1/ ALB_HTTP_DROP_INVALID_HEADER_ENABLED; removed as the rule is irrelevant to the security controls in RMiT
2/ CLOUD_TRAIL_ENCRYPTION_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED
3/ DYNAMODB_IN_BACKUP_PLAN; removed due to duplication with DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN
4/ EBS_IN_BACKUP_PLAN; removed due to duplication with EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN
5/ EFS_IN_BACKUP_PLAN; removed due to duplication with EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN
6/ ELASTICSEARCH_ENCRYPTED_AT_REST; removed due to the rule is only applicable to legacy ElasticSearch domains
7/ ELASTICSEARCH_IN_VPC_ONLY; removed due to the rule is only applicable to legacy ElasticSearch domains
8/ ELASTICSEARCH_LOGS_TO_CLOUDWATCH; removed due to the rule is only applicable to legacy ElasticSearch domains
9/ ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK; removed due to the rule is only applicable to legacy ElasticSearch domains
10/ ELB_ACM_CERTIFICATE_REQUIRED; removed due to the rule is only applicable to Classic Load Balance resources
11/ ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED; removed due to the rule is only applicable to Classic Load Balancer resources
12/ ELB_TLS_HTTPS_LISTENERS_ONLY; removed due to the rule is only applicable to Classic Load Balancer resources
13/ IAM_GROUP_HAS_USERS_CHECK; removed due to duplication with IAM_USER_GROUP_MEMBERSHIP_CHECK
14/ IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS; removed as IAM_NO_INLINE_POLICY_CHECK is more restrictive
15/ IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS; removed due to the rule could be too restrictive for some customers
16/ INCOMING_SSH_DISABLED; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
17/ INSTANCES_IN_VPC; removed due to the rule is only applicable to EC2 Classic instances
18/ LAMBDA_DLQ_CHECK; removed as Lambda Destination is the preferred configuration
19/ MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS; removed due to duplication with IAM_USER_MFA_ENABLED
20/ MULTI_REGION_CLOUD_TRAIL_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED
21/ RDS_IN_BACKUP_PLAN; removed due to duplication with RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN
22/ RESTRICTED_INCOMING_TRAFFIC; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
23/ S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED; removed due to duplication with S3_BUCKET_PUBLIC_READ_PROHIBITED and S3_BUCKET_PUBLIC_WRITE_PROHIBITED
24/ S3_BUCKET_REPLICATION_ENABLED; removed due to duplication with S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN
1/ ALB_HTTP_DROP_INVALID_HEADER_ENABLED; removed as the rule is irrelevant to the security controls in RMiT 2/ CLOUD_TRAIL_ENCRYPTION_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED 3/ DYNAMODB_IN_BACKUP_PLAN; removed due to duplication with DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN 4/ EBS_IN_BACKUP_PLAN; removed due to duplication with EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 5/ EFS_IN_BACKUP_PLAN; removed due to duplication with EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 6/ ELASTICSEARCH_ENCRYPTED_AT_REST; removed due to the rule is only applicable to legacy ElasticSearch domains 7/ ELASTICSEARCH_IN_VPC_ONLY; removed due to the rule is only applicable to legacy ElasticSearch domains 8/ ELASTICSEARCH_LOGS_TO_CLOUDWATCH; removed due to the rule is only applicable to legacy ElasticSearch domains 9/ ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK; removed due to the rule is only applicable to legacy ElasticSearch domains 10/ ELB_ACM_CERTIFICATE_REQUIRED; removed due to the rule is only applicable to Classic Load Balance resources 11/ ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED; removed due to the rule is only applicable to Classic Load Balancer resources 12/ ELB_TLS_HTTPS_LISTENERS_ONLY; removed due to the rule is only applicable to Classic Load Balancer resources 13/ IAM_GROUP_HAS_USERS_CHECK; removed due to duplication with IAM_USER_GROUP_MEMBERSHIP_CHECK 14/ IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS; removed as IAM_NO_INLINE_POLICY_CHECK is more restrictive 15/ IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS; removed due to the rule could be too restrictive for some customers 16/ INCOMING_SSH_DISABLED; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 17/ INSTANCES_IN_VPC; removed due to the rule is only applicable to EC2 Classic instances 18/ LAMBDA_DLQ_CHECK; removed as Lambda Destination is the preferred configuration 19/ MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS; removed due to duplication with IAM_USER_MFA_ENABLED 20/ MULTI_REGION_CLOUD_TRAIL_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED 21/ RDS_IN_BACKUP_PLAN; removed due to duplication with RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 22/ RESTRICTED_INCOMING_TRAFFIC; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 23/ S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED; removed due to duplication with S3_BUCKET_PUBLIC_READ_PROHIBITED and S3_BUCKET_PUBLIC_WRITE_PROHIBITED 24/ S3_BUCKET_REPLICATION_ENABLED; removed due to duplication with S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN