Usecase Universe

A collective of use cases for DevOps teams

Browse a variety of 200+ predefined templates to automate all your AWS actions

Compliance

24 Times Used
22 MAY 2019
Remove entries in security group which allows Oracle DB(TCP port 1521 ) access from public IP.

It is AWS best practice to remove entries in security group which allows Oracle DB access from public IP to reduce possibility of breach. Allowing unrestricted Oracle access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

Send report of security group which allows DNS(TCP port 53 and UDP port 53 ) access from public IP.

It is AWS best practice to remove entries in security group which allows DNS access from public IP to reduce possibility of breach. Allowing unrestricted DNS access can increase threats such as Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks.

Send report of security groups that allow http access from public IP.

It is AWS best practice to get aware of security groups which allows HTTP access from public IP to reduce possibility of breach. Allowing unrestricted HTTP access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

ACM Certificates with Wildcard Domain Names

Reports all the ACM Certificates which have Wildcard Domain Names.

Daily/weekly reports of Lambda Function DeadLetterErrors

Logs Lambda Function DeadLetterErrors over the last 7 days.

Send report of your AWS elasticache cluster if they do not have the desired node type established by your organization

Setting limits for the type of AWS ElastiCache cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS ElastiCache cluster nodes have the desired type established by your organization based on the caching workload required.

Enable version upgrade for redshift cluster if not already enabled

This workflow enables Version Upgrade feature on your Redshift cluster. AWS Redshift engine upgrades will occur automatically so the data warehouse service engine can get the newest features, bug fixes or the latest security patches released.

Report AWS ELasticSearch domains without encryption at rest.

Sends a report if encryption at rest is not enabled for your AWS elasticSearch domains. Encryption of data at rest helps prevent unauthorized users from reading sensitive information available on your ES domains (clusters) and their storage systems.

Ensure all your AWS AMIs are private

AWS AMIS created by you might contain sensitive information like your application or its data that should not be exposed outside your organisation. This workflow modifies AMI access from public to private.

Send report of Security Groups which allows Netbios(TCP port 139 and UDP ports 137, 138 ) access from public IP.

It is AWS best practice to get aware of Security Groups which allows Netbios access from public IP to reduce possibility of breach. Allowing unrestricted Netbios access can increase threats like man-in-the-middle attacks (MITM), Denial of Service (DoS) attacks or BadTunnel exploits.

Schedule Stop EC2 Machine

This enables users to schedule a stop of Amazon EC2 instances based on a daily or weekly schedule, or both, in order to optimize EC2 costs.

Send report of Security Groups which allow CIFS (TCP 445) on public IP

It is AWS best practice to remove entries in security group which allows CIFS access from public IP to reduce possibility of breach. Allowing unrestricted CIFS access can increase threats such as man-in-the-middle attacks (MITM), Denial of Service (DoS) attacks or the Windows Null Session Exploit.