GitHub
Join us on Slack
Join us on Discord
Ask on Stack Overflow
Search
⌃
K
Links
Introduction to OpenRewrite
Running Recipes
Authoring Recipes
Recipe catalog
Kotlin
Python
Analysis
CircleCI
Cloud suitability analyzer
Concourse
Cucumber
GitHub Actions
Hibernate
Java
Jenkins
Kubernetes
XML
Micrometer
Okio
OkHttp
Quarkus
Recommendations
Gradle
Maven
SQL
Static analysis and remediation
Terraform
Add Terraform configuration
Use a long enough byte length for random resources
AWS
Best practices for AWS
Disable Instance Metadata Service version 1
Enable API gateway caching
Enable point-in-time recovery for DynamoDB
Encrypt Aurora clusters
Encrypt CodeBuild projects
Encrypt DAX storage at rest
Encrypt DocumentDB storage
Encrypt EBS snapshots
Encrypt EBS volume launch configurations
Encrypt EBS volumes
Encrypt EFS Volumes in ECS Task Definitions in transit
Encrypt ElastiCache Redis at rest
Encrypt ElastiCache Redis in transit
Encrypt Neptune storage
Encrypt RDS clusters
Encrypt Redshift storage at rest
Ensure AWS CMK rotation is enabled
Ensure AWS EFS with encryption for data at rest is enabled
Ensure AWS EKS cluster endpoint access is publicly disabled
Ensure AWS Elasticsearch domain encryption for data at rest is enabled
Ensure AWS Elasticsearch domains have EnforceHTTPS enabled
Ensure AWS Elasticsearch has node-to-node encryption enabled
Ensure AWS IAM password policy has a minimum of 14 characters
Ensure AWS Lambda function is configured for function-level concurrent execution limit
Ensure AWS Lambda functions have tracing enabled
Ensure AWS RDS database instance is not publicly accessible
Ensure AWS S3 object versioning is enabled
Ensure Amazon EKS control plane logging enabled for all log types
Ensure CloudTrail log file validation is enabled
Ensure EC2 is EBS optimized
Ensure ECR repositories are encrypted
Ensure IAM password policy expires passwords within 90 days or less
Ensure IAM password policy prevents password reuse
Ensure IAM password policy requires at least one lowercase letter
Ensure IAM password policy requires at least one number
Ensure IAM password policy requires at least one symbol
Ensure IAM password policy requires at least one uppercase letter
Ensure Kinesis Stream is securely encrypted
Ensure RDS database has IAM authentication enabled
Ensure RDS instances have Multi-AZ enabled
Ensure VPC subnets do not assign public IP by default
Ensure data stored in an S3 bucket is securely encrypted at rest
Ensure detailed monitoring for EC2 instances is enabled
Ensure enhanced monitoring for Amazon RDS instances is enabled
Ensure respective logs of Amazon RDS are enabled
Ensure the S3 bucket has access logging enabled
Make ECR tags immutable
Scan images pushed to ECR
Use HTTPS for Cloudfront distribution
Azure
GCP
Search
Core
Config
Search
Text
Groovy
Hcl
JSON
Properties
YAML
Changelog
Reference
Concepts & explanations
Powered By
GitBook
AWS
Composite Recipes
Recipes that include further recipes, often including the individual recipes below.
Best practices for AWS
Recipes
Disable Instance Metadata Service version 1
Enable API gateway caching
Enable point-in-time recovery for DynamoDB
Encrypt Aurora clusters
Encrypt CodeBuild projects
Encrypt DAX storage at rest
Encrypt DocumentDB storage
Encrypt EBS snapshots
Encrypt EBS volume launch configurations
Encrypt EBS volumes
Encrypt EFS Volumes in ECS Task Definitions in transit
Encrypt ElastiCache Redis at rest
Encrypt ElastiCache Redis in transit
Encrypt Neptune storage
Encrypt RDS clusters
Encrypt Redshift storage at rest
Ensure AWS CMK rotation is enabled
Ensure AWS EFS with encryption for data at rest is enabled
Ensure AWS EKS cluster endpoint access is publicly disabled
Ensure AWS Elasticsearch domain encryption for data at rest is enabled
Ensure AWS Elasticsearch domains have
EnforceHTTPS
enabled
Ensure AWS Elasticsearch has node-to-node encryption enabled
Ensure AWS IAM password policy has a minimum of 14 characters
Ensure AWS Lambda function is configured for function-level concurrent execution limit
Ensure AWS Lambda functions have tracing enabled
Ensure AWS RDS database instance is not publicly accessible
Ensure AWS S3 object versioning is enabled
Ensure Amazon EKS control plane logging enabled for all log types
Ensure CloudTrail log file validation is enabled
Ensure EC2 is EBS optimized
Ensure ECR repositories are encrypted
Ensure IAM password policy expires passwords within 90 days or less
Ensure IAM password policy prevents password reuse
Ensure IAM password policy requires at least one lowercase letter
Ensure IAM password policy requires at least one number
Ensure IAM password policy requires at least one symbol
Ensure IAM password policy requires at least one uppercase letter
Ensure Kinesis Stream is securely encrypted
Ensure RDS database has IAM authentication enabled
Ensure RDS instances have Multi-AZ enabled
Ensure VPC subnets do not assign public IP by default
Ensure data stored in an S3 bucket is securely encrypted at rest
Ensure detailed monitoring for EC2 instances is enabled
Ensure enhanced monitoring for Amazon RDS instances is enabled
Ensure respective logs of Amazon RDS are enabled
Ensure the S3 bucket has access logging enabled
Make ECR tags immutable
Scan images pushed to ECR
Use HTTPS for Cloudfront distribution
Previous
Use a long enough byte length for random resources
Next
Best practices for AWS
Last modified
1mo ago
