standard
turbot/aws_compliance
Pipelines
The AWS Compliance mod has 284 pipelines.
Start with these recommended pipelines:
- Detect & correct CloudTrail trails with log file validation disabled
- Detect & correct CloudTrail trails with multi-region read/write disabled
- Detect & correct CloudTrail trails with public S3 bucket access
- Detect & correct CloudTrail trails with S3 logging disabled
- Detect & correct Config disabled in regions
- Detect & correct default VPC security groups allowing ingress egress
- Detect & correct DynamoDB tables with deletion protection disabled
- Detect & correct DynamoDB tables with point-in-time recovery disabled
- Detect & correct EBS encryption by default disabled in regions
- Detect & correct EBS snapshots when publicly restorable
- Detect & correct EC2 classic load balancers with connection draining disabled
- Detect & correct EC2 instances with IMDSv1 enabled
- Detect & correct EC2 instances with multiple ENIs
- Detect & correct EC2 instances with public access enabled
- Detect & correct EFS file systems with encryption at rest disabled
- Detect & correct IAM roles attached with *:* policy
- Detect & correct IAM root users last used in 90 days or more
- Detect & correct IAM users with console access MFA disabled
- Detect & correct IAM users with unused access key from 90 days or more
- Detect & correct IAM users with unused access key from 90 days or more
- Detect & correct IAM users with unused login profile from 45 days or more
- Detect & correct KMS keys with rotation disabled
- Detect & correct RDS DB instances with auto minor version upgrade disabled
- Detect & correct RDS DB instances with Multi-AZ disabled
- Detect & correct RDS DB instances with public access enabled
- Detect & correct S3 buckets with block public access disabled
- Detect & correct S3 buckets with default encryption disabled
- Detect & correct S3 buckets with MFA delete disabled
- Detect & correct S3 buckets without SSL enforcement
- Detect & correct Security Hub disabled in regions
- Detect & correct VPC network ACLs allowing ingress to remote server administration ports
- Detect & correct VPC security groups allowing ingress to port 22
- Detect & correct VPC security groups allowing ingress to port 445
- Detect & correct VPC security groups allowing ingress to port 3389
- Detect & correct VPC security groups allowing ingress to remote server administration ports
- Detect & correct VPC security groups allowing ingress to remote server administration ports IPv4
- Detect & correct VPC security groups allowing ingress to remote server administration ports IPv6
- Detect & correct VPCs without flow logs