search
Sign In

Security Recommendations

hashtag
Inactive IAM users

Users who have been inactive for more than 90 days are considered obsolete and subject to deletion. This is due to the security risks they pose for the organization, as they can be compromised and become access points for malicious users.

The number of days is a custom parameter. Use Settings to change it. You can also download a list of inactive users as JSON or XLSX by selecting the download icon .

Inactive IAM users

hashtag
Instances with insecure Security Groups settings

Security check that browses through the resources to find network vulnerabilities and provides a list of instances liable to RDP/SSH hacking. The following are the insecure ports and permissions:

  • port tcp/22

  • port tcp/3389

  • all inbound traffic

with one of:

  • CidrIp: 0.0.0.0/0

  • CidrIpv6: ::/0

AWS

  • Describe regions: ec2.describe_regions()

  • Describe instances: ec2.describe_instances()

  • Describe security groups: ec2.describe_security_groups()

Azure

  • Describe instances: compute.virtual_machines.list_all()

  • Describe security groups: network.network_security_groups.list_all()

circle-info

Network interfaces without associated security groups are skipped.

You can download the list of insecure Security Groups as JSON for subsequent automated processing.

hashtag
IAM users with unused console access

The active IAM users that have console access turned on, but have not used it for more than 90 days are in the list. Consider revoking console access to increase security.

Note that the number of days is a custom parameter. Use Settings to change it.

hashtag
Public S3 buckets

The S3 buckets in the list are public. Ensure that the buckets use the correct policies and are not publicly accessible unless explicitly required.

PreviousSavings Optimization RecommendationsNextView Recommendations

Last updated

Was this helpful?