High
Showing all detectors for the Terraform language with high severity.
Unsecured Encryption at rest is detected for the data stored in SageMaker.
Disabled encryption is configured in AWS Glue security.
Disabled Encryption is detected for AWS RDS DB cluster.
Secrets are being revealed by EC2 user data.
Disabled Encryption is detected for the Glue Data Catalog.
Overly permissive access is granted by the AWS route table with VPC peering to all traffic.
Overly permissive access is granted by the AWS EKS cluster security group to all traffic.
Overly permissive access is granted by the AWS route table with VPC peering to all traffic.
Unsecured encryption of DAX is detected at rest.
Unencrypted AWS Redshift cluster using CMK is detected.
implicit SSH access from 0.0.0.0/0 for AWS EKS node group is detected.
IAM policy documents detect the use of asterisk as an action for statements.
Disabled Encryption is detected for all data in Aurora at rest.
The IAM role doesn't permit only specific services or principals for assumption.
SSL certificate from AWS certificate manager is not being used by the Elastic Load Balancer.
The AWS IAM password policy permits the reuse of password.
TLS 1.2 is not being used by the AWS Load balancer.
Data encryption at rest using KMS key is not configured in AWS SageMaker notebook instance.
Disabled versioning is detected for AWS S3 object.
HTTPS is not configured in the ViewerProtocolPolicy of CloudFront distribution.
Unsecured Encryption in transit is detected for EFS volumes in ECS task definitions.
Instances and Launch configurations with unencrypted EBS volumes is detected.
The exposure of secrets through Lambda function's environment variables is detected.
DMS replication instance with public accessibility is detected.
Public availability is detected for Neptune cluster instance.
SQS policy documents detect the use of asterisk as an action for statements.
Disabled Neptune logging is detected.
AWS S3 bucket allows public WRITE permission.
EC2 instance with public IP is detected.
Disabled DynamoDB Point-In-Time Recovery is detected.