Storage Security How-To Guides
Find AWS RDS Instances Without Auto Minor Version Upgrade Enabled
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.
Find AWS S3 Buckets Missing Public Access Blocks
Public access policies may be applied to sensitive data buckets.
Find AWS S3 Buckets Without MFA Delete Enabled
Your security credentials are compromised or unauthorized access is granted.
Find AWS S3 Buckets Without Secure Transport Policies
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.
Find Publicly Accessible AWS RDS Instances
Publicly accessible databases could expose sensitive data to bad actors.
Find Unencrypted AWS EC2 Snapshots
When you share a snapshot, you are giving others access to all the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.
Find Unencrypted AWS EC2 Volumes
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.
Find Unencrypted AWS EFS File Systems
EFS file systems should be encrypted at rest to prevent exposure of sensitive data to bad actors.
Find Unencrypted AWS RDS Storage Volumes
If not enabled sensitive information at rest is not protected.
Find Unencrypted AWS S3 Buckets
Amazon S3 provides a way to set the default encryption behavior for an S3 bucket to ensure data is encrypted at rest.