AWS Compliance Audit Report - Casiny Development

🔐 IAM (Global)

🛡️ IAM Compliance Findings

5

Total IAM Users

5

Users Without MFA

4

Access Keys >90 Days Old

0

Users with Admin Access

👥 IAM Users

User Name	MFA Enabled	Access Key ID	Key Status	Key Created
casiny_dev_cms_nginx_s3_gateway	No	`AKIAVW5NGHWSF3F5H562`	Active	2025-06-10
casiny_dev_ecs_deploy	No	`AKIAVW5NGHWSKMGSMBXA`	Active	2025-06-10
casiny_dev_grafana	No	-	-	-
casiny_dev_s3upload	No	`AKIAVW5NGHWSMTQG3N2W`	Active	2025-06-09
casiny_dev_sqs	No	`AKIAVW5NGHWSK6IO3F4T`	Active	2025-06-10

📍 Region: eu-west-2

🌐 VPCs & Subnets

Name	VPC ID	CIDR Block	State	Tenancy	Tags
aws-controltower-VPC	`vpc-06a8a1cae33faa93b`	172.31.0.0/16	available	default	aws:cloudformation:logical-id=VPCaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:392815852964:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801/95844fe0-2abc-11f0-83ee-024e0cc5c0cbaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801

Subnets

Name	Subnet ID	VPC ID	CIDR Block	AZ	Available IPs	Public IP on Launch	Tags
aws-controltower-PrivateSubnet2A	`subnet-04fce44200359af13`	vpc-06a8a1cae33faa93b	172.31.32.0/20	eu-west-2b	4091	No	Network=Privateaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:392815852964:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801/95844fe0-2abc-11f0-83ee-024e0cc5c0cbaws:cloudformation:logical-id=PrivateSubnet2Aaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801
aws-controltower-PrivateSubnet3A	`subnet-0bcbee45506bade13`	vpc-06a8a1cae33faa93b	172.31.80.0/20	eu-west-2c	4091	No	aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801aws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:392815852964:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801/95844fe0-2abc-11f0-83ee-024e0cc5c0cbaws:cloudformation:logical-id=PrivateSubnet3ANetwork=Private
aws-controltower-PrivateSubnet1A	`subnet-02a7693af1798cd1a`	vpc-06a8a1cae33faa93b	172.31.64.0/20	eu-west-2a	4091	No	aws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:392815852964:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801/95844fe0-2abc-11f0-83ee-024e0cc5c0cbaws:cloudformation:logical-id=PrivateSubnet1ANetwork=Privateaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801

⚡ Lambda Functions

Function Name	Runtime	Memory	Timeout	VPC	Last Modified	Tags
aws-controltower-NotificationForwarder	python3.13	128 MB	60s	No VPC	2025-08-21	aws:cloudformation:logical-id=ForwardSnsNotificationaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:392815852964:stack/StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-40af3962-a419-4821-9554-daca184e78d6/032d15f0-2abc-11f0-a665-02be0a159afbaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-40af3962-a419-4821-9554-daca184e78d6

📋 CloudWatch Log Groups

Total Log Groups: 2

Without Retention Policy: 0

Log Group Name	Retention (Days)	Stored Size
`/aws/lambda/aws-controltower-NotificationForwarder`	14	0 B
`StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-6e08e584-b67d-47ee-8ddc-2e82fccd0801-VPCFlowLogsLogGroup-6Dr1HAsqoV2u`	90	0 B

🛡️ Compliance Findings

Network & Security (Section 5.2)

0

Open Security Groups (0.0.0.0/0)

0

EC2 Without IMDSv2

Yes

CloudTrail Enabled

Data Protection (Section 5.4)

0

Unencrypted EBS Volumes

0

Unencrypted RDS

0

SQS Without Encryption

Logging & Monitoring (Section 5.3)

0

Log Groups (No Retention)

RDS Standards (Section 7)

0

Public RDS Instances

0

RDS Without Multi-AZ

0

RDS Without Backups

Lambda Standards (Section 7)

0

Lambda Default Timeout (3s)

1

Lambda Without DLQ

SQS Standards (Section 7)

0

SQS Without DLQ

ECS Standards (Section 7)

0

Plaintext Env Vars

0

Privileged Containers

📍 Region: ap-east-1

🌐 VPCs & Subnets

Name	VPC ID	CIDR Block	State	Tenancy	Tags
casiny-dev-vpc	`vpc-0950dbeed2d6b5adb`	172.16.0.0/16	available	default	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC

Subnets

Name	Subnet ID	VPC ID	CIDR Block	AZ	Available IPs	Public IP on Launch	Tags
casiny-dev-public-subnet-1	`subnet-02ad04c924a837689`	vpc-0950dbeed2d6b5adb	172.16.2.0/24	ap-east-1a	245	No	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
casiny-dev-public-subnet-2	`subnet-0db4595447cfe4fb1`	vpc-0950dbeed2d6b5adb	172.16.4.0/24	ap-east-1b	248	No	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
casiny-dev-private-subnet-1	`subnet-0e0b1c0c3f615e3fd`	vpc-0950dbeed2d6b5adb	172.16.1.0/24	ap-east-1a	246	No	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
casiny-dev-private-subnet-2	`subnet-0a2245542f71c9bc3`	vpc-0950dbeed2d6b5adb	172.16.3.0/24	ap-east-1b	243	No	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny

🖥️ EC2 Instances

Name	Instance ID	Type	State	Public IP	Private IP	VPC	Security Groups	AMI	Key Pair	IAM Profile	EBS Volumes	IMDSv2	Tags
casiny_dev_graylog	`i-016235c5ddf55c964`	t3.medium	running	18.163.200.234	172.16.2.199	vpc-0950dbeed2d6b5adb	sg-05aaef87e8560810f	ami-0d4e94cd73abc6ac8	casiny_dev_Jun2025	casiny_dev_SSMInstanceProfile	1	optional	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny
casiny_dev_integration_graylog	`i-0993c05534bd77f18`	t3.medium	running	43.198.250.204	172.16.2.200	vpc-0950dbeed2d6b5adb	sg-05aaef87e8560810f	ami-062017cd39679f10d	casiny_dev_Jun2025	casiny_dev_SSMInstanceProfile	1	optional	Customer=casinymap-migrated=migS0EK6JMBZCEnvironment=dev
casiny_dev_elk	`i-03f90c7caf0a7893b`	t3.medium	running	43.198.182.22	172.16.2.99	vpc-0950dbeed2d6b5adb	sg-05aaef87e8560810f	ami-0427e31413e947f3a	casiny_dev_Jun2025	casiny_dev_SSMInstanceProfile	1	optional	Customer=casinymap-migrated=migS0EK6JMBZCEnvironment=dev
casiny_dev_sharky	`i-00036abffcea44793`	t3.small	running	-	172.16.1.4	vpc-0950dbeed2d6b5adb	sg-05aaef87e8560810f	ami-03d636cfe7cc59bf2	casiny_dev_Jun2025	casiny_dev_SSMInstanceProfile	1	optional	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC
casiny_dev_bastion_host	`i-01f2696cb2e230733`	t3.micro	running	18.167.33.20	172.16.2.30	vpc-0950dbeed2d6b5adb	sg-06bb2c142c50b132f	ami-03d636cfe7cc59bf2	casiny_dev_Jun2025	casiny_dev_SSMInstanceProfile	1	optional	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC
ECS Instance - EC2ContainerService-casiny-dev-ecs-cluster	`i-03cd5dce40dd137eb`	c5a.4xlarge	running	-	172.16.3.237	vpc-0950dbeed2d6b5adb	sg-05aaef87e8560810f	ami-035fccda7ffa2f58a	casiny_dev_Jun2025	casiny_dev_SSM_EcsInstanceProfile	1	required	Customer=casinyaws:autoscaling:groupName=casiny-dev-Asg-ecs-clusterEnvironment=devaws:ec2launchtemplate:id=lt-037b7cfb4bc2ec826aws:ec2launchtemplate:version=4AmazonECSManaged=ECS Cluster managed by Amazon
casiny_dev_bitbucket_runner_1_spotinstance	`i-052fdf12c8cb4ff71`	t3.large	running	-	172.16.3.219	vpc-0950dbeed2d6b5adb	sg-05aaef87e8560810f	ami-09575039fc5518426	casiny_dev_Jun2025	casiny_dev_SSMInstanceProfile	1	optional	Customer=casinyEnvironment=devaws:ec2spot:fleet-request-id=sfr-6e20b488-5b44-4bf4-a511-a5954b78a044

💾 EBS Volumes

Name	Volume ID	Size (GiB)	Type	State	Encrypted	IOPS	Attached Instance	Device	AZ	Tags
-	`vol-05310b0bbebce688b`	50	gp3	in-use	No	3000	i-0993c05534bd77f18	/dev/sda1	ap-east-1a	Customer=casinymap-migrated=migS0EK6JMBZCEnvironment=dev
-	`vol-007a192e3aa4f388e`	30	gp3	in-use	No	3000	i-03f90c7caf0a7893b	/dev/sda1	ap-east-1a	Environment=devCustomer=casinymap-migrated=migS0EK6JMBZC
-	`vol-07a65a4aa5e741919`	50	gp3	in-use	No	3000	i-016235c5ddf55c964	/dev/sda1	ap-east-1a	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC
-	`vol-007a56fa4d0658bcb`	30	gp3	in-use	No	3000	i-00036abffcea44793	/dev/sda1	ap-east-1a	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny
-	`vol-0524e649fc73175e5`	50	gp3	in-use	No	16000	i-052fdf12c8cb4ff71	/dev/sda1	ap-east-1b	-
-	`vol-06cdee1201e5ccde8`	50	gp3	in-use	No	3000	i-01f2696cb2e230733	/dev/sda1	ap-east-1a	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC
-	`vol-0806509466bbe8f5a`	100	gp3	in-use	No	3000	i-03cd5dce40dd137eb	/dev/xvda	ap-east-1b	-

🐳 ECS Clusters

Cluster Name	Status	Running Tasks	Pending Tasks	Active Services	Container Instances
casiny-dev-ecs-cluster	ACTIVE	12	0	12	1

⚙️ ECS Services

Service Name	Status	Desired	Running	Launch Type	Task Definition	Load Balancers	Security Groups

📋 ECS Task Definitions (Active)

Family	Rev	CPU	Memory	Containers	Task Role	Privileged	Env Vars	Secrets	Log Config

Container Configuration Detail

⚠️ Plaintext environment variables should be avoided for sensitive data. Use Secrets Manager or SSM Parameter Store. log_router containers are excluded.

Task Definition	Container	Image	Log Config	Plaintext Env Vars	Secrets (SSM/SM)

🗄️ RDS Instances

DB Identifier	Engine	Class	Status	Storage	Encrypted	Multi-AZ	Public	Backup	Delete Prot.	Tags
casiny-dev-aurora-primary-cluster-instance-0	aurora-mysql 8.0.mysql_aurora.3.08.2	db.t4g.medium	available	1 GiB	Yes	No	No	7d	No	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev

⚡ Lambda Functions

Function Name	Runtime	Memory	Timeout	VPC	Last Modified	Tags
casiny-dev-duplication-redshift-checker	python3.13	512 MB	600s	vpc-0950dbeed2d6b5adb	2025-10-20	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC

📨 SQS Queues

Total Queues: 59

Without Encryption: 59

Without DLQ: 59

Queue Name	Type	Encrypted	DLQ Configured	Visibility Timeout	Tags
accumulate_bonus_programs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
accumulate_bonus_programs_casiny_dev.fifo	FIFO	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
accumulate_bonus_programs_ref_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
accumulate_bonus_programs_referral_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
accumulate_bonus_programs_settle_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
ad_checks_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
assign_new_game_to_bonus_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
assign_new_game_to_game_segment_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
assign_new_game_to_game_tag_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
audit_logs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
automatic_withdrawal_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
betting_limit_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
bonuses_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
broadcast_balance_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
broadcast_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
calendar_bonus_programs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
campaign_message_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
casino_bet_detail_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
challenges_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
compliance_actions_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
compliances_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
compliances_casiny_dev.fifo	FIFO	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
crm_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
crm_high_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
default_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
emails_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
export_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
game_log_locks_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
game_logs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
game_logs_casiny_dev.fifo	FIFO	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
import_batches_casiny_dev	Standard	No	No	3600s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
loyalty_programs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
payment_integration_logs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
player_activities_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
player_flagged_computing_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
player_tips_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
player_transaction_summary_realtime_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
player_transactional_summary_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
player_vip_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
post_wagered_bonus_programs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
prune_open_bets_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
quests_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
rebate_programs_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
recent_games_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
referral_plans_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
risk_fraud_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
segments_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
segments_casiny_dev.fifo	FIFO	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
segments_computing_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
segments_computing_casiny_dev.fifo	FIFO	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
sms_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
sportbook_bet_detail_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
spotlight-search_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
sync_game_to_ec_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
telescope_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
tournaments_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
tournaments_casiny_dev.fifo	FIFO	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
wagering_requirements_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
webhook_call_casiny_dev	Standard	No	No	300s	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev

🔑 Secrets Manager

Total Secrets: 3

Without Rotation: 3

Secret Name	Description	KMS Key	Rotation	Last Rotated	Last Accessed	Tags
casiny-dev-rds-admin-password	-	`secretsmanager`	Disabled	-	2026-01-13	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny
casiny-dev-other-credentials	-	`secretsmanager`	Disabled	-	2026-01-15	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny
casiny-dev-redshift-admin-password	-	`secretsmanager`	Disabled	-	2026-01-15	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny

📋 CloudWatch Log Groups

Total Log Groups: 4

Without Retention Policy: 2

Log Group Name	Retention (Days)	Stored Size
`/aws/lambda/casiny-dev-duplication-redshift-checker`	30	38.37 KB
`/aws/rds/cluster/casiny-dev-primary-cluster/error`	Never Expire	872.48 MB
`RDSOSMetrics`	30	67.21 MB
`dms-tasks-casiny-dev-dms-replication-instance`	Never Expire	7.14 MB

⚖️ Application & Network Load Balancers

Name	Type	Scheme	State	DNS Name	VPC	AZs	Listeners	Target Groups	Tags
casiny-dev-ecs-alb	APPLICATION	internet-facing	active	casiny-dev-ecs-alb-1977572224.ap-east-1.elb.amazonaws.com	vpc-0950dbeed2d6b5adb	2	HTTP:80, HTTPS:443	13	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev
casiny-dev-ecs-internal-alb	APPLICATION	internal	active	internal-casiny-dev-ecs-internal-alb-463810660.ap-east-1.elb.amazonaws.com	vpc-0950dbeed2d6b5adb	2	HTTP:80, HTTPS:443	2	map-migrated=migS0EK6JMBZCCustomer=casinyEnvironment=dev

Target Groups

Load Balancer	Target Group Name	Protocol	Port	Target Type	Health Check
casiny-dev-ecs-alb	casiny-dev-api-tg-441	HTTPS	441	instance	HTTPS:/robots.txt
casiny-dev-ecs-alb	casiny-dev-bo-tg-440	HTTPS	440	instance	HTTPS:/robots.txt
casiny-dev-ecs-alb	casiny-dev-callbk-tg-442	HTTPS	442	instance	HTTPS:/robots.txt
casiny-dev-ecs-alb	casiny-dev-cdncms-tg-449	HTTPS	449	instance	HTTPS:/health
casiny-dev-ecs-alb	casiny-dev-cms-tg-444	HTTPS	444	instance	HTTPS:/
casiny-dev-ecs-alb	casiny-dev-elk-tg-443	HTTPS	443	instance	HTTPS:/
casiny-dev-ecs-alb	casiny-dev-fasttrckproxy-tg-445	HTTPS	445	instance	HTTPS:/healthcheck
casiny-dev-ecs-alb	casiny-dev-fe-tg-443	HTTPS	443	instance	HTTPS:/robots.txt
casiny-dev-ecs-alb	casiny-dev-graylg-tg-443	HTTPS	443	instance	HTTPS:/
casiny-dev-ecs-alb	casiny-dev-intgrlg-tg443	HTTPS	443	instance	HTTPS:/
casiny-dev-ecs-alb	casiny-dev-seonproxy-tg-450	HTTPS	450	instance	HTTPS:/healthcheck
casiny-dev-ecs-alb	casiny-dev-wbsket-tg6002	HTTPS	6002	instance	HTTPS:/
casiny-dev-ecs-alb	casiny-stage-fasttrack-tg-446	HTTPS	446	instance	HTTPS:/healthcheck
casiny-dev-ecs-internal-alb	casiny-dev-cms-internal-444	HTTPS	444	instance	HTTPS:/
casiny-dev-ecs-internal-alb	casiny-dev-websocket-int-6002	HTTPS	6002	instance	HTTPS:/

🔐 Security Groups (In Use)

Name	Group ID	VPC	Used By	Inbound Ports	Outbound Ports	Open to Internet	Tags
casiny-dev-lambda-duplication-redshift-checker-sg	`sg-098edcf48ccc4290d`	vpc-0950dbeed2d6b5adb	Lambda(1)	None	All	No	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC
casiny-dev-allow-local	`sg-05aaef87e8560810f`	vpc-0950dbeed2d6b5adb	APPLICATION(1), EC2(6)	All	All	No	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny
casiny-dev-allow-ssh	`sg-06bb2c142c50b132f`	vpc-0950dbeed2d6b5adb	EC2(1)	tcp:22	All	No	map-migrated=migS0EK6JMBZCEnvironment=devCustomer=casiny
casiny-dev-allow-http-https	`sg-0535492cb5425a674`	vpc-0950dbeed2d6b5adb	APPLICATION(1)	tcp:443, tcp:80	All	Yes	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC
casiny-dev-allow-local-port-3306	`sg-016e11d5882123506`	vpc-0950dbeed2d6b5adb	RDS(1)	tcp:3306	All	No	Customer=casinyEnvironment=devmap-migrated=migS0EK6JMBZC

Security Group Rules Detail

Security Group	Direction	Protocol	Port Range	Source/Destination
casiny-dev-allow-local `sg-05aaef87e8560810f`	Inbound	All	All	172.16.4.0/24, 172.16.1.0/24, 172.16.2.0/24, 172.16.3.0/24
casiny-dev-allow-ssh `sg-06bb2c142c50b132f`	Inbound	tcp	22	43.218.68.91/32, 3.108.12.97/32, 38.54.33.217/32, 84.252.112.3/32, 115.78.100.17/32, 119.93.179.143/32, 92.251.112.229/32, 18.132.4.226/32, 18.185.233.97/32, 14.161.16.211/32, 115.79.29.29/32, 93.36.220.74/32, 118.69.133.85/32
casiny-dev-allow-http-https `sg-0535492cb5425a674`	Inbound	tcp	80	0.0.0.0/0
casiny-dev-allow-http-https `sg-0535492cb5425a674`	Inbound	tcp	443	0.0.0.0/0
casiny-dev-allow-local-port-3306 `sg-016e11d5882123506`	Inbound	tcp	3306	172.16.3.0/24, 172.16.1.0/24, 172.16.2.30/32, 10.0.2.5/32
casiny-dev-lambda-duplication-redshift-checker-sg `sg-098edcf48ccc4290d`	Outbound	All	All	0.0.0.0/0
casiny-dev-allow-local `sg-05aaef87e8560810f`	Outbound	All	All	0.0.0.0/0
casiny-dev-allow-ssh `sg-06bb2c142c50b132f`	Outbound	All	All	0.0.0.0/0
casiny-dev-allow-http-https `sg-0535492cb5425a674`	Outbound	All	All	0.0.0.0/0
casiny-dev-allow-local-port-3306 `sg-016e11d5882123506`	Outbound	All	All	0.0.0.0/0

🛡️ Compliance Findings

Network & Security (Section 5.2)

1

Open Security Groups (0.0.0.0/0)

6

EC2 Without IMDSv2

Yes

CloudTrail Enabled

Data Protection (Section 5.4)

7

Unencrypted EBS Volumes

0

Unencrypted RDS

59

SQS Without Encryption

Logging & Monitoring (Section 5.3)

2

Log Groups (No Retention)

RDS Standards (Section 7)

0

Public RDS Instances

1

RDS Without Multi-AZ

0

RDS Without Backups

Lambda Standards (Section 7)

0

Lambda Default Timeout (3s)

1

Lambda Without DLQ

SQS Standards (Section 7)

59

SQS Without DLQ

ECS Standards (Section 7)

0

Plaintext Env Vars

0

Privileged Containers

GLOBAL

REGIONS

🔐 IAM (Global)

5

5

4

0

📍 Region: eu-west-2

Subnets

Network & Security (Section 5.2)

0

0

Yes

Data Protection (Section 5.4)

0

0

0

Logging & Monitoring (Section 5.3)

0

RDS Standards (Section 7)

0

0

0

Lambda Standards (Section 7)

0

1

SQS Standards (Section 7)

0

ECS Standards (Section 7)

0

0

📍 Region: ap-east-1

Subnets

Container Configuration Detail

Target Groups

Security Group Rules Detail

Network & Security (Section 5.2)

1

6

Yes

Data Protection (Section 5.4)

7

0

59

Logging & Monitoring (Section 5.3)

2

RDS Standards (Section 7)

0

1

0

Lambda Standards (Section 7)

0

1

SQS Standards (Section 7)

59

ECS Standards (Section 7)

0

0