Mod: aws
The aws mod consists of 16 resource types, 171 policies and 40 controls.
Recommended Version
Resource Types
- AWS
- AWS > Account
- AWS > Account > Budget
- AWS > Organization
- AWS > Organization Root
- AWS > Organizational Unit
- AWS > Organizations
- AWS > Organizations > AI Services Opt-Out Policy
- AWS > Organizations > Backup Policy
- AWS > Organizations > Chatbot Policy
- AWS > Organizations > Declarative Policy EC2
- AWS > Organizations > Resource Control Policy
- AWS > Organizations > Service Control Policy
- AWS > Organizations > Tag Policy
- AWS > Permission Map
- AWS > Region
Controls
- AWS > Account > Budget > Budget
- AWS > Account > CMDB
- AWS > Account > Discovery
- AWS > Account > Intelligent Assessment
- AWS > Account > Stack
- AWS > Account > Stack [Native]
- AWS > Organization > CMDB
- AWS > Organization > Intelligent Assessment
- AWS > Organization Root > CMDB
- AWS > Organization Root > Discovery
- AWS > Organization Root > Intelligent Assessment
- AWS > Organizational Unit > CMDB
- AWS > Organizational Unit > Discovery
- AWS > Organizational Unit > Intelligent Assessment
- AWS > Organizations > AI Services Opt-Out Policy > CMDB
- AWS > Organizations > AI Services Opt-Out Policy > Discovery
- AWS > Organizations > Backup Policy > CMDB
- AWS > Organizations > Backup Policy > Discovery
- AWS > Organizations > Chatbot Policy > CMDB
- AWS > Organizations > Chatbot Policy > Discovery
- AWS > Organizations > Declarative Policy EC2 > CMDB
- AWS > Organizations > Declarative Policy EC2 > Discovery
- AWS > Organizations > Resource Control Policy > CMDB
- AWS > Organizations > Resource Control Policy > Discovery
- AWS > Organizations > Service Control Policy > CMDB
- AWS > Organizations > Service Control Policy > Discovery
- AWS > Organizations > Tag Policy > CMDB
- AWS > Organizations > Tag Policy > Discovery
- AWS > Region > Discovery
- AWS > Region > Stack
- AWS > Region > Stack [Native]
- AWS > Turbot
- AWS > Turbot > Audit Trail
- AWS > Turbot > Event Handlers
- AWS > Turbot > Event Handlers [Global]
- AWS > Turbot > Event Poller
- AWS > Turbot > Logging
- AWS > Turbot > Logging > Bucket
- AWS > Turbot > Organization Event Poller
- AWS > Turbot > Service Roles
IAM Roles
Policies
- AWS > Account > Allowed Regions [Default]
- AWS > Account > Approved Regions [Default]
- AWS > Account > Budget > Enabled
- AWS > Account > Budget > State
- AWS > Account > Budget > Target
- AWS > Account > CMDB
- AWS > Account > Connection Region [Default]
- AWS > Account > Intelligent Assessment
- AWS > Account > Intelligent Assessment > Context
- AWS > Account > Intelligent Assessment > User Prompt
- AWS > Account > Partition
- AWS > Account > Regions
- AWS > Account > Stack
- AWS > Account > Stack [Native]
- AWS > Account > Stack [Native] > Drift Detection
- AWS > Account > Stack [Native] > Drift Detection > Interval
- AWS > Account > Stack [Native] > Modifier
- AWS > Account > Stack [Native] > Secret Variables
- AWS > Account > Stack [Native] > Source
- AWS > Account > Stack [Native] > Timeout
- AWS > Account > Stack [Native] > Variables
- AWS > Account > Stack [Native] > Version
- AWS > Account > Stack > Secret Variables
- AWS > Account > Stack > Source
- AWS > Account > Stack > Terraform Version
- AWS > Account > Stack > Variables
- AWS > Account > Tags Template [Default]
- AWS > Account > Trusted Accounts [Default]
- AWS > Account > Trusted Identity Providers [Default]
- AWS > Account > Trusted Organizations [Default]
- AWS > Account > Trusted Services [Default]
- AWS > Account > Turbot IAM Access Key ID
- AWS > Account > Turbot IAM Credential Type
- AWS > Account > Turbot IAM Role
- AWS > Account > Turbot IAM Role > Assume Role Timeout
- AWS > Account > Turbot IAM Role > External ID
- AWS > Account > Turbot IAM Role > External ID [Default]
- AWS > Account > Turbot IAM Role > External ID > Protection
- AWS > Account > Turbot IAM Role > Name [Default]
- AWS > Account > Turbot IAM Secret Access Key
- AWS > Organization > CMDB
- AWS > Organization > CMDB > Exclude [Deprecated]
- AWS > Organization > Discovery Level
- AWS > Organization > Intelligent Assessment
- AWS > Organization > Intelligent Assessment > Context
- AWS > Organization > Intelligent Assessment > User Prompt
- AWS > Organization > Turbot IAM Role
- AWS > Organization > Turbot IAM Role > External ID
- AWS > Organization Root > CMDB
- AWS > Organization Root > Intelligent Assessment
- AWS > Organization Root > Intelligent Assessment > Context
- AWS > Organization Root > Intelligent Assessment > User Prompt
- AWS > Organizational Unit > CMDB
- AWS > Organizational Unit > Intelligent Assessment
- AWS > Organizational Unit > Intelligent Assessment > Context
- AWS > Organizational Unit > Intelligent Assessment > User Prompt
- AWS > Organizations > AI Services Opt-Out Policy > CMDB
- AWS > Organizations > Backup Policy > CMDB
- AWS > Organizations > Chatbot Policy > CMDB
- AWS > Organizations > Declarative Policy EC2 > CMDB
- AWS > Organizations > Resource Control Policy > CMDB
- AWS > Organizations > Service Control Policy > CMDB
- AWS > Organizations > Tag Policy > CMDB
- AWS > Region > Connection Region
- AWS > Region > Discovery
- AWS > Region > Discovery > Connection Region [Deprecated]
- AWS > Region > Logging Bucket [Default]
- AWS > Region > Stack
- AWS > Region > Stack [Native]
- AWS > Region > Stack [Native] > Drift Detection
- AWS > Region > Stack [Native] > Drift Detection > Interval
- AWS > Region > Stack [Native] > Modifier
- AWS > Region > Stack [Native] > Secret Variables
- AWS > Region > Stack [Native] > Source
- AWS > Region > Stack [Native] > Timeout
- AWS > Region > Stack [Native] > Variables
- AWS > Region > Stack [Native] > Version
- AWS > Region > Stack > Secret Variables
- AWS > Region > Stack > Source
- AWS > Region > Stack > Terraform Version
- AWS > Region > Stack > Variables
- AWS > Turbot
- AWS > Turbot > Audit Trail
- AWS > Turbot > Audit Trail > CloudTrail
- AWS > Turbot > Audit Trail > CloudTrail > Trail
- AWS > Turbot > Audit Trail > CloudTrail > Trail > CloudWatch Role
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Enabled
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Event Selectors
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Global Region
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Include Global Service Events
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Log File Validation
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Name
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Name Prefix
- AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket
- AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Key Prefix
- AWS > Turbot > Audit Trail > CloudTrail > Trail > SNS Topic
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Tags
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Type
- AWS > Turbot > Audit Trail > Source
- AWS > Turbot > Audit Trail > Terraform Version
- AWS > Turbot > Event Handlers
- AWS > Turbot > Event Handlers [Global]
- AWS > Turbot > Event Handlers [Global] > Events
- AWS > Turbot > Event Handlers [Global] > Events > Rules
- AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
- AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
- AWS > Turbot > Event Handlers [Global] > Events > Target
- AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
- AWS > Turbot > Event Handlers [Global] > Primary Region
- AWS > Turbot > Event Handlers [Global] > SNS
- AWS > Turbot > Event Handlers [Global] > SNS > Topic
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
- AWS > Turbot > Event Handlers [Global] > Source
- AWS > Turbot > Event Handlers [Global] > Terraform Version
- AWS > Turbot > Event Handlers > Events
- AWS > Turbot > Event Handlers > Events > Rules
- AWS > Turbot > Event Handlers > Events > Rules > Account Filter
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > Billing Console
- AWS > Turbot > Event Handlers > Events > Rules > Event Sources
- AWS > Turbot > Event Handlers > Events > Rules > Name Prefix
- AWS > Turbot > Event Handlers > Events > Rules > Tags
- AWS > Turbot > Event Handlers > SNS
- AWS > Turbot > Event Handlers > SNS > Topic
- AWS > Turbot > Event Handlers > SNS > Topic > Customer Managed Key
- AWS > Turbot > Event Handlers > SNS > Topic > Name Prefix
- AWS > Turbot > Event Handlers > SNS > Topic > Tags
- AWS > Turbot > Event Handlers > Source
- AWS > Turbot > Event Handlers > Terraform Version
- AWS > Turbot > Event Poller
- AWS > Turbot > Event Poller > Excluded Events
- AWS > Turbot > Event Poller > Interval
- AWS > Turbot > Event Poller > Window
- AWS > Turbot > Logging
- AWS > Turbot > Logging > Bucket
- AWS > Turbot > Logging > Bucket > Access Logging
- AWS > Turbot > Logging > Bucket > Access Logging > Bucket
- AWS > Turbot > Logging > Bucket > Access Logging > Bucket > Key Prefix
- AWS > Turbot > Logging > Bucket > Default Encryption [Deprecated]
- AWS > Turbot > Logging > Bucket > Encryption in Transit
- AWS > Turbot > Logging > Bucket > Name
- AWS > Turbot > Logging > Bucket > Name > Prefix
- AWS > Turbot > Logging > Bucket > Regions
- AWS > Turbot > Logging > Bucket > Source
- AWS > Turbot > Logging > Bucket > Tags
- AWS > Turbot > Logging > Bucket > Versioning
- AWS > Turbot > Logging > Terraform Version
- AWS > Turbot > Organization Event Poller
- AWS > Turbot > Organization Event Poller > Interval
- AWS > Turbot > Organization Event Poller > Window
- AWS > Turbot > Service Roles
- AWS > Turbot > Service Roles > Configuration Recording
- AWS > Turbot > Service Roles > Configuration Recording > Name
- AWS > Turbot > Service Roles > Default EC2 Instance
- AWS > Turbot > Service Roles > Default EC2 Instance > Name
- AWS > Turbot > Service Roles > Default EC2 Instance > SSM Permissions
- AWS > Turbot > Service Roles > Event Handlers [Global]
- AWS > Turbot > Service Roles > Event Handlers [Global] > Name
- AWS > Turbot > Service Roles > Flow Logging
- AWS > Turbot > Service Roles > Flow Logging > Name
- AWS > Turbot > Service Roles > Name Path
- AWS > Turbot > Service Roles > Name Prefix
- AWS > Turbot > Service Roles > Source
- AWS > Turbot > Service Roles > SSM Notifications
- AWS > Turbot > Service Roles > SSM Notifications > Name
- AWS > Turbot > Service Roles > Terraform Version
- Turbot > Discovery Level > Materialization Exceptions > @turbot/aws
Policy Packs
- AWS CIS v3.0.0 - Section 1 - Identity and Access Management
- AWS CIS v3.0.0 - Section 3 - Logging
- AWS CIS v3.0.0 - Section 4 - Monitoring
- Enable AWS IAM Service Roles
- Enable Event Poller for AWS Accounts
- Enable Global Event Handlers for AWS Accounts
- Enable Multi-Region CloudTrail Trails for AWS Accounts
- Enable Regional Event Handlers for AWS Accounts