-
Notifications
You must be signed in to change notification settings - Fork 8
/
default.yml
45 lines (42 loc) · 1.84 KB
/
default.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Networking:
testSshNotOpenFromInternet: True
testRdpNotOpenFromInternet: True
testPortsOpenFromTheInternet: True
testDefaultSecurityGroupsNotOpenFromInternet: True
testMainRouteTableIsPrivate: True
Iam:
testRootAccountLoginIsAvoided: True
testMfaEnabledForConsoleUsers: True
testUnusedCredentialsAreDeactivated: True
testAccessKeysAreRotated: True
testPasswordPolicyRequiresUpperCaseLetters: True
testPasswordPolicyRequiresLowerCaseLetters: True
testPasswordPolicyRequiresNumbers: True
testPasswordPolicyRequiresSymbols: True
testPasswordPolicyRequiresMinimumLength: True
testPasswordPolicyPreventsPasswordReuse: True
testPasswordPolicyEnsuresPasswordExpiry: True
testRootAccountHasNoActiveAccessKeys: True
testPoliciesAreNotAttachedToUsers: True
Logging:
testCloudtrailEnabledForAllRegions: True
testCloudTrialsLogsAreIntegratedWithCloudWatch: True
testCloudTrailLogsS3BucketIsNotPublic: True
testCloudTrailLogsS3BucketHasAccessLoggingEnabled: True
testCloudTrailValidationIsEnabled: True
testCloudTrailLogsAreEncrypted: True
testCustomerCreatedCMKKeysAreRotationEnabled: True
Monitoring:
testMetricFilterAndAlarmExistForUnauthorizedApiCalls: True
testMetricFilterAndAlarmExistForLoginWithoutMfa: True
testMetricFilterAndAlarmExistForRootLogin: True
testMetricFilterAndAlarmExistForIamPolicyChanges: True
testMetricFilterAndAlarmExistForCloudtrailConfigChanges: True
testMetricFilterAndAlarmExistForS3PolicyChanges: True
testMetricFilterAndAlarmExistForNetworkGatewayChanges: True
testMetricFilterAndAlarmExistForRouteTableChanges: True
testMetricFilterAndAlarmExistForVpcChanges: True
testSNSTopicsHaveAppropriateSubscribers: True
testMetricFilterAndAlarmExistForSecurityGroupChanges: True
testMetricFilterAndAlarmExistForNetworkAclChanges: True
testMetricFilterAndAlarmExistForConsoleAuthFailure: True