Report

Longer and more complex passwords are essential for robust security, and a short minimum length makes it easier for malicious actors to compromise user accounts through brute-force or other password attacks.

Disabling password expiration poses a security risk as it allows user credentials to remain unchanged indefinitely. This increases the likelihood of compromised accounts going undetected, potentially leading to unauthorized access and security breaches.

Password reuse should be avoided as it increases the vulnerability of accounts

Having a max password age set to too long of a period increases the risk of compromised credentials. Shorter expiration periods are essential for regular password updates, reducing the window of opportunity for attackers to exploit compromised credentials.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss.

Enabling auto minor version upgrade on databases can help ensure that your database is always running on the latest version, with important security patches and bug fixes applied automatically. This can improve the overall security and performance of your database and reduce the risk of potential vulnerabilities or downtime.

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss.

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Enabling auto minor version upgrade on databases can help ensure that your database is always running on the latest version, with important security patches and bug fixes applied automatically. This can improve the overall security and performance of your database and reduce the risk of potential vulnerabilities or downtime.

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Enabling backups on databases is crucial for ensuring data safety and availability in case of disasters or accidental deletion. Backups provide a simple, automated solution for data recovery and help prevent permanent data loss.

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Having a database publicly accessible increases the risk of unauthorized access and potential data breaches. Restricting access to trusted sources enhances security by preventing unauthorized users from accessing sensitive database information.

Having instances in more than one availability zone provides high availability and helps ensure that your database remains accessible in the event of an outage or failure in one availability zone. It also improves performance by allowing you to serve read traffic from multiple replicas in different availability zones.

Enabling database storage encryption helps protect sensitive data stored in your database from unauthorized access. It provides an additional layer of security to safeguard your data at rest, and can help you meet compliance requirements.

Setting the backup period to at least 30 days on databases ensures that users have a longer retention period for data recovery, in case of accidental or intentional data loss, and enables compliance with data retention regulations.

Having the PostgreSQL database's 5432 port open to the public internet poses a severe security risk. It exposes the database to potential attackers who can exploit vulnerabilities or attempt unauthorized logins through this open port.

Having unused firewalls can increase the risk of security breaches as they can be mistakenly assigned to running instances or left open, allowing unauthorized access to resources.

Allowing a load balancer to use HTTP can expose your application to security risks, as HTTP traffic is not encrypted and can be intercepted and manipulated by attackers.

Enabling access logging for load balancers allows you to monitor and analyze traffic to your application, and can help troubleshoot issues with your application's performance. Additionally, access logs can provide valuable insights for security auditing and compliance purposes.

Having the PostgreSQL database's 5432 port open to the public internet poses a severe security risk. It exposes the database to potential attackers who can exploit vulnerabilities or attempt unauthorized logins through this open port.

Having unused firewalls can increase the risk of security breaches as they can be mistakenly assigned to running instances or left open, allowing unauthorized access to resources.

Allowing a firewall to have all ports open increases the attack surface and makes your resources more vulnerable to potential security breaches.

Allowing unrestricted traffic within a firewall can create security vulnerabilities and should be avoided. Restricting traffic to only necessary ports and limiting access to trusted sources reduces the risk of unauthorized access and improves overall security.

Using default firewalls can leave your resources vulnerable to security breaches, as they are designed to allow traffic from any source.

Having no rules in default firewalls is the safest option as it restricts all inbound and outbound traffic to your resources.

Allowing unrestricted traffic within a firewall can create security vulnerabilities and should be avoided. Restricting traffic to only necessary ports and limiting access to trusted sources reduces the risk of unauthorized access and improves overall security.

Using default firewalls can leave your resources vulnerable to security breaches, as they are designed to allow traffic from any source.

Having no rules in default firewalls is the safest option as it restricts all inbound and outbound traffic to your resources.

Allowing a firewall to have all ports open increases the attack surface and makes your resources more vulnerable to potential security breaches.

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Enabling versioning on storage allows recovery from accidental deletion, overwrite or any unintended change to stored objects by keeping multiple versions of an object, adding a layer of protection for data durability and compliance requirements.

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Allowing all egress traffic in a subnet poses a significant security risk. It opens the door for potential data exfiltration and unauthorized communication from instances within the subnet, compromising the overall security of the network.

Allowing all ingress traffic in a subnet poses a significant security risk. It exposes the entire subnet to potential unauthorized access, increasing the likelihood of security breaches and compromising the integrity of the network.

Not having flow logging enabled on a subnet hinders visibility into network traffic and potential security threats. Flow logging provides valuable insights into network activity, aiding in monitoring, troubleshooting, and identifying suspicious behavior within the subnet.

Disabling insecure HTTP access on storage is essential to prevent unauthorized access and data breaches as it ensures that all access to storage is encrypted in transit, providing an additional layer of security for sensitive data.

Disabling logging on a storage prevents crucial visibility into data access and usage, hindering security monitoring and compliance efforts. Logging enables tracking of access events, providing valuable insights for detecting unauthorized activity and ensuring data integrity and accountability.

Enabling Multi-Factor Authentication (MFA) delete on storage adds an extra layer of security. It requires additional authentication before allowing deletion, reducing the risk of unauthorized or unintended data loss.