🔐 IAM (Global)
IAM Compliance Findings
5
Total IAM Users
5
Users Without MFA
4
Access Keys >90 Days Old
0
Users with Admin Access
IAM Users
| User Name | MFA Enabled | Access Key ID | Key Status | Key Created |
|---|---|---|---|---|
| developers | No | - | - | - |
| spinbit_staging_cms_nginx_s3_gateway | No | AKIAY7WSA2LS272GCEPC | Active | 2025-09-18 |
| spinbit_staging_ecs_deploy | No | AKIAY7WSA2LSYDTT32PR | Active | 2025-09-19 |
| spinbit_staging_s3upload | No | AKIAY7WSA2LSS5W4P377 | Active | 2025-09-18 |
| spinbit_staging_sqs | No | AKIAY7WSA2LSUZX2YMW2 | Active | 2025-09-18 |
📍 Region: eu-west-2
VPCs & Subnets
| Name | VPC ID | CIDR Block | State | Tenancy | Tags |
|---|---|---|---|---|---|
| aws-controltower-VPC | vpc-0bf48e8da80661c5c |
172.31.0.0/16 | available | default | aws:cloudformation:logical-id=VPCaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164daws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:617842004709:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164d/258e2bd0-2bd8-11f0-9919-06135a4b7339 |
Subnets
| Name | Subnet ID | VPC ID | CIDR Block | AZ | Available IPs | Public IP on Launch | Tags |
|---|---|---|---|---|---|---|---|
| aws-controltower-PrivateSubnet1A | subnet-012174bfd6fe00833 |
vpc-0bf48e8da80661c5c | 172.31.64.0/20 | eu-west-2a | 4091 | No | Network=Privateaws:cloudformation:logical-id=PrivateSubnet1Aaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164daws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:617842004709:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164d/258e2bd0-2bd8-11f0-9919-06135a4b7339 |
| aws-controltower-PrivateSubnet3A | subnet-0a792d1c849469d36 |
vpc-0bf48e8da80661c5c | 172.31.80.0/20 | eu-west-2c | 4091 | No | aws:cloudformation:logical-id=PrivateSubnet3ANetwork=Privateaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164daws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:617842004709:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164d/258e2bd0-2bd8-11f0-9919-06135a4b7339 |
| aws-controltower-PrivateSubnet2A | subnet-02beccaba79134d04 |
vpc-0bf48e8da80661c5c | 172.31.32.0/20 | eu-west-2b | 4091 | No | aws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:617842004709:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164d/258e2bd0-2bd8-11f0-9919-06135a4b7339aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164dNetwork=Privateaws:cloudformation:logical-id=PrivateSubnet2A |
Lambda Functions
| Function Name | Runtime | Memory | Timeout | VPC | Last Modified | Tags |
|---|---|---|---|---|---|---|
| aws-controltower-NotificationForwarder | python3.13 | 128 MB | 60s | No VPC | 2025-08-21 | aws:cloudformation:logical-id=ForwardSnsNotificationaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:617842004709:stack/StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-c5f65261-d90b-42d6-b315-bd2be0557dea/aa5b7990-2bd7-11f0-ae8c-0a2781e9ce77aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-c5f65261-d90b-42d6-b315-bd2be0557dea |
CloudWatch Log Groups
Total Log Groups: 4
Without Retention Policy: 1
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/aws/lambda/aws-controltower-NotificationForwarder |
14 | 0 B |
/aws/rds/instance/spinbit-staging-db-master/error |
Never Expire | 2.74 KB |
RDSOSMetrics |
30 | 0 B |
StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-a21c95dc-6da9-4441-affe-f5943cf5164d-VPCFlowLogsLogGroup-OLJVt5zjhYsv |
90 | 0 B |
Compliance Findings
Network & Security (Section 5.2)
0
Open Security Groups (0.0.0.0/0)
0
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
0
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
1
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
0
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
1
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
0
Plaintext Env Vars
0
Privileged Containers
📍 Region: ap-east-1
VPCs & Subnets
| Name | VPC ID | CIDR Block | State | Tenancy | Tags |
|---|---|---|---|---|---|
| spinbit-staging-vpc | vpc-06cf39701949c7c52 |
10.0.0.0/16 | available | default | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
Subnets
| Name | Subnet ID | VPC ID | CIDR Block | AZ | Available IPs | Public IP on Launch | Tags |
|---|---|---|---|---|---|---|---|
| spinbit-staging-public-subnet-2 | subnet-07752df13f1ca8e74 |
vpc-06cf39701949c7c52 | 10.0.4.0/24 | ap-east-1b | 248 | No | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| spinbit-staging-public-subnet-1 | subnet-0c18501165b5807d0 |
vpc-06cf39701949c7c52 | 10.0.2.0/24 | ap-east-1a | 242 | No | Environment=stagingmap-migrated=migS0EK6JMBZCCustomer=spinbit |
| spinbit-staging-private-subnet-2 | subnet-09535a8e4e586fcc9 |
vpc-06cf39701949c7c52 | 10.0.3.0/24 | ap-east-1b | 243 | No | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| spinbit-staging-private-subnet-1 | subnet-0a60a7cc88144750d |
vpc-06cf39701949c7c52 | 10.0.1.0/24 | ap-east-1a | 239 | No | map-migrated=migS0EK6JMBZCEnvironment=stagingCustomer=spinbit |
EC2 Instances
| Name | Instance ID | Type | State | Public IP | Private IP | VPC | Security Groups | AMI | Key Pair | IAM Profile | EBS Volumes | IMDSv2 | Tags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| spinbit_staging_monitoring | i-02dbc50ad165a8a80 |
t3.medium | running | - | 10.0.1.236 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-0a016692298cf2ee2 | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | required | Environment=stagingCustomer=spinbitmap-migrated=migS0EK6JMBZC |
| spinbit_staging_metabase | i-080e7f541c821e593 |
t3.medium | running | - | 10.0.1.100 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-0a016692298cf2ee2 | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | required | map-migrated=migS0EK6JMBZCEnvironment=stagingCustomer=spinbit |
| spinbit-staging-new-temporay-for-migration | i-0746697d0db5964ec |
t3.medium | stopped | - | 10.0.2.46 | vpc-06cf39701949c7c52 | sg-031435191846ad62d, sg-0efa7f42982bab24d | ami-0b561d33293a76a1c | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | required | - |
| spinbit_staging_mongodb_cms | i-0d396612fea51b748 |
t3.medium | running | - | 10.0.1.80 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-0ddfd9995e9e43ac9 | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | optional | Environment=stagingCustomer=spinbitmap-migrated=migS0EK6JMBZC |
| spinbit_staging_elk | i-0b5cb809ff74de07e |
t3.medium | running | 16.162.4.240 | 10.0.2.248 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-01475017579f1dcdb | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | optional | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| spinbit_staging_graylog | i-01a5f818644d6eb47 |
t3.large | running | 43.198.151.116 | 10.0.2.110 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-0075801257c986291 | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | optional | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| Temporay-Spinbit-Staging-Bitbucket-Runner | i-0e082d34d42abd58c |
t3.large | running | - | 10.0.1.24 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-0b561d33293a76a1c | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | required | - |
| spinbit_staging_integration_graylog | i-0516d5e9772c9b126 |
t3.medium | running | 43.198.90.82 | 10.0.2.62 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-04030e4c3a4179451 | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | optional | Customer=spinbitmap-migrated=migS0EK6JMBZCEnvironment=staging |
| spinbit_staging_bastion_host | i-0628763e5b3739cf9 |
t3.micro | running | 43.198.231.222 | 10.0.2.252 | vpc-06cf39701949c7c52 | sg-0efa7f42982bab24d | ami-0a016692298cf2ee2 | spinbit_staging_Mar2025 | SSMInstanceProfile | 1 | required | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| ECS Instance - EC2ContainerService-spinbit-staging-fe-cms-cdn-websocket-ecs-cluster | i-01a797c662d303406 |
t3.medium | running | - | 10.0.3.238 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-035fccda7ffa2f58a | spinbit_staging_Mar2025 | SSM_EcsInstanceProfile | 1 | required | aws:ec2launchtemplate:id=lt-0972772de68130756aws:ec2launchtemplate:version=2AmazonECSManaged=ECS Cluster managed by AmazonEnvironment=stagingaws:autoscaling:groupName=spinbit-staging-Asg-fe-cms-cdn-websocket-ecs-clusterCustomer=spinbit |
| ECS Instance - EC2ContainerService-spinbit-staging-cronjob-ecs-cluster | i-09c812ded55269678 |
t3.medium | running | - | 10.0.3.4 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-035fccda7ffa2f58a | spinbit_staging_Mar2025 | SSM_EcsInstanceProfile | 1 | required | AmazonECSManaged=ECS Cluster managed by Amazonaws:ec2launchtemplate:id=lt-04b83cc761ed73a9cEnvironment=stagingaws:autoscaling:groupName=spinbit-staging-Asg-cronjob-ecs-clusteraws:ec2launchtemplate:version=2Customer=spinbit |
| ECS Instance - EC2ContainerService-spinbit-staging-bo-agent-ecs-cluster | i-005f019629b5a4d52 |
t3.large | running | - | 10.0.1.140 | vpc-06cf39701949c7c52 | sg-0e86f13edf53bb2b9 | ami-035fccda7ffa2f58a | spinbit_staging_Mar2025 | SSM_EcsInstanceProfile | 1 | required | aws:ec2launchtemplate:version=2aws:autoscaling:groupName=spinbit-staging-Asg-bo-agent-ecs-clusterAmazonECSManaged=ECS Cluster managed by AmazonCustomer=spinbitEnvironment=stagingaws:ec2launchtemplate:id=lt-0da5d9b7af5820ee1 |
EBS Volumes
| Name | Volume ID | Size (GiB) | Type | State | Encrypted | IOPS | Attached Instance | Device | AZ | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| spinbit_staging_integration_graylog_volume | vol-0b574cb3b62ee8405 |
1000 | gp3 | in-use | No | 3000 | i-0516d5e9772c9b126 | /dev/sda1 | ap-east-1a | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| - | vol-035ab298f56dc2ab2 |
100 | gp3 | in-use | No | 3000 | i-01a797c662d303406 | /dev/xvda | ap-east-1b | - |
| spinbit_staging_bastion_host_volume | vol-0f075dd335729f93e |
50 | gp3 | in-use | No | 3000 | i-0628763e5b3739cf9 | /dev/sda1 | ap-east-1a | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| spinbit_staging_monitoring_volume | vol-0a870d5c62d2ec406 |
80 | gp3 | in-use | No | 3000 | i-02dbc50ad165a8a80 | /dev/sda1 | ap-east-1a | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| spinbit_staging_graylog_volume | vol-05640477a064f82bc |
50 | gp3 | in-use | No | 3000 | i-01a5f818644d6eb47 | /dev/sda1 | ap-east-1a | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| - | vol-0bbccc03031d51d02 |
50 | gp3 | in-use | No | 3000 | i-09c812ded55269678 | /dev/xvda | ap-east-1b | - |
| spinbit_staging_metabase_volume | vol-02f387f309af3ab1a |
50 | gp3 | in-use | No | 3000 | i-080e7f541c821e593 | /dev/sda1 | ap-east-1a | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| spinbit_staging_mongodb_cms_volume | vol-0a34514d6c1c6dfd2 |
50 | gp3 | in-use | No | 3000 | i-0d396612fea51b748 | /dev/sda1 | ap-east-1a | Environment=stagingCustomer=spinbitmap-migrated=migS0EK6JMBZC |
| - | vol-07adc9366c9fa11a2 |
50 | gp3 | in-use | No | 3000 | i-005f019629b5a4d52 | /dev/xvda | ap-east-1a | - |
| - | vol-0756dfc84cc0f765c |
50 | gp3 | in-use | No | 3000 | i-0e082d34d42abd58c | /dev/sda1 | ap-east-1a | - |
| spinbit_staging_elk_volume | vol-08b6ccff63f8bdaf6 |
50 | gp3 | in-use | No | 3000 | i-0b5cb809ff74de07e | /dev/sda1 | ap-east-1a | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| - | vol-0fddc9a43f9f27cf9 |
100 | gp3 | in-use | No | 3000 | i-0746697d0db5964ec | /dev/sda1 | ap-east-1a | - |
ECS Clusters
| Cluster Name | Status | Running Tasks | Pending Tasks | Active Services | Container Instances |
|---|---|---|---|---|---|
| spinbit-staging-cronjob-ecs-cluster | ACTIVE | 1 | 0 | 1 | 1 |
| spinbit-staging-api-fargate-ecs-cluster | ACTIVE | 2 | 0 | 1 | 0 |
| spinbit-staging-queue-worker-fargate-ecs-cluster | ACTIVE | 1 | 0 | 1 | 0 |
| spinbit-staging-callback-fargate-ecs-cluster | ACTIVE | 1 | 0 | 1 | 0 |
| spinbit-staging-fe-cms-cdn-websocket-ecs-cluster | ACTIVE | 4 | 0 | 5 | 1 |
| spinbit-staging-bo-agent-ecs-cluster | ACTIVE | 1 | 0 | 1 | 1 |
ECS Services
| Service Name | Status | Desired | Running | Launch Type | Task Definition | Load Balancers | Security Groups |
|---|---|---|---|---|---|---|---|
| spinbit-staging-cronjob-service | ACTIVE | 1 | 1 | EC2 | spinbit-staging-cronjob-task-definitions:74 | 0 target groups | |
| spinbit-staging-fe-service | ACTIVE | 1 | 1 | EC2 | spinbit-staging-fe-task-definitions:80 | 1 target groups | |
| spinbit-staging-cms-service | ACTIVE | 1 | 1 | EC2 | spinbit-staging-cms-task-definitions:3 | 2 target groups | |
| spinbit-staging-websocket-services | ACTIVE | 1 | 1 | EC2 | spinbit-staging-websocket-task-definitions:2 | 1 target groups | |
| spinbit-staging-fasttrack-proxy-service | ACTIVE | 0 | 0 | EC2 | spinbit-staging-fasttrack-proxy-task-definitions:1 | 1 target groups | |
| spinbit-staging-cdn-cms-service | ACTIVE | 1 | 1 | EC2 | spinbit-staging-cdn-cms-task-definitions:2 | 1 target groups | |
| spinbit-staging-callback-service | ACTIVE | 1 | 1 | FARGATE | spinbit-staging-callback-task-definitions:74 | 1 target groups | sg-0e86f13edf53bb2b9 |
| spinbit-staging-api-service | ACTIVE | 2 | 2 | FARGATE | spinbit-staging-api-task-definitions:74 | 1 target groups | sg-0e86f13edf53bb2b9 |
| spinbit-staging-bo-service | ACTIVE | 1 | 1 | EC2 | spinbit-staging-bo-task-definitions:74 | 1 target groups | |
| spinbit-staging-queue-worker-service | ACTIVE | 1 | 1 | FARGATE | spinbit-staging-queue-worker-task-definitions:74 | 0 target groups | sg-0e86f13edf53bb2b9 |
ECS Task Definitions (Active)
| Family | Rev | CPU | Memory | Containers | Task Role | Privileged | Env Vars | Secrets | Log Config |
|---|---|---|---|---|---|---|---|---|---|
| spinbit-staging-api-task-definitions | 74 | 2048 | 4096 | 4 | Yes | No | 5 | 0 | No logs, awslogs:/ecs/spinbit-staging-api |
| spinbit-staging-bo-task-definitions | 74 | - | - | 4 | No | No | 5 | 0 | No logs, json-file |
| spinbit-staging-callback-task-definitions | 74 | 2048 | 4096 | 4 | Yes | No | 5 | 0 | No logs, awslogs:/ecs/spinbit-staging-callback |
| spinbit-staging-cdn-cms-task-definitions | 2 | - | - | 1 | No | No | 0 | 0 | No logs |
| spinbit-staging-cms-task-definitions | 3 | - | - | 2 | No | No | 1 | 0 | No logs, json-file |
| spinbit-staging-cronjob-task-definitions | 74 | - | - | 3 | No | No | 4 | 0 | No logs |
| spinbit-staging-fasttrack-proxy-task-definitions | 1 | - | - | 1 | No | No | 1 | 0 | json-file |
| spinbit-staging-fe-task-definitions | 80 | - | - | 2 | No | No | 1 | 0 | No logs, json-file |
| spinbit-staging-queue-worker-task-definitions | 74 | 1024 | 8192 | 3 | Yes | No | 4 | 0 | No logs |
| spinbit-staging-websocket-task-definitions | 2 | - | - | 2 | No | No | 0 | 0 | No logs, json-file |
Container Configuration Detail
⚠️ Plaintext environment variables should be avoided for sensitive data. Use Secrets Manager or SSM Parameter Store. log_router containers are excluded.
| Task Definition | Container | Image | Log Config | Plaintext Env Vars | Secrets (SSM/SM) |
|---|---|---|---|---|---|
| spinbit-staging-api-task-definitions:74 | nginx | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:3.0 | awslogs:/ecs/spinbit-staging-api | NGINX_DEFAULT_CONF_FILE | - |
| spinbit-staging-api-task-definitions:74 | terragon-api | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-api:72d2fc3-2156-release-spinbit | awslogs:/ecs/spinbit-staging-api | None | - |
| spinbit-staging-api-task-definitions:74 | filebeat | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-api-task-definitions:74 | filebeat-integration | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:4.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-bo-task-definitions:74 | nginx-bo | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:4.0 | json-file | NGINX_DEFAULT_CONF_FILE | - |
| spinbit-staging-bo-task-definitions:74 | terragon-bo | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-bo:72d2fc3-2156-release-spinbit | No logs | None | - |
| spinbit-staging-bo-task-definitions:74 | filebeat | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-bo-task-definitions:74 | filebeat-integration | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:4.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-callback-task-definitions:74 | nginx | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:3.0 | awslogs:/ecs/spinbit-staging-callba... | NGINX_DEFAULT_CONF_FILE | - |
| spinbit-staging-callback-task-definitions:74 | terragon-callback | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-callback:72d2fc3-2156-release-spinbit | awslogs:/ecs/spinbit-staging-callba... | None | - |
| spinbit-staging-callback-task-definitions:74 | filebeat | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-callback-task-definitions:74 | filebeat-integration | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:4.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-cdn-cms-task-definitions:2 | nginx-s3-gateway | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:s3-gateway-1.0 | No logs | None | - |
| spinbit-staging-cms-task-definitions:3 | nginx-cms | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:3.0 | json-file | NGINX_DEFAULT_CONF_FILE | - |
| spinbit-staging-cms-task-definitions:3 | terragon-cms | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-cms:87f0bea-35-develop | No logs | None | - |
| spinbit-staging-cronjob-task-definitions:74 | cronjob | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-cronjob:72d2fc3-2156-release-spinbit | No logs | None | - |
| spinbit-staging-cronjob-task-definitions:74 | filebeat | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-cronjob-task-definitions:74 | filebeat-integration | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:4.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-fasttrack-proxy-task-definitions:1 | nginx-fasttrack-proxy | 299084936681.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:3.0 | json-file | NGINX_DEFAULT_CONF_FILE | - |
| spinbit-staging-fe-task-definitions:80 | nginx-fe | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:3.0 | json-file | NGINX_DEFAULT_CONF_FILE | - |
| spinbit-staging-fe-task-definitions:80 | app | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-fe:2155a52-21054570951-stage | No logs | None | - |
| spinbit-staging-queue-worker-task-definitions:74 | queue-worker | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-queue-worker:72d2fc3-2156-release-spinbit | No logs | None | - |
| spinbit-staging-queue-worker-task-definitions:74 | filebeat | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-queue-worker-task-definitions:74 | filebeat-integration | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-filebeat:4.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| spinbit-staging-websocket-task-definitions:2 | nginx-websocket | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-nginx-base:3.0 | No logs | None | - |
| spinbit-staging-websocket-task-definitions:2 | app | 617842004709.dkr.ecr.ap-east-1.amazonaws.com/spinbit-staging-soketi:1.0-16-debian | json-file | None | - |
RDS Instances
| DB Identifier | Engine | Class | Status | Storage | Encrypted | Multi-AZ | Public | Backup | Delete Prot. | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| spinbit-staging-aurora-primary-cluster-instance-0 | aurora-mysql 8.0.mysql_aurora.3.10.0 | db.t4g.medium | available | 1 GiB | Yes | No | No | 7d | No | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
SQS Queues
Total Queues: 59
Without Encryption: 59
Without DLQ: 59
| Queue Name | Type | Encrypted | DLQ Configured | Visibility Timeout | Messages | Tags |
|---|---|---|---|---|---|---|
| accumulate_bonus_programs_ref_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| accumulate_bonus_programs_referral_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| accumulate_bonus_programs_settle_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| accumulate_bonus_programs_spinbit_staging | Standard | No | No | 3000s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| ad_checks_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| assign_new_game_to_bonus_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| assign_new_game_to_game_segment_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| audit_logs_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| automatic_withdrawal_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| betting_limit_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| bonuses_spinbit_staging | Standard | No | No | 3010s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| broadcast_balance_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| broadcast_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| calendar_bonus_programs_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| campaign_message_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| casino_bet_detail_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| compliance_actions_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| compliances_computing_spinbit_staging.fifo | FIFO | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| compliances_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| compliances_spinbit_staging.fifo | FIFO | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| crm_high_intercom_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| crm_high_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| crm_intercom_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| crm_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| default_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| emails_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| export_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| game_log_locks_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| game_logs_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| game_logs_spinbit_staging.fifo | FIFO | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| import_batches_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| kyc_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| loyalty_programs_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| payment_integration_logs_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_activities_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_flagged_computing_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_tips_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_tracking_session_computing_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_transaction_summary_realtime_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_transactional_summary_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| player_vip_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| prune_open_bets_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| quests_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| rebate_programs_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| recent_games_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| referral_plans_spinbit_staging | Standard | No | No | 3010s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| risk_fraud_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| segments_computing_spinbit_staging.fifo | FIFO | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| segments_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| segments_spinbit_staging.fifo | FIFO | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| sms_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| sportbook_bet_detail_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| spotlight-search_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| telescope_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| tournaments_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| tournaments_spinbit_staging.fifo | FIFO | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| trigger_scheduled_programs_spinbit_staging | Standard | No | No | 3000s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| wagering_requirements_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| webhook_call_spinbit_staging | Standard | No | No | 300s | 0 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
Secrets Manager
Total Secrets: 2
Without Rotation: 2
| Secret Name | Description | KMS Key | Rotation | Last Rotated | Last Accessed | Tags |
|---|---|---|---|---|---|---|
| spinbit-staging-rds-admin-password | - | secretsmanager |
Disabled | - | 2026-01-13 | - |
| spinbit-staging-redshift-admin-password | - | secretsmanager |
Disabled | - | 2026-01-13 | - |
CloudWatch Log Groups
Total Log Groups: 7
Without Retention Policy: 3
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/aws/rds/cluster/spinbit-staging-primary-cluster/error |
Never Expire | 67.86 MB |
/aws/rds/instance/spinbit-staging-db-master/error |
Never Expire | 7.09 KB |
/ecs/spinbit-staging-api |
365 | 426.47 MB |
/ecs/spinbit-staging-callback |
365 | 119.62 MB |
RDSOSMetrics |
30 | 70.67 MB |
dms-tasks-migrations-spinbit-staging-dms-instance |
Never Expire | 20.44 GB |
spinbit-staging-backend-redis-slowlog |
365 | 61.54 KB |
Application & Network Load Balancers
| Name | Type | Scheme | State | DNS Name | VPC | AZs | Listeners | Target Groups | Tags |
|---|---|---|---|---|---|---|---|---|---|
| spinbit-staging-other-ecs-alb | APPLICATION | internet-facing | active | spinbit-staging-other-ecs-alb-390831201.ap-east-1.elb.amazonaws.com | vpc-06cf39701949c7c52 | 2 | HTTPS:443, HTTP:80 | 10 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| spinbit-staging-api-cb-ecs-alb | APPLICATION | internet-facing | active | spinbit-staging-api-cb-ecs-alb-2016002201.ap-east-1.elb.amazonaws.com | vpc-06cf39701949c7c52 | 2 | HTTPS:443, HTTP:80 | 3 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
| spinbit-staging-ecs-internal-alb | APPLICATION | internal | active | internal-spinbit-staging-ecs-internal-alb-341153204.ap-east-1.elb.amazonaws.com | vpc-06cf39701949c7c52 | 2 | HTTPS:443, HTTP:80 | 1 | map-migrated=migS0EK6JMBZCCustomer=spinbitEnvironment=staging |
Target Groups
| Load Balancer | Target Group Name | Protocol | Port | Target Type | Health Check |
|---|---|---|---|---|---|
| spinbit-staging-other-ecs-alb | spinbit-staging-bo-tg-443 | HTTPS | 443 | instance | HTTPS:/player/api/v1/ping |
| spinbit-staging-other-ecs-alb | spinbit-staging-cdn-cms-tg-449 | HTTPS | 449 | instance | HTTPS:/health |
| spinbit-staging-other-ecs-alb | spinbit-staging-elk-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| spinbit-staging-other-ecs-alb | spinbit-staging-fe-tg-443 | HTTPS | 443 | instance | HTTPS:/robots.txt |
| spinbit-staging-other-ecs-alb | spinbit-staging-ftproxy-tg-445 | HTTPS | 445 | instance | HTTPS:/healthcheck |
| spinbit-staging-other-ecs-alb | spinbit-staging-graylog-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| spinbit-staging-other-ecs-alb | spinbit-staging-intglog-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| spinbit-staging-other-ecs-alb | spinbit-staging-metbase-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| spinbit-staging-other-ecs-alb | spinbit-staging-mon-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| spinbit-staging-other-ecs-alb | spinbit-staging-ws-tg-6002 | HTTPS | 6002 | instance | HTTPS:/ |
| spinbit-staging-api-cb-ecs-alb | spinbit-staging-api-tg-443 | HTTPS | 443 | ip | HTTPS:/robots.txt |
| spinbit-staging-api-cb-ecs-alb | spinbit-staging-callbck-tg-443 | HTTPS | 443 | ip | HTTPS:/player/api/v1/ping |
| spinbit-staging-api-cb-ecs-alb | spinbit-staging-cms-tg-444 | HTTPS | 444 | instance | HTTPS:/ |
| spinbit-staging-ecs-internal-alb | spinbit-staging-cms-internal-444 | HTTPS | 444 | instance | HTTPS:/ |
Security Groups (In Use)
| Name | Group ID | VPC | Used By | Inbound Ports | Outbound Ports | Open to Internet | Tags |
|---|---|---|---|---|---|---|---|
| spinbit-staging-allow-local | sg-0e86f13edf53bb2b9 |
vpc-06cf39701949c7c52 | APPLICATION(1), EC2(10), ECS(3) | All, tcp:0-65535, tcp:5439 | All | No | Environment=stagingmap-migrated=migS0EK6JMBZCCustomer=spinbit |
| spinbit-staging-allow-http-https | sg-031435191846ad62d |
vpc-06cf39701949c7c52 | APPLICATION(2), EC2(1) | tcp:443, tcp:80 | All | Yes | Environment=stagingmap-migrated=migS0EK6JMBZCCustomer=spinbit |
| spinbit-staging-allow-ssh | sg-0efa7f42982bab24d |
vpc-06cf39701949c7c52 | EC2(2) | tcp:22 | All | No | Customer=spinbitEnvironment=stagingmap-migrated=migS0EK6JMBZC |
| spinbit-staging-allow-local-port-3306 | sg-00c43fb2671fefdc1 |
vpc-06cf39701949c7c52 | RDS(1) | tcp:0-65535, tcp:3306 | All | No | map-migrated=migS0EK6JMBZCEnvironment=stagingCustomer=spinbit |
Security Group Rules Detail
| Security Group | Direction | Protocol | Port Range | Source/Destination |
|---|---|---|---|---|
spinbit-staging-allow-local sg-0e86f13edf53bb2b9 |
Inbound | tcp | 5439 | 11.0.0.0/16 |
spinbit-staging-allow-local sg-0e86f13edf53bb2b9 |
Inbound | tcp | 0-65535 | sg: sg-0e86f13edf53bb2b9 |
spinbit-staging-allow-local sg-0e86f13edf53bb2b9 |
Inbound | All | All | 10.0.3.0/24, 10.0.4.0/24, 10.0.2.0/24, 10.0.1.0/24 |
spinbit-staging-allow-http-https sg-031435191846ad62d |
Inbound | tcp | 80 | 0.0.0.0/0 |
spinbit-staging-allow-http-https sg-031435191846ad62d |
Inbound | tcp | 443 | 0.0.0.0/0 |
spinbit-staging-allow-ssh sg-0efa7f42982bab24d |
Inbound | tcp | 22 | 14.161.16.211/32, 115.79.29.29/32, 115.78.100.17/32, 119.93.179.143/32, 18.185.233.97/32, 118.69.133.85/32 |
spinbit-staging-allow-local-port-3306 sg-00c43fb2671fefdc1 |
Inbound | tcp | 0-65535 | sg: sg-00c43fb2671fefdc1 |
spinbit-staging-allow-local-port-3306 sg-00c43fb2671fefdc1 |
Inbound | tcp | 3306 | 11.0.0.0/16, 10.0.3.0/24, 10.0.1.0/24, 10.0.2.252/32 |
spinbit-staging-allow-local sg-0e86f13edf53bb2b9 |
Outbound | All | All | 0.0.0.0/0 |
spinbit-staging-allow-http-https sg-031435191846ad62d |
Outbound | All | All | 0.0.0.0/0 |
spinbit-staging-allow-ssh sg-0efa7f42982bab24d |
Outbound | All | All | 0.0.0.0/0 |
spinbit-staging-allow-local-port-3306 sg-00c43fb2671fefdc1 |
Outbound | All | All | 0.0.0.0/0 |
Compliance Findings
Network & Security (Section 5.2)
1
Open Security Groups (0.0.0.0/0)
4
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
12
Unencrypted EBS Volumes
0
Unencrypted RDS
59
SQS Without Encryption
Logging & Monitoring (Section 5.3)
3
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
1
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
0
Lambda Without DLQ
SQS Standards (Section 7)
59
SQS Without DLQ
ECS Standards (Section 7)
26
Plaintext Env Vars
0
Privileged Containers