40 new policy fixes added 🛠️

We've added 40 new policy fixes across AWS, Azure and GCP. Now if Bridgecrew spots these misconfigurations, the platform will suggest a fix in PR comments, VS Code, and as PR fixes in the platform.

Policy IDName
BC_AWS_ELASTICSEARCH_5Ensure AWS Elasticsearch has node-to-node encryption enabled
BC_AWS_ELASTICSEARCH_6Ensure AWS Elasticsearch domains have EnforceHTTPS enabled
BC_AWS_ELASTICSEARCH_7Ensure AWS Elasticsearch domain logging is enabled
BC_AWS_GENERAL_13Ensure EBS volumes have encrypted launch configurations
BC_AWS_GENERAL_25Ensure AWS Redshift cluster is encrypted using CMK
BC_AWS_GENERAL_28Ensure DocumentDB is encrypted at rest
BC_AWS_GENERAL_33Ensure Athena workgroup prevents disabling encryption
BC_AWS_GENERAL_38Ensure all data stored in Aurora is securely encrypted at rest
BC_AWS_GENERAL_42Ensure Neptune cluster instance is not publicly available
BC_AWS_GENERAL_56Ensure S3 buckets are encrypted with KMS by default
BC_AWS_GENERAL_63Ensure AWS Lambda function is configured for function-level concurrent execution limit
BC_AWS_IAM_10Ensure AWS IAM password policy does not allow password reuse
BC_AWS_IAM_11Ensure AWS IAM password policy expires in 90 days or less
BC_AWS_IAM_5Ensure AWS IAM password policy has an uppercase character
BC_AWS_IAM_6Ensure AWS IAM password policy has a lowercase character
BC_AWS_IAM_7Ensure AWS IAM password policy has a symbol
BC_AWS_IAM_8Ensure AWS IAM password policy has a number
BC_AWS_IAM_9Ensure AWS IAM password policy has a minimum of 14 characters
BC_AWS_KUBERNETES_2Ensure AWS EKS cluster endpoint access is publicly disabled
BC_AWS_KUBERNETES_3Ensure AWS EKS cluster has secrets encryption enabled
BC_AWS_LOGGING_1Ensure AWS CloudTrail is enabled in all regions
BC_AWS_LOGGING_15Ensure API Gateway has X-Ray tracing enabled
BC_AWS_LOGGING_16Ensure Global Accelerator has Flow logs enabled
BC_AWS_LOGGING_22Ensure AWS ELB (Classic) with access log is enabled
BC_AWS_LOGGING_28Ensure enhanced monitoring for Amazon RDS instances is enabled
BC_AWS_PUBLIC_11Ensure AWS MQ is not publicly accessible
BC_AWS_PUBLIC_13Ensure DMS replication instance is not publicly accessible
BC_AWS_PUBLIC_2Ensure AWS RDS database instance is not publicly accessible
BC_AZR_GENERAL_13Ensure Azure Linux scale set uses an SSH key
BC_AZR_GENERAL_58Ensure Azure App Service Web app uses the latest PHP version
BC_AZR_GENERAL_59Ensure Azure App Service Web app uses the latest Python version
BC_AZR_GENERAL_60Ensure Azure App Service Web app uses the latest Java version
BC_AZR_IAM_1Ensure App Service is registered with an Azure Active Directory account
BC_AZR_NETWORKING_14Ensure public access level for Blob Containers is set to private
BC_AZR_NETWORKING_17Ensure MariaDB servers have Enforce SSL connection enabled
BC_AZR_NETWORKING_6Ensure Web App uses the latest version of TLS encryption
BC_GCP_GENERAL_4Ensure GCP KMS encryption key is rotating every 90 days
BC_GCP_KUBERNETES_3Ensure GCP Kubernetes engine clusters have stackdriver logging enabled
BC_GCP_NETWORKING_5Ensure GCP Cloud DNS has DNSSEC enabled
C_AWS_LOGGING_23Ensure the ELB has access logging enabled