Hello,
Some of you are moving away from pure CloudFormation / Terraform files, and rely on the AWS Cloud Development Kit (AWS CDK) to define cloud application resources using programming languages.
If you are using Python + CDK, we are happy to announce our second set of rules focusing on Encryption at Rest and at Transit (the first one was about S3 buckets).
Here is the list of rules:
- S6319: Using unencrypted SageMaker notebook instances is security-sensitive
- S4423: Weak SSL/TLS protocols should not be used
- S6332: Using unencrypted EFS file systems is security-sensitive
- S6303: Using unencrypted RDS databases is security-sensitive
- S6308: Using unencrypted OpenSearch domains is security-sensitive
- S6327: Using unencrypted SNS topics is security-sensitive
- S6330: Using unencrypted SQS queues is security-sensitive
- S6275: Using unencrypted EBS volumes is security-sensitive
Next Step?
We are working to cover the same domains already covered by our CloudFormation and Terraform support: Public Access, Network, Firewall, Permission, and Access Control.
Alex