Jump to Content
Home
Guides
API Reference
Discussions
Moon (Dark Mode)
Sun (Light Mode)
Home
Guides
API Reference
Discussions
Search
Loading…
Reference
Introduction
Authentication - SSO
Okta SSO
Quick Start
AWS Integration
Kubernetes Integration
GitHub Integration
GitLab Integration
Jira Integration
Invite Users
Slack Integration
Gitlab CI/CD AppSec Tool Integration
Freemium Overview
Freemium AWS Setup
Rapticore Freemium in a New VPC
Rapticore Freemium in Existing VPC
AWS Freemium IAM Role Integration
Standard Overview
Standard AWS Setup
Rapticore Standard - Complete Config
Rapticore Standard EC2 Only - in a New VPC
Rapticore Standard EC2 Only - in Existing VPC
AWS Integration: Rapticore Standard
Reference
AWS Auto-discovery
Integrations
AWS
GitHub
GitLab
Jira
Knowledge Base
Rapticore Knowledge Base
RealTime Monitoring Rules
Cloud Operations and Cost Management
Toxic Combination - Blended Rules
AWS EC2 Public Instance with Over-Permissive IAM Role
AWS EC2 Non-Public Instance with Over-Permissive IAM Role
Public AWS EC2 with Over-Permissive IAM Role and IMDSv1 Enabled
Public AWS EC2 with IMDSv1 Enabled
Public AWS EC2 with Over-Permissive IAM Role
Amazon DocumentDB
AWS DocumentDB Database Storage is not encrypted
AWS DocumentDB Database is not encrypted with the Customer Master Key (CMK)
Amazon Neptune
AWS Neptune Database Storage is not encrypted
AWS Neptune Database is not encrypted with the Customer Master Key (CMK)
Amazon RDS
AWS RDS Database is not Encrypted
AWS RDS Database is not encrypted with the Customer Master Key(CMK)
AWS RDS Database is not publicaly exposed
AWS RDS does not use IAM Database Authentication
AWS RDS not in Multi-AZ
AWS RDS database instance does not receive minor database engine upgrades
AWS RDS cluster uses insufficient retention period
Amazon Apigateway
AWS API Gateway Development is not integrated with the AWS Web Application Firewall (WAF)
AWS API Gateway Production is not integrated with the AWS Web Application Firewall (WAF)
Amazon Elastic Load Balancer V2
AWS Elastic Load Balancer: Traffic to Load Balancers is not encrypted
AWS Elastic Load Balancer: Insecure ELB Security Policy
AWS Network Load Balancers (NLBs): Not Configured to Terminate TLS Traffic
AWS Elastic Load Balancer: Audit Logs Not Enabled
AWS ELBv2 Load Balancer: Deletion Protection Not Enabled
AWS ELBv2 Load Balancer: Less Than Two Healthy Target Instances
AWS ELBv2 has Unrestricted Security Group Attached
AWS Classic Load Balancer (ELB) has Unrestricted Security Group Attached
AWS ELBv2 Listener Configurations and Allowed Security Group Ports Discrepancy
AWS Classic Load Balancer (ELB) Listener Configurations and Allowed Security Group Ports Discrepancy
AWS ELBv2 with All Unhealthy Targets
Amazon S3
AWS S3 Does Not Enforce Secure Transport
AWS S3 is Not Encrypted
AWS S3 Encryption does not use Customer Master Key (CMK)
AWS S3 Bucket is Public
Amazon Dynamodb
AWS DynamoDB Table is not encrypted with the Customer Master Key (CMK)
Amazon Athena
AWS Athena Query Results are not stored encrypted
AWS Athena Query Results are not encrypted with the Customer Master Key (CMK)
Amazon SNS
AWS SNS Topic is not Encrypted
AWS SNS Topic is not Encrypted with the Customer Master Key (CMK)
AWS SNS Topic is Exposed to Public
AWS SNS Topic is Accessible to Public Subscription
Amazon SQS
AWS SQS Server-Side Encryption is not enabled
AWS SQS Queue is not Encrypted with Customer Master Key (CMK)
AWS SQS Queue is Exposed to the Public
Amazon EFS
AWS EFS Volume is Not Encrypted
AWS EFS Volume Does Not Enforce Data-at-Rest Encryption Using KMS CMKs
Amazon Firehose
AWS Firehose Does Not Enforce Data-at-Rest Encryption
Amazon Kinesis
AWS Kinesis Does Not Enforce Data-at-Rest Encryption
AWS Kinesis Does Not Enforce Data-at-Rest Encryption using CMK
Amazon Glue
AWS Glue Data Catalog Objects and Connection Passwords Are Unencrypted
AWS Glue Data Catalogs Does Not Enforce Data-at-Rest Encryption
AWS Glue Data Catalogs Does Not Enforce Data-at-Rest Encryption Using KMS CMKs
Amazon CloudFront
AWS CloudFront Using Insecure Origin SSL Protocols
AWS CloudFront Insecure Security Policy
AWS CloudFront Logging Not Enabled
AWS CloudFront Not Integrated With WAF
Amazon ElastiCache
AWS ElastiCache Cluster In-transit and At-rest Encryption Not Enabled
AWS ElastiCache Cluster Located in EC2 Classic
AWS ElastiCache Redis Cache Cluster Not Using Multi-AZ Deployment
Amazon Lambda
AWS Lambda Exposed to the Public
AWS Lambda Using Administrative Privileges
AWS Lambda Function: Tracing is Not Enabled for the
AWS Lambda Function Without Appropriate Network Access and Isolation
AWS Lambda Function is Not Publicly Exposed
Amazon EC2
Ensure AWS EC2 Instances Are Not Exposed to the Public
Ensure AWS EC2 Instances Are Not Using the Default Security Group
Migrate AWS EC2 Classic Instance to VPC
Ensure AWS EC2 Instances Use IAM Roles
AWS EC2 with Over-Permissive IAM Role and IMDSv1 Enabled
AWS EC2 with IMDSv1 Enabled
AWS EC2 with Over-Permissive IAM Role
AWS EC2 EBS Volume Not Encrypted with Customer Master Key (CMK)
AWS EC2 Attached EBS Volume Not Encrypted
Amazon ECR
AWS ECR Exposed to Public
Amazon EKS
AWS EKS Cluster's Kubernetes API Server Endpoint Publicly Accessible
AWS EKS Security Groups Allow Access on Ports Other Than TCP Port 443
Amazon Auto Scaling
AWS Auto Scaling Group is Publicly Accessible from the Internet
AWS EC2 Instance Not Launched in an Auto Scaling Group
AWS Auto Scaling Group Not Configured to Use Multiple Availability Zones
Amazon Guardduty
AWS GuardDuty is Not Enabled in the Account
Amazon KMS
AWS Key Management Service (KMS) Master Keys Publicly Exposed
Amazon Secrets Manager
AWS KMS Keys for Envelope Encryption of Kubernetes Secrets in Amazon EKS
AWS Secrets Manager Secrets Encrypted with Amazon KMS CMKs
Amazon EBS
AWS EBS Volume Snapshots Encryption for Sensitive Data
AWS Elastic Block Store (EBS) Volume Snapshots are Not Public
AWS RDS Snapshots Are Not Public
Amazon AMI
AWS AMIs Are Not Publicly Shared
Amazon Security Groups
Security Groups Allowing Ingress from Broad Network Ranges
Ensure AWS Resources are Not Associated with Default Security Groups
Ensure Security Groups with All Inbound Public Traffic are Business-Approved
Ensure AWS RDS Instances are Not Provisioned in Public Subnets
Ensure EC2 Backend Instances are Not Provisioned in Public Subnets
Ensure Security Groups for Amazon EKS Allow Only TCP Port 443 Inbound Traffic
Ensure No Security Groups Allow Ingress from 0.0.0.0/0 to SSH Port 22
Ensure No Security Groups Allow Ingress from 0.0.0.0/0 to RDP Port 3389
Ensure no security groups allow ingress from 0.0.0.0/0 to memcache port 11211
Ensure no security groups allow ingress from 0.0.0.0/0 to Redis port 6379
Ensure no security groups allow ingress from 0.0.0.0/0 to CIFS port 445
Ensure no security groups allow ingress from 0.0.0.0/0 to DNS port 53
Ensure no security groups allow ingress from 0.0.0.0/0 to Elastic Search port 9200
Ensure no security groups allow ingress from 0.0.0.0/0 to FTP port 20-21
Ensure no security groups allow ingress from 0.0.0.0/0 to Mongodb port 27017
Ensure no security groups allow ingress from 0.0.0.0/0 to MySQL port 3306
Ensure no security groups allow ingress from 0.0.0.0/0 to MSSQL port 1433
Ensure no security groups allow ingress from 0.0.0.0/0 to Oracle port 1521
Ensure no security groups allow ingress from 0.0.0.0/0 to PostgreSQL port 5432
Ensure no security groups allow ingress from 0.0.0.0/0 to RPC port 135
Ensure no security groups allow ingress from 0.0.0.0/0 to RPC port 139
Ensure no security groups allow ingress from 0.0.0.0/0 to Telnet port 23
Ensure no security groups allow ingress from 0.0.0.0/0 to SMTP port 25
Amazon ACM
Expired SSL/TLS Certificates Stored in AWS IAM Are Removed
AWS ACM SSL/TLS Certificate Requests Are Validated
AWS ACM SSL/TLS Certificates Renewed 7 Days Before Their Validity Period Ends
AWS ACM SSL/TLS Certificates are Renewed 30 Days Before Their Validity Period Ends
AWS ACM uses Single Domain Name Certificates
Amazon IAM
Avoid the Use of the AWS Root Account
Ensure Avoidance of IAM Role Reuse in AWS
Ensure No IAM Groups Have Overly Broad Administrator Permissions in AWS
Ensure Every IAM User is Assigned to at Least One IAM Group
Ensure MFA is Required for Third Party IAM Roles with Cross-Account Access
Powered by
Integrations
Rapticore provides a number of integrations.
Updated about 3 years ago
