To determine if you have any provisioned EC2 instances associated with default security groups.

Ensure your AWS Auto Scaling Group (ASG) health check feature is properly configured to detect whether its registered EC2 instances are healthy or not.

Ensure that all the database instances within your Amazon Aurora clusters have the same accessibility (either public or private)

Ensure that your RDS database instances have automated backups enabled for point-in-time recovery. To back up your database instances, AWS RDS take automatically a full daily snapshot of your data.

Idle load balancers represent a good candidate to reduce your monthly AWS costs and avoid accumulating unnecessary usage charges. Identify any Amazon ELBs that appear to be idle and terminate them to help lower the cost of your monthly AWS bill.

Checks for resource record sets that can benefit from having a lower time-to-live (TTL) value. Presently checking for a threshold of 600 seconds. TTL is the number of seconds that a resource record set is cached by DNS resolvers.

Checks for load balancers with listeners that do not use recommended security configurations for encrypted communication. AWS recommends using a secure protocol (HTTPS or SSL), up-to-date security policies, and ciphers and protocols that are secure.

Checks for virtual private gateways with AWS Direct Connect virtual interfaces (VIFs) that are not configured on at least two AWS Direct Connect connections. Connectivity to your virtual private gateway should have multiple virtual interfaces configured across multiple Direct Connect connections and locations to provide redundancy in case a device or location is unavailable.

Checks for virtual private gateways with AWS Direct Connect virtual interfaces (VIFs) that are not configured on at least two AWS Direct Connect connections. Connectivity to your virtual private gateway should have multiple virtual interfaces configured across multiple Direct Connect connections and locations to provide redundancy in case a device or location is unavailable.

Checks for regions that have only one AWS Direct Connect connection. Connectivity to your AWS resources should have two Direct Connect connections configured at all times to provide redundancy in case a device is unavailable.

Checks for load balancers configured with a missing security group or a security group that allows access to ports that are not configured for the load balancer.

Checks for an SPF resource record set for each MX resource record set. An SPF (sender policy framework) record publishes a list of servers that are authorized to send email for your domain, which helps reduce spam by detecting and stopping email address spoofing.