CKV_AWS_174
Best practice
Error
Verify CloudFront Distribution Viewer Certificate is using TLS v1.2
BACK TO LIST
Terraform rules
Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.
CKV_AWS_186
Best practice
Error
Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)
CKV_AWS_191
Best practice
Error
Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)
CKV_AWS_78
Security
Error
Ensure that CodeBuild Project encryption is not disabled
CKV2_AWS_32
Best practice
Error
Ensure CloudFront distribution has a strict security headers policy attached
CKV2_AWS_30
Safety
Error
Ensure Postgres RDS as aws_db_instance has Query Logging enabled
CKV_AWS_189
Security
Error
Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)
CKV_AWS_195
Security
Error
Ensure Glue component has a security configuration associated
CKV2_AWS_33
Security
Error
Ensure AppSync is protected by WAF
CKV_AZURE_102
Safety
Error
Ensure that PostgreSQL server enables geo-redundant backups
CKV_AZURE_112
Safety
Error
Ensure key vault key is backed by HSM
CKV_AZURE_118
Security
Error
Ensure that Network Interfaces disable IP forwarding
CKV_GIT_3
Security
Error
Ensure GitHub repository has vulnerability alerts enabled
CKV_AZURE_49
Security
Error
Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)
CKV_AZURE_5
Security
Error
Ensure RBAC is enabled on AKS clusters
CKV_AZURE_130
Security
Error
Ensure that PostgreSQL server enables infrastructure encryption
CKV_AZURE_29
Security
Error
Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
CKV_AZURE_36
Security
Error
Ensure 'Trusted Microsoft Services' is enabled for Storage Account access
CKV_AZURE_40
Security
Error
Ensure that the expiration date is set on all keys
CKV_AZURE_68
Security
Error
Ensure that PostgreSQL server disables public network access
CKV_AZURE_97
Security
Error
Ensure that Virtual machine scale sets have encryption at host enabled
CKV_AWS_184
Security
Error
Ensure resource is encrypted by KMS using a customer managed Key
CKV_AWS_42
Security
Error
Ensure EFS is securely encrypted
CKV_AZURE_98
Best practice
Error
Ensure that Azure Container group is deployed into virtual network.
CKV_AWS_249
Best practice
Error
Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions
CKV_AWS_120
Best practice
Error
Ensure API Gateway caching is enabled
CKV_AWS_80
Best practice
Error
Ensure MSK Cluster logging is enabled
CKV2_AWS_29
Best practice
Error
Ensure public API gateway are protected by AWS Web Application Firewall v2
CKV_AWS_133
Security
Error
Ensure RDS instances have backup policy
CKV_AWS_226
Best practice
Error
Ensure DB instance gets all minor upgrades automatically
CKV2_AWS_35
Best practice
Error
AWS NAT Gateways should be utilized for the default route
CKV_AWS_247
Security
Error
Ensure all data stored in the Elasticsearch is encrypted with a CMK
CKV_AZURE_34
Security
Error
Ensure that 'Public access level' is set to Private for blob containers
CKV_AZURE_41
Security
Error
Ensure secrets have an expiration date set
CKV_AWS_260
Security
Error
Ensure no security groups allow ingress from 0.0.0.0:0 to port 80
CKV_AWS_106
Security
Error
Ensure EBS default encryption is enabled
CKV_AWS_128
Security
Error
Ensure Amazon RDS clusters and instances have AWS IAM authentication enabled
CKV_AZURE_104
Security
Error
Ensure Azure Data factory public network access is disabled
CKV_AZURE_13
Security
Error
Ensure App Service Authentication is set on Azure App Service
CKV_AZURE_24
Best practice
Error
Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers
CKV_AZURE_3
Security
Error
Ensure that 'Secure transfer required' is set to 'Enabled'
CKV_AZURE_33
Security
Error
Ensure Storage logging is enabled for Queue service for read, write and delete requests
CKV_AZURE_42
Safety
Error
Ensure the key vault is recoverable
CKV_AZURE_56
Security
Error
Ensure that function apps enables Authentication
CKV_AZURE_60
Security
Error
Ensure secure transfer required is enabled
CKV_AZURE_78
Security
Error
Ensure FTP deployments are disabled
CKV2_AZURE_1
Security
Error
Ensure storage for critical data are encrypted with Customer Managed Key
CKV_AWS_261
Safety
Error
Ensure HTTP HTTPS Target group defines Healthcheck