CyberStrike

Ensure Managed Platform updates is configured

Ensure Persistent logs is setup and configured to S3

Ensure access logs are enabled

Ensure that HTTPS is enabled on load balancer

Ensure customer-managed keys are used to encrypt AWS Fargate ephemeral storage data for Amazon ECS

Ensure AWS Config is Enabled for Lambda and Serverless

Ensure Lambda functions do not allow unknown cross account access via permission policies

Ensure that the runtime environment versions used for your Lambda functions do not have end of support dates

Ensure encryption in transit is enabled for Lambda environment variables

Ensure Cloudwatch Lambda insights is enabled

Ensure AWS Secrets manager is configured and being used by Lambda for databases

Ensure least privilege is used with Lambda function access

Ensure every Lambda function has its own IAM Role

Ensure Lambda functions are not exposed to everyone

Ensure Lambda functions are referencing active execution roles

Ensure that Code Signing is enabled for Lambda functions

Ensure there are no Lambda functions with admin privileges within your AWS account

Ensure communications between your applications and clients is encrypted

Ensure Consistent Naming Convention is used for Organizational AMI

Ensure Amazon Machine Images (AMIs) are encrypted

Ensure Only Approved Amazon Machine Images (AMIs) are Used

Ensure Images (AMI) are not older than 90 days

Ensure Images are not Publicly Available

Ensure unused ENIs are removed