Use CasesΒΆ
These use cases provide examples of specific policies for individual AWS modules.
- Account - Login From Invalid IP Address
- Account - Detect Root Logins
- Account - Service Limit
- AMI - Stop EC2 using Unapproved AMIs
- AutoScaling Group - Verify ASGs have valid configurations
- ASG - Offhours Support
- Block New Resources In Non-Standard Regions
- DMS - DB Migration Service Endpoint - Enforce SSL
- EBS - Garbage Collect Unattached Volumes
- EBS - Create and Manage Snapshots
- EBS - Delete Unencrypted
- EC2 - auto-tag aws userName on resources
- EC2 - Offhours Support
- EC2 - Old Instance Report
- EC2 - Power On For Scheduled Patching
- EC2 - Terminate Unpatchable Instances
- ELB - Delete New Internet-Facing ELBs
- ELB - Delete Unused Elastic Load Balancers
- ELB - SSL Blacklist
- ELB - SSL Whitelist
- IAM - Manage Whether A Specific IAM Policy is Attached to Roles
- Lambda - Notify On Lambda Errors
- Example offhours policy
- RDS - Delete Unused Databases With No Connections
- RDS - Terminate Unencrypted Public Instances
- S3 - Configure New Buckets Settings and Standards
- S3 - Block Public S3 Object ACLs
- S3 - Encryption
- S3 - Global Grants
- SageMaker Notebook - Delete Public or Unencrypted
- Security Groups - Detect and Remediate Violations
- Tag Compliance Across Resources (EC2, ASG, ELB, S3, etc)
- VPC - Flow Log Configuration Check
- VPC - Notify On Invalid External Peering Connections