This workflow sends the report of app tier EC2 instances that have Elastic or public IP addresses. You can change Tag from Name=app-tier to your own tag. If any of your app-tier instance have an Elastic or Public IP, then it is accessible from internet.
Make sure the number of ElastiCache cluster cache nodes provisioned in your AWS account has not reached the limit set by your organization. Monitoring and setting limits will assist you to handle your resources better and avoid unforeseen costs in your AWS bill.
Checks and enables Auto Minor Version Upgrade of RDS Database instance.
Reports all the ACM Certificates which have Wildcard Domain Names.
It is an AWS best practice to launch every EC2 machine in an AWS Auto Scaling Group to achieve zero downtime. This workflow sends a report of instances not launched in an auto-scaling group.
Running instances in EC2-VPC instead of EC2-Classic provides better flexibility and control over security, traffic routing and availability.
Using the right tenancy model for your EC2 instances should reduce the concerns around security at the instance hypervisor level and promote better compliance.
It is AWS best practise to use IAM Roles over IAM Access Keys to sign AWS API request as Roles provide more flexibility to manage permissions. This workflow sends a report of EC2 instances which are not using IAM Roles.
AWS CloudTrail can help you achieve compliance and improve security by logging API calls and changes to your cloud resources.
It is an AWS best practice to give a description for your security groups. It helps in quickly getting more insight into the configuration of your security group. You should define the purpose and identity of the IP address to each rule. This workflow sends a report of security groups which do not have descriptions to any of the rules.
This feature will enable you to verify the integrity of your CloudTrail log files and determine whether the files have been changed after they have been delivered to the selected S3 bucket. The validation of log file integrity uses industry-standard algorithms such as SHA-256 which makes it impossible to change files without detection.
AWS AMIS created by you might contain sensitive data like your application or its data that should not be exposed outside your organisation. This workflow convert modifies AMI access from public to private
It is an AWS best practice to enable data encryption in order to prevent it from unauthorised personnel. AMI encryption is managed by AWS Key Management Service (KMS)
It is an AWS best practice to remove all unused EC2 key pairs from your account. It provides security to your EC2 machines by restricting access to individuals who are no longer part of your organization but still have old key value pairs with them.
It is an AWS best practice to keep your Redshift clusters private for security reasons. If your cluster is public, any machine on the internet can establish a connection to it which can lead to SQL injection or DDoS attack.
Notifies if any Api Gateway endpoint is accessible via internet.
AWS AMIS created by you might contain sensitive information like your application or its data that should not be exposed outside your organisation. This workflow notifies if any of the AWS AMIs are publicly shared.
Notifies the Email/Slack channel when DynamoDB Accelerator Clusters are found without encryption.
Having expired ACM certificates lying around is not a AWS best practice can potentially affect application in case they are picked during a deployment.
Notifies you of ACM Certificates Pending Validation, every hour. This will help you to minimize interruption to your applications or services.