Demo feb 22

[saargon]

No description provided.

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0008
Check Name: Launch configuration with unencrypted block device.
Severity: HIGH
Message: Root block device is not encrypted.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0008

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0034
Check Name: ECS clusters should have container insights enabled
Severity: LOW
Message: Cluster does not have container insights enabled.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0034

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0052
Check Name: Load balancers should drop invalid headers
Severity: HIGH
Message: Application load balancer is not set to drop invalid headers.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0052

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0053
Check Name: Load balancer is exposed to the internet.
Severity: HIGH
Message: Load balancer is exposed publicly.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0053

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0054
Check Name: Use of plain HTTP.
Severity: CRITICAL
Message: Listener for application load balancer does not use HTTPS.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0054

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'ssm:*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'ssm:*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses sensitive action 'ssm:' on wildcarded resource ''
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'ssm:*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action 'iam:List*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses sensitive action 'iam:List*' on wildcarded resource '*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses wildcarded action '*'
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0057
Check Name: IAM policy should avoid use of wildcards and instead apply the principle of least privilege
Severity: HIGH
Message: IAM policy document uses sensitive action '' on wildcarded resource ''
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0057

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0077
Check Name: RDS Cluster and RDS instance should have backup retention longer than default 1 day
Severity: MEDIUM
Message: Instance has very low backup retention period.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0077

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0080
Check Name: RDS encryption has not been enabled at a DB Instance level.
Severity: HIGH
Message: Instance does not have storage encryption enabled.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0080

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0086
Check Name: S3 Access block should block public ACL
Severity: HIGH
Message: No public access block so not blocking public acls
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0086

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0087
Check Name: S3 Access block should block public policy
Severity: HIGH
Message: No public access block so not blocking public policies
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0087

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0088
Check Name: Unencrypted S3 bucket.
Severity: HIGH
Message: Bucket does not have encryption enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0088

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0089
Check Name: S3 Bucket does not have logging enabled.
Severity: MEDIUM
Message: Bucket does not have logging enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0089

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0090
Check Name: S3 Data should be versioned
Severity: MEDIUM
Message: Bucket does not have versioning enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0090

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0091
Check Name: S3 Access Block should Ignore Public Acl
Severity: HIGH
Message: No public access block so not ignoring public acls
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0091

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0093
Check Name: S3 Access block should restrict public bucket to limit access
Severity: HIGH
Message: No public access block so not restricting public buckets
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0093

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0094
Check Name: S3 buckets should each define an aws_s3_bucket_public_access_block
Severity: LOW
Message: Bucket does not have a corresponding public access block.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0094

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0098
Check Name: Secrets Manager should use customer managed keys
Severity: LOW
Message: Secret explicitly uses the default key.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0098

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0104
Check Name: An egress security group rule allows traffic to /0.
Severity: CRITICAL
Message: Security group rule allows egress to multiple public internet addresses.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0104

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0104
Check Name: An egress security group rule allows traffic to /0.
Severity: CRITICAL
Message: Security group rule allows egress to multiple public internet addresses.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0104

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0104
Check Name: An egress security group rule allows traffic to /0.
Severity: CRITICAL
Message: Security group rule allows egress to multiple public internet addresses.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0104

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0107
Check Name: An ingress security group rule allows traffic from /0.
Severity: CRITICAL
Message: Security group rule allows ingress from public internet.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0107

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0124
Check Name: Missing description for security group rule.
Severity: LOW
Message: Security group rule does not have a description.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0124

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0124
Check Name: Missing description for security group rule.
Severity: LOW
Message: Security group rule does not have a description.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0124

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0124
Check Name: Missing description for security group rule.
Severity: LOW
Message: Security group rule does not have a description.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0124

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0124
Check Name: Missing description for security group rule.
Severity: LOW
Message: Security group rule does not have a description.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0124

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0124
Check Name: Missing description for security group rule.
Severity: LOW
Message: Security group rule does not have a description.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0124

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0132
Check Name: S3 encryption should use Customer Managed Keys
Severity: HIGH
Message: Bucket does not encrypt data with a customer managed key.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0132

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0133
Check Name: Enable Performance Insights to detect potential problems
Severity: LOW
Message: Instance does not have performance insights enabled.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0133

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0164
Check Name: Instances in a subnet should not receive a public IP address by default.
Severity: HIGH
Message: Subnet associates public IP address.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0164

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0164
Check Name: Instances in a subnet should not receive a public IP address by default.
Severity: HIGH
Message: Subnet associates public IP address.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0164

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0176
Check Name: RDS IAM Database Authentication Disabled
Severity: MEDIUM
Message: Instance does not have IAM Authentication enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/n/a

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0177
Check Name: RDS Deletion Protection Disabled
Severity: MEDIUM
Message: Instance does not have Deletion Protection enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/n/a

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0178
Check Name: VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow Logs be enabled for packet "Rejects" for VPCs.
Severity: MEDIUM
Message: VPC Flow Logs is not enabled for VPC
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0178

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0077
Check Name: RDS Cluster and RDS instance should have backup retention longer than default 1 day
Severity: MEDIUM
Message: Instance has very low backup retention period.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0077

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0080
Check Name: RDS encryption has not been enabled at a DB Instance level.
Severity: HIGH
Message: Instance does not have storage encryption enabled.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0080

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0082
Check Name: A database resource is marked as publicly accessible.
Severity: CRITICAL
Message: Instance is exposed publicly.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0082

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0133
Check Name: Enable Performance Insights to detect potential problems
Severity: LOW
Message: Instance does not have performance insights enabled.
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/avd-aws-0133

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0176
Check Name: RDS IAM Database Authentication Disabled
Severity: MEDIUM
Message: Instance does not have IAM Authentication enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/n/a

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0177
Check Name: RDS Deletion Protection Disabled
Severity: MEDIUM
Message: Instance does not have Deletion Protection enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/n/a

[github-actions]

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-AWS-0180
Check Name: RDS Publicly Accessible
Severity: HIGH
Message: Instance has Public Access enabled
[This comment was created by Aqua Pipeline]

Read more at https://avd.aquasec.com/misconfig/n/a