### AWS service:

- Auto Scaling

  **Managed rules:** 

    AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED

    AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

- Amazon API Gateway

  **Managed rules:** 

    API_GW_CACHE_ENABLED_AND_ENCRYPTED

    API_GW_SSL_ENABLED

    API_GW_EXECUTION_LOGGING_ENABLED

    API_GW_ASSOCIATED_WITH_WAF

- Amazon CloudWatch

  **Managed rules:** 

    CLOUDWATCH_ALARM_ACTION_CHECK

    CLOUDWATCH_LOG_GROUP_ENCRYPTED

- Amazon DynamoDB

  **Managed rules:** 

    DYNAMODB_PITR_ENABLED

    DYNAMODB_IN_BACKUP_PLAN

    DYNAMODB_THROUGHPUT_LIMIT_CHECK

    DMS_REPLICATION_NOT_PUBLIC

- Amazon EC2

  **Managed rules:** 

    INSTANCES_IN_VPC

    EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC

    EC2_INSTANCE_PROFILE_ATTACHED

    EC2_INSTANCE_NO_PUBLIC_IP

    EC2_IMDSV2_CHECK

    EC2_EBS_ENCRYPTION_BY_DEFAULT

    EBS_IN_BACKUP_PLAN

    EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

    ENCRYPTED_VOLUMES

- Amazon ECS

  **Managed rules:** 

    ECS_CONTAINERS_READONLY_ACCESS

    ECS_CONTAINERS_NONPRIVILEGED

    ECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECK

- Amazon EFS

  **Managed rules:** 

    EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY

    EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY

    EFS_IN_BACKUP_PLAN

    EFS_ENCRYPTED_CHECK

- Amazon ElastiCache

  **Managed rules:** 

    ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK

- Amazon EMR

  **Managed rules:** 

    EMR_KERBEROS_ENABLED

    EMR_MASTER_NO_PUBLIC_IP

- Amazon GuardDuty

  **Managed rules:** 

    GUARDDUTY_ENABLED_CENTRALIZED

- Amazon OpenSearch Service

  **Managed rules:** 

    OPENSEARCH_ACCESS_CONTROL_ENABLED

    ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK

    ELASTICSEARCH_LOGS_TO_CLOUDWATCH

    ELASTICSEARCH_IN_VPC_ONLY

    ELASTICSEARCH_ENCRYPTED_AT_REST

- Amazon RDS

  **Managed rules:** 

    RDS_MULTI_AZ_SUPPORT

    RDS_LOGGING_ENABLED

    RDS_STORAGE_ENCRYPTED

    RDS_SNAPSHOTS_PUBLIC_PROHIBITED

    RDS_INSTANCE_PUBLIC_ACCESS_CHECK

    RDS_INSTANCE_DELETION_PROTECTION_ENABLED

    RDS_IN_BACKUP_PLAN

    RDS_ENHANCED_MONITORING_ENABLED

    RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED

    DB_INSTANCE_BACKUP_ENABLED

- Amazon Redshift

  **Managed rules:** 

    REDSHIFT_REQUIRE_TLS_SSL

    REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED

    REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

    REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK

    REDSHIFT_CLUSTER_KMS_ENABLED

    REDSHIFT_CLUSTER_CONFIGURATION_CHECK

    REDSHIFT_BACKUP_ENABLED

- Amazon S3

  **Managed rules:** 

    S3_BUCKET_ACL_PROHIBITED

    S3_BUCKET_VERSIONING_ENABLED

    S3_BUCKET_SSL_REQUESTS_ONLY

    S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED

    S3_BUCKET_REPLICATION_ENABLED

    S3_BUCKET_PUBLIC_WRITE_PROHIBITED

    S3_BUCKET_PUBLIC_READ_PROHIBITED

    S3_BUCKET_LOGGING_ENABLED

    S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED

    S3_BUCKET_DEFAULT_LOCK_ENABLED

    S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

- Amazon SageMaker

  **Managed rules:** 

    SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

    SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED

    SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED

- Amazon SNS

  **Managed rules:** 

    SNS_ENCRYPTED_KMS

- Amazon VPC

  **Managed rules:**

    VPC_FLOW_LOGS_ENABLED

    VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS

    VPC_DEFAULT_SECURITY_GROUP_CLOSED

    SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

    INCOMING_SSH_DISABLED

    INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY

    NO_UNRESTRICTED_ROUTE_TO_IGW

    RESTRICTED_INCOMING_TRAFFIC

- AWS Certificate Manager

  **Managed rules:** 

    ACM_CERTIFICATE_EXPIRATION_CHECK

- AWS CloudTrail

  **Managed rules:** 

    CLOUD_TRAIL_ENCRYPTION_ENABLED

    CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED

    CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED

    CLOUD_TRAIL_ENABLED

    MULTI_REGION_CLOUD_TRAIL_ENABLED

    CLOUDTRAIL_SECURITY_TRAIL_ENABLED

    CLOUDTRAIL_S3_DATAEVENTS_ENABLED

- AWS Codebuild

  **Managed rules:** 

    CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK

    CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK

- AWS Elastic Beanstalk

  **Managed rules:** 

    BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED

    ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED

- AWS Identity and Access Management (IAM)

  **Managed rules:** 

    IAM_USER_GROUP_MEMBERSHIP_CHECK

    IAM_ROOT_ACCESS_KEY_CHECK

    IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS

    IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS

    IAM_PASSWORD_POLICY

    IAM_USER_UNUSED_CREDENTIALS_CHECK

    IAM_USER_MFA_ENABLED

    MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

    ROOT_ACCOUNT_MFA_ENABLED

    ROOT_ACCOUNT_HARDWARE_MFA_ENABLED

    ACCESS_KEYS_ROTATED

- AWS Key Management Service (AWS KMS)

  **Managed rules:** 

    CMK_BACKING_KEY_ROTATION_ENABLED

- AWS Lambda

  **Managed rules:** 

    LAMBDA_CONCURRENCY_CHECK

    LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

- AWS Secrets Manager

  **Managed rules:** 

    SECRETSMANAGER_SECRET_UNUSED

- AWS Systems Manager

  **Managed rules:**

    SSM_DOCUMENT_NOT_PUBLIC

    EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK

    EC2_INSTANCE_MANAGED_BY_SSM

- AWS WAF

  **Managed rules:** 

    WAFV2_LOGGING_ENABLED

- Elastic Load Balancing

  **Managed rules:** 

    ALB_WAF_ENABLED

    ALB_HTTP_DROP_INVALID_HEADER_ENABLED

    ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK

    ELB_TLS_HTTPS_LISTENERS_ONLY

    ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK

    ELB_LOGGING_ENABLED

    ELB_DELETION_PROTECTION_ENABLED

    ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED

    ELB_ACM_CERTIFICATE_REQUIRED

    ELBV2_ACM_CERTIFICATE_REQUIRED