Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading resources...

Resource Type: AWS > Account

The Account resource type represents an individual account within an Organization or as a standalone entity. It serves as a container for AWS resources, users, policies, and configurations, allowing you to manage permissions, billing, security, and access control.

Resource Types

The Account service includes these resource types:

  • Budget

Controls

The primary controls for AWS > Account are:

  • CMDB
  • Discovery
  • Intelligent Assessment
  • ServiceNow
  • Stack
  • Stack [Native]

It is also targeted by these controls:

  • AWS > Account > Budget > Budget
  • AWS > Amazon MQ > Configuration > Usage
  • AWS > App Mesh > Mesh > Usage
  • AWS > AppStream > Image > Usage
  • AWS > Backup > Backup Plan > Usage
  • AWS > Backup > Backup Vault > Usage
  • AWS > Bedrock > Enforced Guardrail Configuration > Prevention > Discovery
  • AWS > CIS v1 > 1 Identity and Access Management > 1.15 Ensure security questions are registered in the AWS account (Not Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.17 Maintain current contact details (Not Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.18 Ensure security contact information is registered (Not Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)
  • AWS > CIS v1 > 2 Logging > 2.01 Ensure CloudTrail is enabled in all regions (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.01 Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.02 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.03 Ensure a log metric filter and alarm exist for usage of "root" account (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.04 Ensure a log metric filter and alarm exist for IAM policy changes (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.05 Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.06 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.07 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.08 Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.09 Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.10 Ensure a log metric filter and alarm exist for security group changes (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.12 Ensure a log metric filter and alarm exist for changes to network gateways (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.13 Ensure a log metric filter and alarm exist for route table changes (Scored)
  • AWS > CIS v1 > 3 Monitoring > 3.14 Ensure a log metric filter and alarm exist for VPC changes (Scored)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.01 - Maintain current contact details (Manual)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered (Manual)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account (Manual)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances (Manual)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual)
  • AWS > CIS v1.4 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.01 - Ensure a log metric filter and alarm exist for unauthorized API calls (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.02 - Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.03 - Ensure a log metric filter and alarm exist for usage of 'root' account (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.04 - Ensure a log metric filter and alarm exist for IAM policy changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.05 - Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.06 - Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.07 - Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.08 - Ensure a log metric filter and alarm exist for S3 bucket policy changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.09 - Ensure a log metric filter and alarm exist for AWS Config configuration changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.10 - Ensure a log metric filter and alarm exist for security group changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.11 - Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.12 - Ensure a log metric filter and alarm exist for changes to network gateways (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.13 - Ensure a log metric filter and alarm exist for route table changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.14 - Ensure a log metric filter and alarm exist for VPC changes (Automated)
  • AWS > CIS v1.4 > 4 - Monitoring > 4.15 - Ensure a log metric filter and alarm exists for AWS Organizations changes (Automated)
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.19 - Ensure that all expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v4.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v4.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v4.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.03 - Ensure usage of the 'root' account is monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control List (NACL) changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v4.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.16 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.18 - Ensure that all expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.20 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v5.0 > 1 - Identity and Access Management > 1.21 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v5.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v5.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.03 - Ensure usage of the 'root' account is monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control List (NACL) changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v5.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.01 - Maintain current contact details
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.02 - Ensure security contact information is registered
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.16 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.18 - Ensure that all expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.20 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v6.0 > 2 - Identity and Access Management > 2.21 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v6.0 > 4 - Logging > 4.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v6.0 > 5 - Monitoring > 5.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.03 - Ensure usage of the 'root' account is monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.10 - Ensure security group changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.11 - Ensure Network Access Control List (NACL) changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.13 - Ensure route table changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.14 - Ensure VPC changes are monitored
  • AWS > CIS v6.0 > 5 - Monitoring > 5.15 - Ensure AWS Organizations changes are monitored
  • AWS > CloudFormation > Stack > Usage
  • AWS > CloudFormation > StackSet > Usage
  • AWS > CloudFront > CloudFront Origin Access Identity > Discovery
  • AWS > CloudFront > CloudFront Origin Access Identity > Usage
  • AWS > CloudFront > Distribution > Discovery
  • AWS > CloudFront > Distribution > Usage
  • AWS > CloudFront > Streaming Distribution > Discovery
  • AWS > CloudFront > Streaming Distribution > Usage
  • AWS > CloudSearch > Domain > Usage
  • AWS > CodeCommit > Repository > Usage
  • AWS > Direct Connect > Direct Connect Gateway > Discovery
  • AWS > Direct Connect > Direct Connect Gateway > Usage
  • AWS > DynamoDB > Global Table > Discovery
  • AWS > DynamoDB > Global Table > Usage
  • AWS > EC2 > Account Attributes > Prevention > Discovery
  • AWS > ECR > Public Repository > Discovery
  • AWS > ECR > Public Repository > Usage
  • AWS > ECR > Repository > Usage
  • AWS > ECS > Container Instance > Usage
  • AWS > Elastic Beanstalk > Application > Usage
  • AWS > Glue > Crawler > Usage
  • AWS > Glue > Database > Usage
  • AWS > Glue > Development Endpoint [Deprecated] > Usage
  • AWS > Glue > Job > Usage
  • AWS > Glue > ML Transform > Usage
  • AWS > Glue > Table > Usage
  • AWS > Glue > Workflow > Usage
  • AWS > HIPAA > Account > At least one multi-region AWS CloudTrail should be present in an account
  • AWS > HIPAA > Account > Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
  • AWS > HIPAA > Account > Ensure a log metric filter and alarm exist for usage of 'root' account
  • AWS > HIPAA > Account > Ensure IAM password policy expires passwords within 90 days or less
  • AWS > HIPAA > Account > Ensure IAM password policy prevents password reuse
  • AWS > HIPAA > Account > Ensure IAM password policy requires at least one lowercase letter
  • AWS > HIPAA > Account > Ensure IAM password policy requires at least one number
  • AWS > HIPAA > Account > Ensure IAM password policy requires at least one symbol
  • AWS > HIPAA > Account > Ensure IAM password policy requires at least one uppercase letter
  • AWS > HIPAA > Account > IAM root user hardware MFA should be enabled
  • AWS > IAM > Account Password Policy > Discovery
  • AWS > IAM > Account Summary > Discovery
  • AWS > IAM > Credential Report > Discovery
  • AWS > IAM > Group > Discovery
  • AWS > IAM > Group > Usage
  • AWS > IAM > Instance Profile > Discovery
  • AWS > IAM > MFA Virtual > Discovery
  • AWS > IAM > OpenID Connect > Discovery
  • AWS > IAM > OpenID Connect > Usage
  • AWS > IAM > Policy > Discovery
  • AWS > IAM > Role > Discovery
  • AWS > IAM > Role > Usage
  • AWS > IAM > Root > Discovery
  • AWS > IAM > Server Certificate > Discovery
  • AWS > IAM > Server Certificate > Usage
  • AWS > IAM > Stack
  • AWS > IAM > Stack [Native]
  • AWS > IAM > User > Discovery
  • AWS > IAM > User > Usage
  • AWS > MSK > Cluster > Usage
  • AWS > NIST 800-53 > Account > At least one multi-region AWS CloudTrail should be present in an account
  • AWS > NIST 800-53 > IAM > IAM root user hardware MFA should be enabled
  • AWS > Organizations [Deprecated] > Organization > Discovery
  • AWS > Organizations > Service Control Policy > Allow Boundary Prevention > Discovery
  • AWS > PCI v3.2.1 > CloudTrail > 2 CloudTrail should be enabled
  • AWS > PCI v3.2.1 > CloudWatch > 1 A log metric filter and alarm should exist for usage of the 'root' user
  • AWS > PCI v3.2.1 > IAM > 4 Hardware MFA should be enabled for the root user
  • AWS > PCI v3.2.1 > IAM > 5 Virtual MFA should be enabled for the root user
  • AWS > PCI v3.2.1 > IAM > 8 Password policies for IAM users should have strong configurations
  • AWS > QuickSight > Account Settings > Discovery
  • AWS > RDS > Global Cluster > Discovery
  • AWS > Region > Discovery
  • AWS > Route 53 > Hosted Zone > Discovery
  • AWS > Route 53 > Hosted Zone > Usage
  • AWS > Route 53 Resolver > Resolver Endpoint > Usage
  • AWS > Route 53 Resolver > Resolver Rule > Usage
  • AWS > S3 > Account > Discovery
  • AWS > S3 > Account > Prevention > Discovery
  • AWS > S3 > Bucket > Usage
  • AWS > S3 > Multi-Region Access Point > Discovery
  • AWS > S3 > Multi-Region Access Point > Usage
  • AWS > SageMaker > Notebook Instance > Usage
  • AWS > Secrets Manager > Secret > Usage
  • AWS > Shield > Protection > Discovery
  • AWS > Shield > Protection > Usage
  • AWS > SNS > Subscription > Usage
  • AWS > SNS > Topic > Usage
  • AWS > SSM > Maintenance Window > Usage
  • AWS > Step Functions > State Machine > Usage
  • AWS > SWF > Domain > Usage
  • AWS > Turbot > IAM
  • AWS > Turbot > IAM > Managed
  • AWS > Turbot > Service Roles
  • AWS > WAF > IP Set > Discovery
  • AWS > WAF > IP Set > Usage
  • AWS > WAF > IP Set v2 Global > Discovery
  • AWS > WAF > IP Set v2 Global > Usage
  • AWS > WAF > Rate Based Rule > Discovery
  • AWS > WAF > Rate Based Rule > Usage
  • AWS > WAF > Regex Pattern Set v2 Global > Discovery
  • AWS > WAF > Regex Pattern Set v2 Global > Usage
  • AWS > WAF > Regex Pattern Set v2 Regional > Usage
  • AWS > WAF > Rule > Discovery
  • AWS > WAF > Rule > Usage
  • AWS > WAF > Rule Group v2 Global > Discovery
  • AWS > WAF > Rule Group v2 Global > Usage
  • AWS > WAF > Rule Group v2 Regional > Usage
  • AWS > WAF > Web ACL [Deprecated] > Discovery
  • AWS > WAF > Web ACL [Deprecated] > Usage
  • AWS > WAF > Web ACL v2 Global > Discovery
  • AWS > WAF > Web ACL v2 Global > Usage
  • ServiceNow > Turbot > Watches > AWS

Quick Actions

  • Event Handler
  • Provision Managed Resources
  • Router

Category

  • Cloud > Provider

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/aws#/resource/types/account
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/cloudProvider
    • GraphQL
    • query resource(id: "tmod:@turbot/aws#/resource/types/account") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/aws#/resource/types/account'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/aws#/resource/types/account"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws#/resource/types/account';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws#/resource/types/account"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws#/resource/types/account' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
182
Mods
520
Resource Types
9,028
Policies
3,512
Controls
1,933
Quick Actions
547
IAM