Determine if the EC2 instances provisioned in your AWS account have the desired instance type(s) established by your organization based on the workload deployed.

To determine if your existing RDS DB security groups allow unrestricted access, AWS RDS DB security groups do not allow access from 0.0.0.0/0 in order to reduce the risk of unauthorized access.

It is AWS best practice to remove entries in security group which allows Oracle DB access from public IP to reduce possibility of breach. Allowing unrestricted Oracle access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

It is AWS best practice to remove entries in security group which allows MySQL access from public IP to reduce possibility of breach. Allowing unrestricted MySQL access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

Send report of all the AWS config changes in your AWS account i.e. if any operations like start/stop/put configuration recorder is performed in your AWS account then this workflow will generate a report of it and send it to your email.

It is AWS best practice to remove entries in security group which allows DNS access from public IP to reduce possibility of breach. Allowing unrestricted DNS access can increase threats such as Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks.

Ensure that your ElastiCache Redis Cache clusters are using a Multi-AZ deployment configuration to enhance High Availability (HA). To determine if your ElastiCache Redis Cache clusters are using a Multi-AZ configuration.

Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.

Sends a report of VPC's default Security Groups which are allowing inbound traffic from all the ports.

It is AWS best practice to get aware of security groups which allows HTTP access from public IP to reduce possibility of breach. Allowing unrestricted HTTP access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

This workflow enables the deletion protection feature for Aurora DB clusters. Deletion protection prevents any existing or new Aurora database cluster, regardless of its type - provisioned or serverless, from being terminated by a root or IAM user using the AWS Management Console, AWS CLI or AWS API calls, unless the feature is explicitly disabled

Sends a report if origin access identity feature is not enabled for all your AWS Cloudfront CDN distributions. With origin access identity enabled, your Amazon Cloudfront distributions can be much more cost effective.

This workflow enables IAM database authentication for RDS DB instances in order to use AWS Identity and Access Management (IAM) service to manage database access to your Amazon RDS MySQL and PostgreSQL instances. It provides multiple benefits such as in-transit encryption, centralized.

Sends a report of all exposed VPC endpoints. Exposed endpoints could lead to security issues due to unauthorised requests made to the supported services.

Sends a report of all ElasticSearch Clusters without a healthy status