Custom Policy Updates
The custom policy has been updated to version 1.25 as a result of the new deployment. You’ll need to update your custom policy to the latest version. The permissions added include:
Click here to access the new Custom Policy.
- CostExplorer-001: Cost Anomaly Detection Monitor in Use
This rule ensures that an Amazon Cost Anomaly Detection monitor is created for your AWS account in order to proactively identify and take action on cost and usage anomalies. A Cost Anomaly Detection monitor tracks each AWS cloud service individually and alerts you for any unexpected cost spikes.
- ECS-002: ECS Task Log Driver In Use
This rule ensures that there is a log driver configured for the containers within your active Amazon ECS task definitions.
- RDS-041: Enable Amazon RDS Storage AutoScaling
This rule ensures that your Amazon RDS instances have Storage Auto Scaling enabled in order to provide dynamic scaling support for the database’s storage based on your application needs.
- S3-026: Enable S3 Block Public Access for S3 Buckets
This rule ensures that the Amazon S3 Block Public Access feature is enabled for your S3 buckets to restrict public access to all objects available within these buckets, including those that you upload in the future.
- S3-027: Enable S3 Block Public Access for AWS Accounts
This rule ensures that the Amazon S3 Block Public Access feature is enabled at your AWS account level to restrict public access to all your S3 buckets, including those that you create in the future.
Backup-002: Configure AWS Backup Vault Access Policy
The rule will now generate checks with correct status if the access policy of the vault contains more than one statement.
RDS-026: RDS Copy Tags to Snapshots
Fixed a bug where RDS-026 was generating checks for Aurora instances.
RTM-003: AWS IAM User has Signed in Without MFA
Fixed a bug where RTM-003 was producing false-positive checks for user login using AWS SSO.