AWS New Checks

Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.
Profile Applicability: Level 1 Description: Security Groups in AWS act as virtual firewalls to control inbound and outbound traffic for EC2 instances. ...
Wed, 2 Apr, 2025 at 12:14 AM
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required.
Profile Applicability: Level 1 Description: Amazon EC2 Instance Metadata Service (IMDS) provides EC2 instances with metadata about themselves, includin...
Wed, 2 Apr, 2025 at 12:22 AM
Ensure No EC2 Instances Allow Ingress from the Internet to TCP Port 3389 (RDP)
Profile Applicability: Level 1 Description: Amazon EC2 (Elastic Compute Cloud) instances provide scalable compute capacity in the cloud. To secure EC...
Wed, 2 Apr, 2025 at 1:15 AM
Ensure no EC2 instances allow ingress from the internet to TCP port 23 (Telnet).
Profile Applicability:  Level 1 Description: This check ensures that no EC2 instances have security group rules that allow inbound traffic from the int...
Wed, 2 Apr, 2025 at 1:22 AM
Ensure no EC2 instances allow ingress from the internet to TCP port 11211 (Memcached)
Profile Applicability: Level 1 Description: This check ensures that no EC2 instances in your AWS environment allow ingress (incoming) traffic from the ...
Wed, 2 Apr, 2025 at 1:29 AM
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.
Profile Applicability: Level 1 Description: This check ensures that no security groups in your AWS environment allow ingress (incoming) traffic from 0...
Wed, 2 Apr, 2025 at 1:36 AM
Ensure no EC2 instances allow ingress from the internet to TCP port 9092 (Kafka)
Profile Applicability: Level 1 Description: Apache Kafka commonly uses TCP port 9092 for client-broker communication. Allowing unrestricted internet ac...
Wed, 2 Apr, 2025 at 1:40 AM
Check if EBS snapshots exists.
Profile Applicability: Level 1 Description: Amazon Elastic Block Store (EBS) allows you to create snapshots of your volumes, which are point-in-time co...
Wed, 2 Apr, 2025 at 1:46 AM
Amazon ECS task definitions should have secure networking modes and user definitions
Profile Applicability: Level 1 Description: Amazon ECS (Elastic Container Service) allows you to run containerized applications at scale. Networking mode...
Wed, 2 Apr, 2025 at 1:58 AM
Ensure centralized root credentials management is enabled
Profile Applicability: Level 1 Description: Centralized root credentials management involves controlling and managing root account access to your AWS e...
Wed, 2 Apr, 2025 at 2:54 AM