search

turbot / steampipe-mod-terraform-aws-compliance

Run compliance and security controls to detect Terraform AWS resources deviating from security best practices prior to deployment using Powerpipe and Steampipe.
https://hub.powerpipe.io/mods/turbot/terraform_aws_compliance
Apache License 2.0
25 stars 3 forks source link

Add additional TF controls #72

Closed rajlearner17 closed 1 year ago

rajlearner17 commented 1 year ago
  1. [x] elb_application_network_gateway_lb_use_desync_mitigation_mode
  2. [x] elb_application_lb_use_desync_mitigation_mode
  3. [x] elb_lb_target_group_use_health_check
  4. [x] elb_classic_lb_use_desync_mitigation_mode
  5. [x] elb_application_lb_drop_invalid_header_fields
  6. [x] elb_lb_use_secure_protocol_listener
  7. [x] appsync_graphql_api_field_level_logs_enabled
  8. [x] appsync_graphql_api_cloudwatch_logs_enabled
  9. [x] appsync_api_cache_encryption_at_rest_enabled
  10. [x] appsync_api_cache_encryption_in_transit_enabled
  11. [x] codecommit_approval_rule_template_number_of_approval_2
  12. [x] comprehend_entity_recognizer_model_encrypted_with_kms_cmk
  13. [x] comprehend_entity_recognizer_volume_encrypted_with_kms_cmk
  14. [x] connectinstance_kinesis_video_stream_storage_config_encrypted_with_kms_cmk
  15. [x] connectinstance_s3_storage_config_encrypted_with_kms_cmk
  16. [x] dlm_lifecycle_policy_events_cross_region_encryption_enabled
  17. [x] dlm_lifecycle_policy_events_cross_encrypted_with_kms_cmk
  18. [x] dlm_schedule_cross_region_encryption_enabled
  19. [x] dlm_schedule_cross_region_encrypted_with_kms_cmk
  20. [x] eks_cluster_control_plane_logging_enabled
  21. [x] eks_cluster_run_on_supported_kubernetes_version
  22. [x] elb_application_classic_lb_logging_enabled > elb_application_classic_network_lb_logging_enabled (updated)
  23. [x] emr_cluster_security_configuration_ebs_encryption_enabled
  24. [x] emr_cluster_security_configuration_encryption_in_transit_enabled
  25. [x] emr_cluster_security_configuration_local_disk_encryption_enabled
  26. [x] emr_cluster_security_configuration_encryption_uses_sse_kms
  27. [x] elasticbeanstalk_environment_use_enhanced_health_checks
  28. [x] elasticbeanstalk_environment_use_managed_updates
  29. [x] es_domain_use_default_security_group
  30. [x] opensearch_domain_use_default_security_group
  31. [x] es_domain_enforce_https
  32. [x] opensearch_domain_enforce_https
  33. [x] es_domain_encrypted_with_kms_cmk
  34. [x] opensearch_domain_encrpted_with_kms_cmk
  35. [x] fsx_ontap_file_system_encrypted_with_kms_cmk
  36. [x] fsx_openzfs_file_system_with_kms_cmk
  37. [x] fsx_windows_file_system_encrypted_with_kms_cmk
  38. [x] glue_crawler_security_configuration_enabled
  39. [x] glue_dev_endpoint_security_configuration_enabled
  40. [x] glue_job_security_configuration_enabled
  41. [x] kendra_index_server_side_encryption_uses_kms_cmk
  42. [x] keyspaces_table_encrypted_with_kms_cmk
  43. [x] elb_application_network_wateway_lb_cross_zone_load_balancing_enabled
  44. [x] lambda_function_code_signing_configured
  45. [x] lambda_function_variables_no_sensitive_data
  46. [x] lambda_function_environment_encryption_enabled
  47. [x] lambda_function_url_auth_type_configured
  48. [x] fsx_lustre_file_system_encrypted_with_kms_cmk
  49. [x] mq_broker_audit_logging_enabled
  50. [x] mq_broker_encrypted_with_kms_cmk
  51. [x] mq_broker_general_logging_enabled
  52. [x] mq_broker_automatic_minor_upgrade_enabled
  53. [x] mq_broker_publicly_accessible
  54. [x] mq_broker_currect_broker_version
  55. [x] msk_cluster_encrypted_with_kms_cmk
  56. [x] msk_cluster_encryption_in_transit_enabled
  57. [x] msk_cluster_logging_enabled
  58. [x] msk_cluster_nodes_publicly_accessible
  59. [x] mwaa_environment_scheduler_logs_enabled
  60. [x] mwaa_environment_webserver_logs_enabled
  61. [x] mwaa_environment_worker_logs_enabled
  62. [x] qldb_ledger_deletion_protection_enabled
  63. [x] qldb_ledger_permission_mode_set_to_standard
  64. [x] eventbridge_scheduler_schedule_encrypted_with_kms_cmk