CKV_AWS_174
Verify CloudFront Distribution Viewer Certificate is using TLS v1.2
Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.
Verify CloudFront Distribution Viewer Certificate is using TLS v1.2
Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)
Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)
Ensure CloudFront distribution has a strict security headers policy attached
Ensure that Azure Container group is deployed into virtual network.
Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions
Ensure API Gateway caching is enabled
Ensure MSK Cluster logging is enabled
Ensure public API gateway are protected by AWS Web Application Firewall v2
Ensure DB instance gets all minor upgrades automatically
AWS NAT Gateways should be utilized for the default route
Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers