Skip to main content

Policies

AWS

Auto Scaling

ASG

  1. ASG Underutilization Detection
  2. AWS EC2 ASGs should leverage ARM instances

CloudFront

Distribution

  1. CloudFront Distribution Pricing Class

CloudTrail

Trail

  1. AWS CloudTrail Redundant Regional
  2. AWS CloudTrail Redundant Trails

CloudWatch

LogGroup

  1. AWS CloudWatch LogGroups should have a finite retention
  2. AWS CloudWatch Unused Log Stream

Cloudformation

Stack

  1. AWS Cloudformation Stacks should have Termination Protection enabled

DynamoDB

Table

  1. AWS DynamoDB Tables should have Deletion Protection enabled
  2. AWS ECR Repositories should have a lifecycle policy configured
  3. AWS Kinesis Streams should be encrypted
  4. DynamoDB Stale Data Table

EC2

EIP

  1. AWS EC2 Unattached EIP

Instance

  1. AWS EC2 Idle Instance Detection
  2. AWS EC2 Instances should not use outdated instance types
  3. EC2 Instances ARM Processor

NAT Gateway

  1. AWS NAT Gateway Usage

Snapshot

  1. AWS EBS Snapshot Age
  2. EBS Snapshot Archival Recommendation

VPC Endpoint

  1. VPC Endpoint Unused Traffic Detection

Volume

  1. AWS EBS GP2 Volume
  2. AWS EBS High IOPS Volumes
  3. AWS EBS Low IOPS Volumes
  4. AWS EBS Low Usage Volumes
  5. AWS EBS Volume Attached to Stopped Instances
  6. AWS EBS Volume Size
  7. AWS EBS Volume Unattached
  8. AWS EBS io1 Volume

ECS

Cluster

  1. ECS Cluster Underutilization Check

Task

  1. AWS ECS Tasks should leverage ARM instances
  2. ECS Task Underutilization Check

EFS

File System

  1. AWS EFS Unused File System Detector
  2. Idle AWS EFS File System Detector

EKS

Node Group

  1. EKS Node Group Graviton ARM

ELB

Load Balancer

  1. AWS ALB Low Traffic Detector
  2. AWS ALB No Targets
  3. AWS Classic Load Balancer
  4. AWS NLB Low Traffic Policy
  5. AWS NLB Without Targets
  6. Check AWS Classic Load Balancer Low Traffic
  7. EC2 Gateway LB No Targets
  8. GWLB Low Usage Detector

ElastiCache

Cluster

  1. AWS ElastiCache Low Connection Count
  2. ElastiCache Instances should leverage ARM instances
  3. ElastiCache Low Utilization Check

Kendra

Index

  1. Kendra Index Activity Monitor

Lambda

Function

  1. AWS Lambda Error Rate
  2. AWS Lambda Functions should not have an excessive number of old versions
  3. AWS Lambda Timeout Policy
  4. AWS Lambdas should leverage ARM instances

Neptune

Cluster

  1. Neptune Cluster Inactivity Check

DB

  1. Neptune Cluster Inactivity Check

OpenSearch

Domain

  1. AWS Elasticsearch Domains should leverage ARM instances

RDS

DB

  1. AWS RDS DB CPU Utilization
  2. AWS RDS DB Instances should automatically create backups
  3. AWS RDS DB Instances should automatically version upgrade
  4. AWS RDS DB Instances should have deletion protection enabled
  5. AWS RDS DB Instances should have deletion protection enabled
  6. AWS RDS DB Instances should have performance insights enabled
  7. AWS RDS DB Instances should not be publicly accessible
  8. AWS RDS DB Instances should use encrypted storage
  9. AWS RDS DBClusters should leverage ARM instances
  10. AWS RDS Idle DBInstance Check
  11. AWS RDS Low Connections
  12. AWS RDS Outdated Instance
  13. AWS RDS should use ARM Instances

S3

Bucket

  1. S3 Buckets should use encryption

SQS

Queue

  1. SQS Queue Idle Monitor
  2. SQS Queue No Messages Received