Cloudanix home page
Search...
⌘K
Ask AI
Community
Login
Login
Search...
Navigation
AWS Misconfigurations
EC2 Audit
Overview
AWS
Azure
GCP
GitHub
On-Demand Scan
Kubernetes
Integrations
AWS Introduction
Security of your AWS Account
AWS Pricing
AWS Services which determine your cost
AWS Threats
Getting Started with AWS Realtime Events
AWS Misconfigurations
Getting Started with AWS Audit
Permissions required for Misconfigurations Detection
API Gateway Audit
Cloudformation Audit
CloudFront Audit
CloudTrail Audit
Cloudwatch Audit
DynamoDB Audit
EC2 Audit
Elastic Search Audit
ELB Audit
IAM Audit
KMS Audit
Kubernetes Audit
Lambda Audit
RDS Audit
Redshift Audit
Route53 Audit
S3 Audit
Security Groups Audit
SES Audit
SNS Audit
IAM Deep Dive
App Sync Audit
Code Build Audit
Open Search Audit
Shield Audit
SQS Audit
On this page
Checks Performed
AWS Misconfigurations
EC2 Audit
Checks Performed
AMI Age Should Not Exceed the Configured Age
EC2 AMIs Should Be Encrypted
Autoscaling Groups Health Checks Should Be Checked
Autoscaling Hop Limit Should Be Checked
VPN Tunnel Should Be Up
Backup Plan Should Have Retention Period
Backup Manual Deletion Should Be Disabled
Recovery Point Retention Should Be Reviewed
Ensure Access Logging Is Enabled For Elastic Beanstalk Load Balancer
Ensure Enhanced Health Reporting Is Enabled For Elastic Beanstalk Environments
Enforce HTTPS For Elastic Beanstalk Load Balancers
Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment
Enable Alert Notifications For Elastic Beanstalk Events
Ensure Persistent Logs Are Enabled For Elastic Beanstalk Environments
Ensure X-Ray Tracing Is Enabled For Elastic Beanstalk Environments
Patch Installation Should Be Done On Systems Manager
AWS Client VPN Authorization Rules Should Be Enabled Authorizing All Clients
Default Security Group Should Not Allow Unrestricted Public Traffic
Restrict data-tier subnet connectivity to VPC NAT Gateway
EBS volume encrypted
EC2 AMIs Should Not Be Public
Enforce HTTPS For Elastic Beanstalk Load Balancers
EC2-Classic Elastic IP Address Limit Should Not Be Reached
EC2 Instance Should Be of Desired Type
Detailed Monitoring for EC2 Instances Should Be Enabled
Scheduled Events for EC2 Instances
EC2 Instances With Multiple Security Groups
AWS EC2 Hibernation Should Be Enabled
EC2 IAM Roles Should Be Used
EC2 IAM Roles Should Be Used
EC2 Instances Should Use Latest Generation
EC2 Uses Multiple Elastic Network Interfaces
Scheduled Events for EC2 Instances
EC2 Instance Tenancy
Require IMDSv2 For EC2 Instances
Elastic Compute Cloud Should Have Recovery Point
EC2 Instances Should Not Reach vCPU Limit
None Specified Applications Should Be Installed On Instance
Specified Applications Should Be Installed On Instance
Status OF Managed Instance Compliance Should Be Checked
EC2 Systems Manager Are Configured To Collect Blacklisted Inventory
EC2 Instance Should Not Be In Public Subnet
Long Running Instances Should Be Re-launched
Virtualization Type Of EC2 Instance Is Paravirtual
EC2 Instances Should Have Backup Plan Protection
Termination Protection Should Be Enabled
EC2 Hop Limit Check
EC2-VPC Elastic IP Address Limit Should Not Be Reached
Elastic File System Should Be In Backup Plan
Elastic File System Should Have Recovery Point
Enable Volume Encryption
Non-Empty Stateless Network Firewall Rule Groups Should Not Be Present
FSx Should Have Recovery Point
FSx Should Have Backup Plan
EC2 Instances Should Not Be Idle
Instance Should Be Launched In Auto Scaling Group
Internet Gateways Should Be Attached To Authorized Virtual Private Clouds
Network Firewall Deletion Protection Should Be Enabled
Network Firewall Logging Should Be Enabled
Network Firewalls Deployed Across Multiple Availability Zones
Network Firewall Rule Groups Should Be Stateless Or Stateful
Blacklisted AMIs Should Not Be Used
EC2 Instances Should Not Have Blacklisted Instance Types
Default VPC Should Not Be In Use
EC2 Classic Should Not Be Used
EC2 Instances Should Not Be Overutilized
Network Firewall Policy Default Action Should Be Set For Fragmented Packets
Network Firewall Policy Default Action Should Be Set For Full Packets
Reserved Instance Lease Expiration In The Next 7 Days
Reserved Instance Lease Expiration In The Next 30 Days
EC2 Reserved Instances Should Not Have Payment Failed
EC2 Reserved Instances Should Not Have Payment Pending
EC2 Reserved Instances Recent Purchases Should Be Reviewed
Non-Default Security Groups Should Be Attached To Elastic Network Interface
Security Group Excessive Counts
Security Group Name Prefixed With launch-wizard Should Not Be Used
Security Group Port Range
Security Groups Should Not Allow Inbound Traffic From RFC 1918
Security Group Rules Counts
Security Groups Should Have Descriptions
SSM Document Should Not Be Public
EC2 Instances Should Be Managed By SSM
SSM Parameters Should Be Encrypted
SSM Session Length Should Be Minimum
Storage Gateway Volume Last Backup Recovery Point Should Be Created Within Specified Duration
Storage Gateway Recovery Point Should Be Created
Storage Gateway Volumes Should Have Backup Plan
Unassociated Elastic IP Addresses Should Be Removed
EC2 Instances Should Not Be Underutilized
Unrestricted CIFS Access Should Not Be Allowed
Unrestricted DNS Access Should Not Be Allowed
Unrestricted Elasticsearch Access Should Not Be Allowed
Unrestricted FTP Access Should Not Be Allowed
Unrestricted HTTP Access Should Not Be Allowed
Unrestricted HTTPS Access Should Not Be Allowed
Unrestricted ICMP Access Should Not Be Allowed
Unrestricted Inbound Access on All Uncommon Ports Should Not Be Allowed
Unrestricted MongoDB Access Should Not Be Allowed
Unrestricted MsSQL Access Should Not Be Allowed
Unrestricted MySQL Access Should Not Be Allowed
Unrestricted Netbios Access Should Not Be Allowed
Unrestricted Oracle Access Should Not Be Allowed
Unrestricted Outbound Access Should Not Be Allowed
Unrestricted PostgreSQL Access Should Not Be Allowed
Unrestricted RDP Access Should Not Be Allowed
Unrestricted RPC Access Should Not Be Allowed
Unrestricted SMTP Access Should Not Be Allowed
Unrestricted SSH Access Should Not Be Allowed
Unrestricted Telnet Access Should Not Be Allowed
Unused AMIs Should Be Removed
Unused Elastic Network Interfaces Should Be Removed
Unused AWS EC2 Key Pairs Should Be Removed
Reserved Instances Should Not Be Unused
VPC Flow Logs Should Be Enabled
Accepter/Requester VPC To Private IP Should Be Enabled
DynamoDB Audit
Elastic Search Audit
Assistant
Responses are generated using AI and may contain mistakes.