Account Summary

Accounts reviewed

Account nameAccount IDCollection date
test9545743702722019-01-23

Resources

Resource counts

S3 buckets
EC2 instances
ELBs
ELBv2s
RDS instances
Redshift clusters
ElasticSearch domains
Elasticache clusters
SNS topics
SQS queues
CloudFronts
Autoscaling groups
ElasticBeanstalks
Firehose streams
Glacier vaults
KMS keys
Lambda functions
test 7 6 0 2 2 0 0 0 2 1 0 2 0 0 0 20 0

Region usage

This table shows whether a region contains the resources being counted. Currently all S3 buckets, no matter their location, and CloudFronts, are identified as being in us-east-1.

ap-south-1
eu-west-3
eu-north-1
eu-west-2
eu-west-1
ap-northeast-2
ap-northeast-1
sa-east-1
ca-central-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2
test
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YKMS keys:1
YS3 buckets:7
EC2 instances:3
SNS topics:1
SQS queues:1
KMS keys:7
YKMS keys:2
YEC2 instances:3
ELBv2s:2
RDS instances:2
SNS topics:1
Autoscaling groups:2
KMS keys:1

IAM

Public network resources

Counts of public resources by type

ec2
elb
rds
autoscaling
cloudfront
apigateway
test 3 0 0 2 0 2

Counts of public resources by port ranges


Findings Summary

Counts of finding types by account

Links to findings

Medium Low Info

Counts of findings by account


Findings

S3

Internet accessible S3 bucket via policy (only GetObject)

Severity: Info
Issue ID: S3_PUBLIC_POLICY_GETOBJECT_ONLY

This is the right way to make an S3 bucket public when you don't want to put CloudFront in front of it. This may be done when a third-party caching service is being used and you don't care about direct access to the S3 bucket.


  • test (954574370272)
      1. publicbuckettest-summitroute

S3 Control Access Block is not blocking all access

Severity: Low
Issue ID: S3_ACCESS_BLOCK_ALL_ACCESS_TYPES

This control prevents S3 buckets from being made public. Confirm that the exception that has been made is necessary.


  • test (954574370272)
        {
            "PublicAccessBlockConfiguration": {
                "BlockPublicAcls": true,
                "BlockPublicPolicy": false,
                "IgnorePublicAcls": true,
                "RestrictPublicBuckets": false
            }
        }

IAM

Password policy is not set

Severity: Low
Issue ID: PASSWORD_POLICY_NOT_SET

A password policy helps ensure strong passwords are used by IAM Users. Setting a password policy does not impact existing users, so after setting this, you should ensure users reset their passwords so that they are in compliance.


  • test (954574370272)

User has unused access key

Severity: Low
Issue ID: USER_HAS_UNUSED_ACCESS_KEY

These users have access keys that have never been used. These access keys may have been communicated to the user insecurely, or otherwise may not be as well protected as they should.


  • test (954574370272)
      1. bobby
        {
            "Unused key": 1
        }
      2. peter
        {
            "Unused key": 1
        }

GuardDuty

GuardDuty is not enabled

Severity: Medium
Issue ID: GUARDDUTY_OFF

GuardDuty is an AWS threat detection service that detects compromised access keys, EC2 instances, and more. It should be enabled in all regions.


  • test (954574370272)
    • ap-south-1
    • eu-west-3
    • eu-west-2
    • eu-west-1
    • ap-northeast-2
    • ap-northeast-1
    • sa-east-1
    • ca-central-1
    • ap-southeast-1
    • ap-southeast-2
    • eu-central-1
    • us-east-2
    • us-west-1

RDS

RDS has a public IP address

Severity: Low
Issue ID: RDS_PUBLIC_IP

Check whether this RDS instance is publicly accessible. Best practice is to put RDS instances in private subnets and not give them public IPs.


  • test (954574370272)
    • us-west-2
      1. rm1hm5h4o2wq3b0
      2. wd1ea7jukk13ger