Tag: amazon-s3

AWS insecure transmission CDK

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Missing Amazon S3 bucket owner condition

Not setting the Amazon S3 bucket owner condition could lead to accidentally using the wrong bucket.

aws kmskey encryption cdk

Using an AWS KMS key helps follow the standard security advice of granting least privilege to objects generated by the project.

AWS api logging disabled cdk

Api Logging Disabled may lead to unable to access log and does not record the event.

Missing Authentication for Critical Function CDK

Missing authentication checks can lead to unauthorized access to a resource or performance of an action.

AWS missing encryption of sensitive data cdk

Sensitive or critical information is not encrypted before storage or transmission in the product.

Missing Authorization CDK

Improper Access Control.

S3 partial encrypt CDK

An unencrypted bucket could lead to sensitive data exposure.