🔐 IAM (Global)
IAM Compliance Findings
2
Total IAM Users
2
Users Without MFA
0
Access Keys >90 Days Old
1
Users with Admin Access
IAM Users
| User Name | MFA Enabled | Access Key ID | Key Status | Key Created |
|---|---|---|---|---|
| bo-payment-reconciliation-GHA | No | - | - | - |
| sideprojects_dev_devops | No | AKIAXFBRMCBQDYFW3TQL | Active | 2025-12-09 |
Users with AdministratorAccess Policy
| User Name |
|---|
| sideprojects_dev_devops |
📍 Region: eu-west-2
VPCs & Subnets
| Name | VPC ID | CIDR Block | State | Tenancy | Tags |
|---|---|---|---|---|---|
| aws-controltower-VPC | vpc-02b3f02c1fde4923c |
172.31.0.0/16 | available | default | aws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:491877306464:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec/ef6ee960-58df-11f0-b9f5-06e19f6341e7aws:cloudformation:logical-id=VPCaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec |
Subnets
| Name | Subnet ID | VPC ID | CIDR Block | AZ | Available IPs | Public IP on Launch | Tags |
|---|---|---|---|---|---|---|---|
| aws-controltower-PrivateSubnet3A | subnet-019b282c60f85fc9d |
vpc-02b3f02c1fde4923c | 172.31.80.0/20 | eu-west-2c | 4091 | No | Network=Privateaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:491877306464:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec/ef6ee960-58df-11f0-b9f5-06e19f6341e7aws:cloudformation:logical-id=PrivateSubnet3Aaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec |
| aws-controltower-PrivateSubnet2A | subnet-08f1f0d9f53fb2186 |
vpc-02b3f02c1fde4923c | 172.31.32.0/20 | eu-west-2b | 4091 | No | aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ecaws:cloudformation:logical-id=PrivateSubnet2ANetwork=Privateaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:491877306464:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec/ef6ee960-58df-11f0-b9f5-06e19f6341e7 |
| aws-controltower-PrivateSubnet1A | subnet-0fb2860dec67bef5e |
vpc-02b3f02c1fde4923c | 172.31.64.0/20 | eu-west-2a | 4091 | No | aws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:491877306464:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec/ef6ee960-58df-11f0-b9f5-06e19f6341e7aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ecaws:cloudformation:logical-id=PrivateSubnet1ANetwork=Private |
Lambda Functions
| Function Name | Runtime | Memory | Timeout | VPC | Last Modified | Tags |
|---|---|---|---|---|---|---|
| spinbet-chatbot-poc-dev-api-lambda-function | python3.12 | 128 MB | 30s | No VPC | 2026-01-06 | terraform=trueterraform-aws-modules=lambda |
| aws-controltower-NotificationForwarder | python3.13 | 128 MB | 60s | No VPC | 2025-07-04 | aws:cloudformation:logical-id=ForwardSnsNotificationaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:491877306464:stack/StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-887f268a-3912-496b-95c3-8c20c2798047/753ae270-58df-11f0-aee8-06520439991baws:cloudformation:stack-name=StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-887f268a-3912-496b-95c3-8c20c2798047 |
Secrets Manager
Total Secrets: 1
Without Rotation: 1
| Secret Name | Description | KMS Key | Rotation | Last Rotated | Last Accessed | Tags |
|---|---|---|---|---|---|---|
| spinbet-chatbot-poc-dev-intercom-token | - | secretsmanager |
Disabled | - | 2026-01-07 | - |
CloudWatch Log Groups
Total Log Groups: 5
Without Retention Policy: 1
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/aws/api-gateway/spinbet-chatbot-poc-dev |
3 | 0 B |
/aws/bedrock/spinbet-chatbot-poc-dev |
3 | 0 B |
/aws/lambda/aws-controltower-NotificationForwarder |
14 | 0 B |
/aws/lambda/spinbet-chatbot-poc-dev-api-lambda-function |
Never Expire | 126.78 KB |
StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-0d4a7413-c57d-4a9a-9f8c-03e748e331ec-VPCFlowLogsLogGroup-dozl3nJ0E71C |
90 | 0 B |
Compliance Findings
Network & Security (Section 5.2)
0
Open Security Groups (0.0.0.0/0)
0
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
0
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
1
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
0
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
2
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
0
Plaintext Env Vars
0
Privileged Containers
📍 Region: ap-southeast-2
EC2 Instances
| Name | Instance ID | Type | State | Public IP | Private IP | VPC | Security Groups | AMI | Key Pair | IAM Profile | EBS Volumes | IMDSv2 | Tags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dev-rewardom-frontend | i-001af7a429390bd1e |
t4g.medium | running | 3.24.37.51 | 172.31.43.80 | vpc-0f63c1dedba82e0d8 | sg-03ef1e685e54620d4 | ami-00b16621045e3cc6d | - | dev-rewardom-frontend-profile | 1 | required | Application=rewardomManagedBy=terraformmap-migrated=migS0EK6JMBZCEnvironment=devLocation=sydney |
| dev-rewardom-backend | i-01897efe1eddf45b0 |
t4g.medium | running | 13.236.196.30 | 172.31.38.55 | vpc-0f63c1dedba82e0d8 | sg-08e0d47ab772d557d | ami-0d3e823db8117a4e4 | - | dev-rewardom-backend-profile | 1 | required | Application=rewardom-backendLocation=sydneyManagedBy=terraformmap-migrated=migS0EK6JMBZCEnvironment=dev |
EBS Volumes
| Name | Volume ID | Size (GiB) | Type | State | Encrypted | IOPS | Attached Instance | Device | AZ | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| dev-rewardom-backend-root | vol-0bb266ad9f2d5516c |
20 | gp3 | in-use | Yes | 3000 | i-01897efe1eddf45b0 | /dev/sda1 | ap-southeast-2a | Application=rewardom-backendManagedBy=terraformEnvironment=devLocation=sydneymap-migrated=migS0EK6JMBZC |
| dev-rewardom-frontend-root | vol-0c62650f5d4f96959 |
20 | gp3 | in-use | Yes | 3000 | i-001af7a429390bd1e | /dev/sda1 | ap-southeast-2a | Application=rewardomManagedBy=terraformLocation=sydneymap-migrated=migS0EK6JMBZCEnvironment=dev |
ECS Clusters
| Cluster Name | Status | Running Tasks | Pending Tasks | Active Services | Container Instances |
|---|---|---|---|---|---|
| prod-sydney-rewardom-be-cluster | ACTIVE | 3 | 0 | 3 | 0 |
ECS Services
| Service Name | Status | Desired | Running | Launch Type | Task Definition | Load Balancers | Security Groups |
|---|---|---|---|---|---|---|---|
| prod-sydney-rewardom-redis-service | ACTIVE | 1 | 1 | FARGATE | prod-sydney-rewardom-redis-task-def:8 | 0 target groups | sg-091d583443467e526 |
| prod-sydney-rewardom-be-service | ACTIVE | 1 | 1 | FARGATE | prod-sydney-rewardom-be-task-def:13 | 0 target groups | sg-091d583443467e526 |
| prod-sydney-rewardom-nginx-service | ACTIVE | 1 | 1 | FARGATE | prod-sydney-rewardom-nginx-task-def:3 | 1 target groups | sg-091d583443467e526 |
ECS Task Definitions (Active)
| Family | Rev | CPU | Memory | Containers | Task Role | Privileged | Env Vars | Secrets | Log Config |
|---|---|---|---|---|---|---|---|---|---|
| prod-sydney-rewardom-be-task-def | 13 | 1024 | 3072 | 1 | No | No | 0 | 12 | awslogs:/ecs/prod-rewardom-be |
| prod-sydney-rewardom-nginx-task-def | 3 | 1024 | 3072 | 1 | No | No | 0 | 0 | awslogs:/ecs/prod-rewardom-nginx |
| prod-sydney-rewardom-redis-task-def | 8 | 1024 | 3072 | 1 | No | No | 0 | 0 | awslogs:/ecs/prod-rewardom-redis |
Container Configuration Detail
⚠️ Plaintext environment variables should be avoided for sensitive data. Use Secrets Manager or SSM Parameter Store. log_router containers are excluded.
| Task Definition | Container | Image | Log Config | Plaintext Env Vars | Secrets (SSM/SM) |
|---|---|---|---|---|---|
| prod-sydney-rewardom-be-task-def:13 | prod-rewardom-be | 491877306464.dkr.ecr.ap-southeast-2.amazonaws.com/rewardom-be-app:latest | awslogs:/ecs/prod-rewardom-be | None | NODE_ENVPORTDB_HOSTDB_PORTDB_USERNAMEDB_PASSWORDDB_DATABASESESSION_SECRETRATE_LIMIT_WINDOW_MSRATE_LIMIT_MAX_REQUESTSREDIS_HOSTREDIS_PORT |
| prod-sydney-rewardom-nginx-task-def:3 | prod-rewardom-be-app-nginx | 491877306464.dkr.ecr.ap-southeast-2.amazonaws.com/rewardom-be-app-nginx:latest | awslogs:/ecs/prod-rewardom-nginx | None | - |
| prod-sydney-rewardom-redis-task-def:8 | prod-rewardom-redis | redis:latest | awslogs:/ecs/prod-rewardom-redis | None | - |
RDS Instances
| DB Identifier | Engine | Class | Status | Storage | Encrypted | Multi-AZ | Public | Backup | Delete Prot. | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| prod-sydney-rewardom-be-db | postgres 17.5 | db.t4g.micro | available | 20 GiB | Yes | No | No | 7d | Yes | app=rewardom-bemap-migrated=migS0EK6JMBZCenvironment=prodlocation=ap-southeast-2terraform=truebrand=rewardomName=prod-sydney-rewardom-be-db |
AWS Amplify Apps
| App Name | App ID | Platform | Repository | Default Domain | Production Branch | Branches | Created | Tags |
|---|---|---|---|---|---|---|---|---|
| Rewardom Frontend | d2q81iw86q29b6 |
WEB_COMPUTE | https://github.com/bwgservices/rewardom-fe | d2q81iw86q29b6.amplifyapp.com | dev | 2 | 2025-10-28 | - |
| rewardom-fe-landing | d2ua52fn83dljy |
WEB_COMPUTE | https://github.com/bwgservices/rewardom-fe-landing | d2ua52fn83dljy.amplifyapp.com | dev | 1 | 2025-10-28 | - |
Amplify Branches
| App Name | Branch Name | Stage | Framework | Auto Build | Basic Auth | Total Jobs |
|---|---|---|---|---|---|---|
| Rewardom Frontend | dev | PRODUCTION | Next.js - SSR | Yes | No | 0 |
| Rewardom Frontend | main | NONE | - | Yes | No | 0 |
| rewardom-fe-landing | dev | PRODUCTION | Next.js - SSR | Yes | No | 0 |
CloudWatch Log Groups
Total Log Groups: 6
Without Retention Policy: 3
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/aws/amplify/d1ybf2dxmpalou |
Never Expire | 743 B |
/aws/amplify/d2q81iw86q29b6 |
Never Expire | 37.44 MB |
/aws/amplify/d2ua52fn83dljy |
Never Expire | 13.48 KB |
/ecs/prod-rewardom-be |
30 | 3.14 MB |
/ecs/prod-rewardom-nginx |
30 | 37.92 MB |
/ecs/prod-rewardom-redis |
30 | 3.79 KB |
Application & Network Load Balancers
| Name | Type | Scheme | State | DNS Name | VPC | AZs | Listeners | Target Groups | Tags |
|---|---|---|---|---|---|---|---|---|---|
| prod-rewardom-be-alb | APPLICATION | internet-facing | active | prod-rewardom-be-alb-200174700.ap-southeast-2.elb.amazonaws.com | vpc-0f63c1dedba82e0d8 | 2 | HTTP:80, HTTPS:443 | 1 | app=rewardom-bemap-migrated=migS0EK6JMBZCenvironment=prodname=prod-rewardom-be-alblocation=ap-southeast-2terraform=truebrand=rewardom |
Target Groups
| Load Balancer | Target Group Name | Protocol | Port | Target Type | Health Check |
|---|---|---|---|---|---|
| prod-rewardom-be-alb | prod-rewardom-nginx-tg | HTTP | 80 | ip | HTTP:/health |
Security Groups (In Use)
| Name | Group ID | VPC | Used By | Inbound Ports | Outbound Ports | Open to Internet | Tags |
|---|---|---|---|---|---|---|---|
| prod-sydney-rewardom-be-alb-sg | sg-0ed3f18fcd736feff |
vpc-0f63c1dedba82e0d8 | APPLICATION(1) | All, tcp:443, tcp:80 | All | Yes | brand=rewardomlocation=ap-southeast-2map-migrated=migS0EK6JMBZCname=prod-sydney-rewardom-be-alb-sgapp=rewardom-beenvironment=prodterraform=true |
| dev-rewardom-frontend-20251013124922516000000001 | sg-03ef1e685e54620d4 |
vpc-0f63c1dedba82e0d8 | EC2(1) | tcp:22, tcp:3000, tcp:443, tcp:80 | All | Yes | Application=rewardomLocation=sydneyManagedBy=terraformmap-migrated=migS0EK6JMBZCEnvironment=dev |
| prod-sydney-rewardom-be-db-sg | sg-08fac04120f96830f |
vpc-0f63c1dedba82e0d8 | RDS(1) | tcp:5432 | All | No | brand=rewardomterraform=truemap-migrated=migS0EK6JMBZCenvironment=prodlocation=ap-southeast-2app=rewardom-be |
| dev-rewardom-backend-20251016153141596900000001 | sg-08e0d47ab772d557d |
vpc-0f63c1dedba82e0d8 | EC2(1) | tcp:22, tcp:3000, tcp:3100, tcp:443, tcp:5432, tcp:80 | All | Yes | ManagedBy=terraformApplication=rewardom-backendEnvironment=devLocation=sydneymap-migrated=migS0EK6JMBZC |
| prod-sydney-rewardom-be-ecs-sg | sg-091d583443467e526 |
vpc-0f63c1dedba82e0d8 | ECS(3) | All | All | No | app=rewardom-beenvironment=prodterraform=truebrand=rewardomname=prod-sydney-rewardom-be-ecs-sglocation=ap-southeast-2map-migrated=migS0EK6JMBZC |
Security Group Rules Detail
| Security Group | Direction | Protocol | Port Range | Source/Destination |
|---|---|---|---|---|
prod-sydney-rewardom-be-alb-sg sg-0ed3f18fcd736feff |
Inbound | tcp | 80 | 0.0.0.0/0 |
prod-sydney-rewardom-be-alb-sg sg-0ed3f18fcd736feff |
Inbound | All | All | 172.31.0.0/16 |
prod-sydney-rewardom-be-alb-sg sg-0ed3f18fcd736feff |
Inbound | tcp | 443 | 0.0.0.0/0 |
dev-rewardom-frontend-20251013124922516000000001 sg-03ef1e685e54620d4 |
Inbound | tcp | 80 | 0.0.0.0/0 |
dev-rewardom-frontend-20251013124922516000000001 sg-03ef1e685e54620d4 |
Inbound | tcp | 22 | 0.0.0.0/0 |
dev-rewardom-frontend-20251013124922516000000001 sg-03ef1e685e54620d4 |
Inbound | tcp | 3000 | 0.0.0.0/0 |
dev-rewardom-frontend-20251013124922516000000001 sg-03ef1e685e54620d4 |
Inbound | tcp | 443 | 0.0.0.0/0 |
prod-sydney-rewardom-be-db-sg sg-08fac04120f96830f |
Inbound | tcp | 5432 | 172.31.0.0/16 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Inbound | tcp | 80 | 0.0.0.0/0 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Inbound | tcp | 5432 | 0.0.0.0/0 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Inbound | tcp | 22 | 0.0.0.0/0 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Inbound | tcp | 3000 | 0.0.0.0/0 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Inbound | tcp | 3100 | 0.0.0.0/0 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Inbound | tcp | 443 | 0.0.0.0/0 |
prod-sydney-rewardom-be-ecs-sg sg-091d583443467e526 |
Inbound | All | All | 172.31.0.0/16 |
prod-sydney-rewardom-be-alb-sg sg-0ed3f18fcd736feff |
Outbound | All | All | 0.0.0.0/0 |
dev-rewardom-frontend-20251013124922516000000001 sg-03ef1e685e54620d4 |
Outbound | All | All | 0.0.0.0/0 |
prod-sydney-rewardom-be-db-sg sg-08fac04120f96830f |
Outbound | All | All | 0.0.0.0/0 |
dev-rewardom-backend-20251016153141596900000001 sg-08e0d47ab772d557d |
Outbound | All | All | 0.0.0.0/0 |
prod-sydney-rewardom-be-ecs-sg sg-091d583443467e526 |
Outbound | All | All | 0.0.0.0/0 |
Compliance Findings
Network & Security (Section 5.2)
3
Open Security Groups (0.0.0.0/0)
0
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
0
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
3
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
1
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
0
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
0
Plaintext Env Vars
0
Privileged Containers
📍 Region: ap-east-1
EC2 Instances
| Name | Instance ID | Type | State | Public IP | Private IP | VPC | Security Groups | AMI | Key Pair | IAM Profile | EBS Volumes | IMDSv2 | Tags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dev-paymentaiq-backend | i-0b6858a8e706fc031 |
t3.small | running | 18.166.75.105 | 172.31.14.6 | vpc-0263f8e9d50830398 | sg-08e83a50921c70dfd, sg-06c463df1a4d67906 | ami-0a016692298cf2ee2 | dev-ec2-hongkong | - | 1 | required | - |
EBS Volumes
| Name | Volume ID | Size (GiB) | Type | State | Encrypted | IOPS | Attached Instance | Device | AZ | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| - | vol-0e156451a27a6f22a |
12 | gp3 | in-use | No | 3000 | i-0b6858a8e706fc031 | /dev/sda1 | ap-east-1b | - |
RDS Instances
| DB Identifier | Engine | Class | Status | Storage | Encrypted | Multi-AZ | Public | Backup | Delete Prot. | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| psp-reconciliation-postgres-instance-1 | aurora-postgresql 16.8 | db.serverless | available | 1 GiB | Yes | No | Yes | 7d | No | - |
Secrets Manager
Total Secrets: 4
Without Rotation: 4
| Secret Name | Description | KMS Key | Rotation | Last Rotated | Last Accessed | Tags |
|---|---|---|---|---|---|---|
| rds-db-credentials/cluster-GQBHSJCDPVEMQJ47SBJSYWLWRU/kriss/1753181536095 | RDS database kriss credentials for psp-reconciliation-postgres | secretsmanager |
Disabled | - | 2025-07-22 | - |
| postgres-master | master credentials for psp-reconciliation-postgres | secretsmanager |
Disabled | - | 2025-10-31 | - |
| psp-dev-hk-aurora-dashboard-user | Dashboard user credentials for aurora db. | secretsmanager |
Disabled | - | 2025-10-07 | - |
| psp-dev-hk-aurora-dev_admin | - | secretsmanager |
Disabled | - | 2025-10-31 | - |
CloudWatch Log Groups
Total Log Groups: 1
Without Retention Policy: 0
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
RDSOSMetrics |
30 | 64.46 MB |
Security Groups (In Use)
| Name | Group ID | VPC | Used By | Inbound Ports | Outbound Ports | Open to Internet | Tags |
|---|---|---|---|---|---|---|---|
| ec2-rds-1 | sg-08e83a50921c70dfd |
vpc-0263f8e9d50830398 | EC2(1) | None | tcp:5432 | No | - |
| launch-wizard-3 | sg-06c463df1a4d67906 |
vpc-0263f8e9d50830398 | EC2(1) | tcp:22, tcp:443, tcp:80 | All | Yes | - |
| rds-ec2-1 | sg-0490a8dc5827fb0b1 |
vpc-0263f8e9d50830398 | RDS(1) | tcp:5432 | None | No | - |
| default | sg-0505c54ee0c912d8d |
vpc-0263f8e9d50830398 | RDS(1) | All, tcp:5432, tcp:5439 | All | No | - |
Security Group Rules Detail
| Security Group | Direction | Protocol | Port Range | Source/Destination |
|---|---|---|---|---|
launch-wizard-3 sg-06c463df1a4d67906 |
Inbound | tcp | 80 | 0.0.0.0/0 |
launch-wizard-3 sg-06c463df1a4d67906 |
Inbound | tcp | 22 | 0.0.0.0/0 |
launch-wizard-3 sg-06c463df1a4d67906 |
Inbound | tcp | 443 | 0.0.0.0/0 |
rds-ec2-1 sg-0490a8dc5827fb0b1 |
Inbound | tcp | 5432 | sg: sg-08e83a50921c70dfd |
default sg-0505c54ee0c912d8d |
Inbound | tcp | 5439 | 84.252.112.3/32 |
default sg-0505c54ee0c912d8d |
Inbound | tcp | 5432 | 116.90.74.181/32, 130.195.213.6/32, 129.222.206.63/32, 54.46.79.142/32 |
default sg-0505c54ee0c912d8d |
Inbound | All | All | sg: sg-0505c54ee0c912d8d |
ec2-rds-1 sg-08e83a50921c70dfd |
Outbound | tcp | 5432 | sg: sg-0490a8dc5827fb0b1 |
launch-wizard-3 sg-06c463df1a4d67906 |
Outbound | All | All | 0.0.0.0/0 |
default sg-0505c54ee0c912d8d |
Outbound | All | All | 0.0.0.0/0 |
Compliance Findings
Network & Security (Section 5.2)
3
Open Security Groups (0.0.0.0/0)
0
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
1
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
0
Log Groups (No Retention)
RDS Standards (Section 7)
1
Public RDS Instances
1
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
0
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
0
Plaintext Env Vars
0
Privileged Containers