10
Resources
67
Total Findings
80
Rules Executed
16
Unique Rules
0
Exception
50.911s
Timespent
Summary
Filter
AccessControlList
Security- Description
- You are using 7 S3 buckets with ACLs. ACLs are legacy access control mechanisms that predate IAM. Instead of ACLs, we recommend using S3 bucket policies or AWS Identity and Access Management (IAM) policies to manage access to your S3 buckets.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Recommendation
- Protecting data with IAM
BucketReplication
Reliability- Description
- You have not enabled bucket replication on 7 buckets. Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Label
- Cost Incurred
- Recommendation
- AWS Docs
EventNotification
Operation Excellence- Description
- When you enable S3 Event Notifications, you receive alerts when specific events occur that impact your S3 buckets. For example, you can be notified of object creation, object removal, and object restoration. These notifications can alert relevant teams to accidental or intentional modifications that may lead to unauthorized data access.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Label
- Cost Incurred
- Recommendation
- AWS Docs
ObjectsInIntelligentTier
Cost Optimization- Description
- Your objects in 6 S3 buckets are not in S3 Intelligent Tier. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective access tier when access patterns change. For a small monthly object monitoring and automation charge, S3 Intelligent-Tiering monitors access patterns and automatically moves objects that have not been accessed to lower-cost access tiers. Unless all your objects are very frequently accessed, or the data lifecycle is very clearly known and defined, it is considered best practice to store your objects in Intelligent Tier.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state
- Label
- Cost Incurred (maybe)
- Recommendation
- AWS Docs
BucketLifecycle
Cost Optimization- Description
- You have not configured lifecycle policies for objects in 7 buckets. Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. This will save you cost by moving infrequently accessed objects to lower cost storage tiers and expiring objects that are no longer needed.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Label
- Cost Incurred (maybe)
- Recommendation
- AWS Docs
BucketLogging
Security- Description
- You have not enabled server access logging in 6 buckets. Server access logging provides detailed records for the requests that are made to a bucket.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Label
- Cost Incurred
- Recommendation
- AWS Docs
MFADelete
Security- Description
- You have not enabled MFA delete on 7 buckets. MFA delete provides added security if, for example, your security credentials are compromised. MFA delete can help prevent accidental bucket deletions by requiring the user who initiates the delete action to prove physical possession of an MFA device with an MFA code and adding an extra layer of friction and security to the delete action.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Recommendation
- Prevention for Accidental Deletions on S3
- AWS Docs
ObjectLock
Security- Description
- You have not enabled object lock on 7 buckets. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Recommendation
- AWS Docs
TlsEnforced
Security- Description
- You have not enforced encryption of data in transit in 7 buckets. You can use HTTPS (TLS) to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. You should allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket policies..
- Resources
- ap-southeast-1: Bucket::262130478988-pgw-dev-tf-state | Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw | Bucket::payment-gateway-dev-tf-state | Bucket::pgw-config.dev.sg.pgw
- Label
- Testing Required (maybe)
- Recommendation
- AWS Docs
BucketVersioning
Reliability- Description
- You have not enabled versioning on 3 buckets. Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.With versioning you can recover more easily from both unintended user actions and application failures.
- Resources
- ap-southeast-1: Bucket::archiver-system.dev.sg.pgw | Bucket::images-upload.dev.sgp-pay1-wallet | Bucket::logs.dev.sg.pgw
- Label
- Cost Incurred
- Recommendation
- AWS Docs
- Manage Versioning Example
MacieToEnable
Security- Description
- You should evaluate using a tool, such as Amazon Macie, that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data, such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
- Resources
- ap-southeast-1: Macie
- us-east-1: Macie
- GLOBAL: Macie
- Label
- Cost Incurred
- Recommendation
- Getting started with Amazon Macie
Detail
ap-southeast-1
1. 262130478988-pgw-dev-tf-state
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
2. archiver-system.dev.sg.pgw
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
3. images-upload.dev.sg.pgw
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| MFADelete | Off | Enable MFA Delete |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
4. images-upload.dev.sgp-pay1-wallet
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
5. logs.dev.sg.pgw
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
6. payment-gateway-dev-tf-state
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
7. pgw-config.dev.sg.pgw
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| EventNotification | On | Enable Event Notification |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
Macie
| Check | Current Value | Recommendation |
|---|---|---|
| MacieToEnable | None | Enable Macie |
us-east-1
Macie
| Check | Current Value | Recommendation |
|---|---|---|
| MacieToEnable | None | Enable Macie |
GLOBAL
Macie
| Check | Current Value | Recommendation |
|---|---|---|
| MacieToEnable | None | Enable Macie |