CLOUDCUSTODIAN
|
Count databases that are publicly accessible, without replication, without high availability configuration, with high CPU usage, high memory usage, high cache miss rate, and low availability in Azure
Tasks:
Tasks:
- Score Database Availability in resource group `${AZURE_RESOURCE_GROUP}`
- Count Publicly Accessible Databases in resource group `${AZURE_RESOURCE_GROUP}`
- Count Databases Without Replication in resource group `${AZURE_RESOURCE_GROUP}`
- Count Databases Without High Availability in resource group `${AZURE_RESOURCE_GROUP}`
- Count Databases With High CPU Usage in resource group `${AZURE_RESOURCE_GROUP}`
- Count Databases With High Memory Usage in resource group `${AZURE_RESOURCE_GROUP}`
- Count Redis Caches With High Cache Miss Rate in resource group `${AZURE_RESOURCE_GROUP}`
- Count Databases With Health Issues in resource group `${AZURE_RESOURCE_GROUP}`
- Generate Health Score
List databases that are publicly accessible, without replication, without high availability configuration, with high CPU usage, high memory usage, high cache miss rate, and low availability in Azure
Tasks:
Tasks:
- List Database Availability in resource group `AZURE_RESOURCE_GROUP`
- List Publicly Accessible Databases in resource group `AZURE_RESOURCE_GROUP`
- List Databases Without Replication in resource group `AZURE_RESOURCE_GROUP`
- List Databases Without High Availability in resource group `AZURE_RESOURCE_GROUP`
- List Databases With High CPU Usage in resource group `AZURE_RESOURCE_GROUP`
- List All Databases With High Memory Usage in resource group `AZURE_RESOURCE_GROUP`
- List Redis Caches With High Cache Miss Rate in resource group `AZURE_RESOURCE_GROUP`
- List Database Resource Health in resource group `AZURE_RESOURCE_GROUP`
Count Virtual machines that are publicly accessible, have high CPU usage, underutilized memory, stopped state, unused network interfaces, and unused public IPs in Azure
Tasks:
Tasks:
- Check Azure VM Health in resource group `${AZURE_RESOURCE_GROUP}`
- Check for VMs With Public IP in resource group `${AZURE_RESOURCE_GROUP}`
- Check for VMs With High CPU Usage in resource group `${AZURE_RESOURCE_GROUP}`
- Check for Stopped VMs in resource group `${AZURE_RESOURCE_GROUP}`
- Check for Underutilized VMs Based on CPU Usage in resource group `${AZURE_RESOURCE_GROUP}`
- Check for VMs With High Memory Usage in resource group `${AZURE_RESOURCE_GROUP}`
- Check for Underutilized VMs Based on Memory Usage in resource group `${AZURE_RESOURCE_GROUP}`
- Check for Unused Network Interfaces in resource group `${AZURE_RESOURCE_GROUP}`
- Check for Unused Public IPs in resource group `${AZURE_RESOURCE_GROUP}`
- Generate Health Score
List Virtual machines that are publicly accessible, have high CPU usage, underutilized memory, stopped state, unused network interfaces, and unused public IPs in Azure
Tasks:
Tasks:
- Check Azure VM Health in resource group `AZURE_RESOURCE_GROUP`
- List VMs With Public IP in resource group `AZURE_RESOURCE_GROUP`
- List for Stopped VMs in resource group `AZURE_RESOURCE_GROUP`
- List VMs With High CPU Usage in resource group `AZURE_RESOURCE_GROUP`
- List Underutilized VMs Based on CPU Usage in resource group `AZURE_RESOURCE_GROUP`
- List VMs With High Memory Usage in resource group `AZURE_RESOURCE_GROUP`
- List Underutilized VMs Based on Memory Usage in resource group `AZURE_RESOURCE_GROUP`
- List Unused Network Interfaces in resource group `AZURE_RESOURCE_GROUP`
- List Unused Public IPs in resource group `AZURE_RESOURCE_GROUP`
Count publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled
Tasks:
Tasks:
- Check for publicly accessible security groups in AWS account `${AWS_ACCOUNT_ID}`
- Check for unused Elastic IPs in AWS account `${AWS_ACCOUNT_ID}`
- Check for unused ELBs in AWS account `${AWS_ACCOUNT_ID}`
- Check for VPCs with Flow Logs disabled in AWS account `${AWS_ACCOUNT_ID}`
- Generate Health Score
List publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled
Tasks:
Tasks:
- List Publicly Accessible Security Groups in AWS account `AWS_ACCOUNT_ID`
- List unused Elastic IPs in AWS account `AWS_ACCOUNT_ID`
- List unused ELBs in AWS account `AWS_ACCOUNT_ID`
- List VPCs with Flow Logs Disabled in AWS account `AWS_ACCOUNT_ID`
Counts the number of EBS resources by identifying unattached volumes, unused and aged snapshots, and unencrypted volumes.
Tasks:
Tasks:
- Check Unattached EBS Volumes in `${AWS_REGION}`
- Check Unencrypted EBS Volumes in `${AWS_REGION}`
- Check Unused EBS Snapshots in `${AWS_REGION}`
- Generate EBS Score
Check for AWS EBS resources by identifying unattached volumes, unused snapshots, and unencrypted volumes.
Tasks:
Tasks:
- List Unattached EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List Unencrypted EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List Unused EBS Snapshots in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
Counts the number of S3 buckets in an Account that are insecure or unhealthy.
Tasks:
Tasks:
- Count S3 Buckets With Public Access in AWS Account `${AWS_ACCOUNT_NAME}`
Generates a report on S3 buckets in an Account that are insecure or unhealthy.
Tasks:
Tasks:
- List S3 Buckets With Public Access in AWS Account `AWS_ACCOUNT_NAME`
Count the number of EC2 instances that are stale or stopped
Tasks:
Tasks:
- Check for stale AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for stopped AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for invalid AWS Auto Scaling Groups in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Generate Health Score
Check for EC2 instances that are stale or stopped
Tasks:
Tasks:
- List stale AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List stopped AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List invalid AWS Auto Scaling Groups in AWS Region AWS_REGION in AWS account AWS_ACCOUNT_ID
Check AWS Monitoring Configuration Health
Tasks:
Tasks:
- Check CloudWatch Log Groups Without Retention Period in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check if CloudTrail exists and is configured for multi-region in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
- Check CloudTrail Without CloudWatch Logs in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
- Generate Health Score
Check AWS Monitoring Configuration Health
Tasks:
Tasks:
- List CloudWatch Log Groups Without Retention Period in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- Check CloudTrail Configuration in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- Check for CloudTrail integration with CloudWatch Logs in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
Count AWS ACM certificates that are unused, Expiring, or expired and failed status.
Tasks:
Tasks:
- Check for unused ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for Expiring ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for expired ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for Failed Status ACM Certificates in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
- Check for Pending Validation ACM Certificates in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
- Generate Health Score
List AWS ACM certificates that are unused, Expiring, or expired and failed status.
Tasks:
Tasks:
- List Unused ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List Expiring ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List Expired ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List Failed Status ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List Pending Validation ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
Check AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.
Tasks:
Tasks:
- Check for unencrypted RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for publicly accessible RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for disabled backup RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Generate Health Score
List AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.
Tasks:
Tasks:
- List Unencrypted RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List Publicly Accessible RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List RDS Instances with Backups Disabled in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`