Custom Policy Updates
The custom policy has been updated to version 1.26 as a result of the new deployment. You’ll need to update your custom policy to the latest version. The permissions added include:
Click here to access the new Custom Policy.
- ELBv2-011: Check if Application Load Balancers are redirecting HTTP to HTTPS
This rule checks if Application Load Balancers (ALB) are configured to redirect HTTP traffic (port 80) to HTTPS (port 443).
- RDS-042: Enable Aurora Cluster Copy Tags to Snapshots
This rule ensures that Amazon Aurora clusters have the Copy Tags to Snapshots feature enabled.
- CostExplorer-002: Cost Anomaly Detection Findings
This rule checks for any spend anomalies within your AWS account that have been identified by Amazon Cost Anomaly Detection and analyzes and determines the root cause (such as the account, service, region, or usage type) that is driving the cost increase.
- VirtualMachines-033: Enable and Configure Health Monitoring
This rule ensures that the health of your Microsoft Azure scale set instances is being monitored.
- Route53-011: Dangling DNS Records
The rule will create one check for each hosted zone and include any dangling records as metadata instead of creating a check for each record.
- RTM-009: VPC Network Configuration Changes
The rule has been updated to only generate checks for successful configuration changes instead of unsuccessful ones where access to make changes has been denied.
- SSM-001: SSM Parameter Encryption
EBS-004: EBS Volumes Recent Snapshots
Support for exception by resource and tags added to SSM-001 and EBS-004.
- RG-001: Tags
We’ve improved how we evaluate resources for RG-001 to help prevent inaccurate results under certain circumstances.
- IAM-036: IAM Admin Permissions
Fixed a bug that prevented users from configuring the rule to either check for IAM users assigned to actions or managed policies i.e both settings had to have a configuration.
- S3-014: S3 Bucket Public Access Via Policy
Fixed an issue where the rule was not reporting ‘Actions’ in its checks if there was a condition on the policy.
SES-004: DKIM Enabled
SES-001: Identity Cross-Account Access
Fixed a bug where checks were not being generated for these rules.