issues
search
sam-goodwin
/
eventual
Build scalable and durable micro-services with APIs, Messaging and Workflows
https://docs.eventual.ai
MIT License
173
stars
4
forks
source link
Configure Compliance Controls
#465
Open
sam-goodwin
opened
9 months ago
sam-goodwin
commented
9 months ago
Non-compliant
[ ] The CloudWatch Log Group is not encrypted with an AWS KMS key
[ ] The DynamoDB table does not have Point-in-time Recovery enabled
[ ] The DynamoDB table is not in an AWS Backup plan
[ ] The IAM Group, User, or Role contains an inline policy
[ ] The Lambda function is not VPC enabled
[ ] The Lambda function is not configured with a dead-letter configuration
[ ] The Lambda function is not configured with function-level concurrent execution limits
[ ] The OpenSearch Service domain does not have encryption at rest enabled
[ ] The OpenSearch Service domain does not have node-to-node encryption enabled
[ ] The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs
[ ] The OpenSearch Service domain is not running within a VPC
[ ] The S3 Bucket does not have replication enabled
[ ] The S3 Bucket does not have server access logs enabled
[ ] The S3 Bucket does not have versioning enabled
[ ] The S3 Bucket does not prohibit public read access through its Block Public Access configurations and bucket ACLs
[ ] The S3 Bucket does not prohibit public write access through its Block Public Access configurations and bucket ACLs
[ ] The S3 Bucket is not encrypted with a KMS Key by default
[ ] The S3 Bucket or bucket policy does not require requests to use SSL
Compliant
[ ] The CloudWatch Log Group does not have an explicit retention period configured
[ ] The IAM Group, User, or Role contains an inline policy
[ ] The IAM policy grants admin access, meaning the policy allows a principal to perform all actions on all resources
[ ] The IAM policy grants full access, meaning the policy allows a principal to perform all actions on individual resources
[ ] The IAM policy is attached at the user level
[ ] The Lambda function is not configured with a dead-letter configuration
[ ] The Lambda function permission grants public access
[ ] The S3 bucket does not prohibit public access through bucket level settings
[ ] The provisioned capacity DynamoDB table does not have Auto Scaling enabled on it's indexes
Non-compliant
Compliant