facebook pixelTerraform Static Analysis Rules
BACK TO LIST

Terraform rules

Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.

CKV_AZURE_109

Security
Medium

Ensure key vault allows firewall rules settings

Learn more

CKV_AZURE_50

Security
Medium

Ensure Virtual Machine Extensions are not Installed

CKV_AZURE_120

Security
Medium

Ensure that Application Gateway enables WAF

CKV_AZURE_35

Security
Medium

Ensure default network access rule for Storage Accounts is set to deny

CKV2_AZURE_21

Security
Medium

Ensure Storage logging is enabled for Blob service for read requests

CKV_AZURE_116

Security
Medium

Ensure that AKS uses Azure Policies Add-on

CKV_AZURE_141

Security
Medium

Ensure AKS local admin account is disabled

CKV_AZURE_151

Security
Medium

Ensure Windows VM enables encryption

CKV_AZURE_44

Security
Medium

Ensure Storage Account is using the latest version of TLS encryption

CKV_AWS_57

Security
Medium

S3 Bucket has an ACL defined which allows public WRITE access.

CKV_AWS_178

Security
Medium

Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)

CKV2_AWS_3

Security
Medium

Ensure GuardDuty is enbaled to specific org/region

CKV2_AZURE_20

Security
Medium

Ensure Azure storage account logging for tables is enabled

CKV_AWS_137

Security
Medium

Ensure that Elasticsearch is configured inside a VPC

CKV_AWS_142

Security
Medium

Ensure Redshift cluster is encrypted by KMS

CKV_AWS_162

Security
Medium

Ensure RDS cluster has IAM authentication enabled

CKV_AWS_179

Security
Medium

Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_188

Security
Medium

Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_228

Security
Medium

Verify Elasticsearch domain is using an up to date TLS policy

CKV_AWS_248

Security
Medium

Ensure that Elasticsearch is not using the default Security Group

CKV_AWS_33

Security
Medium

Ensure KMS key policy does not contain wildcard (*) principal

CKV_AWS_71

Security
Medium

Ensure AWS Redshift database has audit logging enabled

CKV_AWS_84

Security
Medium

Ensure Elasticsearch Domain Logging is enabled

CKV_GIT_6

Security
Medium

Ensure all commits GPG signed

CKV_AZURE_103

Security
Medium

Ensure that Azure Data Factory uses Git repository for source control

CKV_AZURE_110

Security
Medium

Ensure that key vault enables purge protection

CKV_AZURE_16

Security
Medium

Ensure App Service is registered with an Azure Active Directory account

CKV_AZURE_17

Security
Medium

Ensure the web app has certificates set

CKV_AZURE_18

Security
Medium

Ensure that 'HTTP Version' is the latest if used to run the web app

CKV_AZURE_70

Security
Medium

Ensure function apps are only accessible over HTTPS

CKV2_AZURE_18

Security
Medium

Ensure that Storage Accounts use customer-managed key for encryption

CKV2_AZURE_2

Security
Medium

Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account