Get Involved
Query: Manual verification required
Description
Manual verification is required because this control cannot be checked programatically.
Query
Tables used in this query:
Controls using this query:
- 1.1 Avoid the use of the "root" account
- 1.1 Maintain current contact details
- 1.1 Maintain current contact details
- 1.1 Maintain current contact details
- 1.1 Maintain current contact details
- 1.1 Maintain current contact details
- 1.1 Maintain current contact details
- 1.15 Ensure security questions are registered in the AWS account
- 1.17 Maintain current contact details
- 1.18 Ensure IAM instance roles are used for AWS resource access from instances
- 1.18 Ensure IAM instance roles are used for AWS resource access from instances
- 1.18 Ensure IAM instance roles are used for AWS resource access from instances
- 1.18 Ensure IAM instance roles are used for AWS resource access from instances
- 1.18 Ensure IAM instance roles are used for AWS resource access from instances
- 1.18 Ensure IAM instance roles are used for AWS resource access from instances
- 1.19 Ensure IAM instance roles are used for AWS resource access from instances
- 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.22 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- 1.3 Ensure security questions are registered in the AWS account
- 1.3 Ensure security questions are registered in the AWS account
- 1.3 Ensure security questions are registered in the AWS account
- 1.3 Ensure security questions are registered in the AWS account
- 1.3 Ensure security questions are registered in the AWS account
- 1.3 Ensure security questions are registered in the AWS account
- 10.1 Ensure you are using VPC Endpoints for source code access
- 11.1 Ensure communications between your applications and clients is encrypted
- 2.1.1 Ensure Consistent Naming Convention is used for Organizational AMI
- 2.1.3 Ensure Only Approved AMIs (Images) are Used
- 2.4 Ensure an Organizational EC2 Tag Policy has been created
- 3.1 Apply updates to any apps running in Lightsail
- 3.10 Enable storage bucket access logging
- 3.11 Ensure your Windows Server based lightsail instances are updated with the latest security patches
- 3.12 Change the auto-generated password for Windows based instances
- 3.2 Change default Administrator login names and passwords for applications
- 3.7 Ensure you are using an IAM policy to manage access to buckets in Lightsail
- 3.8 Ensure Lightsail instances are attached to the buckets
- 3.9 Ensure that your Lightsail buckets are not publicly accessible
- 4.1 Ensure AWS Config is enabled for Lambda and serverless
- 4.10 Ensure Lambda functions do not allow unknown cross account access via permission policies
- 4.11 Ensure that the runtime environment versions used for your Lambda functions do not have end of support dates
- 4.3 Ensure AWS Secrets manager is configured and being used by Lambda for databases
- 4.4 Ensure least privilege is used with Lambda function access
- 4.4 Ensure routing tables for VPC peering are "least access"
- 4.5 Ensure every Lambda function has its own IAM Role
- 4.7 Ensure Lambda functions are referencing active execution
- 4.8 Ensure that Code Signing is enabled for Lambda functions
- 4.9 Ensure there are no Lambda functions with admin privileges within your AWS account
- 5.1 Ensure AWS Batch is configured with AWS Cloudwatch Logs
- 5.2 Ensure Batch roles are configured for cross-service confused deputy prevention
- 5.4 Ensure routing tables for VPC peering are 'least access'
- 5.4 Ensure routing tables for VPC peering are "least access"
- 5.5 Ensure routing tables for VPC peering are "least access"
- 5.5 Ensure routing tables for VPC peering are "least access"
- 5.5 Ensure routing tables for VPC peering are "least access"
- 5.6 Ensure routing tables for VPC peering are "least access"
- 6.1 Ensure Managed Platform updates is configured
- 6.3 Ensure access logs are enabled
- 6.4 Ensure that HTTPS is enabled on load balancer
- Manual verification required