Skip to content

Configure Compliance Controls  #465

New issue
New issue
Open
Open
Configure Compliance Controls #465
@sam-goodwin

Description

@sam-goodwin
sam-goodwin
opened on Oct 13, 2023

Non-compliant

  • The CloudWatch Log Group is not encrypted with an AWS KMS key
  • The DynamoDB table does not have Point-in-time Recovery enabled
  • The DynamoDB table is not in an AWS Backup plan
  • The IAM Group, User, or Role contains an inline policy
  • The Lambda function is not VPC enabled
  • The Lambda function is not configured with a dead-letter configuration
  • The Lambda function is not configured with function-level concurrent execution limits
  • The OpenSearch Service domain does not have encryption at rest enabled
  • The OpenSearch Service domain does not have node-to-node encryption enabled
  • The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs
  • The OpenSearch Service domain is not running within a VPC
  • The S3 Bucket does not have replication enabled
  • The S3 Bucket does not have server access logs enabled
  • The S3 Bucket does not have versioning enabled
  • The S3 Bucket does not prohibit public read access through its Block Public Access configurations and bucket ACLs
  • The S3 Bucket does not prohibit public write access through its Block Public Access configurations and bucket ACLs
  • The S3 Bucket is not encrypted with a KMS Key by default
  • The S3 Bucket or bucket policy does not require requests to use SSL

Compliant

  • The CloudWatch Log Group does not have an explicit retention period configured
  • The IAM Group, User, or Role contains an inline policy
  • The IAM policy grants admin access, meaning the policy allows a principal to perform all actions on all resources
  • The IAM policy grants full access, meaning the policy allows a principal to perform all actions on individual resources
  • The IAM policy is attached at the user level
  • The Lambda function is not configured with a dead-letter configuration
  • The Lambda function permission grants public access
  • The S3 bucket does not prohibit public access through bucket level settings
  • The provisioned capacity DynamoDB table does not have Auto Scaling enabled on it's indexes

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions