account_part_of_organizationsacm_certificate_expires_30_daysapigateway_rest_api_stage_use_ssl_certificateapigateway_rest_api_stage_xray_tracing_enabledapigateway_stage_cache_encryption_at_rest_enabledapigateway_stage_logging_enabledapigateway_stage_use_waf_web_aclautoscaling_group_multiple_az_configuredautoscaling_group_with_lb_use_health_checkautoscaling_launch_config_public_ip_disabledbackup_plan_min_retention_35_daysbackup_recovery_point_encryption_enabledbackup_recovery_point_manual_deletion_disabledcloudfront_distribution_configured_with_origin_failovercloudfront_distribution_custom_origins_encryption_in_transit_enabledcloudfront_distribution_default_root_object_configuredcloudfront_distribution_encryption_in_transit_enabledcloudfront_distribution_logging_enabledcloudfront_distribution_origin_access_identity_enabledcloudfront_distribution_sni_enabledcloudfront_distribution_use_custom_ssl_certificatecloudfront_distribution_waf_enabledcloudtrail_bucket_not_publiccloudtrail_enabled_all_regionscloudtrail_multi_region_trail_enabledcloudtrail_s3_data_events_enabledcloudtrail_s3_logging_enabledcloudtrail_s3_object_read_events_audit_enabledcloudtrail_s3_object_write_events_audit_enabledcloudtrail_security_trail_enabledcloudtrail_trail_enabledcloudtrail_trail_integrated_with_logscloudtrail_trail_logs_encrypted_with_kms_cmkcloudtrail_trail_validation_enabledcloudwatch_alarm_action_enabledcloudwatch_log_group_retention_period_365codebuild_project_environment_privileged_mode_disabledcodebuild_project_logging_enabledcodebuild_project_plaintext_env_variables_no_sensitive_aws_valuescodebuild_project_source_repo_oauth_configuredconfig_enabled_all_regionsdax_cluster_encryption_at_rest_enableddms_replication_instance_not_publicly_accessibledynamodb_table_auto_scaling_enableddynamodb_table_encrypted_with_kms_cmkdynamodb_table_encryption_enableddynamodb_table_in_backup_plandynamodb_table_point_in_time_recovery_enableddynamodb_table_protected_by_backup_planebs_attached_volume_delete_on_termination_enabledebs_attached_volume_encryption_enabledebs_snapshot_not_publicly_restorableebs_volume_encryption_at_rest_enabledebs_volume_in_backup_planebs_volume_protected_by_backup_planebs_volume_unusedec2_classic_lb_connection_draining_enabledec2_ebs_default_encryption_enabledec2_instance_detailed_monitoring_enabledec2_instance_ebs_optimizedec2_instance_iam_profile_attachedec2_instance_in_vpcec2_instance_not_publicly_accessibleec2_instance_not_use_multiple_enisec2_instance_protected_by_backup_planec2_instance_ssm_managedec2_instance_termination_protection_enabledec2_instance_uses_imdsv2ec2_stopped_instance_30_daysecr_repository_lifecycle_policy_configuredecs_service_not_publicly_accessibleecs_task_definition_user_for_host_mode_checkefs_file_system_automatic_backups_enabledefs_file_system_encrypt_data_at_restefs_file_system_protected_by_backup_planeks_cluster_endpoint_restrict_public_accesseks_cluster_secrets_encryptedelastic_beanstalk_enhanced_health_reporting_enabledelasticache_redis_cluster_automatic_backup_retention_15_dayselb_application_classic_lb_logging_enabledelb_application_lb_deletion_protection_enabledelb_application_lb_drop_http_headerselb_application_lb_redirect_http_request_to_httpselb_application_lb_waf_enabledelb_application_network_lb_use_ssl_certificateelb_classic_lb_cross_zone_load_balancing_enabledelb_classic_lb_multiple_az_configuredelb_classic_lb_use_ssl_certificateelb_classic_lb_use_tls_https_listenersemr_cluster_kerberos_enabledemr_cluster_master_nodes_no_public_ipes_domain_audit_logging_enabledes_domain_data_nodes_min_3es_domain_dedicated_master_nodes_min_3es_domain_encrypted_using_tls_1_2es_domain_encryption_at_rest_enabledes_domain_error_logging_enabledes_domain_in_vpces_domain_logs_to_cloudwatches_domain_node_to_node_encryption_enabledfsx_file_system_protected_by_backup_planguardduty_enabledguardduty_finding_archivediam_access_analyzer_enablediam_account_password_policy_expire_90iam_account_password_policy_min_length_14iam_account_password_policy_one_lowercase_letteriam_account_password_policy_one_numberiam_account_password_policy_one_symboliam_account_password_policy_one_uppercase_letteriam_account_password_policy_reuse_24iam_account_password_policy_strongiam_account_password_policy_strong_min_length_8iam_account_password_policy_strong_min_reuse_24iam_group_not_emptyiam_group_user_role_no_inline_policiesiam_policy_all_attached_no_star_stariam_policy_custom_attached_no_star_stariam_policy_custom_no_blocked_kms_actionsiam_policy_custom_no_service_wildcardiam_policy_custom_no_star_stariam_root_last_usediam_root_user_hardware_mfa_enablediam_root_user_mfa_enablediam_root_user_no_access_keysiam_root_user_virtual_mfaiam_server_certificate_not_expirediam_support_roleiam_user_access_key_age_90iam_user_access_keys_and_password_at_setupiam_user_console_access_mfa_enablediam_user_in_groupiam_user_mfa_enablediam_user_no_inline_attached_policiesiam_user_one_active_keyiam_user_unused_credentials_45iam_user_unused_credentials_90kms_cmk_rotation_enabledkms_key_decryption_restricted_in_iam_customer_managed_policykms_key_decryption_restricted_in_iam_inline_policykms_key_not_pending_deletionlambda_function_concurrent_execution_limit_configuredlambda_function_dead_letter_queue_configuredlambda_function_in_vpclambda_function_multiple_az_configuredlambda_function_restrict_public_accesslambda_function_use_latest_runtimelog_group_encryption_at_rest_enabledlog_metric_filter_bucket_policylog_metric_filter_cloudtrail_configurationlog_metric_filter_config_configurationlog_metric_filter_console_authentication_failurelog_metric_filter_console_login_mfalog_metric_filter_disable_or_delete_cmklog_metric_filter_iam_policylog_metric_filter_network_acllog_metric_filter_network_gatewaylog_metric_filter_organizationlog_metric_filter_root_loginlog_metric_filter_route_tablelog_metric_filter_security_grouplog_metric_filter_unauthorized_apilog_metric_filter_vpcmanual_controlnetworkfirewall_stateless_rule_group_not_emptyopensearch_domain_encryption_at_rest_enabledopensearch_domain_in_vpcrds_db_cluster_aurora_backtracking_enabledrds_db_cluster_aurora_protected_by_backup_planrds_db_cluster_copy_tags_to_snapshot_enabledrds_db_cluster_deletion_protection_enabledrds_db_cluster_events_subscriptionrds_db_cluster_iam_authentication_enabledrds_db_cluster_multiple_az_enabledrds_db_cluster_no_default_admin_namerds_db_instance_and_cluster_enhanced_monitoring_enabledrds_db_instance_and_cluster_no_default_portrds_db_instance_automatic_minor_version_upgrade_enabledrds_db_instance_backup_enabledrds_db_instance_copy_tags_to_snapshot_enabledrds_db_instance_deletion_protection_enabledrds_db_instance_encryption_at_rest_enabledrds_db_instance_events_subscriptionrds_db_instance_iam_authentication_enabledrds_db_instance_in_backup_planrds_db_instance_in_vpcrds_db_instance_logging_enabledrds_db_instance_multiple_az_enabledrds_db_instance_no_default_admin_namerds_db_instance_prohibit_public_accessrds_db_instance_protected_by_backup_planrds_db_parameter_group_events_subscriptionrds_db_security_group_events_subscriptionrds_db_snapshot_encrypted_at_restrds_db_snapshot_prohibit_public_accessredshift_cluster_automatic_snapshots_min_7_daysredshift_cluster_automatic_upgrade_major_versions_enabledredshift_cluster_encryption_in_transit_enabledredshift_cluster_encryption_logging_enabledredshift_cluster_enhanced_vpc_routing_enabledredshift_cluster_kms_enabledredshift_cluster_logging_enabledredshift_cluster_maintenance_settings_checkredshift_cluster_no_default_admin_nameredshift_cluster_prohibit_public_accesss3_bucket_cross_region_replication_enableds3_bucket_default_encryption_enableds3_bucket_default_encryption_enabled_kmss3_bucket_enforces_ssls3_bucket_event_notifications_enableds3_bucket_logging_enableds3_bucket_mfa_delete_enableds3_bucket_object_lock_enableds3_bucket_policy_restricts_cross_account_permission_changess3_bucket_public_access_blockeds3_bucket_restrict_public_read_accesss3_bucket_restrict_public_write_accesss3_bucket_versioning_and_lifecycle_policy_enableds3_bucket_versioning_enableds3_public_access_block_accounts3_public_access_block_buckets3_public_access_block_bucket_accountsagemaker_endpoint_configuration_encryption_at_rest_enabledsagemaker_notebook_instance_direct_internet_access_disabledsagemaker_notebook_instance_encryption_at_rest_enabledsecretsmanager_secret_automatic_rotation_enabledsecretsmanager_secret_automatic_rotation_lambda_enabledsecretsmanager_secret_encrypted_with_kms_cmksecretsmanager_secret_last_used_1_daysecretsmanager_secret_rotated_as_scheduledsecretsmanager_secret_unused_90_daysecurityhub_enabledsns_topic_encrypted_at_restsqs_queue_encrypted_at_restssm_managed_instance_compliance_association_compliantssm_managed_instance_compliance_patch_compliantvpc_configured_to_use_vpc_endpointsvpc_default_security_group_restricts_all_trafficvpc_eip_associatedvpc_flow_logs_enabledvpc_igw_attached_to_authorized_vpcvpc_network_acl_remote_administrationvpc_network_acl_unusedvpc_route_table_restrict_public_access_to_igwvpc_security_group_allows_ingress_authorized_portsvpc_security_group_associatedvpc_security_group_associated_to_enivpc_security_group_remote_administrationvpc_security_group_restrict_ingress_common_ports_allvpc_security_group_restrict_ingress_ssh_allvpc_security_group_restrict_ingress_tcp_udp_allvpc_security_group_restricted_common_portsvpc_security_group_unsuedvpc_subnet_auto_assign_public_ip_disabledvpc_vpn_tunnel_upwafv2_web_acl_logging_enabled
Queries in AWS Compliance
The AWS Compliance mod includes 256 queries:
- account_part_of_organizations
- acm_certificate_expires_30_days
- apigateway_rest_api_stage_use_ssl_certificate
- apigateway_rest_api_stage_xray_tracing_enabled
- apigateway_stage_cache_encryption_at_rest_enabled
- apigateway_stage_logging_enabled
- apigateway_stage_use_waf_web_acl
- autoscaling_group_multiple_az_configured
- autoscaling_group_with_lb_use_health_check
- autoscaling_launch_config_public_ip_disabled
- backup_plan_min_retention_35_days
- backup_recovery_point_encryption_enabled
- backup_recovery_point_manual_deletion_disabled
- cloudfront_distribution_configured_with_origin_failover
- cloudfront_distribution_custom_origins_encryption_in_transit_enabled
- cloudfront_distribution_default_root_object_configured
- cloudfront_distribution_encryption_in_transit_enabled
- cloudfront_distribution_logging_enabled
- cloudfront_distribution_origin_access_identity_enabled
- cloudfront_distribution_sni_enabled
- cloudfront_distribution_use_custom_ssl_certificate
- cloudfront_distribution_waf_enabled
- cloudtrail_bucket_not_public
- cloudtrail_enabled_all_regions
- cloudtrail_multi_region_trail_enabled
- cloudtrail_s3_data_events_enabled
- cloudtrail_s3_logging_enabled
- cloudtrail_s3_object_read_events_audit_enabled
- cloudtrail_s3_object_write_events_audit_enabled
- cloudtrail_security_trail_enabled
- cloudtrail_trail_enabled
- cloudtrail_trail_integrated_with_logs
- cloudtrail_trail_logs_encrypted_with_kms_cmk
- cloudtrail_trail_validation_enabled
- cloudwatch_alarm_action_enabled
- cloudwatch_log_group_retention_period_365
- codebuild_project_environment_privileged_mode_disabled
- codebuild_project_logging_enabled
- codebuild_project_plaintext_env_variables_no_sensitive_aws_values
- codebuild_project_source_repo_oauth_configured
- config_enabled_all_regions
- dax_cluster_encryption_at_rest_enabled
- dms_replication_instance_not_publicly_accessible
- dynamodb_table_auto_scaling_enabled
- dynamodb_table_encrypted_with_kms_cmk
- dynamodb_table_encryption_enabled
- dynamodb_table_in_backup_plan
- dynamodb_table_point_in_time_recovery_enabled
- dynamodb_table_protected_by_backup_plan
- ebs_attached_volume_delete_on_termination_enabled
- ebs_attached_volume_encryption_enabled
- ebs_snapshot_not_publicly_restorable
- ebs_volume_encryption_at_rest_enabled
- ebs_volume_in_backup_plan
- ebs_volume_protected_by_backup_plan
- ebs_volume_unused
- ec2_classic_lb_connection_draining_enabled
- ec2_ebs_default_encryption_enabled
- ec2_instance_detailed_monitoring_enabled
- ec2_instance_ebs_optimized
- ec2_instance_iam_profile_attached
- ec2_instance_in_vpc
- ec2_instance_not_publicly_accessible
- ec2_instance_not_use_multiple_enis
- ec2_instance_protected_by_backup_plan
- ec2_instance_ssm_managed
- ec2_instance_termination_protection_enabled
- ec2_instance_uses_imdsv2
- ec2_stopped_instance_30_days
- ecr_repository_lifecycle_policy_configured
- ecs_service_not_publicly_accessible
- ecs_task_definition_user_for_host_mode_check
- efs_file_system_automatic_backups_enabled
- efs_file_system_encrypt_data_at_rest
- efs_file_system_protected_by_backup_plan
- eks_cluster_endpoint_restrict_public_access
- eks_cluster_secrets_encrypted
- elastic_beanstalk_enhanced_health_reporting_enabled
- elasticache_redis_cluster_automatic_backup_retention_15_days
- elb_application_classic_lb_logging_enabled
- elb_application_lb_deletion_protection_enabled
- elb_application_lb_drop_http_headers
- elb_application_lb_redirect_http_request_to_https
- elb_application_lb_waf_enabled
- elb_application_network_lb_use_ssl_certificate
- elb_classic_lb_cross_zone_load_balancing_enabled
- elb_classic_lb_multiple_az_configured
- elb_classic_lb_use_ssl_certificate
- elb_classic_lb_use_tls_https_listeners
- emr_cluster_kerberos_enabled
- emr_cluster_master_nodes_no_public_ip
- es_domain_audit_logging_enabled
- es_domain_data_nodes_min_3
- es_domain_dedicated_master_nodes_min_3
- es_domain_encrypted_using_tls_1_2
- es_domain_encryption_at_rest_enabled
- es_domain_error_logging_enabled
- es_domain_in_vpc
- es_domain_logs_to_cloudwatch
- es_domain_node_to_node_encryption_enabled
- fsx_file_system_protected_by_backup_plan
- guardduty_enabled
- guardduty_finding_archived
- iam_access_analyzer_enabled
- iam_account_password_policy_expire_90
- iam_account_password_policy_min_length_14
- iam_account_password_policy_one_lowercase_letter
- iam_account_password_policy_one_number
- iam_account_password_policy_one_symbol
- iam_account_password_policy_one_uppercase_letter
- iam_account_password_policy_reuse_24
- iam_account_password_policy_strong
- iam_account_password_policy_strong_min_length_8
- iam_account_password_policy_strong_min_reuse_24
- iam_group_not_empty
- iam_group_user_role_no_inline_policies
- iam_policy_all_attached_no_star_star
- iam_policy_custom_attached_no_star_star
- iam_policy_custom_no_blocked_kms_actions
- iam_policy_custom_no_service_wildcard
- iam_policy_custom_no_star_star
- iam_root_last_used
- iam_root_user_hardware_mfa_enabled
- iam_root_user_mfa_enabled
- iam_root_user_no_access_keys
- iam_root_user_virtual_mfa
- iam_server_certificate_not_expired
- iam_support_role
- iam_user_access_key_age_90
- iam_user_access_keys_and_password_at_setup
- iam_user_console_access_mfa_enabled
- iam_user_in_group
- iam_user_mfa_enabled
- iam_user_no_inline_attached_policies
- iam_user_one_active_key
- iam_user_unused_credentials_45
- iam_user_unused_credentials_90
- kms_cmk_rotation_enabled
- kms_key_decryption_restricted_in_iam_customer_managed_policy
- kms_key_decryption_restricted_in_iam_inline_policy
- kms_key_not_pending_deletion
- lambda_function_concurrent_execution_limit_configured
- lambda_function_dead_letter_queue_configured
- lambda_function_in_vpc
- lambda_function_multiple_az_configured
- lambda_function_restrict_public_access
- lambda_function_use_latest_runtime
- log_group_encryption_at_rest_enabled
- log_metric_filter_bucket_policy
- log_metric_filter_cloudtrail_configuration
- log_metric_filter_config_configuration
- log_metric_filter_console_authentication_failure
- log_metric_filter_console_login_mfa
- log_metric_filter_disable_or_delete_cmk
- log_metric_filter_iam_policy
- log_metric_filter_network_acl
- log_metric_filter_network_gateway
- log_metric_filter_organization
- log_metric_filter_root_login
- log_metric_filter_route_table
- log_metric_filter_security_group
- log_metric_filter_unauthorized_api
- log_metric_filter_vpc
- manual_control
- networkfirewall_stateless_rule_group_not_empty
- opensearch_domain_encryption_at_rest_enabled
- opensearch_domain_in_vpc
- rds_db_cluster_aurora_backtracking_enabled
- rds_db_cluster_aurora_protected_by_backup_plan
- rds_db_cluster_copy_tags_to_snapshot_enabled
- rds_db_cluster_deletion_protection_enabled
- rds_db_cluster_events_subscription
- rds_db_cluster_iam_authentication_enabled
- rds_db_cluster_multiple_az_enabled
- rds_db_cluster_no_default_admin_name
- rds_db_instance_and_cluster_enhanced_monitoring_enabled
- rds_db_instance_and_cluster_no_default_port
- rds_db_instance_automatic_minor_version_upgrade_enabled
- rds_db_instance_backup_enabled
- rds_db_instance_copy_tags_to_snapshot_enabled
- rds_db_instance_deletion_protection_enabled
- rds_db_instance_encryption_at_rest_enabled
- rds_db_instance_events_subscription
- rds_db_instance_iam_authentication_enabled
- rds_db_instance_in_backup_plan
- rds_db_instance_in_vpc
- rds_db_instance_logging_enabled
- rds_db_instance_multiple_az_enabled
- rds_db_instance_no_default_admin_name
- rds_db_instance_prohibit_public_access
- rds_db_instance_protected_by_backup_plan
- rds_db_parameter_group_events_subscription
- rds_db_security_group_events_subscription
- rds_db_snapshot_encrypted_at_rest
- rds_db_snapshot_prohibit_public_access
- redshift_cluster_automatic_snapshots_min_7_days
- redshift_cluster_automatic_upgrade_major_versions_enabled
- redshift_cluster_encryption_in_transit_enabled
- redshift_cluster_encryption_logging_enabled
- redshift_cluster_enhanced_vpc_routing_enabled
- redshift_cluster_kms_enabled
- redshift_cluster_logging_enabled
- redshift_cluster_maintenance_settings_check
- redshift_cluster_no_default_admin_name
- redshift_cluster_prohibit_public_access
- s3_bucket_cross_region_replication_enabled
- s3_bucket_default_encryption_enabled
- s3_bucket_default_encryption_enabled_kms
- s3_bucket_enforces_ssl
- s3_bucket_event_notifications_enabled
- s3_bucket_logging_enabled
- s3_bucket_mfa_delete_enabled
- s3_bucket_object_lock_enabled
- s3_bucket_policy_restricts_cross_account_permission_changes
- s3_bucket_public_access_blocked
- s3_bucket_restrict_public_read_access
- s3_bucket_restrict_public_write_access
- s3_bucket_versioning_and_lifecycle_policy_enabled
- s3_bucket_versioning_enabled
- s3_public_access_block_account
- s3_public_access_block_bucket
- s3_public_access_block_bucket_account
- sagemaker_endpoint_configuration_encryption_at_rest_enabled
- sagemaker_notebook_instance_direct_internet_access_disabled
- sagemaker_notebook_instance_encryption_at_rest_enabled
- secretsmanager_secret_automatic_rotation_enabled
- secretsmanager_secret_automatic_rotation_lambda_enabled
- secretsmanager_secret_encrypted_with_kms_cmk
- secretsmanager_secret_last_used_1_day
- secretsmanager_secret_rotated_as_scheduled
- secretsmanager_secret_unused_90_day
- securityhub_enabled
- sns_topic_encrypted_at_rest
- sqs_queue_encrypted_at_rest
- ssm_managed_instance_compliance_association_compliant
- ssm_managed_instance_compliance_patch_compliant
- vpc_configured_to_use_vpc_endpoints
- vpc_default_security_group_restricts_all_traffic
- vpc_eip_associated
- vpc_flow_logs_enabled
- vpc_igw_attached_to_authorized_vpc
- vpc_network_acl_remote_administration
- vpc_network_acl_unused
- vpc_route_table_restrict_public_access_to_igw
- vpc_security_group_allows_ingress_authorized_ports
- vpc_security_group_associated
- vpc_security_group_associated_to_eni
- vpc_security_group_remote_administration
- vpc_security_group_restrict_ingress_common_ports_all
- vpc_security_group_restrict_ingress_ssh_all
- vpc_security_group_restrict_ingress_tcp_udp_all
- vpc_security_group_restricted_common_ports
- vpc_security_group_unsued
- vpc_subnet_auto_assign_public_ip_disabled
- vpc_vpn_tunnel_up
- wafv2_web_acl_logging_enabled