Skip to main content

Policies

AWS

Auto Scaling

ASG

  1. ASG Underutilization Detection
  2. AWS EC2 ASGs should leverage ARM instances

CloudWatch

LogGroup

  1. AWS CloudWatch LogGroups should have a finite retention

Cloudformation

Stack

  1. AWS Cloudformation Stacks should have Termination Protection enabled

DynamoDB

Table

  1. AWS DynamoDB Tables should have Deletion Protection enabled
  2. AWS ECR Repositories should have a lifecycle policy configured
  3. AWS Kinesis Streams should be encrypted

EC2

Instance

  1. AWS EC2 Idle Instance Detection
  2. AWS EC2 Instances should not use outdated instance types

Snapshot

  1. EBS Snapshot Archival Recommendation

VPC Endpoint

  1. VPC Endpoint Unused Traffic Detection

ECS

Cluster

  1. ECS Cluster Underutilization Check

Task

  1. AWS ECS Tasks should leverage ARM instances
  2. ECS Task Underutilization Check

EFS

File System

  1. AWS EFS Unused File System Detector
  2. Idle AWS EFS File System Detector

ELB

Load Balancer

  1. AWS ALB Low Traffic Detector
  2. AWS NLB Low Traffic Policy
  3. Check AWS Classic Load Balancer Low Traffic
  4. GWLB Low Usage Detector

ElastiCache

Cluster

  1. AWS ElastiCache Low Connection Count
  2. ElastiCache Instances should leverage ARM instances
  3. ElastiCache Low Utilization Check

Kendra

Index

  1. Kendra Index Activity Monitor

Lambda

Function

  1. AWS Lambda Functions should not have an excessive number of old versions
  2. AWS Lambdas should leverage ARM instances

Neptune

Cluster

  1. Neptune Cluster Inactivity Check

DB

  1. Neptune Cluster Inactivity Check

OpenSearch

Domain

  1. AWS Elasticsearch Domains should leverage ARM instances

RDS

DB

  1. AWS RDS DB Instances should automatically create backups
  2. AWS RDS DB Instances should automatically version upgrade
  3. AWS RDS DB Instances should have deletion protection enabled
  4. AWS RDS DB Instances should have deletion protection enabled
  5. AWS RDS DB Instances should have performance insights enabled
  6. AWS RDS DB Instances should not be publicly accessible
  7. AWS RDS DB Instances should use encrypted storage
  8. AWS RDS DBClusters should leverage ARM instances
  9. AWS RDS Idle DBInstance Check

S3

Bucket

  1. S3 Buckets should use encryption

SQS

  1. AWS SQS Queues should have a redrive queue configured

Queue

  1. SQS Queue Idle Monitor
  2. SQS Queue No Messages Received