facebook pixelCodiga Analysis Terraform Rules, severity error
BACK TO LIST

Terraform rules

Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.

CKV_AWS_174

Best practice
Error

Verify CloudFront Distribution Viewer Certificate is using TLS v1.2

Learn more

CKV_AWS_186

Best practice
Error

Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_191

Best practice
Error

Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_78

Security
Error

Ensure that CodeBuild Project encryption is not disabled

CKV2_AWS_32

Best practice
Error

Ensure CloudFront distribution has a strict security headers policy attached

CKV2_AWS_30

Safety
Error

Ensure Postgres RDS as aws_db_instance has Query Logging enabled

CKV_AWS_189

Security
Error

Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_195

Security
Error

Ensure Glue component has a security configuration associated

CKV2_AWS_33

Security
Error

Ensure AppSync is protected by WAF

CKV_AZURE_102

Safety
Error

Ensure that PostgreSQL server enables geo-redundant backups

CKV_AZURE_112

Safety
Error

Ensure key vault key is backed by HSM

CKV_AZURE_118

Security
Error

Ensure that Network Interfaces disable IP forwarding

CKV_GIT_3

Security
Error

Ensure GitHub repository has vulnerability alerts enabled

CKV_AZURE_49

Security
Error

Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)

CKV_AZURE_5

Security
Error

Ensure RBAC is enabled on AKS clusters

CKV_AZURE_130

Security
Error

Ensure that PostgreSQL server enables infrastructure encryption

CKV_AZURE_29

Security
Error

Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server

CKV_AZURE_36

Security
Error

Ensure 'Trusted Microsoft Services' is enabled for Storage Account access

CKV_AZURE_40

Security
Error

Ensure that the expiration date is set on all keys

CKV_AZURE_68

Security
Error

Ensure that PostgreSQL server disables public network access

CKV_AZURE_97

Security
Error

Ensure that Virtual machine scale sets have encryption at host enabled

CKV_AWS_184

Security
Error

Ensure resource is encrypted by KMS using a customer managed Key

CKV_AWS_42

Security
Error

Ensure EFS is securely encrypted

CKV_AZURE_98

Best practice
Error

Ensure that Azure Container group is deployed into virtual network.

CKV_AWS_249

Best practice
Error

Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions

CKV_AWS_120

Best practice
Error

Ensure API Gateway caching is enabled

CKV_AWS_80

Best practice
Error

Ensure MSK Cluster logging is enabled

CKV2_AWS_29

Best practice
Error

Ensure public API gateway are protected by AWS Web Application Firewall v2

CKV_AWS_133

Security
Error

Ensure RDS instances have backup policy

CKV_AWS_226

Best practice
Error

Ensure DB instance gets all minor upgrades automatically

CKV2_AWS_35

Best practice
Error

AWS NAT Gateways should be utilized for the default route

CKV_AWS_247

Security
Error

Ensure all data stored in the Elasticsearch is encrypted with a CMK

CKV_AZURE_34

Security
Error

Ensure that 'Public access level' is set to Private for blob containers

CKV_AZURE_41

Security
Error

Ensure secrets have an expiration date set

CKV_AWS_260

Security
Error

Ensure no security groups allow ingress from 0.0.0.0:0 to port 80

CKV_AWS_106

Security
Error

Ensure EBS default encryption is enabled

CKV_AWS_128

Security
Error

Ensure Amazon RDS clusters and instances have AWS IAM authentication enabled

CKV_AZURE_104

Security
Error

Ensure Azure Data factory public network access is disabled

CKV_AZURE_13

Security
Error

Ensure App Service Authentication is set on Azure App Service

CKV_AZURE_24

Best practice
Error

Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers

CKV_AZURE_3

Security
Error

Ensure that 'Secure transfer required' is set to 'Enabled'

CKV_AZURE_33

Security
Error

Ensure Storage logging is enabled for Queue service for read, write and delete requests

CKV_AZURE_42

Safety
Error

Ensure the key vault is recoverable

CKV_AZURE_56

Security
Error

Ensure that function apps enables Authentication

CKV_AZURE_60

Security
Error

Ensure secure transfer required is enabled

CKV_AZURE_78

Security
Error

Ensure FTP deployments are disabled

CKV2_AZURE_1

Security
Error

Ensure storage for critical data are encrypted with Customer Managed Key

CKV_AWS_261

Safety
Error

Ensure HTTP HTTPS Target group defines Healthcheck