Open menu

22 February 2021 - Rule Update Notice

Custom Policy Updates

The custom policy has been updated to version 1.25 as a result of the new deployment. You’ll need to update your custom policy to the latest version. The permissions added include:

  1. “ce:GetAnomalyMonitors”
  2. “ecs:DescribeTaskDefinition”
  3. “ecs:ListTaskDefinitions” Click here to access the new Custom Policy.

New Rules

AWS

  1. CostExplorer-001: Cost Anomaly Detection Monitor in Use
    This rule ensures that an Amazon Cost Anomaly Detection monitor is created for your AWS account in order to proactively identify and take action on cost and usage anomalies. A Cost Anomaly Detection monitor tracks each AWS cloud service individually and alerts you for any unexpected cost spikes.
  2. ECS-002: ECS Task Log Driver In Use
    This rule ensures that there is a log driver configured for the containers within your active Amazon ECS task definitions.
  3. RDS-041: Enable Amazon RDS Storage AutoScaling
    This rule ensures that your Amazon RDS instances have Storage Auto Scaling enabled in order to provide dynamic scaling support for the database’s storage based on your application needs.
  4. S3-026: Enable S3 Block Public Access for S3 Buckets
    This rule ensures that the Amazon S3 Block Public Access feature is enabled for your S3 buckets to restrict public access to all objects available within these buckets, including those that you upload in the future.
  5. S3-027: Enable S3 Block Public Access for AWS Accounts
    This rule ensures that the Amazon S3 Block Public Access feature is enabled at your AWS account level to restrict public access to all your S3 buckets, including those that you create in the future.

Rule Updates

  1. Backup-002: Configure AWS Backup Vault Access Policy

    The rule will now generate checks with correct status if the access policy of the vault contains more than one statement.

  2. RDS-026: RDS Copy Tags to Snapshots

    Fixed a bug where RDS-026 was generating checks for Aurora instances.

Bug Fixes

RTM-003: AWS IAM User has Signed in Without MFA
Fixed a bug where RTM-003 was producing false-positive checks for user login using AWS SSO.