Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Compliance Controls #465

Open
27 tasks
sam-goodwin opened this issue Oct 13, 2023 · 0 comments
Open
27 tasks

Configure Compliance Controls #465

sam-goodwin opened this issue Oct 13, 2023 · 0 comments

Comments

@sam-goodwin
Copy link
Owner

sam-goodwin commented Oct 13, 2023
edited
Loading

Non-compliant

  • The CloudWatch Log Group is not encrypted with an AWS KMS key
  • The DynamoDB table does not have Point-in-time Recovery enabled
  • The DynamoDB table is not in an AWS Backup plan
  • The IAM Group, User, or Role contains an inline policy
  • The Lambda function is not VPC enabled
  • The Lambda function is not configured with a dead-letter configuration
  • The Lambda function is not configured with function-level concurrent execution limits
  • The OpenSearch Service domain does not have encryption at rest enabled
  • The OpenSearch Service domain does not have node-to-node encryption enabled
  • The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs
  • The OpenSearch Service domain is not running within a VPC
  • The S3 Bucket does not have replication enabled
  • The S3 Bucket does not have server access logs enabled
  • The S3 Bucket does not have versioning enabled
  • The S3 Bucket does not prohibit public read access through its Block Public Access configurations and bucket ACLs
  • The S3 Bucket does not prohibit public write access through its Block Public Access configurations and bucket ACLs
  • The S3 Bucket is not encrypted with a KMS Key by default
  • The S3 Bucket or bucket policy does not require requests to use SSL

Compliant

  • The CloudWatch Log Group does not have an explicit retention period configured
  • The IAM Group, User, or Role contains an inline policy
  • The IAM policy grants admin access, meaning the policy allows a principal to perform all actions on all resources
  • The IAM policy grants full access, meaning the policy allows a principal to perform all actions on individual resources
  • The IAM policy is attached at the user level
  • The Lambda function is not configured with a dead-letter configuration
  • The Lambda function permission grants public access
  • The S3 bucket does not prohibit public access through bucket level settings
  • The provisioned capacity DynamoDB table does not have Auto Scaling enabled on it's indexes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sam-goodwin