Available Templates

Report Idle RDS DB instances.

Sends a report if any of the RDS DB instances present in your AWS account is appeared to be idle. Identifying and removing idle resources from your AWS account is best practice to reduce AWS costs.

View Template
Report Redshift clusters with high CPU utilization.

Sends a report of Redshift cluster if CPU utilization goes above than 90 %. Clusters with high CPU utilization should be rebooted this will improve the performance.

View Template
Report EMR clusters with high CPU utilization.

Sends a report of EMR clusters if there HDFS utilization goes above than 90 %. Instances with high HDFS utilization should be rebooted this will improve the performance.

View Template
Report RDS instances with high CPU utilization.

Sends a report of RDS instances if there CPU utilization goes above than 90 %. Instances with high CPUUtilization should be rebooted this will improve the performance.

View Template
Report Elasticache cluster with high CPU utilization.

Sends a report of Elasticache clusters if there CPU utilization goes above than 90 %. Clusters with high CPUUtilization should be rebooted this will improve the performance.

View Template
Report EC2 instances with high utilization.

Sends a report of EC2 instances if there CPU utilization goes above than 90 %. Instances with high CPUUtilization should be rebooted this will improve the performance.

View Template
Report If Origin Failover Not Enabled for CloudFront Distributions

Origin Failover for Cloudfront Distributions ensures optimal availability to the end users. This capability allows us to set two origins for the CloudFront distribution, serving from the secondary origin in the event of the failure of the first origin. This ensures maximum reliability.

View Template
Send A Report If EC2 AMI Is Too Old

Ensuring that the EC2 AMIs being used are not outdated ensures that the deployments are secure and reliable. Ensuring that they are not older than 180 days old ensures that they meet security and reliability requirements.

View Template
Send A Report If EC2 AMI Is Too Old

Ensuring that the EC2 AMIs being used are not outdated ensures that the deployments are secure and reliable. Ensuring that they are not older than 180 days old ensures that they meet security and reliability requirements.

View Template
Send A Report If EC2 Detailed Monitoring Is Off

Detailed monitoring ensures that we have enough data to make informed choices about the compute resources on AWS. Standard monitoring occurs in intervals of five minutes. Detailed monitoring ensures that the instances are monitored at one minute intervals. This enables the user to view trends better and sanction resources in an efficient manner.

View Template
Report If High EC2 Instance Security Group Rules Count

A high number of security group rules for EC2 instances increases latency and impacts network performance when trying to access the instance. Reducing redundant and overlapping rules helps to ensure optimal performance.

View Template
Report If EC2 Instance Termination Protection Is Disabled

EC2 Termination Protection ensures that the instances cannot be terminated accidentally from the Console, API or CLI. These instances can be terminated only after the termination protection setting is turned off.

View Template
Reboot If EC2 Instance Is Old

This workflow will reboot the EC2 instances if they are older than 180 days. Instances that are running for too long increase the possibility of issues. Relaunching them ensures that they are reallocated to more reliable and newer hardware.

View Template
Report if EC2 Hibernation Not Enabled

EC2 Instances have hibernation as an additional state option, and is useful for certain cases where startup time needs to be minimized. During hibernation, contents from the instance RAM are stored on the EBS Root Volume. Hibernation allows the instances to start much faster than from the conventional stop state.

View Template
Report idle EMR Clusters

Sends a report if Any of the EMR cluster present in your AWS account is appeared to be idle. Identifying an removing idle resources is a great practice to reduce AWS cost.

View Template
Report idle ELB's.

Sends a report if The sum of the requests made to the load balancer in the past 7 days is less than 100. Idle load balancers represent a good candidate to reduce your monthly AWS costs and avoid accumulating unnecessary usage charges.

View Template
Report idle Redshift Clusters

Sends a report if any of the Redshift cluster present in your AWS account is appeared to be idle. Identifying and removing idle resources from your AWS account is best practice to reduce AWS costs.

View Template
Report Elasticache idle clusters.

Sends a report if Any of the Elasticache cluster present in your AWS account is appeared to be idle. Identifying and removing idle resources is a great practice to reduce AWS cost.

View Template
Report Redshift Clusters which are not using desired node type

Sends a report, if AWS Redshift Clusters present in your aws account are not using desired node type established by your organization. Setting limits for the type of AWS Redshift cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill.

View Template
Report If Redshift Cluster Is Publicly Accessible

Sends a report if the Redshift Clusters are publicly accessible. This will ensure that unauthorised machines cannot establish a connection to the clusters.

View Template
Report If Redshift Clusters Are Not Encrypted

Sends a report if the AWS Redshift Clusters are not encrypted. Enabling encryption ensures that there is no unauthorised access to the data.

View Template
Report If Redshift Clusters Use Default Port

Sends a report if any of the Redshift Clusters are using the default endpoint ports. This will provide an extra layer of security against port scanning and network attacks.

View Template
Report If Default Master Username Used In Redshift Cluster

Sends a report if the default master username is used in the Redshift Cluster. Changing to a custom username enhances the protection of AWS Redshift Clusters against hacking.

View Template
Receive Redshift Cluster Updates Automatically

Sends a report if the Redshift Clusters are not configured to receive automatic updates during the maintenance window.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Checking Redshift Snapshot Retention Period

Sends a report if the automated snapshots on Redshift are disabled (snapshot retention period set to zero). Automated snapshots are advantageous over manual as they improve data protection and recoverability.

View Template
Report Cloud front distributions wihtout FieldLevel Encryption enabled.

Sends a report if field-level encryption is not enabled for your Amazon CloudFront web distributions. Using CloudFront field-level encryption helps you add an extra layer of security, along with SSL encryption (HTTPS).

View Template
Report AWS CloudFront Distributions without S3 as an Origin.

Sends a report if origin access identity feature is not enabled for all your AWS Cloudfront CDN distributions. With origin access identity enabled, your Amazon Cloudfront distributions can be much more cost effective.

View Template
Report CloudFront that does not Compress Objects Automatically.

Sends a report if Amazon Cloudfront Content Delivery Network (CDN) distributions are not configured to automatically compress content for web requests that include "Accept-Encoding: gzip" in the header. Configuring your Cloudfront distributions to compress the web content served can optimise your AWS cloud costs and speed up your web applications.

View Template
Report CloudFront without minimum Protocol Version.

Sends a report if your Amazon CloudFront distributions are not using a security policy with minimum TLSv1.1 or TLSv1.2 and appropriate security ciphers for HTTPS viewer connections. using minimum protocol version can help you improve further the security of the web applications that utilize these distributions.

View Template
Report unused CloudFronts.

Sends a report if AWS CloudFront Content Delivery Network (CDN) service is not used within your AWS account. Using AWS cloudFront content delivery network service increases the performance, security, reliability and availability of your websites/applications content delivery process.

View Template
Report DB Instance Generation (Memory Optimized)

Sends a report if RDS databases instances provisioned within your AWS account are using the previous generation of instance classes. Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance.

View Template
Report DB Instance Generation (Micro Instances)

Sends a report if RDS databases instances provisioned within your AWS account are using the previous generation of instance classes. Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance.

View Template
Report DB Instance Generation (General Purpose)

Sends a report if RDS databases instances provisioned within your AWS account are using the previous generation of instance classes. Using the latest generation of RDS database instances instead of the previous generation instances has tangible benefits such as better hardware performance.

View Template
Report Unrestricted Network ACL for Outbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for outbound rules allow traffic from all ports. Restricting limits of outbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Outbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for outbound rules allow traffic from all ports. Restricting limits of outbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report Unrestricted Network ACL for Inbound Rules.

Sends a report if AWS Network Access Control Lists (NACLs) for inbound rules allow traffic from all ports. Restricting limits of inbound users will add an extra layer of security to our resources.

View Template
Report CloudFront distributions without Geo Restriction enabled.

Send a report if geo restriction is not enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country. Enabling geo restriction will help us allow or restrict users from specific locations.

View Template
Report cloudFront distribution not integrated with WAF

Sends a report if all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service. With AWS Cloudfront – WAF integration enabled you can block any malicious requests made to your Cloudfront CDN based on the criteria defined in the WAF Web ACL.

View Template
Report cloudFront distribution not integrated with WAF

Sends a report if all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service. With AWS Cloudfront – WAF integration enabled you can block any malicious requests made to your Cloudfront CDN based on the criteria defined in the WAF Web ACL.

View Template
Report cloudFront distributions using http-only encryption

Sends a report if the communication between your AWS CloudFront distributions and their custom origins is not encrypted using HTTPS in order to secure the delivery of your web content.

View Template
Report SQS queues without tags.

This workflow sends a report of SQS Queues which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report ECR repositories without tags.

This workflow sends a report of ECR Repositories which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Neptune clusters without tags.

This workflow sends a report of Neptune DB clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report EMR clusters without tags.

This workflow sends a report of EMR clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Dynamo DB tables without tags.

This workflow sends a report of DynamoDB Tables which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Kinesis streams without tags.

This workflow sends a report of kinesis streams which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report cloud front distributions without tags.

This workflow sends a report of cloud front distributions which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report ELB's without tags.

This workflow sends a report of ELB's which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report AWS ALB'S without Web Application Firewall enabled.

Sends a report for your AWS ALB's if Web application firewall is not enabled for them. Enabling WAF add more security to your AWS resources.

View Template
Report RDS DB (aurora, mySql, mariaDb) instances using default ports.

Sends a report if RDS DB (aurora, mySql, mariaDb) instances in your AWS account are using default ports(3306). Running your database instances on default ports represent a potential security concern.

View Template
Report total number of SQS queues.

Sends report if total number of SQS queues in your AWS account exceeds the limit.

View Template
Report SQS queues without server side encryption enabled.

This workflow sends a report for SQS queues if their sever side encryption is not enabled. Amazon Simple Queue Service (SQS) queues are protecting the contents of their messages using Server-Side Encryption (SSE). It is highly recommended to implement encryption in order to make the contents of these messages unavailable to unauthorized or anonymous users.

View Template
Report SQS exposed queues.

This workflow sends a report for SQS queues which are publicly accessible. Allowing anonymous users to have access to your SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report AWS RDS DB instances without cloudWatch log exports enabled.

Sends a report if cloudwatch log exports is not enabled for your RDS DB instances. By publishing database logs to Amazon CloudWatch, you can build richer and more seamless interactions with your database instance logs using AWS services.

View Template
Report AWS elasticSearch domains using default AWS key for encryption.

Sends a report if your AWS elasticSearch cluster is using default AWS key instead of KMS Customer Master Keys (CMKs) for encryption. When you use your own KMS Customer Master Keys you have full control over who can use these keys to access the clusters data.

View Template
Report AWS elasticSearch exposed domains.

Sends a report if AWS elasticSearch domains are publicly accessible. Allowing public access to your ES domains is not recommended and is considered bad practice.

View Template
Report AWS elasticSearch domains without VPC.

Sends a report if your AWS elasticSearch domains are not running in VPC. AWS VPCs are for better flexibility and control over the clusters access and security. AWS Elasticsearch domains that reside within a VPC have an extra layer of security when compared to ES domains that use public endpoints.

View Template
Report AWS elastic Search domains without node to node encryption enabled.

Sends a report if node to node encryption is not enabled for your AWS elasticSearch domains. ElasticSearch node-to-node encryption capability provides the additional layer of security by implementing Transport Layer Security (TLS) for all communications between the nodes provisioned within the cluster.

View Template
Report AWS ELasticSearch domains without encryption at rest.

Sends a report if encryption at rest is not enabled for your AWS elasticSearch domains. Encryption of data at rest helps prevent unauthorized users from reading sensitive information available on your ES domains (clusters) and their storage systems.

View Template
Send report elastiSearch instances not having the desired instance and dedicated master type established by your organization

Setting limits for the type of AWS ElasticSearch instances will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS instances and dedicated master have the desired type established by your organization based on the caching workload required.

View Template
Report ElasticSearch domains without tags.

This workflow sends a report of ElasticSearch domains which does not have tags established by their organisations. Which tags are missing can be found in the report generated

View Template
Report ElastiCache clusters without tags.

This workflow sends a report of ElastiCache clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated

View Template
Report Redshift clusters without tags.

This workflow sends a report of Redshift clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report EC2 instances without tags.

This workflow sends a report of EC2 instances which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report RDS instances missing tags.

This workflow sends a report of RDS instances which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report RDS database master username.

Sends a report if RDS databases are using "awsuser" as master username. "Awsuser" is the Amazon's example (default) for the RDS database master username, many AWS customers will use this username for their RDS databases in production which can lead to malicious activities.

View Template
Enable deletion protection for RDS DB instances

This workflow enables the deletion protection feature for RDS DB instances. Deletion protection prevents any existing or new RDS database instances from being deleted by users via the AWS Management Console, the CLI or the API calls, unless the feature is explicitly disabled.

View Template
Report total number of AWS RDS DB instances.

Send a report if total number of AWS RDS instances reaches threshold limit. Setting limits for the maximum number of RDS instances provisioned within your AWS account will help you to manage better your database compute resources, prevent unexpected charges on your AWS bill

View Template
Report AWS RDS instances that are not encrypted.

Sends a report of AWS RDS DB instances which are not encrypted. Having encryption enabled for your RDS DB instances will help you to protect your data from unauthorized access, automated backups, Read Replicas, and snapshots, become all encrypted.

View Template
Enable IAM database authentication feature for AWS RDS DB instances.

This workflow enables IAM database authentication for RDS DB instances in order to use AWS Identity and Access Management (IAM) service to manage database access to your Amazon RDS MySQL and PostgreSQL instances. It provides multiple benefits such as in-transit encryption, centralized.

View Template
Enable deletion protection for RDS Aurora DB clusters

This workflow enables the deletion protection feature for Aurora DB clusters. Deletion protection prevents any existing or new Aurora database cluster, regardless of its type - provisioned or serverless, from being terminated by a root or IAM user using the AWS Management Console, AWS CLI or AWS API calls, unless the feature is explicitly disabled

View Template
Report AWS ElasticSearch domains which allows unknown cross account access.

Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.

View Template
Report total number of AWS elastic search domains.

Sends a report of Elastic Search domains if the total number of instances reach the threshold limit(10). Monitoring and configuring limits for the maximum number of Elasticsearch (ES) instances provisioned within your AWS account will help you to manage better your Elasticsearch compute resources.

View Template
Report AWS Elasticache cluster without In-transit and At-rest encryption.

Sends a report of ElastiCache cluster which does not have InTransit and At rest encryption enabled. Data encryption helps prevent unauthorized users from reading sensitive data available on your Redis clusters and their associated cache storage systems.

View Template
Report total number of elastic cache nodes.

Sends a report of total number of ElastiCache cluster, if the ElastiCache limit quota(threshold 5) defined for your AWS account is reached. Setting limits for the maximum number of ElastiCache cluster nodes provisioned within your AWS account will help you to better manage your ElastiCache compute resources and prevent unexpected charges on your AWS bill.

View Template
Report ElastiCache memcached cluster using default ports.

Sends a report of ElastiCache memcached cluster running on default port. Running your AWS ElastiCache clusters on the default port(ii.e. 11211) rises a potential security concern. Changing the default port to other ports adds an extra security layer to your AWS elasticache memcached clusters.

View Template
Report ElastiCache redis clusters using default port.

Sends a report of your AWS elastiCache redis clusters which are running on default port(i.e. 6379). Running your AWS ElastiCache clusters on the default port represent a potential security concern. Chaging the default ports will add an extra layer of security to your Redis cluster.

View Template
Report EC2 instances without cloudwatch alarms (specific metric)

Send a report having information of which cloudwatch alarms are missing in your AWS EC2 instances.

View Template
Find missing alarms in your AWS RDS DB instances.

Send a report having information of which cloudwatch alarms are missing in your AWS RDS DB instances .

View Template
Find missing alarms for in your AWS elasticSearch domains.

Send a report having information of which cloudwatch alarms are missing in your AWS elasticSearch domains.

View Template
Find missing alarms for your AWS ElastiCache clusters.

Send a report having information of which cloudwatch alarms are missing in your AWS ElastiCache clusters .

View Template
Report RDS DB instances that does not have desired instance type.

Send report of RDS instances provisioned in your AWS account, which does not have the desired instance type established by your organization. Restricting the type of Amazon RDS instances will help you address internal compliance requirements and also helps to save some extra cost.

View Template
Report AWS reserved RDS instances recent purchases

Identify any reserved RDS recent purchases and send a report of it. Checking your RDS Reserved Instances on a regular basis helps you to detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS monthly bill.

View Template
Report AWS reserved RDS instances pending purchases

Indentify any pending Reserved RDS instances and a send a report of it. Using RDS Reserved Instances over On-Demand Instances can save up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

View Template
Report AWS reserved RDS instances failed purchases.

Indentify any failed Reserved RDS instances and a send a report of it. Using RDS Reserved Instances over On-Demand Instances can save up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

View Template
Report ElasticSearch domains without cloudWatch alarms.

Send report of all the elasticSearch domains without a cloudwatch alarm attached to them.

View Template
Report AWS EC2 instances without cloudWatch alarms (Custom metric).

Send report for all the EC2 Instances without a cloudwatch alarm attached to them.

View Template
AWS Automation Builder by TotalCloud - The easiest and fastest way to automate AWS | Product Hunt Embed