aws-rds-cluster-iam-authentication-not-enabled
aws-rds-cluster-iam-authentication-not-enabled
The AWS RDS Cluster is not configured to use IAM authentication. Consider using IAM for authentication.
missing-aws-cross-zone-lb
missing-aws-cross-zone-lb
The AWS cross zone load balancing is not enabled.
aws-elasticache-automatic-backup-not-enabled
aws-elasticache-automatic-backup-not-enabled
Ensure that Amazon ElastiCache clusters have automatic backup turned on. To fix this, set a
snapshot_retention_limit
.missing-cloudwatch-log-group-kms-key
missing-cloudwatch-log-group-kms-key
The AWS CloudWatch Log group is missing a KMS key. While Log group data is always encrypted, you can optionally use a KMS key instead. Add
kms_key_id = "yourKey"
to your resource block.aws-qldb-inadequate-ledger-permissions-mode
aws-qldb-inadequate-ledger-permissions-mode
The AWS QLDB ledger permissions are too permissive. Consider using “‘STANDARD’” permissions mode if possible.
missing-cloudwatch-log-group-retention
missing-cloudwatch-log-group-retention
The AWS CloudWatch Log group is missing log retention time. By default, logs are retained indefinitely. Add
retention_in_days = <integer>
to your resource block.aws-rds-multiaz-not-enabled
aws-rds-multiaz-not-enabled
The AWS RDS is not configured to use multi-az. Consider using it if possible.
missing-autoscaling-group-tags
missing-autoscaling-group-tags
missing-api-gateway-cache-cluster
missing-api-gateway-cache-cluster
Found a AWS API Gateway Stage without cache cluster enabled. Enabling the cache cluster feature enhances responsiveness of your API. Add
cache_cluster_enabled = true
to your resource block.missing-aws-lb-deletion-protection
missing-aws-lb-deletion-protection
The AWS LoadBalancer deletion protection is not enabled.
aws-s3-object-lock-not-enabled
aws-s3-object-lock-not-enabled
The AWS S3 object lock is not enabled. Consider using it if possible.
missing-aws-qldb-deletion-protection
missing-aws-qldb-deletion-protection
The AWS QLDB deletion protection is not enabled.
aws-s3-bucket-versioning-not-enabled
aws-s3-bucket-versioning-not-enabled
Ensure that Amazon S3 bucket versioning is not enabled. Consider using versioning if you don’t have alternative backup mechanism.
missing-alb-drop-http-headers
missing-alb-drop-http-headers
Detected a AWS load balancer that is not configured to drop invalid HTTP headers. Add
drop_invalid_header_fields = true
in your resource block.missing-aws-autoscaling-tags
missing-aws-autoscaling-tags
aws-rds-iam-authentication-not-enabled
aws-rds-iam-authentication-not-enabled
The AWS RDS is not configured to use IAM authentication. Consider using IAM for authentication.