facebook pixelCodiga Analysis Terraform Rules, severity warning , category security
BACK TO LIST

Terraform rules

Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.

CKV_AZURE_109

Security
Warning

Ensure key vault allows firewall rules settings

Learn more

CKV_AZURE_50

Security
Warning

Ensure Virtual Machine Extensions are not Installed

CKV_AZURE_120

Security
Warning

Ensure that Application Gateway enables WAF

CKV_AZURE_35

Security
Warning

Ensure default network access rule for Storage Accounts is set to deny

CKV2_AZURE_21

Security
Warning

Ensure Storage logging is enabled for Blob service for read requests

CKV_AZURE_116

Security
Warning

Ensure that AKS uses Azure Policies Add-on

CKV_AZURE_141

Security
Warning

Ensure AKS local admin account is disabled

CKV_AZURE_151

Security
Warning

Ensure Windows VM enables encryption

CKV_AZURE_44

Security
Warning

Ensure Storage Account is using the latest version of TLS encryption

CKV_AWS_57

Security
Warning

S3 Bucket has an ACL defined which allows public WRITE access.

CKV_AWS_178

Security
Warning

Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)

CKV2_AWS_3

Security
Warning

Ensure GuardDuty is enbaled to specific org/region

CKV2_AZURE_20

Security
Warning

Ensure Azure storage account logging for tables is enabled

CKV_AWS_137

Security
Warning

Ensure that Elasticsearch is configured inside a VPC

CKV_AWS_142

Security
Warning

Ensure Redshift cluster is encrypted by KMS

CKV_AWS_162

Security
Warning

Ensure RDS cluster has IAM authentication enabled

CKV_AWS_179

Security
Warning

Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_188

Security
Warning

Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)

CKV_AWS_228

Security
Warning

Verify Elasticsearch domain is using an up to date TLS policy

CKV_AWS_248

Security
Warning

Ensure that Elasticsearch is not using the default Security Group

CKV_AWS_33

Security
Warning

Ensure KMS key policy does not contain wildcard (*) principal

CKV_AWS_71

Security
Warning

Ensure AWS Redshift database has audit logging enabled

CKV_AWS_84

Security
Warning

Ensure Elasticsearch Domain Logging is enabled

CKV_GIT_6

Security
Warning

Ensure all commits GPG signed

CKV_AZURE_103

Security
Warning

Ensure that Azure Data Factory uses Git repository for source control

CKV_AZURE_110

Security
Warning

Ensure that key vault enables purge protection

CKV_AZURE_16

Security
Warning

Ensure App Service is registered with an Azure Active Directory account

CKV_AZURE_17

Security
Warning

Ensure the web app has certificates set

CKV_AZURE_18

Security
Warning

Ensure that 'HTTP Version' is the latest if used to run the web app

CKV_AZURE_70

Security
Warning

Ensure function apps are only accessible over HTTPS

CKV2_AZURE_18

Security
Warning

Ensure that Storage Accounts use customer-managed key for encryption

CKV2_AZURE_2

Security
Warning

Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account