| EFS | ap-southeast-1 | EnabledLifecycle | Cost Optimization | EFS::fs-0aaf4e834df8d373c | Informational | New |
| EFS | ap-southeast-1 | EnabledLifecycle | Cost Optimization | EFS::fs-05dc278de43c184b6 | Informational | New |
| IAM | GLOBAL | passwordLastChange90 | Security | User::root_id | Medium | New |
| IAM | GLOBAL | consoleLastAccess90 | Security | User::root_id | Medium | New |
| IAM | GLOBAL | rootMfaActive | Security | User::root_id | High | New |
| IAM | GLOBAL | userNotUsingGroup | Operation Excellence | User::pgw-cassandra-user | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | User::pgw-cassandra-user | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::aws-controltower-ForwardSnsNotificationRole | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7 | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-pgw-core-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-pgw-ipn-processor-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-backoffice-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-epay-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-mbbank-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-merchant-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-momo-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-napas-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-payment-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-pgw-core-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-schedule-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::backend-v1-zalopay-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::frontend-backoffice-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::frontend-gateway-core-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::managed-eks-admin-ec2-role | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::managed-vpc-sg-flowlog-flowlog-role | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-aa-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-backoffice-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-debezium-connector-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-kafka-ui-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-ledger-core-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-notification-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-pay1-id-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-payment-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-sms-otp-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-wallet-backoffice-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-wallet-command-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-wallet-query-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-wallet-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pay1-wallet-wallet-sms-otp-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pgw-dev-backend-v1-pgw-core-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::pipeline-cross-account | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::PyraCloudRole | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::SecretsManagerRDSPostgreS-SecretsManagerRDSPostgreS-EmjcCJ2iYcSd | Low | New |
| IAM | GLOBAL | InlinePolicy | Operation Excellence | Role::YoPayment-AWS-Terraform-Pgw-Dev | Low | New |
| IAM | GLOBAL | hasAccessKeyNoRotate90days | Security | User::yopayment-dev-ses-user | High | New |
| IAM | GLOBAL | userNoActivity90days | Security | User::yopayment-dev-ses-user | High | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::aws-controltower-AdministratorExecutionRole | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::aws-controltower-ConfigRecorderRole | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::aws-controltower-ReadOnlyExecutionRole | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSControlTower_VPCFlowLogsRole | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0 | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78 | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11 | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSReservedSSO_AWSReadOnlyAccess_52218f0875a67871 | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7 | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-pgw-core-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-pgw-ipn-processor-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-backoffice-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-epay-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-mbbank-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-merchant-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-momo-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-napas-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-payment-service-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-pgw-core-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-schedule-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::backend-v1-zalopay-processor-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::ec2-ssm-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::ecs-iam-service | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::ecsAutoscaleRole | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::ecsEventsRole | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::frontend-backoffice-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::frontend-gateway-core-pgw-dev-codedeploy-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pay1-wallet-debezium-connector-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pay1-wallet-kafka-ui-pgw-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-backend-v1-pgw-core-dev-codedeploy-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-pgw-ipn-processor-task-execution-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-pgw-ipn-processor-task-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-backoffice-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-backoffice-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-epay-processor-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-epay-processor-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-mbbank-processor-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-mbbank-processor-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-merchant-service-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-merchant-service-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-momo-processor-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-momo-processor-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-napas-processor-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-napas-processor-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-payment-service-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-payment-service-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-pgw-core-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-pgw-core-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-scheduler-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-scheduler-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-zalopay-processor-task-execution-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-backend-v1-zalopay-processor-task-role-cmc | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-frontend-backoffice-task-execution-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-frontend-backoffice-task-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-frontend-gateway-core-task-execution-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-ecs-frontend-gateway-core-task-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-keyspaces-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pgw-dev-msk-connector-archiver-sink-connector-s3-role | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::pipeline-cross-account | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::SecretsManagerRDSPostgreS-SecretsManagerRDSPostgreS-EmjcCJ2iYcSd | Low | New |
| IAM | GLOBAL | unusedRole | Operation Excellence | Role::stacksets-exec-bb8cf4473e8495ef76fab8d8a00a5618 | Low | New |
| IAM | GLOBAL | FullAdminAccess | Security | Role::aws-controltower-AdministratorExecutionRole | High | New |
| IAM | GLOBAL | FullAdminAccess | Security | Role::AWSControlTowerExecution | High | New |
| IAM | GLOBAL | FullAdminAccess | Security | Role::AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0 | High | New |
| IAM | GLOBAL | FullAdminAccess | Security | Role::AWSReservedSSO_YoPayment-AWS-Admin-Pgw-Dev_999b53209cafbc21 | High | New |
| IAM | GLOBAL | FullAdminAccess | Security | Role::stacksets-exec-bb8cf4473e8495ef76fab8d8a00a5618 | High | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_AWSAdministratorAccess_6ad2f92126b0c1d0 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_AWSReadOnlyAccess_52218f0875a67871 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_YoPayment-AWS-Admin-Pgw-Dev_999b53209cafbc21 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b | Low | New |
| IAM | GLOBAL | roleLongSession | Security | Role::AWSReservedSSO_YoPayment-AWS-ViewOnly-Dev_8b8524750ae8d9c7 | Low | New |
| IAM | GLOBAL | ManagedPolicyFullAccessOneServ | Security | Role::AWSReservedSSO_AWSOrganizationsFullAccess_159dbe7c34ff4f78 | High | New |
| IAM | GLOBAL | ManagedPolicyFullAccessOneServ | Security | Role::AWSReservedSSO_AWSPowerUserAccess_7a9fc77c08f63f11 | High | New |
| IAM | GLOBAL | ManagedPolicyFullAccessOneServ | Security | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | High | New |
| IAM | GLOBAL | ManagedPolicyFullAccessOneServ | Security | Role::PyraCloudRole | High | New |
| IAM | GLOBAL | ManagedPolicyFullAccessOneServ | Security | Role::YoPayment-AWS-Terraform-Pgw-Dev | High | New |
| IAM | GLOBAL | InlinePolicyFullAccessOneServ | Security | Role::AWSReservedSSO_YoPayment-AWS-Data-Pgw-Dev_5af8cd0c694d6669 | High | New |
| IAM | GLOBAL | InlinePolicyFullAccessOneServ | Security | Role::AWSReservedSSO_YoPayment-AWS-Developer-Pgw-Dev_c207ab9d1e5199f5 | High | New |
| IAM | GLOBAL | InlinePolicyFullAccessOneServ | Security | Role::AWSReservedSSO_YoPayment-AWS-Platform-Pgw-Dev_c9b162f22c1c139b | High | New |
| IAM | GLOBAL | InlinePolicyFullAccessOneServ | Security | Role::YoPayment-AWS-Terraform-Pgw-Dev | High | New |
| IAM | GLOBAL | enableCURReport | Cost Optimization | Account::Config | Informational | New |
| IAM | GLOBAL | PartialEnableConfigService | Security | Account::Config | Low | New |
| IAM | GLOBAL | hasAlternateContact | Security | Account::Config | High | New |
| IAM | GLOBAL | enableCostBudget | Cost Optimization | Account::Config | High | New |
| IAM | GLOBAL | passwordPolicyReuse | Security | Account::Config | Low | New |
| IAM | GLOBAL | supportPlanLowTier | Operation Excellence | Account::Config | High | New |
| ELASTICACHE | ap-southeast-1 | EnableReadReplica | Performance Efficiency | ElastiCache::pay1-sms-otp-redis-dev-redis-cluster | Medium | New |
| ELASTICACHE | ap-southeast-1 | EnableReadReplica | Performance Efficiency | ElastiCache::pgw-redis-dev-redis-cluster | Medium | New |
| ELASTICACHE | ap-southeast-1 | EnableNotification | Operation Excellence | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pay1-sms-otp-redis-dev-redis-cluster-001 | High | New |
| ELASTICACHE | ap-southeast-1 | EnableNotification | Operation Excellence | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pgw-redis-dev-redis-cluster-001 | High | New |
| ELASTICACHE | ap-southeast-1 | DefaultPort | Security | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pay1-sms-otp-redis-dev-redis-cluster-001 | Low | New |
| ELASTICACHE | ap-southeast-1 | DefaultPort | Security | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pgw-redis-dev-redis-cluster-001 | Low | New |
| ELASTICACHE | ap-southeast-1 | LatestInstance | Performance Efficiency | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pay1-sms-otp-redis-dev-redis-cluster-001 | Medium | New |
| ELASTICACHE | ap-southeast-1 | LatestInstance | Performance Efficiency | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pgw-redis-dev-redis-cluster-001 | Medium | New |
| ELASTICACHE | ap-southeast-1 | RInstanceType | Performance Efficiency | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pay1-sms-otp-redis-dev-redis-cluster-001 | Low | New |
| ELASTICACHE | ap-southeast-1 | RInstanceType | Performance Efficiency | redisarn:aws:elasticache:ap-southeast-1:262130478988:cluster:pgw-redis-dev-redis-cluster-001 | Low | New |
| CLOUDWATCH | ap-southeast-1 | CISRetentionAtLeast1Yr | Operation Excellence | Log::/aws/ecs/containerinsights/pgw-dev/performance | Medium | New |
| CLOUDWATCH | ap-southeast-1 | CISRetentionAtLeast1Yr | Operation Excellence | Log::/aws/lambda/aws-controltower-NotificationForwarder | Medium | New |
| CLOUDWATCH | ap-southeast-1 | CISRetentionAtLeast1Yr | Operation Excellence | Log::StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-14329f2f-62a1-4442-a09f-6e78e85cc36f-VPCFlowLogsLogGroup-DRVWommDXpk7 | Medium | New |
| CLOUDWATCH | ap-southeast-1 | CISRetentionAtLeast1Yr | Operation Excellence | Log::managed-vpc-sg-flowlog | Medium | New |
| CLOUDWATCH | us-east-1 | CISRetentionAtLeast1Yr | Operation Excellence | Log::/aws/lambda/aws-controltower-NotificationForwarder | Medium | New |
| CLOUDWATCH | us-east-1 | CISRetentionAtLeast1Yr | Operation Excellence | Log::StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-d6b8d890-ff02-4b15-87cd-ccfbfceb53f0-VPCFlowLogsLogGroup-bPnIbFrktH01 | Medium | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::/aws/lambda/SecretsManagerrds-rotation-lambda | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::/aws/logs/redis/pay1-sms-otp-redis-dev | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::/aws/logs/redis/pgw-redis-dev | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::/aws/rds/cluster/pgw-dev-db-cluster/postgresql | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::/ecs/pgw/dev | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::PaymentGateway-container | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::PaymentGatewayCore-container | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::msk-connector | High | New |
| CLOUDWATCH | ap-southeast-1 | SetRetentionDays | Cost Optimization | Log::msk_broker_logs | High | New |
| CLOUDWATCH | us-east-1 | trailWithoutCWLogs | Operation Excellence | ctLog::arn:aws:cloudtrail:us-east-1:737844837112:trail/SWOCloudTrail-Organizational | Medium | New |
| EC2 | ap-southeast-1 | ComputeOptimizerEnabled | Cost Optimization | ComputeOptimizer | Medium | New |
| EC2 | ap-southeast-1 | EC2DiskMonitor | Performance Efficiency | EC2::i-030d8a009655c2901 | Medium | New |
| EC2 | ap-southeast-1 | EC2MemoryMonitor | Performance Efficiency | EC2::i-030d8a009655c2901 | Medium | New |
| EC2 | ap-southeast-1 | EC2DetailedMonitor | Performance Efficiency | EC2::i-030d8a009655c2901 | Low | New |
| EC2 | ap-southeast-1 | EC2LowUtilization | Cost Optimization | EC2::i-030d8a009655c2901 | Medium | New |
| EC2 | ap-southeast-1 | EBSNewGen | Cost Optimization | EBS::vol-04d74d0b594581dea | Low | New |
| EC2 | ap-southeast-1 | EBSSnapshot | Reliability | EBS::vol-04d74d0b594581dea | High | New |
| EC2 | ap-southeast-1 | ELBSGRulesMatch | Security | ELB::pgw-dev-alb | Low | New |
| EC2 | ap-southeast-1 | ELBSGRulesMatch | Security | ELB::pay1-wallet-dev-alb | Low | New |
| EC2 | ap-southeast-1 | ELBListenerInsecure | Security | ELB::pgw-dev-alb | High | New |
| EC2 | ap-southeast-1 | ELBListenerInsecure | Security | ELB::pay1-wallet-dev-alb | High | New |
| EC2 | ap-southeast-1 | ELBEnableWAF | Security | ELB::pgw-dev-alb | High | New |
| EC2 | ap-southeast-1 | ELBEnableWAF | Security | ELB::pay1-wallet-dev-alb | High | New |
| EC2 | ap-southeast-1 | SGAllPortOpen | Security | SG::sg-0251261a4780396ef | High | New |
| EC2 | ap-southeast-1 | SGAllPortOpen | Security | SG::sg-0af4192d63016f4c6 | High | New |
| EC2 | ap-southeast-1 | SGAllPortOpen | Security | SG::sg-084f2463febd93807 | High | New |
| EC2 | us-east-1 | SGAllPortOpen | Security | SG::sg-03ec10c6bdf83dac6 | High | New |
| EC2 | ap-southeast-1 | SGEncryptionInTransit | Security | SG::sg-0251261a4780396ef | High | New |
| EC2 | ap-southeast-1 | SGEncryptionInTransit | Security | SG::sg-0af4192d63016f4c6 | High | New |
| EC2 | ap-southeast-1 | SGEncryptionInTransit | Security | SG::sg-084f2463febd93807 | High | New |
| EC2 | us-east-1 | SGEncryptionInTransit | Security | SG::sg-03ec10c6bdf83dac6 | High | New |
| EC2 | ap-southeast-1 | NACLSensitivePort | Security | NACL::acl-0207f50a6471f4506 | High | New |
| EC2 | ap-southeast-1 | NACLSensitivePort | Security | NACL::acl-0493fbf62f74c5350 | High | New |
| EC2 | ap-southeast-1 | NACLSensitivePort | Security | NACL::acl-04e953ccbb7ab1f17 | High | New |
| EC2 | ap-southeast-1 | NACLSensitivePort | Security | NACL::acl-030c820fa876e7041 | High | New |
| EC2 | ap-southeast-1 | NACLSensitivePort | Security | NACL::acl-07dd5ff3672f413fd | High | New |
| EC2 | ap-southeast-1 | NACLSensitivePort | Security | NACL::acl-06e1dac21726223b1 | High | New |
| EC2 | ap-southeast-1 | NACLAssociated | Operation Excellence | NACL::acl-0864fbe23b989fe03 | Low | New |
| EC2 | us-east-1 | SGDefaultDisallowTraffic | Security | SG::sg-03ec10c6bdf83dac6 | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::262130478988-pgw-dev-tf-state | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::archiver-system.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::images-upload.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::images-upload.dev.sgp-pay1-wallet | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::logs.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::payment-gateway-dev-tf-state | Low | New |
| S3 | ap-southeast-1 | AccessControlList | Security | Bucket::pgw-config.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::262130478988-pgw-dev-tf-state | Informational | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::archiver-system.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::images-upload.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::images-upload.dev.sgp-pay1-wallet | Informational | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::logs.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::payment-gateway-dev-tf-state | Informational | New |
| S3 | ap-southeast-1 | BucketReplication | Reliability | Bucket::pgw-config.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::262130478988-pgw-dev-tf-state | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::archiver-system.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::images-upload.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::images-upload.dev.sgp-pay1-wallet | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::logs.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::payment-gateway-dev-tf-state | Informational | New |
| S3 | ap-southeast-1 | EventNotification | Operation Excellence | Bucket::pgw-config.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | ObjectsInIntelligentTier | Cost Optimization | Bucket::262130478988-pgw-dev-tf-state | Low | New |
| S3 | ap-southeast-1 | ObjectsInIntelligentTier | Cost Optimization | Bucket::archiver-system.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | ObjectsInIntelligentTier | Cost Optimization | Bucket::images-upload.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | ObjectsInIntelligentTier | Cost Optimization | Bucket::images-upload.dev.sgp-pay1-wallet | Low | New |
| S3 | ap-southeast-1 | ObjectsInIntelligentTier | Cost Optimization | Bucket::logs.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | ObjectsInIntelligentTier | Cost Optimization | Bucket::payment-gateway-dev-tf-state | Low | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::262130478988-pgw-dev-tf-state | Medium | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::archiver-system.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::images-upload.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::images-upload.dev.sgp-pay1-wallet | Medium | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::logs.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::payment-gateway-dev-tf-state | Medium | New |
| S3 | ap-southeast-1 | BucketLifecycle | Cost Optimization | Bucket::pgw-config.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | BucketLogging | Security | Bucket::262130478988-pgw-dev-tf-state | Low | New |
| S3 | ap-southeast-1 | BucketLogging | Security | Bucket::archiver-system.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | BucketLogging | Security | Bucket::images-upload.dev.sgp-pay1-wallet | Low | New |
| S3 | ap-southeast-1 | BucketLogging | Security | Bucket::logs.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | BucketLogging | Security | Bucket::payment-gateway-dev-tf-state | Low | New |
| S3 | ap-southeast-1 | BucketLogging | Security | Bucket::pgw-config.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::262130478988-pgw-dev-tf-state | Medium | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::archiver-system.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::images-upload.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::images-upload.dev.sgp-pay1-wallet | Medium | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::logs.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::payment-gateway-dev-tf-state | Medium | New |
| S3 | ap-southeast-1 | MFADelete | Security | Bucket::pgw-config.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::262130478988-pgw-dev-tf-state | Informational | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::archiver-system.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::images-upload.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::images-upload.dev.sgp-pay1-wallet | Informational | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::logs.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::payment-gateway-dev-tf-state | Informational | New |
| S3 | ap-southeast-1 | ObjectLock | Security | Bucket::pgw-config.dev.sg.pgw | Informational | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::262130478988-pgw-dev-tf-state | Medium | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::archiver-system.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::images-upload.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::images-upload.dev.sgp-pay1-wallet | Medium | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::logs.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::payment-gateway-dev-tf-state | Medium | New |
| S3 | ap-southeast-1 | TlsEnforced | Security | Bucket::pgw-config.dev.sg.pgw | Medium | New |
| S3 | ap-southeast-1 | BucketVersioning | Reliability | Bucket::archiver-system.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | BucketVersioning | Reliability | Bucket::images-upload.dev.sgp-pay1-wallet | Low | New |
| S3 | ap-southeast-1 | BucketVersioning | Reliability | Bucket::logs.dev.sg.pgw | Low | New |
| S3 | ap-southeast-1 | MacieToEnable | Security | Macie | Low | New |
| S3 | us-east-1 | MacieToEnable | Security | Macie | Low | New |
| S3 | GLOBAL | MacieToEnable | Security | Macie | Low | New |
| LAMBDA | ap-southeast-1 | UseArmArchitecture | Performance Efficiency | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | UseArmArchitecture | Performance Efficiency | Lambda::SecretsManagerrds-rotation-lambda | Medium | New |
| LAMBDA | us-east-1 | UseArmArchitecture | Performance Efficiency | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaCodeSigningDisabled | Security | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaCodeSigningDisabled | Security | Lambda::SecretsManagerrds-rotation-lambda | Medium | New |
| LAMBDA | us-east-1 | lambdaCodeSigningDisabled | Security | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaDeadLetterQueueDisabled | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaDeadLetterQueueDisabled | Operation Excellence | Lambda::SecretsManagerrds-rotation-lambda | Medium | New |
| LAMBDA | us-east-1 | lambdaDeadLetterQueueDisabled | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaEnhancedMonitoringDisabled | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaEnhancedMonitoringDisabled | Operation Excellence | Lambda::SecretsManagerrds-rotation-lambda | Medium | New |
| LAMBDA | us-east-1 | lambdaEnhancedMonitoringDisabled | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaCMKEncryptionDisabled | Security | Lambda::aws-controltower-NotificationForwarder | Low | New |
| LAMBDA | ap-southeast-1 | lambdaCMKEncryptionDisabled | Security | Lambda::SecretsManagerrds-rotation-lambda | Low | New |
| LAMBDA | us-east-1 | lambdaCMKEncryptionDisabled | Security | Lambda::aws-controltower-NotificationForwarder | Low | New |
| LAMBDA | ap-southeast-1 | lambdaReservedConcurrencyDisabled | Performance Efficiency | Lambda::aws-controltower-NotificationForwarder | Low | New |
| LAMBDA | ap-southeast-1 | lambdaReservedConcurrencyDisabled | Performance Efficiency | Lambda::SecretsManagerrds-rotation-lambda | Low | New |
| LAMBDA | us-east-1 | lambdaReservedConcurrencyDisabled | Performance Efficiency | Lambda::aws-controltower-NotificationForwarder | Low | New |
| LAMBDA | ap-southeast-1 | lambdaTracingDisabled | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaTracingDisabled | Operation Excellence | Lambda::SecretsManagerrds-rotation-lambda | Medium | New |
| LAMBDA | us-east-1 | lambdaTracingDisabled | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | Medium | New |
| LAMBDA | ap-southeast-1 | lambdaNotInUsed30Days | Operation Excellence | Lambda::SecretsManagerrds-rotation-lambda | High | New |
| LAMBDA | us-east-1 | lambdaNotInUsed30Days | Operation Excellence | Lambda::aws-controltower-NotificationForwarder | High | New |
| CLOUDTRAIL | ap-southeast-1 | SetupSNSTopicForTrail | Operation Excellence | Cloudtrail::SWOCloudTrail-Organizational | Low | New |
| CLOUDTRAIL | ap-southeast-1 | CloudWatchLogsLogGroupArn | Operation Excellence | Cloudtrail::SWOCloudTrail-Organizational | Low | New |
| CLOUDTRAIL | ap-southeast-1 | RequiresKmsKey | Security | Cloudtrail::SWOCloudTrail-Organizational | Medium | New |
| CLOUDTRAIL | ap-southeast-1 | HasInsightSelectors | Operation Excellence | Cloudtrail::SWOCloudTrail-Organizational | Low | New |
| CLOUDTRAIL | ap-southeast-1 | HasInsightSelectors | Operation Excellence | Cloudtrail::aws-controltower-BaselineCloudTrail | Low | New |
| CLOUDTRAIL | ap-southeast-1 | TrailDeliverError | Operation Excellence | Cloudtrail::SWOCloudTrail-Organizational | High | New |
| CLOUDTRAIL | ap-southeast-1 | TrailDeliverError | Operation Excellence | Cloudtrail::aws-controltower-BaselineCloudTrail | High | New |