BACK TO LIST

Terraform rules

Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.

CKV_AZURE_114

Best practice
Warning

Ensure key vault secrets have content_type set

Learn more

CKV_AWS_237

Best practice
Warning

Ensure Create before destroy for API GATEWAY

CKV_AWS_217

Best practice
Warning

Ensure Create before destroy for API deployments

CKV2_AZURE_22

Best practice
Warning

Ensure that Cognitive Services enables customer-managed key for encryption

CKV_AWS_219

Best practice
Warning

Ensure Code Pipeline Artifact store is using a KMS CMK

CKV_AWS_35

Best practice
Warning

Ensure CloudTrail logs are encrypted at rest using KMS CMKs

CKV_AWS_36

Best practice
Warning

Ensure AWS CloudTrail log validation is enabled in all regions.

CKV_AWS_252

Best practice
Warning

Ensure CloudTrail defines an SNS Topic.

CKV_AWS_67

Best practice
Warning

Ensure CloudTrail is enabled in all Regions

CKV2_AWS_10

Best practice
Warning

Ensure CloudTrail trails are integrated with CloudWatch Logs

CKV_AWS_73

Best practice
Warning

Ensure API Gateway has X-Ray tracing enabled

CKV_K8S_21

Best practice
Warning

The default namespace should not be used.

CKV2_AWS_4

Best practice
Warning

Ensure API Gateway stage have logging level defined as appropriate

CKV_AZURE_134

Best practice
Warning

Ensure that Cognitive Services accounts disable public network access.

CKV_GLB_4

Best practice
Warning

Ensure commits are signed

CKV_AZURE_65

Best practice
Warning

Ensure app service enables detailed error messages

CKV_AZURE_66

Best practice
Warning

Ensure app service enables failed request tracing

CKV2_AWS_8

Best practice
Warning

Ensure RDS clusters have an AWS Backup backup plan

CKV2_AZURE_9

Best practice
Warning

Ensure Virtual Machines are utilizing Managed Disks

CKV_AWS_6

Best practice
Warning

Ensure all Elasticsearch has node-to-node encryption enabled

We use cookies to improve your site experience, including analytics cookies to understand how you use our product and design better experiences. Please read our Cookie Policy.