AWS Auto-Checks Detailed Explanations
How to remediate failed Auto Checks?
Articles
- Prevent Privilege Escalation via Customer-Managed IAM Policies
- Avoid Full KMS Access in Inline IAM Policies
- Verify CloudTrail is logging management events across all AWS regions
- Prevent IAM Roles from Assigning ReadOnlyAccess Permissions to External AWS Accounts
- Prevent IAM identities from having inline policies with unrestricted access
- Ensure customer-managed IAM policies do not grant full administrative access
- Detect IAM Users with Multiple Active Access Keys and Enforce Key Rotation
- Enforce MFA on the AWS Root Account
- Confirm that Amazon GuardDuty is enabled for threat detection
- Ensure the root account does not have any active access keys
- Prevent IAM Inline Policies from Granting Full CloudTrail Access
- Block IAM Inline Policies That Enable Privilege Escalation
- Prevent Overly Permissive Role Assumption in Custom IAM Policies
- Configure a log metric filter and alarm for root account usage
- Avoid IAM Policies Granting Unrestricted KMS Access
- Protect IAM Service Roles from Confused Deputy Attacks Using Proper Trust Policies
- Configure a log metric filter and alarm for unauthorized API calls
- Avoid Provisioning Access Keys During Initial IAM User Creation When Console Login is Enabled
- Ensure no IAM AWS-managed policies grant full administrative access
- Confirm IAM Access Analyzer is enabled to monitor access permissions
- Avoid IAM Policies Granting Full CloudTrail Access