By Solution

24 Times Used
22 MAY 2019
Report SQS queues without tags.

This workflow sends a report of SQS Queues which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report ECR repositories without tags.

This workflow sends a report of ECR Repositories which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Neptune clusters without tags.

This workflow sends a report of Neptune DB clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report EMR clusters without tags.

This workflow sends a report of EMR clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Dynamo DB tables without tags.

This workflow sends a report of DynamoDB Tables which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report Kinesis streams without tags.

This workflow sends a report of kinesis streams which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report cloud front distributions without tags.

This workflow sends a report of cloud front distributions which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report ELB's without tags.

This workflow sends a report of ELB's which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report AWS ALB'S without Web Application Firewall enabled.

Sends a report for your AWS ALB's if Web application firewall is not enabled for them. Enabling WAF add more security to your AWS resources.

View Template
Report RDS DB (aurora, mySql, mariaDb) instances using default ports.

Sends a report if RDS DB (aurora, mySql, mariaDb) instances in your AWS account are using default ports(3306). Running your database instances on default ports represent a potential security concern.

View Template
Report total number of SQS queues.

Sends report if total number of SQS queues in your AWS account exceeds the limit.

View Template
Report SQS queues without server side encryption enabled.

This workflow sends a report for SQS queues if their sever side encryption is not enabled. Amazon Simple Queue Service (SQS) queues are protecting the contents of their messages using Server-Side Encryption (SSE). It is highly recommended to implement encryption in order to make the contents of these messages unavailable to unauthorized or anonymous users.

View Template
Report SQS exposed queues.

This workflow sends a report for SQS queues which are publicly accessible. Allowing anonymous users to have access to your SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues not encrypted with KMS CMK key.

This workflow sends a report for SQS queues that are not encrypted with KMS CMK keys. By using your own KMS CMK keys , you obtain full control over who can use the CMK keys and access the data encrypted within queue messages.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report SQS queues with cross account access.

This template sends a report of SQS queues if access to unauthorized cross account entities are allowed. Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission.

View Template
Report AWS RDS DB instances without cloudWatch log exports enabled.

Sends a report if cloudwatch log exports is not enabled for your RDS DB instances. By publishing database logs to Amazon CloudWatch, you can build richer and more seamless interactions with your database instance logs using AWS services.

View Template
Report AWS elasticSearch domains using default AWS key for encryption.

Sends a report if your AWS elasticSearch cluster is using default AWS key instead of KMS Customer Master Keys (CMKs) for encryption. When you use your own KMS Customer Master Keys you have full control over who can use these keys to access the clusters data.

View Template
Report AWS elasticSearch exposed domains.

Sends a report if AWS elasticSearch domains are publicly accessible. Allowing public access to your ES domains is not recommended and is considered bad practice.

View Template
Report AWS elasticSearch domains without VPC.

Sends a report if your AWS elasticSearch domains are not running in VPC. AWS VPCs are for better flexibility and control over the clusters access and security. AWS Elasticsearch domains that reside within a VPC have an extra layer of security when compared to ES domains that use public endpoints.

View Template
Report AWS elastic Search domains without node to node encryption enabled.

Sends a report if node to node encryption is not enabled for your AWS elasticSearch domains. ElasticSearch node-to-node encryption capability provides the additional layer of security by implementing Transport Layer Security (TLS) for all communications between the nodes provisioned within the cluster.

View Template
Report AWS ELasticSearch domains without encryption at rest.

Sends a report if encryption at rest is not enabled for your AWS elasticSearch domains. Encryption of data at rest helps prevent unauthorized users from reading sensitive information available on your ES domains (clusters) and their storage systems.

View Template
Send report elastiSearch instances not having the desired instance and dedicated master type established by your organization

Setting limits for the type of AWS ElasticSearch instances will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS instances and dedicated master have the desired type established by your organization based on the caching workload required.

View Template
Report ElasticSearch domains without tags.

This workflow sends a report of ElasticSearch domains which does not have tags established by their organisations. Which tags are missing can be found in the report generated

View Template
Report ElastiCache clusters without tags.

This workflow sends a report of ElastiCache clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated

View Template
Report Redshift clusters without tags.

This workflow sends a report of Redshift clusters which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report EC2 instances without tags.

This workflow sends a report of EC2 instances which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report RDS instances missing tags.

This workflow sends a report of RDS instances which does not have tags established by their organisations. Which tags are missing can be found in the report generated.

View Template
Report RDS database master username.

Sends a report if RDS databases are using "awsuser" as master username. "Awsuser" is the Amazon's example (default) for the RDS database master username, many AWS customers will use this username for their RDS databases in production which can lead to malicious activities.

View Template
Enable deletion protection for RDS DB instances

This workflow enables the deletion protection feature for RDS DB instances. Deletion protection prevents any existing or new RDS database instances from being deleted by users via the AWS Management Console, the CLI or the API calls, unless the feature is explicitly disabled.

View Template
Report total number of AWS RDS DB instances.

Send a report if total number of AWS RDS instances reaches threshold limit. Setting limits for the maximum number of RDS instances provisioned within your AWS account will help you to manage better your database compute resources, prevent unexpected charges on your AWS bill

View Template
Report AWS RDS instances that are not encrypted.

Sends a report of AWS RDS DB instances which are not encrypted. Having encryption enabled for your RDS DB instances will help you to protect your data from unauthorized access, automated backups, Read Replicas, and snapshots, become all encrypted.

View Template
Enable IAM database authentication feature for AWS RDS DB instances.

This workflow enables IAM database authentication for RDS DB instances in order to use AWS Identity and Access Management (IAM) service to manage database access to your Amazon RDS MySQL and PostgreSQL instances. It provides multiple benefits such as in-transit encryption, centralized.

View Template
Enable deletion protection for RDS Aurora DB clusters

This workflow enables the deletion protection feature for Aurora DB clusters. Deletion protection prevents any existing or new Aurora database cluster, regardless of its type - provisioned or serverless, from being terminated by a root or IAM user using the AWS Management Console, AWS CLI or AWS API calls, unless the feature is explicitly disabled

View Template
Report AWS ElasticSearch domains which allows unknown cross account access.

Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.

View Template
Report total number of AWS elastic search domains.

Sends a report of Elastic Search domains if the total number of instances reach the threshold limit(10). Monitoring and configuring limits for the maximum number of Elasticsearch (ES) instances provisioned within your AWS account will help you to manage better your Elasticsearch compute resources.

View Template
Report AWS Elasticache cluster without In-transit and At-rest encryption.

Sends a report of ElastiCache cluster which does not have InTransit and At rest encryption enabled. Data encryption helps prevent unauthorized users from reading sensitive data available on your Redis clusters and their associated cache storage systems.

View Template
Report total number of elastic cache nodes.

Sends a report of total number of ElastiCache cluster, if the ElastiCache limit quota(threshold 5) defined for your AWS account is reached. Setting limits for the maximum number of ElastiCache cluster nodes provisioned within your AWS account will help you to better manage your ElastiCache compute resources and prevent unexpected charges on your AWS bill.

View Template
Report ElastiCache memcached cluster using default ports.

Sends a report of ElastiCache memcached cluster running on default port. Running your AWS ElastiCache clusters on the default port(ii.e. 11211) rises a potential security concern. Changing the default port to other ports adds an extra security layer to your AWS elasticache memcached clusters.

View Template
Report ElastiCache redis clusters using default port.

Sends a report of your AWS elastiCache redis clusters which are running on default port(i.e. 6379). Running your AWS ElastiCache clusters on the default port represent a potential security concern. Chaging the default ports will add an extra layer of security to your Redis cluster.

View Template
Report EC2 instances without cloudwatch alarms (specific metric)

Send a report having information of which cloudwatch alarms are missing in your AWS EC2 instances.

View Template
Find missing alarms in your AWS RDS DB instances.

Send a report having information of which cloudwatch alarms are missing in your AWS RDS DB instances .

View Template
Find missing alarms for in your AWS elasticSearch domains.

Send a report having information of which cloudwatch alarms are missing in your AWS elasticSearch domains.

View Template
Find missing alarms for your AWS ElastiCache clusters.

Send a report having information of which cloudwatch alarms are missing in your AWS ElastiCache clusters .

View Template
Report RDS DB instances that does not have desired instance type.

Send report of RDS instances provisioned in your AWS account, which does not have the desired instance type established by your organization. Restricting the type of Amazon RDS instances will help you address internal compliance requirements and also helps to save some extra cost.

View Template
Report AWS reserved RDS instances recent purchases

Identify any reserved RDS recent purchases and send a report of it. Checking your RDS Reserved Instances on a regular basis helps you to detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS monthly bill.

View Template
Report AWS reserved RDS instances pending purchases

Indentify any pending Reserved RDS instances and a send a report of it. Using RDS Reserved Instances over On-Demand Instances can save up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

View Template
Report AWS reserved RDS instances failed purchases.

Indentify any failed Reserved RDS instances and a send a report of it. Using RDS Reserved Instances over On-Demand Instances can save up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

View Template
Report ElasticSearch domains without cloudWatch alarms.

Send report of all the elasticSearch domains without a cloudwatch alarm attached to them.

View Template
Report AWS EC2 instances without cloudWatch alarms (Custom metric).

Send report for all the EC2 Instances without a cloudwatch alarm attached to them.

View Template
Report AWS ElastiCache clusters without CloudWatch alarms.

Send a report of ElastiCache clusters without a cloudwatch alarm attached to them.

View Template
Report idle AWS EC2 Instances.

This workflow send report of all the EC2 instances which are idle from the past 7 days and are launched before 7 days. Instance is identified as idle if its CPU Utilization is less than 2% and Network In/Out is less than 5MB. You can also give other configurations for this workflow.

View Template
Send report of all ec2 reserved instances that are purchased recently.

By checking your EC2 RI purchases on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS bill. By checking your EC2 RI purchases on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS bill.

View Template
Send report of failed EC2 reserved instances.

A failed AWS EC2 RI is an unsuccessful reservation that received the "payment-failed" status during the purchase process. Reserved Instances represent a good strategy to cut down on AWS EC2 costs but to fully receive the discount benefit you need to make sure that all your EC2 reservation purchases have been successfully completed.

View Template
Send report of all pending AWS EC2 reserved instances.

EC2 Reserved Instances represent an efficient strategy to cut down on AWS costs. However, to receive the billing discount benefit promoted by Amazon, you need to make sure that all your EC2 reservation purchases have been fully processed. Identify any pending Amazon EC2 Reserved Instance (RI) purchases available within your AWS account.

View Template
Send report of all aws elasticache reserved cache nodes that are purchased recently.

Checking your ElastiCache Reserved Cache Nodes on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account and avoid unexpected charges on your AWS monthly bill. Ensure that all Amazon ElastiCache Reserved Cache Node (RCN) purchases are reviewed every 7 days.

View Template
Send report of all AWS elasticSearch reserved instances that are purchased recently

By verifying your Elasticsearch Reserved Instance purchases on a regular basis you can detect and cancel any unwanted purchases placed accidentally or intentionally within your AWS account in order to avoid unexpected charges on your AWS bill.

View Template
Send report of failed elasticSearch reserved instances in your AWS account.

A failed AWS ES RI is an unsuccessful reservation that receives the "payment-failed" status during the purchasing process. Elasticsearch Reserved Instances can provide significant cost savings (up to 52% discount). However, to receive the discount benefit you need to make sure that all your AWS ES reservation purchases have been successfully completed.

View Template
Send report of any failed ElastiCache Reserved Cache Nodes (RCNs) available within your AWS account .

A failed ElastiCache RCN is an unsuccessful reservation that received the "payment-failed" status during the purchase process. The cost savings when using ElastiCache Reserved Cache Nodes over standard On-Demand Cache Nodes are up to 70% when used in steady state, therefore in order to receive this discount benefit you need to make sure that all your ElastiCache reservation purchases have been successfully completed.

View Template
Send report of any pending ElastiCache Reserved Cache Nodes (RCNs) available within your AWS account.

A payment-pending ElastiCache RCN purchase is a reservation purchase that can`t be fully processed due to issues with the payment method utilized The cost savings when using ElastiCache Reserved Cache Nodes over standard On-Demand Cache Nodes are up to 70% when used in steady state, therefore in order to receive this discount benefit you need to make sure that all your ElastiCache reservation purchases have been fully processed.

View Template
Send report of any pending elalsticSearch Reserved instances in your AWS account

A pending AWS Elasticsearch Reserved Instance is an incomplete reservation that receives the "payment-pending" status during the purchasing process due to issues with the payment method. Using Reserved Instances is one of the best cost optimization strategies when working with AWS Elasticsearch service. To fully receive the discount benefit, make sure that all your Elasticsearch reservation purchases have been fully processed.

View Template
Enable multi AZ deployment configuration for your ElastiCache redis cluster

Enabling the Multi-AZ Automatic Failover feature for your Redis Cache clusters will improve the fault tolerance in case the read/write primary node becomes unreachable due to loss of network connectivity, loss of availability in the primary’s AZ, etc. This template this feature for your ElastiCache cluster.

View Template
Send report of your AWS elasticache cluster if they do not have the desired node type established by your organization

Setting limits for the type of AWS ElastiCache cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS ElastiCache cluster nodes have the desired type established by your organization based on the caching workload required.

View Template
Send report of security group which allows Elastic Search(TCP port 9200) access from public IP.

It is AWS best practice to remove entries in security group which allows Elastic Search access from public IP to reduce possibility of breach. Allowing unrestricted Elastic Search access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

View Template
Remove entries in security group which allows FTP( TCP port 20 and 21) access from public IP.

It is AWS best practice to remove entries in security group which allows FTP access from public IP to reduce possibility of breach. Allowing unrestricted FTP access can increase threats such as brute-force attacks, FTP bounce attacks, spoofing attacks and packet capture. .

View Template
Report RDS DBInstances without CloudWatch Alarms

Sends a report with all the RDS DBInstances without a cloudwatch alarm attached to them.

View Template
Removes the empty autoscaling groups available within your aws account.

It is AWS best practice to identify an empty autoscaling group available in your AWS account and delete them in order to avoid unneeded cost and better management of AWS resources. Autoscaling group is considered as empty when it doesn't have any EC2 instances attached and is not associated with an Elastic Load Balancer (ELB).

View Template
Remove entries in Security Group which allow https access on public ip

It is AWS best practice to remove entries in security group which allows HTTPS access from public IP to reduce possibility of breach. Allowing unrestricted HTTPS access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data

View Template
Enable AWS RDS Auto Minor Version Upgrade

Checks and enables Auto Minor Version Upgrade of RDS Database instance.

View Template
Set DLQ for tagged Lambda Functions to SQS

Dead Letter Queues takes in all messages that cannot be successfully handled by Lambdas. It is directly supported with SQS in Lambda configuration as well.

View Template
Report public RDS Instances weekly

This template generates a weekly report of public RDS Instances, establishing AWS security of your sensitive data.

View Template
Take a Snapshot of Volume every 3 days

This template backs up the data on your Amazon EBS volumes to Amazon S3 by taking snapshots every 3 days for durable recovery. These incremental backups enable you to safeguard your sensitive data.

View Template
AWS Automation Builder by TotalCloud - The easiest and fastest way to automate AWS | Product Hunt Embed