a-a83e-c9bdcbff728d |
High | Networking and Firewall | Query details Documentation |
Nifcloud RDB Has Public DB Ingress Security Group Rule a0b846e8-815f-4f15-b660-bc4ab9fa1e1a |
High | Networking and Firewall | Query details Documentation |
Nifcloud Router Undefined Security Group e7dada38-af20-4899-8955-dabea84ab1f0 |
High | Networking and Firewall | Query details Documentation |
Nifcloud VPN Gateway Undefined Security Group b3535a48-910c-47f8-8b3b-14222f29ef80 |
High | Networking and Firewall | Query details Documentation |
Nifcloud LB Using Insecure TLS Policy ID 944439c7-b4b8-476a-8f83-14641ea876ba |
Medium | Encryption | Query details Documentation |
Nifcloud LB Using Insecure TLS Policy Name 675e8eaa-2754-42b7-bf33-bfa295d1601d |
Medium | Encryption | Query details Documentation |
Nifcloud ELB Listener Using HTTP Protocol afcb0771-4f94-44ed-ad4a-9f73f11ce6e0 |
Medium | Networking and Firewall | Query details Documentation |
Nifcloud ELB Using HTTP Protocol e2de2b80-2fc2-4502-a764-40930dfcc70a |
Medium | Networking and Firewall | Query details Documentation |
Nifcloud LB Listener Using HTTP Port 9f751a80-31f0-43a3-926c-20772791a038 |
Medium | Networking and Firewall | Query details Documentation |
Nifcloud LB Using HTTP Port 94e47f3f-b90b-43a1-a36d-521580bae863 |
Medium | Networking and Firewall | Query details Documentation |
Nifcloud Low RDB Backup Retention Period e5071f76-cbe7-468d-bb2b-d10f02d2b713 |
Low | Backup | Query details Documentation |
Nifcloud DNS Has Verified Record a1defcb6-55e8-4511-8c2a-30b615b0e057 |
Low | Insecure Configurations | Query details Documentation |
Nifcloud Computing Has Common Private Network df58dd45-8009-43c2-90f7-c90eb9d53ed9 |
Low | Networking and Firewall | Query details Documentation |
Nifcloud ELB Has Common Private Network 5061f84c-ab66-4660-90b9-680c9df346c0 |
Low | Networking and Firewall | Query details Documentation |
Nifcloud NAS Has Common Private Network 4b801c38-ebb4-4c81-984b-1ba525d43adf |
Low | Networking and Firewall | Query details Documentation |
Nifcloud RDB Has Common Private Network 9bf57c23-fbab-4222-85f3-3f207a53c6a8 |
Low | Networking and Firewall | Query details Documentation |
Nifcloud Router Has Common Private Network 30c2760c-740e-4672-9d7f-2c29e0cb385d |
Low | Networking and Firewall | Query details Documentation |
Nifcloud Computing Undefined Description To Security Group 41c127a9-3a85-4bc3-a333-ed374eb9c3e4 |
Info | Best Practices | Query details Documentation |
Nifcloud Computing Undefined Description To Security Group Rule e4610872-0b1c-4fb7-ab57-d81c0afdb291 |
Info | Best Practices | Query details Documentation |
Nifcloud NAS Undefined Description To NAS Security Group e840c54a-7a4c-405f-b8c1-c49a54b87d11 |
Info | Best Practices | Query details Documentation |
Nifcloud RDB Undefined Description To DB Security Group 940ddce2-26bd-4e31-a9b4-382714f73231 |
Info | Best Practices | Query details Documentation |
SHARED (V2/V3)¶
Below are listed queries related to Terraform SHARED (V2/V3):
Query | Severity | Category | More info |
---|---|---|---|
Generic Git Module Without Revision 3a81fc06-566f-492a-91dd-7448e409e2cd |
Info | Best Practices | Query details Documentation |
Name Is Not Snake Case 1e434b25-8763-4b00-a5ca-ca03b7abbb66 |
Info | Best Practices | Query details Documentation |
Output Without Description 59312e8a-a64e-41e7-a252-618533dd1ea8 |
Info | Best Practices | Query details Documentation |
Variable Without Description 2a153952-2544-4687-bcc9-cc8fea814a9b |
Info | Best Practices | Query details Documentation |
Variable Without Type fc5109bf-01fd-49fb-8bde-4492b543c34a |
Info | Best Practices | Query details Documentation |
TENCENTCLOUD¶
Below are listed queries related to Terraform TENCENTCLOUD:
Query | Severity | Category | More info |
---|---|---|---|
Beta - CLB Listener Using Insecure Protocols fe08b81c-12e9-4b5e-9006-4218fca750fd |
High | Encryption | Query details Documentation |
Beta - TKE Cluster Encryption Protection Disabled 3ed47402-e322-465f-a0f0-8681135a17b0 |
High | Encryption | Query details Documentation |
Beta - CDB Instance Internet Service Enabled 5d820574-4a60-4916-b049-0810b8629731 |
High | Insecure Configurations | Query details Documentation |
Beta - CVM Instance Has Public IP a74b4602-a62c-4a02-956a-e19f86ea24b5 |
High | Networking and Firewall | Query details Documentation |
Beta - Security Group Rule Set Accepts All Traffic d135a36e-c474-452f-b891-76db1e6d1cd5 |
High | Networking and Firewall | Query details Documentation |
Beta - CDB Instance Without Backup Policy ca94be07-7de3-4ae7-85ef-67e0462ec694 |
Medium | Backup | Query details Documentation |
Beta - CLB Instance Log Setting Disabled ada01ed1-b10c-4f2a-b110-b20fa4f9baa6 |
Medium | Encryption | Query details Documentation |
Beta - Disk Encryption Disabled 1ee0f202-31da-49ba-bbce-04a989912e4b |
Medium | Encryption | Query details Documentation |
Beta - TKE Cluster Has Public Access df6928ed-02f4-421f-9a67-a529860dd7e7 |
Medium | Insecure Configurations | Query details Documentation |
Beta - CVM Instance Using Default Security Group 93bb2065-63ec-45a2-a466-f106b56f2e32 |
Low | Access Control | Query details Documentation |
Beta - CVM Instance Using User Data 5bb6fa08-5e84-4760-a54a-cdcd66626976 |
Low | Access Control | Query details Documentation |
Beta - CDB Instance Internet Using Default Intranet Port 18d6aa4b-7570-4d95-9c75-90363ef1abd9 |
Low | Insecure Configurations | Query details Documentation |
Beta - CVM Instance Using Default VPC b4e75c5c-83d5-4568-90e3-57ed5ec4051b |
Low | Networking and Firewall | Query details Documentation |
Beta - TKE Cluster Log Agent Is Not Enabled fe405074-7e18-40f9-9aef-024aa1d0a889 |
Low | Observability | Query details Documentation |
Beta - VPC Flow Logs Disabled a3240001-40db-47b7-abb9-2bcd6a04c430 |
Low | Observability | Query details Documentation |
Beta - CVM Instance Disable Monitor Service 966ed4f7-b8a5-4e8d-b2bf-098657c98960 |
Info | Observability | Query details Documentation |