Available Templates

Report Redshift Clusters which are not using desired node type

Sends a report, if AWS Redshift Clusters present in your aws account are not using desired node type established by your organization. Setting limits for the type of AWS Redshift cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill.

View Template
Report If Redshift Cluster Is Publicly Accessible

Sends a report if the Redshift Clusters are publicly accessible. This will ensure that unauthorised machines cannot establish a connection to the clusters.

View Template
Report If Redshift Clusters Are Not Encrypted

Sends a report if the AWS Redshift Clusters are not encrypted. Enabling encryption ensures that there is no unauthorised access to the data.

View Template
Report If Redshift Clusters Use Default Port

Sends a report if any of the Redshift Clusters are using the default endpoint ports. This will provide an extra layer of security against port scanning and network attacks.

View Template
Report If Default Master Username Used In Redshift Cluster

Sends a report if the default master username is used in the Redshift Cluster. Changing to a custom username enhances the protection of AWS Redshift Clusters against hacking.

View Template
Receive Redshift Cluster Updates Automatically

Sends a report if the Redshift Clusters are not configured to receive automatic updates during the maintenance window.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Report Cloud front distributions wihtout FieldLevel Encryption enabled.

Sends a report if field-level encryption is not enabled for your Amazon CloudFront web distributions. Using CloudFront field-level encryption helps you add an extra layer of security, along with SSL encryption (HTTPS).

View Template
Report AWS CloudFront Distributions without S3 as an Origin.

Sends a report if origin access identity feature is not enabled for all your AWS Cloudfront CDN distributions. With origin access identity enabled, your Amazon Cloudfront distributions can be much more cost effective.

View Template
Report CloudFront that does not Compress Objects Automatically.

Sends a report if Amazon Cloudfront Content Delivery Network (CDN) distributions are not configured to automatically compress content for web requests that include "Accept-Encoding: gzip" in the header. Configuring your Cloudfront distributions to compress the web content served can optimise your AWS cloud costs and speed up your web applications.

View Template
Report CloudFront without minimum Protocol Version.

Sends a report if your Amazon CloudFront distributions are not using a security policy with minimum TLSv1.1 or TLSv1.2 and appropriate security ciphers for HTTPS viewer connections. using minimum protocol version can help you improve further the security of the web applications that utilize these distributions.

View Template
Report unused CloudFronts.

Sends a report if AWS CloudFront Content Delivery Network (CDN) service is not used within your AWS account. Using AWS cloudFront content delivery network service increases the performance, security, reliability and availability of your websites/applications content delivery process.

View Template
Report DB Instance Generation (Memory Optimized)

Sends a report if RDS databases instances provisioned within your AWS account are using the previous generation of instance classes. Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance.

View Template
Report DB Instance Generation (Micro Instances)

Sends a report if RDS databases instances provisioned within your AWS account are using the previous generation of instance classes. Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance.

View Template
Report DB Instance Generation (General Purpose)

Sends a report if RDS databases instances provisioned within your AWS account are using the previous generation of instance classes. Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance.

View Template
Report Unrestricted Network ACL for Outbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for outbound rules allow traffic from all ports. Restricting limits of outbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Outbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for outbound rules allow traffic from all ports. Restricting limits of outbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report CloudFront distributions without Geo Restriction enabled.

Send a report if geo restriction is not enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country. Enabling geo restriction will help us allow or restrict users from specific locations.

View Template
Report cloudFront distribution not integrated with WAF

Sends a report if all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service. With AWS Cloudfront – WAF integration enabled you can block any malicious requests made to your Cloudfront CDN based on the criteria defined in the WAF Web ACL.

View Template
Report cloudFront distribution not integrated with WAF

Sends a report if all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service. With AWS Cloudfront – WAF integration enabled you can block any malicious requests made to your Cloudfront CDN based on the criteria defined in the WAF Web ACL.

View Template
Report cloudFront distributions using http-only encryption

Sends a report if the communication between your AWS CloudFront distributions and their custom origins is not encrypted using HTTPS in order to secure the delivery of your web content.

View Template
Report SQS queues without tags.

This workflow sends a report of SQS Queues which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report ECR repositories without tags.

This workflow sends a report of ECR Repositories which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Neptune clusters without tags.

This workflow sends a report of Neptune DB clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report EMR clusters without tags.

This workflow sends a report of EMR clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Dynamo DB tables without tags.

This workflow sends a report of DynamoDB Tables which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Kinesis streams without tags.

This workflow sends a report of kinesis streams which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report cloud front distributions without tags.

This workflow sends a report of cloud front distributions which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report ELB's without tags.

This workflow sends a report of ELB's which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report AWS ALB'S without Web Application Firewall enabled.

Sends a report for your AWS ALB's if Web application firewall is not enabled for them. Enabling WAF add more security to your AWS resources.

View Template
Report RDS DB (aurora, mySql, mariaDb) instances using default ports.

Sends a report if RDS DB (aurora, mySql, mariaDb) instances in your AWS account are using default ports(3306). Running your database instances on default ports represent a potential security concern.

View Template
Report total number of SQS queues.

Sends report if total number of SQS queues in your AWS account exceeds the limit.

View Template
Report SQS queues without server side encryption enabled.

This workflow sends a report for SQS queues if their sever side encryption is not enabled. Amazon Simple Queue Service (SQS) queues are protecting the contents of their messages using Server-Side Encryption (SSE). It is highly recommended to implement encryption in order to make the contents of these messages unavailable to unauthorized or anonymous users.

View Template
Report SQS exposed queues.

This workflow sends a report for SQS queues which are publicly accessible. Allowing anonymous users to have access to your SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report AWS RDS DB instances without cloudWatch log exports enabled.

Sends a report if cloudwatch log exports is not enabled for your RDS DB instances. By publishing database logs to Amazon CloudWatch, you can build richer and more seamless interactions with your database instance logs using AWS services.

View Template
Report AWS elasticSearch domains using default AWS key for encryption.

Sends a report if your AWS elasticSearch cluster is using default AWS key instead of KMS Customer Master Keys (CMKs) for encryption. When you use your own KMS Customer Master Keys you have full control over who can use these keys to access the clusters data.

View Template
Report AWS elasticSearch exposed domains.

Sends a report if AWS elasticSearch domains are publicly accessible. Allowing public access to your ES domains is not recommended and is considered bad practice.

View Template
Report AWS elasticSearch domains without VPC.

Sends a report if your AWS elasticSearch domains are not running in VPC. AWS VPCs are for better flexibility and control over the clusters access and security. AWS Elasticsearch domains that reside within a VPC have an extra layer of security when compared to ES domains that use public endpoints.

View Template
Report AWS elastic Search domains without node to node encryption enabled.

Sends a report if node to node encryption is not enabled for your AWS elasticSearch domains. ElasticSearch node-to-node encryption capability provides the additional layer of security by implementing Transport Layer Security (TLS) for all communications between the nodes provisioned within the cluster.

View Template
Report AWS ELasticSearch domains without encryption at rest.

Sends a report if encryption at rest is not enabled for your AWS elasticSearch domains. Encryption of data at rest helps prevent unauthorized users from reading sensitive information available on your ES domains (clusters) and their storage systems.

View Template
Send report elastiSearch instances not having the desired instance and dedicated master type established by your organization

Setting limits for the type of AWS ElasticSearch instances will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS instances and dedicated master have the desired type established by your organization based on the caching workload required.

View Template
Report ElasticSearch domains without tags.

This workflow sends a report of ElasticSearch domains which does not have tags established by their organisations. Which tags are missing can be found in the report generated

View Template
Report ElastiCache clusters without tags.

This workflow sends a report of ElastiCache clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated

View Template
Report Redshift clusters without tags.

This workflow sends a report of Redshift clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report EC2 instances without tags.

This workflow sends a report of EC2 instances which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report RDS instances missing tags.

This workflow sends a report of RDS instances which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report RDS database master username.

Sends a report if RDS databases are using "awsuser" as master username. "Awsuser" is the Amazon's example (default) for the RDS database master username, many AWS customers will use this username for their RDS databases in production which can lead to malicious activities.

View Template
Enable deletion protection for RDS DB instances

This workflow enables the deletion protection feature for RDS DB instances. Deletion protection prevents any existing or new RDS database instances from being deleted by users via the AWS Management Console, the CLI or the API calls, unless the feature is explicitly disabled.

View Template
Report total number of AWS RDS DB instances.

Send a report if total number of AWS RDS instances reaches threshold limit. Setting limits for the maximum number of RDS instances provisioned within your AWS account will help you to manage better your database compute resources, prevent unexpected charges on your AWS bill

View Template
Report AWS RDS instances that are not encrypted.

Sends a report of AWS RDS DB instances which are not encrypted. Having encryption enabled for your RDS DB instances will help you to protect your data from unauthorized access, automated backups, Read Replicas, and snapshots, become all encrypted.

View Template
Enable IAM database authentication feature for AWS RDS DB instances.

This workflow enables IAM database authentication for RDS DB instances in order to use AWS Identity and Access Management (IAM) service to manage database access to your Amazon RDS MySQL and PostgreSQL instances. It provides multiple benefits such as in-transit encryption, centralized.

View Template
Enable deletion protection for RDS Aurora DB clusters

This workflow enables the deletion protection feature for Aurora DB clusters. Deletion protection prevents any existing or new Aurora database cluster, regardless of its type - provisioned or serverless, from being terminated by a root or IAM user using the AWS Management Console, AWS CLI or AWS API calls, unless the feature is explicitly disabled

View Template
Report AWS ElasticSearch domains which allows unknown cross account access.

Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.

View Template
Report total number of AWS elastic search domains.

Sends a report of Elastic Search domains if the total number of instances reach the threshold limit(10). Monitoring and configuring limits for the maximum number of Elasticsearch (ES) instances provisioned within your AWS account will help you to manage better your Elasticsearch compute resources.

View Template
Report AWS Elasticache cluster without In-transit and At-rest encryption.

Sends a report of ElastiCache cluster which does not have InTransit and At rest encryption enabled. Data encryption helps prevent unauthorized users from reading sensitive data available on your Redis clusters and their associated cache storage systems.

View Template
Report total number of elastic cache nodes.

Sends a report of total number of ElastiCache cluster, if the ElastiCache limit quota(threshold 5) defined for your AWS account is reached. Setting limits for the maximum number of ElastiCache cluster nodes provisioned within your AWS account will help you to better manage your ElastiCache compute resources and prevent unexpected charges on your AWS bill.

View Template
Report ElastiCache memcached cluster using default ports.

Sends a report of ElastiCache memcached cluster running on default port. Running your AWS ElastiCache clusters on the default port(ii.e. 11211) rises a potential security concern. Changing the default port to other ports adds an extra security layer to your AWS elasticache memcached clusters.

View Template
Report ElastiCache redis clusters using default port.

Sends a report of your AWS elastiCache redis clusters which are running on default port(i.e. 6379). Running your AWS ElastiCache clusters on the default port represent a potential security concern. Chaging the default ports will add an extra layer of security to your Redis cluster.

View Template
Report EC2 instances without cloudwatch alarms (specific metric)

Send a report having information of which cloudwatch alarms are missing in your AWS EC2 instances.

View Template
Find missing alarms in your AWS RDS DB instances.

Send a report having information of which cloudwatch alarms are missing in your AWS RDS DB instances .

View Template
Find missing alarms for in your AWS elasticSearch domains.

Send a report having information of which cloudwatch alarms are missing in your AWS elasticSearch domains.

View Template
Find missing alarms for your AWS ElastiCache clusters.

Send a report having information of which cloudwatch alarms are missing in your AWS ElastiCache clusters .

View Template
Report RDS DB instances that does not have desired instance type.

Send report of RDS instances provisioned in your AWS account, which does not have the desired instance type established by your organization. Restricting the type of Amazon RDS instances will help you address internal compliance requirements and also helps to save some extra cost.

View Template
Report AWS reserved RDS instances recent purchases

Identify any reserved RDS recent purchases and send a report of it. Checking your RDS Reserved Instances on a regular basis helps you to detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS monthly bill.

View Template
Report AWS reserved RDS instances pending purchases

Indentify any pending Reserved RDS instances and a send a report of it. Using RDS Reserved Instances over On-Demand Instances can save up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

View Template
Report AWS reserved RDS instances failed purchases.

Indentify any failed Reserved RDS instances and a send a report of it. Using RDS Reserved Instances over On-Demand Instances can save up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

View Template
Report ElasticSearch domains without cloudWatch alarms.

Send report of all the elasticSearch domains without a cloudwatch alarm attached to them.

View Template
Report AWS EC2 instances without cloudWatch alarms (Custom metric).

Send report for all the EC2 Instances without a cloudwatch alarm attached to them.

View Template
Report AWS ElastiCache clusters without CloudWatch alarms.

Send a report of ElastiCache clusters without a cloudwatch alarm attached to them.

View Template
Report idle AWS EC2 Instances.

This workflow send report of all the EC2 instances which are idle from the past 7 days and are launched before 7 days. Instance is identified as idle if its CPU Utilization is less than 2% and Network In/Out is less than 5MB. You can also give other configurations for this workflow.

View Template
Send report of all ec2 reserved instances that are purchased recently.

By checking your EC2 RI purchases on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS bill. By checking your EC2 RI purchases on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS bill.

View Template
Send report of failed EC2 reserved instances.

A failed AWS EC2 RI is an unsuccessful reservation that received the "payment-failed" status during the purchase process. Reserved Instances represent a good strategy to cut down on AWS EC2 costs but to fully receive the discount benefit you need to make sure that all your EC2 reservation purchases have been successfully completed.

View Template
Send report of all pending AWS EC2 reserved instances.

EC2 Reserved Instances represent an efficient strategy to cut down on AWS costs. However, to receive the billing discount benefit promoted by Amazon, you need to make sure that all your EC2 reservation purchases have been fully processed. Identify any pending Amazon EC2 Reserved Instance (RI) purchases available within your AWS account.

View Template
Send report of all aws elasticache reserved cache nodes that are purchased recently.

Checking your ElastiCache Reserved Cache Nodes on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS monthly bill. Ensure that all Amazon ElastiCache Reserved Cache Node (RCN) purchases are reviewed every 7 days.

View Template
Send report of all AWS elasticSearch reserved instances that are purchased recently

By verifying your Elasticsearch Reserved Instance purchases on a regular basis you can detect and cancel any unwanted purchases placed accidentally or intentionally within your AWS account in order to avoid unexpected charges on your AWS bill.

View Template
Send report of failed elasticSearch reserved instances in your AWS account.

A failed AWS ES RI is an unsuccessful reservation that receives the "payment-failed" status during the purchasing process. Elasticsearch Reserved Instances can provide significant cost savings (up to 52% discount). However, to receive the discount benefit you need to make sure that all your AWS ES reservation purchases have been successfully completed.

View Template
Send report of any failed ElastiCache Reserved Cache Nodes (RCNs) available within your AWS account .

A failed ElastiCache RCN is an unsuccessful reservation that received the "payment-failed" status during the purchase process. The cost savings when using ElastiCache Reserved Cache Nodes over standard On-Demand Cache Nodes are up to 70% when used in steady state, therefore in order to receive this discount benefit you need to make sure that all your ElastiCache reservation purchases have been successfully completed.

View Template
Send report of any pending ElastiCache Reserved Cache Nodes (RCNs) available within your AWS account.

A payment-pending ElastiCache RCN purchase is a reservation purchase that can`t be fully processed due to issues with the payment method utilized The cost savings when using ElastiCache Reserved Cache Nodes over standard On-Demand Cache Nodes are up to 70% when used in steady state, therefore in order to receive this discount benefit you need to make sure that all your ElastiCache reservation purchases have been fully processed.

View Template
Send report of any pending elalsticSearch Reserved instances in your AWS account

A pending AWS Elasticsearch Reserved Instance is an incomplete reservation that receives the "payment-pending" status during the purchasing process due to issues with the payment method. Using Reserved Instances is one of the best cost optimization strategies when working with AWS Elasticsearch service. To fully receive the discount benefit, make sure that all your Elasticsearch reservation purchases have been fully processed.

View Template
Enable multi AZ deployment configuration for your ElastiCache redis cluster

Enabling the Multi-AZ Automatic Failover feature for your Redis Cache clusters will improve the fault tolerance in case the read/write primary node becomes unreachable due to loss of network connectivity, loss of availability in the primary’s AZ, etc. This template this feature for your ElastiCache cluster.

View Template
Send report of AWS ElastiCache clusters if it is provisioned within EC2 classic platform

Amazon ElastiCache clusters using EC2-VPC platform instead of EC2-Classic can bring multiple advantages such as better flexibility and control over the cache clusters security, availability, traffic routing and more. This template ensure that your ElastiCache clusters are provisioned within the AWS EC2-VPC platform or not.

View Template
Send report of your AWS elasticache cluster if they do not have the desired node type established by your organization

Setting limits for the type of AWS ElastiCache cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS ElastiCache cluster nodes have the desired type established by your organization based on the caching workload required.

View Template
Update your Amazon ElastiCache Memcached cluster to stable latest engine version

Using ElastiCache clusters with the latest version of memcached cache engine you will benefit from new features and enhancements, better performance, better memory management, bug fixes and security patches. In order to adhere to AWS best practices, update your Amazon ElastiCache memcached cluster to stable latest engine version.

View Template
Update your Amazon ElastiCache Redis cluster to stable latest engine version

Using ElastiCache clusters with the latest version of Redis cache engine you will benefit from new features and enhancements, better performance, better memory management, bug fixes and security patches. In order to adhere to AWS best practices, update your Amazon ElastiCache Redis cluster to stable latest engine version.

View Template
Send Report of unencrypted AWS ElastiCache Redis Cluster.

AWS ElastiCache Redis clusters are encrypted in order to meet security and compliance requirements. Data encryption helps prevent unauthorized users from reading sensitive data available on your Redis clusters and their associated cache storage systems. It is highly recommended to implement encryption in order to protect it from unauthorized access and fulfill compliance requirements for data-at-rest and in-transit encryption within your organization.

View Template
Send report of security group which allows Elastic Search(TCP port 9200) access from public IP.

It is AWS best practice to remove entries in security group which allows Elastic Search access from public IP to reduce possibility of breach. Allowing unrestricted Elastic Search access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

View Template
AWS Automation Builder by TotalCloud - The easiest and fastest way to automate AWS | Product Hunt Embed