rule,nistid acm-certificate-with-close-expiration-date,SC-12 acm-certificate-with-transparency-logging-disabled,SC-12 cloudformation-stack-with-role,AC-6 cloudtrail-duplicated-global-services-logging,AU-6 cloudtrail-no-cloudwatch-integration,AU-12|SI-4(2) cloudtrail-no-data-logging,AU-12 cloudtrail-no-encryption-with-kms,AU-6 cloudtrail-no-global-services-logging,AU-12 cloudtrail-no-log-file-validation,AU-6 cloudtrail-no-logging,AU-12 cloudtrail-not-configured,AU-12 cloudwatch-alarm-without-actions,AU-12 config-recorder-not-configured,CM-8|CM-8(2)|CM-8(6) ec2-ami-public,AC-3 ec2-default-security-group-in-use,AC-3(3) ec2-default-security-group-with-rules,AC-3(3) ec2-ebs-snapshot-not-encrypted,SC-28 ec2-ebs-snapshot-public,AC-3 ec2-ebs-volume-not-encrypted,SC-28 ec2-instance-in-security-group,CM-7(1) ec2-instance-type,CM-2 ec2-instance-types,CM-2 ec2-instance-with-public-ip,AC-3 ec2-instance-with-user-data-secrets,AC-3 ec2-security-group-opens-all-ports,CM-7(1) ec2-security-group-opens-all-ports-to-all,CM-7(1) ec2-security-group-opens-all-ports-to-self,CM-7(1) ec2-security-group-opens-icmp-to-all,CM-7(1) ec2-security-group-opens-known-port-to-all,CM-7(1) ec2-security-group-opens-plaintext-port,CM-7(1) ec2-security-group-opens-port-range,CM-7(1) ec2-security-group-opens-port-to-all,CM-7(1) ec2-security-group-whitelists-aws,CM-7(1) ec2-security-group-whitelists-aws-ip-from-banned-region,CM-7(1) ec2-security-group-whitelists-non-elastic-ips,CM-7(1) ec2-security-group-whitelists-unknown-aws,CM-7(1) ec2-security-group-whitelists-unknown-cidrs,CM-7(1) ec2-unused-security-group,CM-7(1) elb-listener-allowing-cleartext,SC-8 elb-no-access-logs,AU-12 elb-older-ssl-policy,SC-8 elbv2-http-request-smuggling,SC-8 elbv2-listener-allowing-cleartext,SC-8 elbv2-no-access-logs,AU-12 elbv2-no-deletion-protection,SI-7 elbv2-older-ssl-policy,SC-8 iam-assume-role-lacks-external-id-and-mfa,AC-17 iam-assume-role-no-mfa,AC-6 iam-assume-role-policy-allows-all,AC-6 iam-ec2-role-without-instances,AC-6 iam-group-with-inline-policies,AC-6 iam-group-with-no-users,AC-6 iam-human-user-with-policies,AC-6 iam-inline-policy-allows-non-sts-action,AC-6 iam-inline-policy-allows-NotActions,AC-6 iam-inline-policy-for-role,AC-6 iam-managed-policy-allows-full-privileges,AC-6 iam-managed-policy-allows-non-sts-action,AC-6 iam-managed-policy-allows-NotActions,AC-6 iam-managed-policy-for-role,AC-6 iam-managed-policy-no-attachments,AC-6 iam-no-support-role,IR-7 iam-password-policy-expiration-threshold,AC-2 iam-password-policy-minimum-length,AC-2 iam-password-policy-no-expiration,AC-2 iam-password-policy-no-lowercase-required,AC-2 iam-password-policy-no-number-required,AC-2 iam-password-policy-no-symbol-required,AC-2 iam-password-policy-no-uppercase-required,AC-2 iam-password-policy-reuse-enabled,IA-5(1) iam-role-with-inline-policies,AC-6 iam-root-account-no-hardware-mfa,IA-2(1) iam-root-account-no-mfa,IA-2(1) iam-root-account-used-recently,AC-6(9) iam-root-account-with-active-certs,AC-6(9) iam-root-account-with-active-keys,AC-6(9) iam-service-user-with-password,AC-2 iam-unused-credentials-not-disabled,AC-2 iam-user-no-key-rotation,AC-2 iam-user-not-in-category-group,AC-2 iam-user-not-in-common-group,AC-2 iam-user-unused-access-key-initial-setup,AC-2 iam-user-with-multiple-access-keys,IA-2 iam-user-without-mfa,IA-2(1) iam-user-with-password-and-key,IA-2 iam-user-with-policies,AC-2 kms-cmk-rotation-disabled,SC-12 logs-no-alarm-aws-configuration-changes,CM-8|CM-8(2)|CM-8(6) logs-no-alarm-cloudtrail-configuration-changes,AU-6 logs-no-alarm-cmk-deletion,AC-2 logs-no-alarm-console-authentication-failures,AC-2 logs-no-alarm-iam-policy-changes,AC-2 logs-no-alarm-nacl-changes,CM-6(2) logs-no-alarm-network-gateways-changes,AU-12|CM-6(2) logs-no-alarm-root-usage,AU-2 logs-no-alarm-route-table-changes,AU-12|CM-6(2) logs-no-alarm-s3-policy-changes,AC-6|AU-12 logs-no-alarm-security-group-changes,AC-2(4) logs-no-alarm-signin-without-mfa,AC-2 logs-no-alarm-unauthorized-api-calls,AU-6|SI-4(2) logs-no-alarm-vpc-changes,CM-6(1) rds-instance-backup-disabled,CP-9 rds-instance-ca-certificate-deprecated,SC-12 rds-instance-no-minor-upgrade,SI-2 rds-instance-short-backup-retention-period,CP-9 rds-instance-single-az,CP-7 rds-instance-storage-not-encrypted,SC-28 rds-postgres-instance-with-invalid-certificate,SC-12 rds-security-group-allows-all,CM-7(1) rds-snapshot-public,SC-28 redshift-cluster-database-not-encrypted,SC-28 redshift-cluster-no-version-upgrade,SI-2 redshift-cluster-publicly-accessible,AC-3 redshift-parameter-group-logging-disabled,AU-12 redshift-parameter-group-ssl-not-required,SC-8 redshift-security-group-whitelists-all,CM-7(1) route53-domain-no-autorenew,SC-2 route53-domain-no-transferlock,SC-2 route53-domain-transferlock-not-authorized,SC-2 s3-bucket-allowing-cleartext,SC-28 s3-bucket-no-default-encryption,SC-28 s3-bucket-no-logging,AU-2|AU-12 s3-bucket-no-mfa-delete,SI-7 s3-bucket-no-versioning,SI-7 s3-bucket-world-acl,AC-3(3) s3-bucket-world-policy-arg,AC-3(3) s3-bucket-world-policy-star,AC-3(3) ses-identity-dkim-not-enabled,SC-23 ses-identity-dkim-not-verified,SC-23 ses-identity-world-policy,AC-6 sns-topic-world-policy,AC-6 sqs-queue-world-policy,AC-6 vpc-custom-network-acls-allow-all,SC-7 vpc-default-network-acls-allow-all,SC-7 vpc-network-acl-not-used,SC-7 vpc-routing-tables-with-peering,AC-3(3) vpc-subnet-with-bad-acls,SC-7 vpc-subnet-with-default-acls,SC-7 vpc-subnet-without-flow-log,AU-12