Service Screener

28

Resources

29

Total Findings

106

Rules Executed

56

Unique Rules

1

Exception

19.175s

Timespent

Summary

Filter

Checks

Pillar

Criticality

Show low hanging fruit(s) only

Expand /

Hide all cards

ComputeOptimizerEnabled

Cost Optimization

Description: Compute Optimizer Not Enabled: Compute Optimizer of your account is not enabled. Enable Compute Optimizer to get resources recommendations.
Resources: ap-southeast-1: ComputeOptimizer
Recommendation: AWS Compute Optimizer

EC2DiskMonitor

Performance Efficiency

Description: EC2 Disk Monitoring: Disk monitoring has not been enabled for 1 of your instances. Install CloudWatch agent and enable the monitoring
Resources: ap-southeast-1: EC2::i-030d8a009655c2901
Recommendation: Collecting EC2 metrics with CloudWatch Agent

EC2MemoryMonitor

Performance Efficiency

Description: EC2 Memory Monitoring: Memory monitoring has not been enabled for 1 of your instances. Install CloudWatch agent and enable the monitoring
Resources: ap-southeast-1: EC2::i-030d8a009655c2901
Recommendation: Collecting EC2 metrics with CloudWatch Agent

EC2DetailedMonitor

Performance Efficiency

Description: Detailed Monitoring: Detailed Monitoring has not been enabled for 1 of your instances. Enable Detailed Monitoring to get monitoring metrics with higher frequency.
Resources: ap-southeast-1: EC2::i-030d8a009655c2901
Label: Cost Incurred
Recommendation: Enable Detailed Monitoring

EC2LowUtilization

Cost Optimization

Description: EC2 Low Utilization: 1 of your instances have low utilization. Decrease instance size to save cost.
Resources: ap-southeast-1: EC2::i-030d8a009655c2901
Label: Have Downtime Testing Required
Recommendation: Rightsizing Whitepaper

EBSNewGen

Cost Optimization

Description: Storage Type Currency: 1 of EBS volumes are on an older storage type. Upgrade to latest generation of storage type to gain better performance and lower cost
Resources: ap-southeast-1: EBS::vol-04d74d0b594581dea
Label: Have Downtime Performance Impact
Recommendation: Amazon EBS volume types

EBSSnapshot

Reliability

Description: Storage Snapshot: 1 of EBS has no snapshot(s) available. Enable regular backups to prevent data loss.
Resources: ap-southeast-1: EBS::vol-04d74d0b594581dea
Label: Cost Incurred
Recommendation: Best practices for Amazon EC2

ELBSGRulesMatch

Security

Description: ALB Security Group Rules Configuration: 2 of Security Group in your ALBs has different port opened.
Resources: ap-southeast-1: ELB::pgw-dev-alb | ELB::pay1-wallet-dev-alb
Recommendation: Security groups for Applicatoin Load Balancers

ELBListenerInsecure

Security

Description: Insecure Listener: 2 of ELB listeners are using insecure protocols. Please use secure protocols.
Resources: ap-southeast-1: ELB::pgw-dev-alb | ELB::pay1-wallet-dev-alb
Recommendation: ALB Configuration Guide

ELBEnableWAF

Security

Description: ALB Web Application Firewall: 2 of your ALBs have not enabled WAF.
Resources: ap-southeast-1: ELB::pgw-dev-alb | ELB::pay1-wallet-dev-alb
Label: Testing Required Cost Incurred
Recommendation: AWS WAF for Applicatoin Load Balancers

SGAllPortOpen

Security

Description: All Ports Open: 4 of security group has all ports open. It is recommended to open only specific ports that are required.
Resources: ap-southeast-1: SG::sg-0251261a4780396ef | SG::sg-0af4192d63016f4c6 | SG::sg-084f2463febd93807; us-east-1: SG::sg-03ec10c6bdf83dac6
Recommendation: Best practices for Amazon EC2

SGEncryptionInTransit

Security

Description: Encryption In Transit: 4 of security group has ports enabled without encryption in transit. It is recommended to use ports with encryption in transit
Resources: ap-southeast-1: SG::sg-0251261a4780396ef | SG::sg-0af4192d63016f4c6 | SG::sg-084f2463febd93807; us-east-1: SG::sg-03ec10c6bdf83dac6
Recommendation: Data protection in Amazon EC2

NACLSensitivePort

Security

Description: You have 6 Network ACL has unrestricted ingress access to SSH/RDP port. Remove ingress access for the sensitive port
Resources: ap-southeast-1: NACL::acl-0207f50a6471f4506 | NACL::acl-0493fbf62f74c5350 | NACL::acl-04e953ccbb7ab1f17 | NACL::acl-030c820fa876e7041 | NACL::acl-07dd5ff3672f413fd | NACL::acl-06e1dac21726223b1
Recommendation: Amazon Elastic Compute Cloud controls

NACLAssociated

Operation Excellence

Description: You have 1 Network ACL has no subnet association. Remove unused Network ACL to improve operation efficiency.
Resources: ap-southeast-1: NACL::acl-0864fbe23b989fe03
Recommendation: Control traffic to subnets using network ACLs

SGDefaultDisallowTraffic

Security

Description: Default Security Group with Rules: 1 of default security group have rules. Remove rules in default security group
Resources: us-east-1: SG::sg-03ec10c6bdf83dac6
Recommendation: VPC default security group rules

Detail

ap-southeast-1

ComputeOptimizer

Check	Current Value	Recommendation
ComputeOptimizerEnabled	Inactive	Compute Optimizer Enabled

2. i-030d8a009655c2901

Check	Current Value	Recommendation
EC2DiskMonitor	Disabled	EC2 Disk Monitoring
EC2MemoryMonitor	Disabled	EC2 Memory Monitoring
EC2DetailedMonitor	Disabled	EC2 Detailed Monitoring
EC2LowUtilization		EC2 Low Utilization

3. vol-04d74d0b594581dea

Check	Current Value	Recommendation
EBSNewGen	gp2	New EBS Generation Available
EBSSnapshot	snap-0d2940081b3bf04fe	Enable EBS Snapshot

4. pgw-dev-alb

Check	Current Value	Recommendation
ELBSGRulesMatch	sg-0af4192d63016f4c6	ALB SG Rules Config
ELBListenerInsecure	80	Insecure Listener
ELBEnableWAF	Disabled	ALB Web Application Firewall

5. pay1-wallet-dev-alb

Check	Current Value	Recommendation
ELBSGRulesMatch	sg-084f2463febd93807	ALB SG Rules Config
ELBListenerInsecure	80	Insecure Listener
ELBEnableWAF	Disabled	ALB Web Application Firewall

6. sg-0251261a4780396ef

Check	Current Value	Recommendation
SGAllPortOpen	-1	All ports open.
SGEncryptionInTransit	Port: 80	Encryption in Transit

7. sg-0af4192d63016f4c6

Check	Current Value	Recommendation
SGAllPortOpen	-1	All ports open.
SGEncryptionInTransit	All port allowed	Encryption in Transit

8. sg-084f2463febd93807

Check	Current Value	Recommendation
SGAllPortOpen	-1	All ports open.
SGEncryptionInTransit	All port allowed	Encryption in Transit

9. acl-0207f50a6471f4506

Check	Current Value	Recommendation
NACLSensitivePort	acl-0207f50a6471f4506	Remove unrestricted ingress access to sensitive port

10. acl-0864fbe23b989fe03

Check	Current Value	Recommendation
NACLAssociated	acl-0864fbe23b989fe03	Remove unused Network ACL

11. acl-0493fbf62f74c5350

Check	Current Value	Recommendation
NACLSensitivePort	acl-0493fbf62f74c5350	Remove unrestricted ingress access to sensitive port

12. acl-04e953ccbb7ab1f17

Check	Current Value	Recommendation
NACLSensitivePort	acl-04e953ccbb7ab1f17	Remove unrestricted ingress access to sensitive port

13. acl-030c820fa876e7041

Check	Current Value	Recommendation
NACLSensitivePort	acl-030c820fa876e7041	Remove unrestricted ingress access to sensitive port

14. acl-07dd5ff3672f413fd

Check	Current Value	Recommendation
NACLSensitivePort	acl-07dd5ff3672f413fd	Remove unrestricted ingress access to sensitive port

15. acl-06e1dac21726223b1

Check	Current Value	Recommendation
NACLSensitivePort	acl-06e1dac21726223b1	Remove unrestricted ingress access to sensitive port

us-east-1

16. sg-03ec10c6bdf83dac6

Check	Current Value	Recommendation
SGAllPortOpen	-1	All ports open.
SGEncryptionInTransit	All port allowed	Encryption in Transit
SGDefaultDisallowTraffic		Default Security Group with Rules