Usecase Universe

A collective of use cases for DevOps teams

Browse a variety of 200+ predefined templates to automate all your AWS actions

Security

24 Times Used
22 MAY 2019
Remove entries in Security Group which allow https access on public ip

It is AWS best practice to remove entries in security group which allows HTTPS access from public IP to reduce possibility of breach. Allowing unrestricted HTTPS access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data

Remove entries in security group which allows Oracle DB(TCP port 1521 ) access from public IP.

It is AWS best practice to remove entries in security group which allows Oracle DB access from public IP to reduce possibility of breach. Allowing unrestricted Oracle access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

Send report of security group which allows DNS(TCP port 53 and UDP port 53 ) access from public IP.

It is AWS best practice to remove entries in security group which allows DNS access from public IP to reduce possibility of breach. Allowing unrestricted DNS access can increase threats such as Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks.

Report AWS ElasticSearch domains which allows unknown cross account access.

Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.

Send report of security groups that allow http access from public IP.

It is AWS best practice to get aware of security groups which allows HTTP access from public IP to reduce possibility of breach. Allowing unrestricted HTTP access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

Enable deletion protection for RDS Aurora DB clusters

This workflow enables the deletion protection feature for Aurora DB clusters. Deletion protection prevents any existing or new Aurora database cluster, regardless of its type - provisioned or serverless, from being terminated by a root or IAM user using the AWS Management Console, AWS CLI or AWS API calls, unless the feature is explicitly disabled

Report AWS CloudFront Distributions without S3 as an Origin.

Sends a report if origin access identity feature is not enabled for all your AWS Cloudfront CDN distributions. With origin access identity enabled, your Amazon Cloudfront distributions can be much more cost effective.

Enable IAM database authentication feature for AWS RDS DB instances.

This workflow enables IAM database authentication for RDS DB instances in order to use AWS Identity and Access Management (IAM) service to manage database access to your Amazon RDS MySQL and PostgreSQL instances. It provides multiple benefits such as in-transit encryption, centralized.

Notify if any of the EC2 Instances are running in EC2-Classic

Running instances in EC2-VPC instead of EC2-Classic provides better flexibility and control over security, traffic routing and availability.

Send report of Security Groups which allows MongoDB(TCP port 27017) access from public IP.

It is AWS best practice to remove entries in Security Groups which allows MongoDB access from public IP to reduce possibility of breach. Allowing unrestricted MongoDB access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

ACM Certificates with Wildcard Domain Names

Reports all the ACM Certificates which have Wildcard Domain Names.

Report SQS queues without server side encryption enabled.

This workflow sends a report for SQS queues if their sever side encryption is not enabled. Amazon Simple Queue Service (SQS) queues are protecting the contents of their messages using Server-Side Encryption (SSE). It is highly recommended to implement encryption in order to make the contents of these messages unavailable to unauthorized or anonymous users.