Available Templates

Check AWS WorkSpaces Operational State

Workflow to report user if any AWS Workspaces are in Unhealthy state. Report is sent once everyday, can be configured according to the use case.

View Template
Send report of app-tier EC2 Instances having Elastic or Public IP addresses

This workflow sends the report of app tier EC2 instances that have Elastic or public IP addresses. You can change Tag from Name=app-tier to your own tag. If any of your app-tier instance have an Elastic or Public IP, then it is accessible from internet.

View Template
Notify if unreasonably high number of cache cluster nodes provisioned

Make sure the number of ElastiCache cluster cache nodes provisioned in your AWS account has not reached the limit set by your organization. Monitoring and setting limits will assist you to handle your resources better and avoid unforeseen costs in your AWS bill.

View Template
Send report of EC2 Instances which are using previous generation instance type

Using instances of the current generations provides better hardware performance (faster CPUs, increased memory and network throughput), better virtualization technology (HVM) and lower costs. You should consider upgrading your EC2 machines if using old generations.

View Template
Terminate Idle EC2 Instances

This workflow terminates all the instances which are idle from the past 7 days and are launched before 7 days. Instance is identified as idle if its CPU Utilisation is less than 2% and Network In/Out is less than 5MB. You can also give other configurations for this workflow.

View Template
Enable AWS RDS Auto Minor Version Upgrade

Checks and enables Auto Minor Version Upgrade of RDS Database instance.

View Template
ACM Certificates with Wildcard Domain Names

Reports all the ACM Certificates which have Wildcard Domain Names.

View Template
Check if Lambda Runtime Environment Version is the latest

This workflow checks if the lambda functions' runtime environment is updated to the latest version and reports the ones that are not updated to the latest version.

View Template
Send report of all instances which are not part of Auto-Scaling Group (ASG)

It is an AWS best practice to launch every EC2 machine in an AWS Auto Scaling Group to achieve zero downtime. This workflow sends a report of instances not launched in an auto-scaling group.

View Template
Notify if any of the EC2 Instances are running in EC2-Classic

Running instances in EC2-VPC instead of EC2-Classic provides better flexibility and control over security, traffic routing and availability.

View Template
Send report of tenancy type of EC2 instances

Using the right tenancy model for your EC2 instances should reduce the concerns around security at the instance hypervisor level and promote better compliance.

View Template
Send report of EC2 Instances older than 150 days

It is an AWS best practice to stop and relaunch your old EC2 instances, so that they are reallocated to updated and more reliable hardware. Instances older than 150 days are recommended to be updated.

View Template
Send report of EC2 instance which are using IAM access keys

It is AWS best practise to use IAM Roles over IAM Access Keys to sign AWS API request as Roles provide more flexibility to manage permissions. This workflow sends a report of EC2 instances which are not using IAM Roles.

View Template
Send report of over utilised EC2 nodes

This workflow sends a periodic report of EC2 instances that are overutilized(default 90%). Instances that are overutilized may cause slower application response. You can consider upgrading these machines.

View Template
Notify if AWS CloudTrail is not Enabled

AWS CloudTrail can help you achieve compliance and improve security by logging API calls and changes to your cloud resources.

View Template
Prevent duplicate entries in AWS CloudTrail logs

In order to prevent duplicate records in log occurrences for global AWS services such as IAM, STS or Cloudfront, ensure that only one trail in a multi-region logging setup has the 'Include Global Services' function enabled.

View Template
Send report of security groups with empty descriptions

It is an AWS best practice to give a description for your security groups. It helps in quickly getting more insight into the configuration of your security group. You should define the purpose and identity of the IP address to each rule. This workflow sends a report of security groups which do not have descriptions to any of the rules.

View Template
Send report of under-utilised EC2 machines

This workflows send a report of under-utilised(default 40%) EC2 instances. You can save cost by downsizing under-utilised EC2 instances.

View Template
Enable S3 log file validation for AWS CloudTrail

This feature will enable you to verify the integrity of your CloudTrail log files and determine whether the files have been changed after they have been delivered to the selected S3 bucket. The validation of log file integrity uses industry-standard algorithms such as SHA-256 which makes it impossible to change files without detection.

View Template
CloudTrail multi-region logging

Global tracking of your AWS API Calls will assist you to better manage your AWS account and manage your infrastructure security.

View Template
Enables Automated Backup for redshift cluster if not already enabled

It is AWS best practice to enable automated backups for your Redshift cluster so that in case of unexpected failures data can be recovered

View Template
Enable version upgrade for redshift cluster if not already enabled

This workflow enables Version Upgrade feature on your Redshift cluster. AWS Redshift engine upgrades will occur automatically so the data warehouse service engine can get the newest features, bug fixes or the latest security patches released.

View Template
Ensure all your AWS AMIs are private

AWS AMIS created by you might contain sensitive data like your application or its data that should not be exposed outside your organisation. This workflow convert modifies AMI access from public to private

View Template
Release unattached Elastic IPs to save your cost

If an Elastic IP (EIP) address within your account is not associated with a running EC2 instance or an Elastic Network Interface (ENI) AWS charges you with a small amount. You should release any unused EIPs in order to save cost.

View Template
Notify if any of your AMIs are not encrypted.

It is an AWS best practice to enable data encryption in order to prevent it from unauthorised personnel. AMI encryption is managed by AWS Key Management Service (KMS)

View Template
Notify If any EC2 instance in your account is not Launched using approved/golden AMIs

It is AWS best practice to launch EC2 machine from an approved/golden AMi. Approved AMI is an image of EC2 Instance having all the necessary softwares and setting configured for you application which help in scaling, quick and secure deployment.

View Template
Remove unused Amazon Elastic Network Interfaces (ENI)

It is AWS best practise to remove unused ENIs as there is service limit set by AWS. Keeping a lot of unused ENIs can exhaust the resource limit and will prevent the launching of new EC2 machines.

View Template
Remove unused EC2 key pairs

It is an AWS best practice to remove all unused EC2 key pairs from your account. It provides security to your EC2 machines by restricting access to individuals who are no longer part of your organization but still have old key value pairs with them.

View Template
Ensure redshift cluster is not publicly accessible

It is an AWS best practice to keep your Redshift clusters private for security reasons. If your cluster is public, any machine on the internet can establish a connection to it which can lead to SQL injection or DDoS attack.

View Template
Check for Auto Scaling Groups without integrated Elastic Load Balancers

Checks whether Auto Scaling Groups have Elastic Load Balancers associated with them. In the case of a failure of any of the EC2 resources, the presence of Elastic Load Balancers will ensure availability. Runs every Monday, Wednesday and Friday.

View Template
Enable global service events tracking in AWS CloudTrail

With API tracking for global services, such as IAM, STS and CloudFront, you can have complete visibility over all of your AWS infrastructure. Having CloudTrail logging enabled for regional and global AWS services will assist you to ensure compliance and troubleshoot operational or safety issues within your AWS account.

View Template
Notify if API Gateway Endpoints are public

Notifies if any Api Gateway endpoint is accessible via internet.

View Template
Ensure AWS CloudTrail logging for global events is enabled

With API tracking for global services, such as IAM, STS and CloudFront, you can have complete visibility over all of your AWS infrastructure. Having CloudTrail logging enabled for regional and global AWS services will assist you to ensure compliance and troubleshoot operational or safety issues within your AWS account.

View Template
Check for Auto Scaling Group notification configuration

Check whether Auto Scaling Group notifications are configured to send e-mail notifications. It's useful to get e-mail notifications when a important event such as a scaling event (Eg: launching an instance) occurs.

View Template
Notify if any AWS AMIs are publicly shared

AWS AMIS created by you might contain sensitive information like your application or its data that should not be exposed outside your organisation. This workflow notifies if any of the AWS AMIs are publicly shared.

View Template
Identify Auto Scaling Groups without cooldown periods

Identify Auto Scaling Groups that are not using appropriate cooldown periods, every hour. This helps you to ensure that one scaling event is not initiated before the effects of another are evident.

View Template
Activate all features of organisation using service control policies (SCPs)

Ensure that all features within your Amazon organizations are enabled to gain full control over the use of AWS services and actions across multiple AWS accounts using Service Control Policies.

View Template
Notify DynamoDB Accelerator Cluster without Encryption

Notifies the Email/Slack channel when DynamoDB Accelerator Clusters are found without encryption.

View Template
Use AWS Organisations

Ensure that Amazon Organizations must be in use to gain oversight on the usage of AWS services across multiple AWS accounts

View Template
Expired ACM Certificates

Having expired ACM certificates lying around is not a AWS best practice can potentially affect application in case they are picked during a deployment.

View Template
Notify If number of EC2 Instances are more than 50

This workflow periodically finds if number of instances in your account are more than the limit set by you (default limit is 50) and sends a Email or Slack notification.

View Template
ACM Certificates Pending Validation

Notifies you of ACM Certificates Pending Validation, every hour. This will help you to minimize interruption to your applications or services.

View Template
Report the list of Public S3 Buckets

This workflow reports the public S3 buckets in the AWS account. It gives an overview of public buckets which helps in making sure no customer data is exposed.

View Template
Reduce spot fleet target capacity on fridays

Workflow to reduce spot fleet target capacity on fridays

View Template
Start and Stop Dev Instances

This workflow automates the stop and start action of dev instances, usually taken manually by users.

View Template
Instance CPU utilization report

Workflow to send a report of Instances' CPU utilization

View Template
Increase Spot Fleet target capacity on Mondays

Increasing the Spot Fleet target capacity periodically ensures high availability of the spot instances.

View Template
Report Lambdas whose DLQ is not set

This workflow helps generate a report of Lambda Functions whose DLQ is not set.

View Template
Daily/weekly reports of Lambda Function DeadLetterErrors

Logs Lambda Function DeadLetterErrors over the last 7 days.

View Template
Set concurrency for tagged Lambdas.

Finds particular Lambda Functions via tags and set desired concurrency.

View Template
Report of Lambda Functions whose concurrency is not set.

Regularly check for Lambda Functions whose concurrency isn't set.

View Template
Generate reports of Lambdas which are not VPC enabled and/or not multi-AZ.

Checks for Lambda functions which are not VPC enabled and not multi-AZ enabled.

View Template
Calculate ENI dynamically and set Subnets to accommodate for Lambda Functions

This workflow calculates the projected peak concurrent execution and ENIs to be allocated for each Lambda Functions.

View Template
Checks for publicly available Lambda Functions

Get a report of all publicly available Lambda Functions.

View Template
Weekly Lambda Report

Get daily/weekly reports on Lambda Functions Invocations, which will allow users to find anomalies and conduct a root cause analysis.

View Template
Set DLQ for tagged Lambda Functions to SQS

Dead Letter Queues takes in all messages that cannot be successfully handled by Lambdas. It is directly supported with SQS in Lambda configuration as well.

View Template
Daily/weekly reports of Lambda Function Errors

Metric to monitor Errors for making sure your Lambdas are running as they should.

View Template
Daily/Weekly reports of Lambda's Duration

Monitor metrics to make sure your Lambdas are running as they should.

View Template
Report DLQ config of Lambdas

Dead Letter Queues takes in all messages that cannot be successfully handled by Lambdas. It is directly supported with SQS in Lambda configuration as well.

View Template
Activate DynamoDB Importer Pipeline

This template permits users to import data from AWS S3 to DynamoDB. Importing DynamoDB data to S3 successfully safeguards your data and is one of the best AWS backup strategies.

View Template
Report states of Instances everyday

TotalCloud generates a brief report of all the instances and their state.

View Template
Report unused AWS EBS volumes weekly

This template generates a weekly report of unused EBS volumes, enabling the user to make efficient use of the storage volumes.

View Template
Report public RDS Instances weekly

This template generates a weekly report of public RDS Instances, establishing AWS security of your sensitive data.

View Template
Terminate AWS Workspaces after inactivity of 30 days

This template periodically keeps a check on the Workspace sessions, ensuring that unused Workspaces do not exist for a longer time.

View Template
Report NACL rules

This template generates a report of all the NACL rules, helping you manage your resources efficiently.

View Template
Report Subnets using default NACL

This template generates a report of the Subnets using default NACL, securing your AWS cloud infrastructure.

View Template
Lambda Daily Cost Predictor

Lambda costs for many companies run into excessive amounts, unintentionally. This template enables users to predict lambda costs on a daily basis, helping them estimate and plan better, in turn reducing costs vividly. The generated report keeps a regular check on your lambda costs.

View Template
S3 to DynamoDB importer

This template enables users to import data from AWS S3 to DynamoDB. Importing DynamoDB data to S3 successfully safeguards your data and doubles up as an efficient AWS backup strategy.

View Template
AWS DynamoDB to S3 exporter

TotalCloud permit the users to export DynamoDB data to AWS S3. Exporting dynamoDB data to S3 is one of the best AWS backup strategies and successfully safeguards your data.

View Template
Activate DynamoDB export pipeline

TotalCloud permit the users to activate the data pipeline to export DynamoDB data to S3. Exporting DynamoDB data to S3 successfully safeguards your data and is one of the best AWS backup strategies.

View Template
Revoke a rule from an AWS Security Group

Remove the specified ingress rules from a Security Group to improve AWS Security management

View Template
Apply new rules to AWS Security Group

Create or authorize, a specific rule based on your security practice.

View Template
Notify if IAM user inactivity exceeds 10 days

This workflow periodically find inactive IAM users, helping you to easily monitor and control user activity and keep a regular check upon your users.

View Template
Take a Snapshot of volume every 3 days

This template backs up the data on your Amazon EBS volumes to Amazon S3 by taking snapshots every 3 days for durable recovery. These incremental backups enable you to safeguard your sensitive data.

View Template
Schedule Stop EC2 Machine

This enables users to schedule a stop of Amazon EC2 instances based on a daily or weekly schedule, or both, in order to optimize EC2 costs.

View Template
Periodically report failed AWS Lex bot builds

AWS Lex bot enables you to build sophisticated, natural language chatbots into your new and existing applications. The generated report ensures that the user is periodically informed about AWS Lex bot builds fail(s)(if any).

View Template
Security Group internet accessibility report

Security Group internet accessibility report helps you view inbound and outbound traffic rules; Security Groups act as a virtual firewall for your instances.

Our weekly/daily report helps users to ascertain the security posture of EC2 instances.

View Template
Schedule Start EC2 Machine

This template enables users to schedule a 'start' Amazon EC2 instances based on a daily or weekly schedule, or both, in order to optimize EC2 costs.

View Template
Delete Unattached EBS Volumes

Any Elastic Block Store volume created in your AWS account is adding charges to your monthly bill, regardless of whether it is being used or not. If you have EBS volumes (other than root volumes) that are unattached to an EC2 instance or have very low I/O activity, consider deleting them in order to optimize your cloud costs.

View Template