eventual icon indicating copy to clipboard operation
eventual copied to clipboard
verified publisher icon sam-goodwin

Configure Compliance Controls

Open sam-goodwin opened this issue 2 years ago • 0 comments

Non-compliant

  • [ ] The CloudWatch Log Group is not encrypted with an AWS KMS key
  • [ ] The DynamoDB table does not have Point-in-time Recovery enabled
  • [ ] The DynamoDB table is not in an AWS Backup plan
  • [ ] The IAM Group, User, or Role contains an inline policy
  • [ ] The Lambda function is not VPC enabled
  • [ ] The Lambda function is not configured with a dead-letter configuration
  • [ ] The Lambda function is not configured with function-level concurrent execution limits
  • [ ] The OpenSearch Service domain does not have encryption at rest enabled
  • [ ] The OpenSearch Service domain does not have node-to-node encryption enabled
  • [ ] The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs
  • [ ] The OpenSearch Service domain is not running within a VPC
  • [ ] The S3 Bucket does not have replication enabled
  • [ ] The S3 Bucket does not have server access logs enabled
  • [ ] The S3 Bucket does not have versioning enabled
  • [ ] The S3 Bucket does not prohibit public read access through its Block Public Access configurations and bucket ACLs
  • [ ] The S3 Bucket does not prohibit public write access through its Block Public Access configurations and bucket ACLs
  • [ ] The S3 Bucket is not encrypted with a KMS Key by default
  • [ ] The S3 Bucket or bucket policy does not require requests to use SSL

Compliant

  • [ ] The CloudWatch Log Group does not have an explicit retention period configured
  • [ ] The IAM Group, User, or Role contains an inline policy
  • [ ] The IAM policy grants admin access, meaning the policy allows a principal to perform all actions on all resources
  • [ ] The IAM policy grants full access, meaning the policy allows a principal to perform all actions on individual resources
  • [ ] The IAM policy is attached at the user level
  • [ ] The Lambda function is not configured with a dead-letter configuration
  • [ ] The Lambda function permission grants public access
  • [ ] The S3 bucket does not prohibit public access through bucket level settings
  • [ ] The provisioned capacity DynamoDB table does not have Auto Scaling enabled on it's indexes

sam-goodwin avatar Oct 13 '23 21:10 sam-goodwin