🔐 IAM (Global)
IAM Compliance Findings
6
Total IAM Users
6
Users Without MFA
0
Access Keys >90 Days Old
0
Users with Admin Access
IAM Users
| User Name | MFA Enabled | Access Key ID | Key Status | Key Created |
|---|---|---|---|---|
| vegastars_prod_cms_nginx_s3_gateway | No | - | - | - |
| vegastars_prod_ecs_deploy | No | AKIAUWCGRSDIYZXBXRZ7 | Active | 2025-11-17 |
| vegastars_prod_grafana | No | - | - | - |
| vegastars_prod_infras_watcher | No | - | - | - |
| vegastars_prod_s3upload | No | - | - | - |
| vegastars_prod_sqs | No | - | - | - |
📍 Region: eu-west-2
VPCs & Subnets
| Name | VPC ID | CIDR Block | State | Tenancy | Tags |
|---|---|---|---|---|---|
| aws-controltower-VPC | vpc-0cf17e5d54c6530c8 |
172.31.0.0/16 | available | default | aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67aws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:322270499025:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67/bd1409b0-2bd9-11f0-a602-0a0d079d5461aws:cloudformation:logical-id=VPC |
Subnets
| Name | Subnet ID | VPC ID | CIDR Block | AZ | Available IPs | Public IP on Launch | Tags |
|---|---|---|---|---|---|---|---|
| aws-controltower-PrivateSubnet3A | subnet-03dced4a5ad3e8eb8 |
vpc-0cf17e5d54c6530c8 | 172.31.80.0/20 | eu-west-2c | 4091 | No | aws:cloudformation:logical-id=PrivateSubnet3Aaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:322270499025:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67/bd1409b0-2bd9-11f0-a602-0a0d079d5461Network=Privateaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67 |
| aws-controltower-PrivateSubnet2A | subnet-08b2f3095f4c291c8 |
vpc-0cf17e5d54c6530c8 | 172.31.32.0/20 | eu-west-2b | 4091 | No | Network=Privateaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:322270499025:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67/bd1409b0-2bd9-11f0-a602-0a0d079d5461aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67aws:cloudformation:logical-id=PrivateSubnet2A |
| aws-controltower-PrivateSubnet1A | subnet-01d9204f86b7463a8 |
vpc-0cf17e5d54c6530c8 | 172.31.64.0/20 | eu-west-2a | 4091 | No | Network=Privateaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:322270499025:stack/StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67/bd1409b0-2bd9-11f0-a602-0a0d079d5461aws:cloudformation:logical-id=PrivateSubnet1Aaws:cloudformation:stack-name=StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67 |
Lambda Functions
| Function Name | Runtime | Memory | Timeout | VPC | Last Modified | Tags |
|---|---|---|---|---|---|---|
| aws-controltower-NotificationForwarder | python3.13 | 128 MB | 60s | No VPC | 2025-08-21 | aws:cloudformation:logical-id=ForwardSnsNotificationaws:cloudformation:stack-id=arn:aws:cloudformation:eu-west-2:322270499025:stack/StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-6ee64e0c-ad0d-4116-a6d9-3d4991f159f8/4373de50-2bd9-11f0-a19f-02c1fee36073aws:cloudformation:stack-name=StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-6ee64e0c-ad0d-4116-a6d9-3d4991f159f8 |
CloudWatch Log Groups
Total Log Groups: 2
Without Retention Policy: 0
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/aws/lambda/aws-controltower-NotificationForwarder |
14 | 0 B |
StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-9a1e8f17-fabf-4f6c-a28a-cec83bb56d67-VPCFlowLogsLogGroup-ao2IAZFIVTcd |
90 | 0 B |
Compliance Findings
Network & Security (Section 5.2)
0
Open Security Groups (0.0.0.0/0)
0
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
0
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
0
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
0
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
1
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
0
Plaintext Env Vars
0
Privileged Containers
📍 Region: eu-central-2
VPCs & Subnets
| Name | VPC ID | CIDR Block | State | Tenancy | Tags |
|---|---|---|---|---|---|
| vegastars-prod-vpc | vpc-02c209af485eddacf |
10.2.0.0/16 | available | default | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
Subnets
| Name | Subnet ID | VPC ID | CIDR Block | AZ | Available IPs | Public IP on Launch | Tags |
|---|---|---|---|---|---|---|---|
| vegastars-prod-public-subnet-1 | subnet-06823bb4daa53dfcd |
vpc-02c209af485eddacf | 10.2.2.0/24 | eu-central-2a | 248 | No | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| vegastars-prod-public-subnet-2 | subnet-080852cef9f31e0f3 |
vpc-02c209af485eddacf | 10.2.4.0/24 | eu-central-2b | 247 | No | Environment=prodCustomer=vegastarsmap-migrated=migS0EK6JMBZC |
| vegastars-prod-private-subnet-1 | subnet-03f9a8881dd18bd8b |
vpc-02c209af485eddacf | 10.2.1.0/24 | eu-central-2a | 251 | No | Environment=prodCustomer=vegastarsmap-migrated=migS0EK6JMBZC |
| vegastars-prod-private-subnet-2 | subnet-05a4ae8c3f3e66f87 |
vpc-02c209af485eddacf | 10.2.3.0/24 | eu-central-2b | 251 | No | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
ECS Clusters
| Cluster Name | Status | Running Tasks | Pending Tasks | Active Services | Container Instances |
|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-fargate-ecs-cluster | ACTIVE | 3 | 0 | 1 | 0 |
ECS Services
| Service Name | Status | Desired | Running | Launch Type | Task Definition | Load Balancers | Security Groups |
|---|---|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-service | ACTIVE | 3 | 3 | FARGATE | vegastars-prod-game-proxy-v2-fargate-task-definitions:7 | 1 target groups | sg-04410eca5b18d113e |
ECS Task Definitions (Active)
| Family | Rev | CPU | Memory | Containers | Task Role | Privileged | Env Vars | Secrets | Log Config |
|---|---|---|---|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-fargate-task-definitions | 7 | 2048 | 4096 | 3 | Yes | No | 1 | 0 | No logs |
Container Configuration Detail
⚠️ Plaintext environment variables should be avoided for sensitive data. Use Secrets Manager or SSM Parameter Store. log_router containers are excluded.
| Task Definition | Container | Image | Log Config | Plaintext Env Vars | Secrets (SSM/SM) |
|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-fargate-task-definitions:7 | nginx | 322270499025.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-nginx-base:3.0-game-proxy-v2 | No logs | None | - |
| vegastars-prod-game-proxy-v2-fargate-task-definitions:7 | proxy | 322270499025.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-game-proxy:f2e5c87-47-main | No logs | NODE_ENV | - |
| vegastars-prod-game-proxy-v2-fargate-task-definitions:7 | epoxy-server | 322270499025.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-docker-base:epoxy-server-2.0.0 | No logs | None | - |
CloudWatch Log Groups
Total Log Groups: 1
Without Retention Policy: 0
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/ecs/vegastars-prod-game-proxy-v2 |
365 | 0 B |
Application & Network Load Balancers
| Name | Type | Scheme | State | DNS Name | VPC | AZs | Listeners | Target Groups | Tags |
|---|---|---|---|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-alb | APPLICATION | internet-facing | active | vegastars-prod-game-proxy-v2-alb-214018070.eu-central-2.elb.amazonaws.com | vpc-02c209af485eddacf | 2 | HTTPS:443, HTTP:80 | 1 | map-migrated=migS0EK6JMBZCCustomer=vegastarsEnvironment=prod |
Target Groups
| Load Balancer | Target Group Name | Protocol | Port | Target Type | Health Check |
|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-alb | vegastars-prod-gpx-v2-tg-443 | HTTPS | 443 | ip | HTTPS:/healthz |
Security Groups (In Use)
| Name | Group ID | VPC | Used By | Inbound Ports | Outbound Ports | Open to Internet | Tags |
|---|---|---|---|---|---|---|---|
| vegastars-prod-allow-http-https | sg-0f08265a96ba4474b |
vpc-02c209af485eddacf | APPLICATION(1) | tcp:443, tcp:80 | All | Yes | map-migrated=migS0EK6JMBZCEnvironment=prodCustomer=vegastars |
| vegastars-prod-allow-local | sg-04410eca5b18d113e |
vpc-02c209af485eddacf | ECS(1) | All | All | No | Environment=prodmap-migrated=migS0EK6JMBZCCustomer=vegastars |
Security Group Rules Detail
| Security Group | Direction | Protocol | Port Range | Source/Destination |
|---|---|---|---|---|
vegastars-prod-allow-http-https sg-0f08265a96ba4474b |
Inbound | tcp | 80 | 0.0.0.0/0 |
vegastars-prod-allow-http-https sg-0f08265a96ba4474b |
Inbound | tcp | 443 | 0.0.0.0/0 |
vegastars-prod-allow-local sg-04410eca5b18d113e |
Inbound | All | All | 10.2.3.0/24, 10.2.4.0/24, 10.2.1.0/24, 10.2.2.0/24 |
vegastars-prod-allow-http-https sg-0f08265a96ba4474b |
Outbound | All | All | 0.0.0.0/0 |
vegastars-prod-allow-local sg-04410eca5b18d113e |
Outbound | All | All | 0.0.0.0/0 |
Compliance Findings
Network & Security (Section 5.2)
1
Open Security Groups (0.0.0.0/0)
0
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
0
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
0
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
0
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
0
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
1
Plaintext Env Vars
0
Privileged Containers
📍 Region: ap-east-1
VPCs & Subnets
| Name | VPC ID | CIDR Block | State | Tenancy | Tags |
|---|---|---|---|---|---|
| vegastars-prod-vpc | vpc-08590366dbe85ff5d |
10.0.0.0/16 | available | default | Customer=vegastarsmap-migrated=migS0EK6JMBZCEnvironment=prod |
Subnets
| Name | Subnet ID | VPC ID | CIDR Block | AZ | Available IPs | Public IP on Launch | Tags |
|---|---|---|---|---|---|---|---|
| vegastars-prod-public-subnet-2 | subnet-08a4b8eeacaecf28d |
vpc-08590366dbe85ff5d | 10.0.4.0/24 | ap-east-1b | 246 | No | Environment=prodmap-migrated=migS0EK6JMBZCCustomer=vegastars |
| vegastars-prod-private-subnet-1 | subnet-00600ef823b6e0588 |
vpc-08590366dbe85ff5d | 10.0.1.0/24 | ap-east-1a | 248 | No | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| vegastars-prod-public-subnet-1 | subnet-000757b97b9b8447f |
vpc-08590366dbe85ff5d | 10.0.2.0/24 | ap-east-1a | 245 | No | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| vegastars-prod-private-subnet-2 | subnet-03805ad42782a7f9e |
vpc-08590366dbe85ff5d | 10.0.3.0/24 | ap-east-1b | 249 | No | Customer=vegastarsmap-migrated=migS0EK6JMBZCEnvironment=prod |
EC2 Instances
| Name | Instance ID | Type | State | Public IP | Private IP | VPC | Security Groups | AMI | Key Pair | IAM Profile | EBS Volumes | IMDSv2 | Tags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| vegastars_prod_fireblocks_cosigner | i-0a49bda3f67a7a9d8 |
c5a.xlarge | stopped | - | 10.0.1.49 | vpc-08590366dbe85ff5d | sg-01bf1bc8067852a08 | ami-05cf3340ca3cc2bc9 | vegastars_prod_Aug2025 | vegastars_prod_SSMInstanceProfileForFireblocksCoSigner | 1 | required | map-migrated=migS0EK6JMBZCEnvironment=prodCustomer=vegastars |
| vegastars_prod_bastion_host | i-07f947dca92a1854b |
t3.micro | stopped | 16.162.13.238 | 10.0.2.145 | vpc-08590366dbe85ff5d | sg-0e9dbfc43334e6a03 | ami-007413ba598a8a338 | vegastars_prod_Aug2025 | vegastars_prod_SSMInstanceProfile | 1 | optional | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
EBS Volumes
| Name | Volume ID | Size (GiB) | Type | State | Encrypted | IOPS | Attached Instance | Device | AZ | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| vegastars_prod_bastion_host_volume | vol-030943e060c5beb1f |
50 | gp3 | in-use | No | 3000 | i-07f947dca92a1854b | /dev/sda1 | ap-east-1a | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| vegastars_prod_fireblocks_cosigner_volume | vol-0b122aa9ea56c2be6 |
100 | gp3 | in-use | No | 3000 | i-0a49bda3f67a7a9d8 | /dev/xvda | ap-east-1a | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
ECS Clusters
| Cluster Name | Status | Running Tasks | Pending Tasks | Active Services | Container Instances |
|---|---|---|---|---|---|
| vegastars-prod-game-proxy-v2-fargate-ecs-cluster | ACTIVE | 3 | 0 | 1 | 0 |
| vegastars-prod-api-callback-ecs-cluster | ACTIVE | 0 | 0 | 0 | 0 |
| vegastars-prod-game-proxy-fargate-ecs-cluster | ACTIVE | 0 | 0 | 1 | 0 |
| vegastars-prod-queue-ecs-cluster | ACTIVE | 0 | 0 | 1 | 0 |
| vegastars-prod-fe-bo-cms-cdn-websocket-cronjob-ecs-cluster | ACTIVE | 0 | 0 | 6 | 0 |
| vegastars-prod-callback-fargate-ecs-cluster | ACTIVE | 0 | 0 | 1 | 0 |
| vegastars-prod-api-fargate-ecs-cluster | ACTIVE | 0 | 0 | 1 | 0 |
ECS Services
| Service Name | Status | Desired | Running | Launch Type | Task Definition | Load Balancers | Security Groups |
|---|---|---|---|---|---|---|---|
| vegastars-prod-game-proxy-service | ACTIVE | 0 | 0 | FARGATE | vegastars-prod-game-proxy-fargate-task-definitions:1 | 1 target groups | sg-06aafec9b3db15121 |
| vegastars-prod-api-service | ACTIVE | 0 | 0 | FARGATE | vegastars-prod-api-fargate-task-definitions:1 | 1 target groups | sg-06aafec9b3db15121 |
| vegastars-prod-queue-worker-service | ACTIVE | 0 | 0 | EC2 | vegastars-prod-queue-worker-task-definitions:1 | 0 target groups | |
| vegastars-prod-callback-service | ACTIVE | 0 | 0 | FARGATE | vegastars-prod-callback-fargate-task-definitions:1 | 1 target groups | sg-06aafec9b3db15121 |
| vegastars-prod-game-proxy-v2-service | ACTIVE | 3 | 3 | FARGATE | vegastars-prod-game-proxy-v2-fargate-task-definitions:8 | 1 target groups | sg-06aafec9b3db15121 |
| vegastars-prod-cronjob-service | ACTIVE | 0 | 0 | EC2 | vegastars-prod-cronjob-task-definitions:1 | 0 target groups | |
| vegastars-prod-cms-service | ACTIVE | 0 | 0 | EC2 | vegastars-prod-cms-task-definitions:1 | 2 target groups | |
| vegastars-prod-websocket-services | ACTIVE | 0 | 0 | EC2 | vegastars-prod-websocket-task-definitions:1 | 2 target groups | |
| vegastars-prod-bo-service | ACTIVE | 0 | 0 | EC2 | vegastars-prod-bo-task-definitions:1 | 1 target groups | |
| vegastars-prod-cdn-cms-service | ACTIVE | 0 | 0 | EC2 | vegastars-prod-cdn-cms-task-definitions:1 | 1 target groups | |
| vegastars-prod-fe-service | ACTIVE | 0 | 0 | EC2 | vegastars-prod-fe-task-definitions:1 | 1 target groups |
ECS Task Definitions (Active)
| Family | Rev | CPU | Memory | Containers | Task Role | Privileged | Env Vars | Secrets | Log Config |
|---|---|---|---|---|---|---|---|---|---|
| vegastars-prod-api-fargate-task-definitions | 1 | 512 | 1024 | 3 | Yes | No | 4 | 0 | No logs |
| vegastars-prod-bo-task-definitions | 1 | - | - | 3 | No | No | 4 | 0 | No logs |
| vegastars-prod-callback-fargate-task-definitions | 1 | 512 | 1024 | 3 | Yes | No | 4 | 0 | No logs |
| vegastars-prod-cdn-cms-task-definitions | 1 | - | - | 1 | No | No | 0 | 0 | No logs |
| vegastars-prod-cms-task-definitions | 1 | - | - | 2 | No | No | 0 | 0 | No logs |
| vegastars-prod-cronjob-task-definitions | 1 | - | - | 3 | No | No | 4 | 0 | No logs |
| vegastars-prod-fe-task-definitions | 1 | - | - | 2 | No | No | 0 | 0 | No logs |
| vegastars-prod-game-proxy-fargate-task-definitions | 1 | 512 | 1024 | 1 | Yes | No | 0 | 0 | No logs |
| vegastars-prod-game-proxy-v2-fargate-task-definitions | 8 | 2048 | 4096 | 3 | Yes | No | 1 | 0 | No logs |
| vegastars-prod-queue-worker-task-definitions | 1 | - | - | 3 | No | No | 4 | 0 | No logs |
| vegastars-prod-websocket-task-definitions | 1 | - | - | 2 | No | No | 0 | 0 | No logs, json-file |
Container Configuration Detail
⚠️ Plaintext environment variables should be avoided for sensitive data. Use Secrets Manager or SSM Parameter Store. log_router containers are excluded.
| Task Definition | Container | Image | Log Config | Plaintext Env Vars | Secrets (SSM/SM) |
|---|---|---|---|---|---|
| vegastars-prod-api-fargate-task-definitions:1 | terragon-api | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-api:4d9762d-38-develop | No logs | None | - |
| vegastars-prod-api-fargate-task-definitions:1 | filebeat | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-api-fargate-task-definitions:1 | filebeat-integration | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-bo-task-definitions:1 | terragon-bo | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-bo:4d9762d-38-develop | No logs | None | - |
| vegastars-prod-bo-task-definitions:1 | filebeat | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-bo-task-definitions:1 | filebeat-integration | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-callback-fargate-task-definitions:1 | terragon-callback | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-callback:4d9762d-38-develop | No logs | None | - |
| vegastars-prod-callback-fargate-task-definitions:1 | filebeat | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-callback-fargate-task-definitions:1 | filebeat-integration | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-cdn-cms-task-definitions:1 | nginx-s3-gateway | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-nginx-base:s3-gateway-1.0 | No logs | None | - |
| vegastars-prod-cms-task-definitions:1 | nginx-cms | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/nginx-base:cms-3.0 | No logs | None | - |
| vegastars-prod-cms-task-definitions:1 | terragon-cms | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-cms:b0e8eb4-1-devops-test-deploy-dev-env | No logs | None | - |
| vegastars-prod-cronjob-task-definitions:1 | queue-worker | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-queue-worker:4d9762d-38-develop | No logs | None | - |
| vegastars-prod-cronjob-task-definitions:1 | filebeat | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-cronjob-task-definitions:1 | filebeat-integration | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-fe-task-definitions:1 | nginx-fe | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/nginx-base:fe-3.0 | No logs | None | - |
| vegastars-prod-fe-task-definitions:1 | app | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-fe:8c8ff7b-14-develop | No logs | None | - |
| vegastars-prod-game-proxy-fargate-task-definitions:1 | nginx | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-api:4d9762d-38-develop | No logs | None | - |
| vegastars-prod-game-proxy-v2-fargate-task-definitions:8 | nginx | 322270499025.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-nginx-base:3.0-game-proxy-v2 | No logs | None | - |
| vegastars-prod-game-proxy-v2-fargate-task-definitions:8 | proxy | 322270499025.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-game-proxy:f2e5c87-47-main | No logs | NODE_ENV | - |
| vegastars-prod-game-proxy-v2-fargate-task-definitions:8 | epoxy-server | 322270499025.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-docker-base:epoxy-server-2.0.0 | No logs | None | - |
| vegastars-prod-queue-worker-task-definitions:1 | queue-worker | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-queue-worker:4d9762d-38-develop | No logs | None | - |
| vegastars-prod-queue-worker-task-definitions:1 | filebeat | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0 | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-queue-worker-task-definitions:1 | filebeat-integration | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/filebeat:3.0-integration | No logs | GRAYLOG_HOSTGRAYLOG_LISTEN_PORT | - |
| vegastars-prod-websocket-task-definitions:1 | nginx-websocket | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-nginx-base:3.0 | No logs | None | - |
| vegastars-prod-websocket-task-definitions:1 | app | 268793312478.dkr.ecr.ap-east-1.amazonaws.com/vegastars-prod-soketi:1.0-16-debian | json-file | None | - |
Lambda Functions
| Function Name | Runtime | Memory | Timeout | VPC | Last Modified | Tags |
|---|---|---|---|---|---|---|
| vegastars-prod-change-proxy-ip | python3.13 | 128 MB | 30s | No VPC | 2026-01-15 | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| sendBonusEligibility-vegastars | python3.10 | 512 MB | 30s | No VPC | 2026-01-06 | Brand=vegastarsEnvironment=prodManagedBy=TerraformProject=BonusBot |
| getBonusEligibilityResults-vegastars | python3.10 | 256 MB | 10s | No VPC | 2026-01-14 | Brand=vegastarsEnvironment=prodManagedBy=TerraformProject=BonusBot |
Secrets Manager
Total Secrets: 3
Without Rotation: 3
| Secret Name | Description | KMS Key | Rotation | Last Rotated | Last Accessed | Tags |
|---|---|---|---|---|---|---|
| vegastars-prod-rds-admin-password | - | secretsmanager |
Disabled | - | 2026-01-15 | map-migrated=migS0EK6JMBZCEnvironment=prodCustomer=vegastars |
| vegastars-prod-redshift-admin-password | - | secretsmanager |
Disabled | - | 2026-01-15 | map-migrated=migS0EK6JMBZCEnvironment=prodCustomer=vegastars |
| vegastars-prod-other-credentials | - | secretsmanager |
Disabled | - | 2026-01-15 | map-migrated=migS0EK6JMBZCEnvironment=prodCustomer=vegastars |
CloudWatch Log Groups
Total Log Groups: 7
Without Retention Policy: 0
| Log Group Name | Retention (Days) | Stored Size |
|---|---|---|
/aws/lambda/getBonusEligibilityResults-vegastars |
30 | 998 B |
/aws/lambda/sendBonusEligibility-vegastars |
30 | 11.61 KB |
/aws/lambda/vegastars-prod-change-proxy-ip |
30 | 0 B |
/ecs/vegastars-prod-api |
365 | 0 B |
/ecs/vegastars-prod-callback |
365 | 0 B |
/ecs/vegastars-prod-game-proxy |
365 | 0 B |
/ecs/vegastars-prod-game-proxy-v2 |
365 | 0 B |
Application & Network Load Balancers
| Name | Type | Scheme | State | DNS Name | VPC | AZs | Listeners | Target Groups | Tags |
|---|---|---|---|---|---|---|---|---|---|
| vegastars-prod-other-ecs-alb | APPLICATION | internet-facing | active | vegastars-prod-other-ecs-alb-5720441.ap-east-1.elb.amazonaws.com | vpc-08590366dbe85ff5d | 2 | HTTP:80, HTTPS:443 | 12 | map-migrated=migS0EK6JMBZCCustomer=vegastarsEnvironment=prod |
| vegastars-prod-api-cb-ecs-alb | APPLICATION | internet-facing | active | vegastars-prod-api-cb-ecs-alb-1976670989.ap-east-1.elb.amazonaws.com | vpc-08590366dbe85ff5d | 2 | HTTP:80, HTTPS:443 | 2 | map-migrated=migS0EK6JMBZCCustomer=vegastarsEnvironment=prod |
| vegastars-prod-ecs-internal-alb | APPLICATION | internal | active | internal-vegastars-prod-ecs-internal-alb-443277662.ap-east-1.elb.amazonaws.com | vpc-08590366dbe85ff5d | 2 | HTTPS:443, HTTP:80 | 2 | map-migrated=migS0EK6JMBZCCustomer=vegastarsEnvironment=prod |
Target Groups
| Load Balancer | Target Group Name | Protocol | Port | Target Type | Health Check |
|---|---|---|---|---|---|
| vegastars-prod-other-ecs-alb | vegastars-prod-bo-tg-443 | HTTPS | 440 | instance | HTTPS:/player/api/v1/ping |
| vegastars-prod-other-ecs-alb | vegastars-prod-cdn-cms-tg-449 | HTTPS | 449 | instance | HTTPS:/health |
| vegastars-prod-other-ecs-alb | vegastars-prod-cms-tg-444 | HTTPS | 444 | instance | HTTPS:/ |
| vegastars-prod-other-ecs-alb | vegastars-prod-elk-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| vegastars-prod-other-ecs-alb | vegastars-prod-fe-tg-443 | HTTPS | 443 | instance | HTTPS:/robots.txt |
| vegastars-prod-other-ecs-alb | vegastars-prod-game-prxy-tg-443 | HTTPS | 443 | ip | HTTPS:/health |
| vegastars-prod-other-ecs-alb | vegastars-prod-gpx-v2-tg-443 | HTTPS | 443 | ip | HTTPS:/healthz |
| vegastars-prod-other-ecs-alb | vegastars-prod-graylog-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| vegastars-prod-other-ecs-alb | vegastars-prod-intglog-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| vegastars-prod-other-ecs-alb | vegastars-prod-metbase-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| vegastars-prod-other-ecs-alb | vegastars-prod-mon-tg-443 | HTTPS | 443 | instance | HTTPS:/ |
| vegastars-prod-other-ecs-alb | vegastars-prod-ws-tg-6002 | HTTPS | 6002 | instance | HTTPS:/ |
| vegastars-prod-api-cb-ecs-alb | vegastars-prod-api-fg-tg-441 | HTTPS | 441 | ip | HTTPS:/robots.txt |
| vegastars-prod-api-cb-ecs-alb | vegastars-prod-callbck-fg-tg-443 | HTTPS | 443 | ip | HTTPS:/player/api/v1/ping |
| vegastars-prod-ecs-internal-alb | vegastars-prod-cms-internal-444 | HTTPS | 444 | instance | HTTPS:/ |
| vegastars-prod-ecs-internal-alb | vegastars-prod-ws-int-tg-6002 | HTTPS | 6002 | instance | HTTPS:/ |
Security Groups (In Use)
| Name | Group ID | VPC | Used By | Inbound Ports | Outbound Ports | Open to Internet | Tags |
|---|---|---|---|---|---|---|---|
| vegastars-prod-allow-local | sg-06aafec9b3db15121 |
vpc-08590366dbe85ff5d | APPLICATION(1), ECS(4) | All, tcp:0-65535 | All | No | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| vegastars-prod-allow-ssh | sg-0e9dbfc43334e6a03 |
vpc-08590366dbe85ff5d | EC2(1) | tcp:22 | All | No | Environment=prodCustomer=vegastarsmap-migrated=migS0EK6JMBZC |
| vegastars-prod-fireblocks_cosigner | sg-01bf1bc8067852a08 |
vpc-08590366dbe85ff5d | EC2(1) | None | All | No | Customer=vegastarsEnvironment=prodmap-migrated=migS0EK6JMBZC |
| vegastars-prod-allow-http-https | sg-0bd88381402394023 |
vpc-08590366dbe85ff5d | APPLICATION(2) | tcp:443, tcp:80 | All | Yes | Customer=vegastarsmap-migrated=migS0EK6JMBZCEnvironment=prod |
Security Group Rules Detail
| Security Group | Direction | Protocol | Port Range | Source/Destination |
|---|---|---|---|---|
vegastars-prod-allow-local sg-06aafec9b3db15121 |
Inbound | tcp | 0-65535 | sg: sg-06aafec9b3db15121 |
vegastars-prod-allow-local sg-06aafec9b3db15121 |
Inbound | All | All | 10.0.3.0/24, 10.0.4.0/24, 10.0.2.0/24, 10.0.1.0/24 |
vegastars-prod-allow-ssh sg-0e9dbfc43334e6a03 |
Inbound | tcp | 22 | 52.199.108.91/32, 115.78.100.17/32, 119.93.179.143/32, 14.161.16.211/32, 18.185.233.97/32, 115.79.29.29/32, 92.251.112.229/32, 93.36.220.74/32, 43.218.68.91/32, 3.108.12.97/32, 38.54.33.217/32, 118.69.133.85/32 |
vegastars-prod-allow-http-https sg-0bd88381402394023 |
Inbound | tcp | 80 | 0.0.0.0/0 |
vegastars-prod-allow-http-https sg-0bd88381402394023 |
Inbound | tcp | 443 | 0.0.0.0/0 |
vegastars-prod-allow-local sg-06aafec9b3db15121 |
Outbound | All | All | 0.0.0.0/0 |
vegastars-prod-allow-ssh sg-0e9dbfc43334e6a03 |
Outbound | All | All | 0.0.0.0/0 |
vegastars-prod-fireblocks_cosigner sg-01bf1bc8067852a08 |
Outbound | All | All | 0.0.0.0/0 |
vegastars-prod-allow-http-https sg-0bd88381402394023 |
Outbound | All | All | 0.0.0.0/0 |
Compliance Findings
Network & Security (Section 5.2)
1
Open Security Groups (0.0.0.0/0)
1
EC2 Without IMDSv2
Yes
CloudTrail Enabled
Data Protection (Section 5.4)
2
Unencrypted EBS Volumes
0
Unencrypted RDS
0
SQS Without Encryption
Logging & Monitoring (Section 5.3)
0
Log Groups (No Retention)
RDS Standards (Section 7)
0
Public RDS Instances
0
RDS Without Multi-AZ
0
RDS Without Backups
Lambda Standards (Section 7)
0
Lambda Default Timeout (3s)
3
Lambda Without DLQ
SQS Standards (Section 7)
0
SQS Without DLQ
ECS Standards (Section 7)
21
Plaintext Env Vars
0
Privileged Containers