Best practice

The AWS RDS Cluster is not configured to use IAM authentication. Consider using IAM for authentication.

The AWS cross zone load balancing is not enabled.

Ensure that Amazon ElastiCache clusters have automatic backup turned on. To fix this, set a snapshot_retention_limit.

The AWS CloudWatch Log group is missing a KMS key. While Log group data is always encrypted, you can optionally use a KMS key instead. Add kms_key_id = "yourKey" to your resource block.

The AWS QLDB ledger permissions are too permissive. Consider using “‘STANDARD’” permissions mode if possible.

The AWS CloudWatch Log group is missing log retention time. By default, logs are retained indefinitely. Add retention_in_days = <integer> to your resource block.

The AWS RDS is not configured to use multi-az. Consider using it if possible.

There are missing tags for an AWS Auto Scaling group. Tags help track costs, allow for filtering for Auto Scaling groups, help with access control, and aid in organizing AWS resources. Add: tag { key = "key" value = "value" propagate_at_launch = boolean } See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group for more details.

Found a AWS API Gateway Stage without cache cluster enabled. Enabling the cache cluster feature enhances responsiveness of your API. Add cache_cluster_enabled = true to your resource block.

The AWS LoadBalancer deletion protection is not enabled.

The AWS S3 object lock is not enabled. Consider using it if possible.

The AWS QLDB deletion protection is not enabled.

Ensure that Amazon S3 bucket versioning is not enabled. Consider using versioning if you don’t have alternative backup mechanism.

Detected a AWS load balancer that is not configured to drop invalid HTTP headers. Add drop_invalid_header_fields = true in your resource block.

The AWS Autoscaling Group is not tagged.

The AWS RDS is not configured to use IAM authentication. Consider using IAM for authentication.