High

Showing all detectors for the Terraform language with high severity.

Unsecured encryption of SageMaker data at rest

Unsecured Encryption at rest is detected for the data stored in SageMaker.

Disabled AWS Glue security encryption

Disabled encryption is configured in AWS Glue security.

Disabled AWS RDS Encryption

Disabled Encryption is detected for AWS RDS DB cluster.

Exposed secrets in EC2 user data

Secrets are being revealed by EC2 user data.

Disabled Glue Data Catalog encryption

Disabled Encryption is detected for the Glue Data Catalog.

Restrict overly permissive VPC peering routes

Overly permissive access is granted by the AWS route table with VPC peering to all traffic.

Restrict overly permissive access by AWS EKS to all traffic

Overly permissive access is granted by the AWS EKS cluster security group to all traffic.

Secure AWS Database Migration Service endpoints

Overly permissive access is granted by the AWS route table with VPC peering to all traffic.

Unsecure encryption of DAX at rest

Unsecured encryption of DAX is detected at rest.

Unecrypted AWS Redshift using CMK

Unencrypted AWS Redshift cluster using CMK is detected.

Implicit SSH for AWS EKS node group

implicit SSH access from 0.0.0.0/0 for AWS EKS node group is detected.

Restrict IAM asterisk action

IAM policy documents detect the use of asterisk as an action for statements.

Disabled encryption on Aurora at rest

Disabled Encryption is detected for all data in Aurora at rest.

Restrict assumed IAM role access

The IAM role doesn't permit only specific services or principals for assumption.

Use AWS certificate manager SSL certificate with Elastic Load Balancer

SSL certificate from AWS certificate manager is not being used by the Elastic Load Balancer.

Restrict IAM password reuse

The AWS IAM password policy permits the reuse of password.

Configure TLS 1.2 in AWS Load balancer

TLS 1.2 is not being used by the AWS Load balancer.

Misconfigured data encryption at rest for AWS SageMaker instance

Data encryption at rest using KMS key is not configured in AWS SageMaker notebook instance.

Disabled AWS S3 object versioning

Disabled versioning is detected for AWS S3 object.

Configure HTTPS for CloudFront distribution ViewerProtocolPolicy

HTTPS is not configured in the ViewerProtocolPolicy of CloudFront distribution.

Unsecured Encryption in transit for EFS volumes

Unsecured Encryption in transit is detected for EFS volumes in ECS task definitions.

Unencrypted EBS Volumes

Instances and Launch configurations with unencrypted EBS volumes is detected.

Exposed secrets in Lambda function environment variables

The exposure of secrets through Lambda function's environment variables is detected.

Restrict public access on DMS replication instance

DMS replication instance with public accessibility is detected.

Restrict Neptune cluster instance public access

Public availability is detected for Neptune cluster instance.

Restrict the use of asterisk actions for SQS policy documents

SQS policy documents detect the use of asterisk as an action for statements.

Disabled Neptune logging

Disabled Neptune logging is detected.

AWS S3 public WRITE permission

AWS S3 bucket allows public WRITE permission.

Restrict public IP association on EC2 instance

EC2 instance with public IP is detected.

Disabled DynamoDB Point-In-Time Recovery

Disabled DynamoDB Point-In-Time Recovery is detected.