IAM Policies

Ensure Elastic Load Balancers have logging enabled
Description:   Elastic Load Balancer(ELB) automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and I...
Thu, 24 Mar, 2022 at 3:29 AM
Ensure S3 buckets have server access logging enabled
Description:  S3 Bucket Access Logging generates a log that contains access records for each request made to your S3 bucket. An access log record contains ...
Thu, 17 Mar, 2022 at 10:14 AM
Ensure Route53 public hosted zones are logging queries to CloudWatch Logs
Description: Amazon Route 53 is a highly available and scalable cloud Domain Name Service(DNS) web service. It is a cost-effective and reliable way to rout...
Fri, 11 Mar, 2022 at 5:23 AM
Ensure Lambda functions invoke API operations are being recorded by CloudTrail
Description:  AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when need...
Mon, 21 Mar, 2022 at 1:15 AM
Ensure Redshift cluster has audit logging enabled
Description:  Amazon Redshift is a data warehouse service. It is a collection of computing resources called nodes, organized into a cluster called a cluste...
Tue, 24 Aug, 2021 at 12:50 AM
Ensure ACM certificates have Certificate Transparency logging enabled
Description: AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport L...
Tue, 22 Mar, 2022 at 10:50 PM
Ensure Trusted Advisor is enabled for errors and warnings
Description: AWS Trusted Advisor is a fully managed service that provides you guidance to follow AWS best practices.  During establishing a new workflow, d...
Thu, 10 Mar, 2022 at 12:23 AM
Ensure SQS queues have Server Side Encryption enabled
Description: Simple Queue Service - SQS is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed syst...
Fri, 11 Mar, 2022 at 1:11 AM
Ensure there are no EBS Volumes unencrypted
Description:  Elastic Block Store is a web service that provides block-level storage volumes for use with EC2 instances. EBS volumes are highly available a...
Wed, 16 Mar, 2022 at 4:23 AM
Ensure Geo restrictions are enabled in CloudFront distributions
Description:  CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally...
Tue, 22 Mar, 2022 at 12:09 AM