facebook pixelCodiga Analysis Terraform Rules, severity warning
BACK TO LIST

Terraform rules

Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.

CKV_AZURE_109

Security
Warning

Ensure key vault allows firewall rules settings

Learn more

CKV_AZURE_114

Best practice
Warning

Ensure key vault secrets have content_type set

CKV_AZURE_50

Security
Warning

Ensure Virtual Machine Extensions are not Installed

CKV_AZURE_120

Security
Warning

Ensure that Application Gateway enables WAF

CKV_AZURE_35

Security
Warning

Ensure default network access rule for Storage Accounts is set to deny

CKV2_AZURE_21

Security
Warning

Ensure Storage logging is enabled for Blob service for read requests

CKV_AWS_237

Best practice
Warning

Ensure Create before destroy for API GATEWAY

CKV_AWS_217

Best practice
Warning

Ensure Create before destroy for API deployments

CKV2_AZURE_22

Best practice
Warning

Ensure that Cognitive Services enables customer-managed key for encryption

CKV_AWS_219

Best practice
Warning

Ensure Code Pipeline Artifact store is using a KMS CMK

CKV_AWS_35

Best practice
Warning

Ensure CloudTrail logs are encrypted at rest using KMS CMKs

CKV_AWS_36

Best practice
Warning

Ensure AWS CloudTrail log validation is enabled in all regions.

CKV_AWS_252

Best practice
Warning

Ensure CloudTrail defines an SNS Topic.

CKV_AWS_67

Best practice
Warning

Ensure CloudTrail is enabled in all Regions

CKV2_AWS_10

Best practice
Warning

Ensure CloudTrail trails are integrated with CloudWatch Logs

CKV_AZURE_116

Security
Warning

Ensure that AKS uses Azure Policies Add-on

CKV_AZURE_141

Security
Warning

Ensure AKS local admin account is disabled

CKV_AZURE_151

Security
Warning

Ensure Windows VM enables encryption

CKV_AZURE_44

Security
Warning

Ensure Storage Account is using the latest version of TLS encryption

CKV_AWS_57

Security
Warning

S3 Bucket has an ACL defined which allows public WRITE access.

CKV_AWS_73

Best practice
Warning

Ensure API Gateway has X-Ray tracing enabled

CKV_K8S_21

Best practice
Warning

The default namespace should not be used.

CKV2_AWS_4

Best practice
Warning

Ensure API Gateway stage have logging level defined as appropriate

CKV_AWS_178

Security
Warning

Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)

CKV2_AWS_3

Security
Warning

Ensure GuardDuty is enbaled to specific org/region

CKV2_AZURE_20

Security
Warning

Ensure Azure storage account logging for tables is enabled

CKV_AZURE_134

Best practice
Warning

Ensure that Cognitive Services accounts disable public network access.

CKV_AWS_137

Security
Warning

Ensure that Elasticsearch is configured inside a VPC

CKV_AWS_139

Safety
Warning

Ensure that RDS clusters have deletion protection enabled

CKV_AWS_142

Security
Warning

Ensure Redshift cluster is encrypted by KMS

CKV_AWS_162

Security
Warning

Ensure RDS cluster has IAM authentication enabled

CKV_AWS_179

Security
Warning

Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_188

Security
Warning

Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_228

Security
Warning

Verify Elasticsearch domain is using an up to date TLS policy

CKV_AWS_248

Security
Warning

Ensure that Elasticsearch is not using the default Security Group

CKV_AWS_33

Security
Warning

Ensure KMS key policy does not contain wildcard (*) principal

CKV_AWS_71

Security
Warning

Ensure AWS Redshift database has audit logging enabled

CKV_AWS_84

Security
Warning

Ensure Elasticsearch Domain Logging is enabled

CKV_GLB_4

Best practice
Warning

Ensure commits are signed

CKV_GIT_6

Security
Warning

Ensure all commits GPG signed

CKV_AZURE_103

Security
Warning

Ensure that Azure Data Factory uses Git repository for source control

CKV_AZURE_110

Security
Warning

Ensure that key vault enables purge protection

CKV_AZURE_16

Security
Warning

Ensure App Service is registered with an Azure Active Directory account

CKV_AZURE_17

Security
Warning

Ensure the web app has certificates set

CKV_AZURE_18

Security
Warning

Ensure that 'HTTP Version' is the latest if used to run the web app

CKV_AZURE_65

Best practice
Warning

Ensure app service enables detailed error messages

CKV_AZURE_66

Best practice
Warning

Ensure app service enables failed request tracing

CKV_AZURE_70

Security
Warning

Ensure function apps are only accessible over HTTPS

CKV2_AWS_8

Best practice
Warning

Ensure RDS clusters have an AWS Backup backup plan

CKV2_AZURE_18

Security
Warning

Ensure that Storage Accounts use customer-managed key for encryption

CKV2_AZURE_2

Security
Warning

Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account

CKV2_AZURE_9

Best practice
Warning

Ensure Virtual Machines are utilizing Managed Disks

CKV_AWS_6

Best practice
Warning

Ensure all Elasticsearch has node-to-node encryption enabled