facebook pixelCodiga Analysis Terraform Rules, category security
BACK TO LIST

Terraform rules

Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.

CKV_AWS_78

Security
Error

Ensure that CodeBuild Project encryption is not disabled

Learn more

CKV2_AWS_34

Security
Critical

AWS SSM Parameter should be Encrypted

CKV_AWS_189

Security
Error

Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_195

Security
Error

Ensure Glue component has a security configuration associated

CKV2_AWS_33

Security
Error

Ensure AppSync is protected by WAF

CKV_AZURE_109

Security
Warning

Ensure key vault allows firewall rules settings

CKV_AZURE_117

Security
Critical

Ensure that AKS uses disk encryption set

CKV_AZURE_118

Security
Error

Ensure that Network Interfaces disable IP forwarding

CKV_GIT_3

Security
Error

Ensure GitHub repository has vulnerability alerts enabled

CKV_GIT_4

Security
Critical

Ensure Secrets are encrypted

CKV_AZURE_49

Security
Error

Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)

CKV_AZURE_5

Security
Error

Ensure RBAC is enabled on AKS clusters

CKV_AZURE_50

Security
Warning

Ensure Virtual Machine Extensions are not Installed

CKV_AZURE_120

Security
Warning

Ensure that Application Gateway enables WAF

CKV_AZURE_130

Security
Error

Ensure that PostgreSQL server enables infrastructure encryption

CKV_AZURE_29

Security
Error

Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server

CKV_AZURE_35

Security
Warning

Ensure default network access rule for Storage Accounts is set to deny

CKV_AZURE_36

Security
Error

Ensure 'Trusted Microsoft Services' is enabled for Storage Account access

CKV_AZURE_40

Security
Error

Ensure that the expiration date is set on all keys

CKV_AZURE_68

Security
Error

Ensure that PostgreSQL server disables public network access

CKV_AZURE_97

Security
Error

Ensure that Virtual machine scale sets have encryption at host enabled

CKV2_AZURE_21

Security
Warning

Ensure Storage logging is enabled for Blob service for read requests

CKV2_AZURE_8

Security
Critical

Ensure the storage container storing the activity logs is not publicly accessible

CKV_AWS_184

Security
Error

Ensure resource is encrypted by KMS using a customer managed Key

CKV_AWS_42

Security
Error

Ensure EFS is securely encrypted

CKV_AZURE_116

Security
Warning

Ensure that AKS uses Azure Policies Add-on

CKV_AZURE_141

Security
Warning

Ensure AKS local admin account is disabled

CKV_AZURE_151

Security
Warning

Ensure Windows VM enables encryption

CKV_AZURE_44

Security
Warning

Ensure Storage Account is using the latest version of TLS encryption

CKV_AWS_57

Security
Warning

S3 Bucket has an ACL defined which allows public WRITE access.

CKV_K8S_29

Security
Informational

Ensure securityContext is applied to pods and containers.

CKV_AWS_133

Security
Error

Ensure RDS instances have backup policy

CKV_AWS_178

Security
Warning

Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_250

Security
Critical

Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension

CKV_AWS_247

Security
Error

Ensure all data stored in the Elasticsearch is encrypted with a CMK

CKV_AZURE_34

Security
Error

Ensure that 'Public access level' is set to Private for blob containers

CKV_AZURE_41

Security
Error

Ensure secrets have an expiration date set

CKV2_AWS_3

Security
Warning

Ensure GuardDuty is enbaled to specific org/region

CKV2_AZURE_20

Security
Warning

Ensure Azure storage account logging for tables is enabled

CKV_AWS_260

Security
Error

Ensure no security groups allow ingress from 0.0.0.0:0 to port 80

CKV_AWS_106

Security
Error

Ensure EBS default encryption is enabled

CKV_AWS_128

Security
Error

Ensure Amazon RDS clusters and instances have AWS IAM authentication enabled

CKV_AWS_137

Security
Warning

Ensure that Elasticsearch is configured inside a VPC

CKV_AWS_142

Security
Warning

Ensure Redshift cluster is encrypted by KMS

CKV_AWS_162

Security
Warning

Ensure RDS cluster has IAM authentication enabled

CKV_AWS_179

Security
Warning

Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_188

Security
Warning

Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_228

Security
Warning

Verify Elasticsearch domain is using an up to date TLS policy

CKV_AWS_248

Security
Warning

Ensure that Elasticsearch is not using the default Security Group

CKV_AWS_33

Security
Warning

Ensure KMS key policy does not contain wildcard (*) principal

CKV_AWS_71

Security
Warning

Ensure AWS Redshift database has audit logging enabled

CKV_AWS_84

Security
Warning

Ensure Elasticsearch Domain Logging is enabled

CKV_AWS_87

Security
Critical

Ensure Amazon Redshift clusters are not publicly accessible

CKV_AWS_96

Security
Critical

Ensure all data stored in Aurora is securely encrypted at rest

CKV_GIT_6

Security
Warning

Ensure all commits GPG signed

CKV_GIT_5

Security
Informational

Ensure at least two approving reviews for PRs

CKV_AZURE_1

Security
Critical

Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)

CKV_AZURE_103

Security
Warning

Ensure that Azure Data Factory uses Git repository for source control

CKV_AZURE_104

Security
Error

Ensure Azure Data factory public network access is disabled

CKV_AZURE_110

Security
Warning

Ensure that key vault enables purge protection

CKV_AZURE_13

Security
Error

Ensure App Service Authentication is set on Azure App Service

CKV_AZURE_16

Security
Warning

Ensure App Service is registered with an Azure Active Directory account

CKV_AZURE_17

Security
Warning

Ensure the web app has certificates set

CKV_AZURE_18

Security
Warning

Ensure that 'HTTP Version' is the latest if used to run the web app

CKV_AZURE_3

Security
Error

Ensure that 'Secure transfer required' is set to 'Enabled'

CKV_AZURE_33

Security
Error

Ensure Storage logging is enabled for Queue service for read, write and delete requests

CKV_AZURE_56

Security
Error

Ensure that function apps enables Authentication

CKV_AZURE_60

Security
Error

Ensure secure transfer required is enabled

CKV_AZURE_63

Security
Informational

Ensure that App service enables HTTP logging

CKV_AZURE_70

Security
Warning

Ensure function apps are only accessible over HTTPS

CKV_AZURE_78

Security
Error

Ensure FTP deployments are disabled

CKV_AZURE_80

Security
Informational

Ensure that 'Net Framework' version is the latest, if used as a part of the web app

CKV2_AZURE_1

Security
Error

Ensure storage for critical data are encrypted with Customer Managed Key

CKV2_AZURE_10

Security
Informational

Ensure Microsoft Antimalware is configured to automatically update Virtual Machines

CKV2_AZURE_15

Security
Informational

Ensure that Azure data factories are encrypted with a customer-managed key

CKV2_AZURE_18

Security
Warning

Ensure that Storage Accounts use customer-managed key for encryption

CKV2_AZURE_2

Security
Warning

Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account