TerraGoat - Vulnerable Terraform Infrastructure

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Table of Contents

• Introduction
• Getting Started
  • AWS
  • Azure
  • GCP
• Contributing
• Support

Introduction

TerraGoat was built to enable DevSecOps design and implement a sustainable misconfiguration prevention strategy. It can be used to test a policy-as-code framework like Bridgecrew & Checkov, inline-linters, pre-commit hooks or other code scanning methods.

TerraGoat follows the tradition of existing *Goat projects that provide a baseline training ground to practice implementing secure development best practices for cloud infrastructure.

Important notes

• Where to get help: the Bridgecrew Community Slack

Before you proceed please take a not of these warning:

⚠️ TerraGoat creates intentionally vulnerable AWS resources into your account. DO NOT deploy TerraGoat in a production environment or alongside any sensitive AWS resources.

Requirements

• Terraform 0.12
• aws cli
• azure cli

To prevent vulnerable infrastructure from arriving to production see: Bridgecrew & checkov, the open source static analysis tool for infrastructure as code.

Getting started

AWS Setup

Installation (AWS)

You can deploy multiple TerraGoat stacks in a single AWS account using the parameter TF_VAR_environment.

Create an S3 Bucket backend to keep Terraform state

export TERRAGOAT_STATE_BUCKET="mydevsecops-bucket"
export TF_VAR_company_name=acme
export TF_VAR_environment=mydevsecops
export TF_VAR_region="us-west-2"

aws s3api create-bucket --bucket $TERRAGOAT_STATE_BUCKET \
    --region $TF_VAR_region --create-bucket-configuration LocationConstraint=$TF_VAR_region

# Enable versioning
aws s3api put-bucket-versioning --bucket $TERRAGOAT_STATE_BUCKET --versioning-configuration Status=Enabled

# Enable encryption
aws s3api put-bucket-encryption --bucket $TERRAGOAT_STATE_BUCKET --server-side-encryption-configuration '{
  "Rules": [
    {
      "ApplyServerSideEncryptionByDefault": {
        "SSEAlgorithm": "aws:kms"
      }
    }
  ]
}'

Apply TerraGoat (AWS)

cd terraform/aws/
terraform init \
-backend-config="bucket=$TERRAGOAT_STATE_BUCKET" \
-backend-config="key=$TF_VAR_company_name-$TF_VAR_environment.tfstate" \
-backend-config="region=$TF_VAR_region"

terraform apply

Remove TerraGoat (AWS)

terraform destroy

Creating multiple TerraGoat AWS stacks

cd terraform/aws/
export TERRAGOAT_ENV=$TF_VAR_environment
export TERRAGOAT_STACKS_NUM=5
for i in $(seq 1 $TERRAGOAT_STACKS_NUM)
do
    export TF_VAR_environment=$TERRAGOAT_ENV$i
    terraform init \
    -backend-config="bucket=$TERRAGOAT_STATE_BUCKET" \
    -backend-config="key=$TF_VAR_company_name-$TF_VAR_environment.tfstate" \
    -backend-config="region=$TF_VAR_region"

    terraform apply -auto-approve
done

Deleting multiple TerraGoat stacks (AWS)

cd terraform/aws/
export TF_VAR_environment = $TERRAGOAT_ENV
for i in $(seq 1 $TERRAGOAT_STACKS_NUM)
do
    export TF_VAR_environment=$TERRAGOAT_ENV$i
    terraform init \
    -backend-config="bucket=$TERRAGOAT_STATE_BUCKET" \
    -backend-config="key=$TF_VAR_company_name-$TF_VAR_environment.tfstate" \
    -backend-config="region=$TF_VAR_region"

    terraform destroy -auto-approve
done

Azure Setup

Installation (Azure)

You can deploy multiple TerraGoat stacks in a single Azure subscription using the parameter TF_VAR_environment.

Create an Azure Storage Account backend to keep Terraform state

export TERRAGOAT_RESOURCE_GROUP="TerraGoatRG"
export TERRAGOAT_STATE_STORAGE_ACCOUNT="mydevsecopssa"
export TERRAGOAT_STATE_CONTAINER="mydevsecops"
export TF_VAR_environment="dev"
export TF_VAR_region="westus"

# Create resource group
az group create --location $TF_VAR_region --name $TERRAGOAT_RESOURCE_GROUP

# Create storage account
az storage account create --name $TERRAGOAT_STATE_STORAGE_ACCOUNT --resource-group $TERRAGOAT_RESOURCE_GROUP --location $TF_VAR_region --sku Standard_LRS --kind StorageV2 --https-only true --encryption-services blob

# Get storage account key
ACCOUNT_KEY=$(az storage account keys list --resource-group $TERRAGOAT_RESOURCE_GROUP --account-name $TERRAGOAT_STATE_STORAGE_ACCOUNT --query [0].value -o tsv)

# Create blob container
az storage container create --name $TERRAGOAT_STATE_CONTAINER --account-name $TERRAGOAT_STATE_STORAGE_ACCOUNT --account-key $ACCOUNT_KEY

Apply TerraGoat (Azure)

cd terraform/azure/
terraform init -reconfigure -backend-config="resource_group_name=$TERRAGOAT_RESOURCE_GROUP" \
    -backend-config "storage_account_name=$TERRAGOAT_STATE_STORAGE_ACCOUNT" \
    -backend-config="container_name=$TERRAGOAT_STATE_CONTAINER" \
    -backend-config "key=$TF_VAR_environment.terraform.tfstate"

terraform apply

Remove TerraGoat (Azure)

terraform destroy

GCP Setup

Installation (GCP)

You can deploy multiple TerraGoat stacks in a single GCP project using the parameter TF_VAR_environment.

Create a GCS backend to keep Terraform state

To use terraform, a Service Account and matching set of credentials are required. If they do not exist, they must be manually created for the relevant project. To create the Service Account:

1. Sign into your GCP project, go to IAM > Service Accounts.
2. Click the CREATE SERVICE ACCOUNT.
3. Give a name to your service account (for example - terragoat) and click CREATE.
4. Grant the Service Account the Project > Editor role and click CONTINUE.
5. Click DONE.

To create the credentials:

1. Sign into your GCP project, go to IAM > Service Accounts and click on the relevant Service Account.
2. Click ADD KEY > Create new key > JSON and click CREATE. This will create a .json file and download it to your computer.

We recommend saving the key with a nicer name than the auto-generated one (i.e. terragoat_credentials.json), and storing the resulting JSON file inside terraform/gcp directory of terragoat. Once the credentials are set up, create the BE configuration as follows:

export TF_VAR_environment="dev"
export TF_TERRAGOAT_STATE_BUCKET=remote-state-bucket-terragoat
export TF_VAR_credentials_path=<PATH_TO_CREDNETIALS_FILE> # example: export TF_VAR_credentials_path=terragoat_credentials.json
export TF_VAR_project=<YOUR_PROJECT_NAME_HERE>

# Create storage bucket
gsutil mb gs://${TF_TERRAGOAT_STATE_BUCKET}

Apply TerraGoat (GCP)

cd terraform/gcp/
terraform init -reconfigure -backend-config="bucket=$TF_TERRAGOAT_STATE_BUCKET" \
    -backend-config "credentials=$TF_VAR_credentials_path" \
    -backend-config "prefix=terragoat/${TF_VAR_environment}"

terraform apply

Remove TerraGoat (GCP)

terraform destroy

Bridgecrew's IaC herd of goats

• CfnGoat - Vulnerable by design Cloudformation template
• TerraGoat - Vulnerable by design Terraform stack
• CDKGoat - Vulnerable by design CDK application
• kustomizegoat - Vulnerable by design kustomize deployment

Contributing

Contribution is welcomed!

We would love to hear about more ideas on how to find vulnerable infrastructure-as-code design patterns.

Support

Bridgecrew builds and maintains TerraGoat to encourage the adoption of policy-as-code.

If you need direct support you can contact us at info@bridgecrew.io.

Existing vulnerabilities (Auto-Generated)

terraform scan results:

	check_id	file	resource	check_name	guideline
0	CKV_ALI_12	/alicloud/bucket.tf	alicloud_oss_bucket.bad_bucket	Ensure the OSS bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-oss-bucket-has-access-logging-enabled
1	CKV_ALI_11	/alicloud/bucket.tf	alicloud_oss_bucket.bad_bucket	Ensure OSS bucket has transfer Acceleration enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-has-transfer-acceleration-disabled
2	CKV_ALI_1	/alicloud/bucket.tf	alicloud_oss_bucket.bad_bucket	Alibaba Cloud OSS bucket accessible to public	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-is-not-accessible-to-public
3	CKV_ALI_10	/alicloud/bucket.tf	alicloud_oss_bucket.bad_bucket	Ensure OSS bucket has versioning enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-has-versioning-enabled
4	CKV_ALI_6	/alicloud/bucket.tf	alicloud_oss_bucket.bad_bucket	Ensure OSS bucket is encrypted with Customer Master Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-is-encrypted-with-customer-master-key
5	CKV_ALI_37	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure RDS instance has log_connections enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-rds-instance-has-log-connections-enabled
6	CKV_ALI_20	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure RDS instance uses SSL	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-rds-instance-uses-ssl
7	CKV_ALI_25	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure RDS Instance SQL Collector Retention Period should be greater than 180	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-rds-instance-sql-collector-retention-period-should-be-greater-than-180
8	CKV_ALI_36	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure RDS instance has log_disconnections enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-has-log-disconnections-enabled-1
9	CKV_ALI_9	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure database instance is not public	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-database-instance-is-not-public
10	CKV_ALI_30	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure RDS instance auto upgrades for minor versions	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-is-set-to-perform-auto-upgrades-for-minor-versions
11	CKV_ALI_35	/alicloud/rds.tf	alicloud_db_instance.seeme	Ensure RDS instance has log_duration enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-has-log-duration-enabled
12	CKV_ALI_5	/alicloud/trail.tf	alicloud_actiontrail_trail.fail	Ensure Action Trail Logging for all events	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-action-trail-logging-for-all-events
13	CKV_ALI_4	/alicloud/trail.tf	alicloud_actiontrail_trail.fail	Ensure Action Trail Logging for all regions	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-action-trail-logging-for-all-regions
14	CKV_ALI_12	/alicloud/trail.tf	alicloud_oss_bucket.trail	Ensure the OSS bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-oss-bucket-has-access-logging-enabled
15	CKV_ALI_11	/alicloud/trail.tf	alicloud_oss_bucket.trail	Ensure OSS bucket has transfer Acceleration enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-has-transfer-acceleration-disabled
16	CKV_ALI_10	/alicloud/trail.tf	alicloud_oss_bucket.trail	Ensure OSS bucket has versioning enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-has-versioning-enabled
17	CKV_ALI_6	/alicloud/trail.tf	alicloud_oss_bucket.trail	Ensure OSS bucket is encrypted with Customer Master Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-is-encrypted-with-customer-master-key
18	CKV_AWS_161	/aws/db-app.tf	aws_db_instance.default	Ensure RDS database has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled
19	CKV_AWS_353	/aws/db-app.tf	aws_db_instance.default	Ensure that RDS instances have performance insights enabled
20	CKV_AWS_354	/aws/db-app.tf	aws_db_instance.default	Ensure RDS Performance Insights are encrypted using KMS CMKs
21	CKV_AWS_133	/aws/db-app.tf	aws_db_instance.default	Ensure that RDS instances has backup policy	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-instances-have-backup-policy
22	CKV_AWS_293	/aws/db-app.tf	aws_db_instance.default	Ensure that AWS database instances have deletion protection enabled
23	CKV_AWS_16	/aws/db-app.tf	aws_db_instance.default	Ensure all data stored in the RDS is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-4
24	CKV_AWS_226	/aws/db-app.tf	aws_db_instance.default	Ensure DB instance gets all minor upgrades automatically	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically
25	CKV_AWS_17	/aws/db-app.tf	aws_db_instance.default	Ensure all data stored in RDS is not publicly accessible	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-2
26	CKV_AWS_129	/aws/db-app.tf	aws_db_instance.default	Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled
27	CKV_AWS_118	/aws/db-app.tf	aws_db_instance.default	Ensure that enhanced monitoring is enabled for Amazon RDS instances	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances
28	CKV_AWS_157	/aws/db-app.tf	aws_db_instance.default	Ensure that RDS instances have Multi-AZ enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-73
29	CKV_AWS_23	/aws/db-app.tf	aws_security_group.default	Ensure every security groups rule has a description	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31
30	CKV_AWS_23	/aws/db-app.tf	aws_security_group_rule.ingress	Ensure every security groups rule has a description	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31
31	CKV_AWS_23	/aws/db-app.tf	aws_security_group_rule.egress	Ensure every security groups rule has a description	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31
32	CKV_AWS_289	/aws/db-app.tf	aws_iam_role_policy.ec2policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints
33	CKV_AWS_288	/aws/db-app.tf	aws_iam_role_policy.ec2policy	Ensure IAM policies does not allow data exfiltration
34	CKV_AWS_287	/aws/db-app.tf	aws_iam_role_policy.ec2policy	Ensure IAM policies does not allow credentials exposure
35	CKV_AWS_290	/aws/db-app.tf	aws_iam_role_policy.ec2policy	Ensure IAM policies does not allow write access without constraints
36	CKV_AWS_355	/aws/db-app.tf	aws_iam_role_policy.ec2policy	Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions
37	CKV_AWS_126	/aws/db-app.tf	aws_instance.db_app	Ensure that detailed monitoring is enabled for EC2 instances	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances
38	CKV_AWS_79	/aws/db-app.tf	aws_instance.db_app	Ensure Instance Metadata Service Version 1 is not enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31
39	CKV_AWS_8	/aws/db-app.tf	aws_instance.db_app	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-13
40	CKV_AWS_135	/aws/db-app.tf	aws_instance.db_app	Ensure that EC2 is EBS optimized	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized
41	CKV_AWS_126	/aws/ec2.tf	aws_instance.web_host	Ensure that detailed monitoring is enabled for EC2 instances	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances
42	CKV_AWS_79	/aws/ec2.tf	aws_instance.web_host	Ensure Instance Metadata Service Version 1 is not enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31
43	CKV_AWS_46	/aws/ec2.tf	aws_instance.web_host	Ensure no hard-coded secrets exist in EC2 user data	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-1
44	CKV_AWS_8	/aws/ec2.tf	aws_instance.web_host	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-13
45	CKV_AWS_135	/aws/ec2.tf	aws_instance.web_host	Ensure that EC2 is EBS optimized	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized
46	CKV_AWS_3	/aws/ec2.tf	aws_ebs_volume.web_host_storage	Ensure all data stored in the EBS is securely encrypted	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-3-encrypt-ebs-volume
47	CKV_AWS_189	/aws/ec2.tf	aws_ebs_volume.web_host_storage	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-109
48	CKV_AWS_23	/aws/ec2.tf	aws_security_group.web-node	Ensure every security groups rule has a description	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31
49	CKV_AWS_260	/aws/ec2.tf	aws_security_group.web-node	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80
50	CKV_AWS_24	/aws/ec2.tf	aws_security_group.web-node	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-1-port-security
51	CKV_AWS_130	/aws/ec2.tf	aws_subnet.web_subnet	Ensure VPC subnets do not assign public IP by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default
52	CKV_AWS_130	/aws/ec2.tf	aws_subnet.web_subnet2	Ensure VPC subnets do not assign public IP by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default
53	CKV_AWS_51	/aws/ecr.tf	aws_ecr_repository.repository	Ensure ECR Image Tags are immutable	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-24
54	CKV_AWS_163	/aws/ecr.tf	aws_ecr_repository.repository	Ensure ECR image scanning on push is enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-8
55	CKV_AWS_136	/aws/ecr.tf	aws_ecr_repository.repository	Ensure that ECR repositories are encrypted using KMS	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-ecr-repositories-are-encrypted
56	CKV_AWS_130	/aws/eks.tf	aws_subnet.eks_subnet1	Ensure VPC subnets do not assign public IP by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default
57	CKV_AWS_130	/aws/eks.tf	aws_subnet.eks_subnet2	Ensure VPC subnets do not assign public IP by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default
58	CKV_AWS_39	/aws/eks.tf	aws_eks_cluster.eks_cluster	Ensure Amazon EKS public endpoint disabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-2
59	CKV_AWS_38	/aws/eks.tf	aws_eks_cluster.eks_cluster	Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-1
60	CKV_AWS_58	/aws/eks.tf	aws_eks_cluster.eks_cluster	Ensure EKS Cluster has Secrets Encryption Enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-3
61	CKV_AWS_37	/aws/eks.tf	aws_eks_cluster.eks_cluster	Ensure Amazon EKS control plane logging enabled for all log types	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-4
62	CKV_AWS_92	/aws/elb.tf	aws_elb.weblb	Ensure the ELB has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-23
63	CKV_AWS_127	/aws/elb.tf	aws_elb.weblb	Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-elastic-load-balancers-uses-ssl-certificates-provided-by-aws-certificate-manager
64	CKV_AWS_137	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure that Elasticsearch is configured inside a VPC	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-elasticsearch-is-configured-inside-a-vpc
65	CKV_AWS_318	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA
66	CKV_AWS_247	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure all data stored in the Elasticsearch is encrypted with a CMK	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-all-data-stored-in-the-elasticsearch-domain-is-encrypted-using-a-customer-managed-key-cmk
67	CKV_AWS_228	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Verify Elasticsearch domain is using an up to date TLS policy	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-elasticsearch-domain-uses-an-updated-tls-policy
68	CKV_AWS_84	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure Elasticsearch Domain Logging is enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elasticsearch-7
69	CKV_AWS_317	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure Elasticsearch Domain Audit Logging is enabled
70	CKV_AWS_5	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure all data stored in the Elasticsearch is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elasticsearch-3-enable-encryptionatrest
71	CKV_AWS_248	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure that Elasticsearch is not using the default Security Group	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-elasticsearch-does-not-use-the-default-security-group
72	CKV_AWS_109	/aws/es.tf	aws_iam_policy_document.policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
73	CKV_AWS_111	/aws/es.tf	aws_iam_policy_document.policy	Ensure IAM policies does not allow write access without constraints	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint
74	CKV_AWS_283	/aws/es.tf	aws_iam_policy_document.policy	Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource
75	CKV_AWS_356	/aws/es.tf	aws_iam_policy_document.policy	Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions
76	CKV_AWS_273	/aws/iam.tf	aws_iam_user.user	Ensure access is controlled through SSO and not AWS IAM defined users
77	CKV_AWS_286	/aws/iam.tf	aws_iam_user_policy.userpolicy	Ensure IAM policies does not allow privilege escalation
78	CKV_AWS_289	/aws/iam.tf	aws_iam_user_policy.userpolicy	Ensure IAM policies does not allow permissions management / resource exposure without constraints
79	CKV_AWS_288	/aws/iam.tf	aws_iam_user_policy.userpolicy	Ensure IAM policies does not allow data exfiltration
80	CKV_AWS_287	/aws/iam.tf	aws_iam_user_policy.userpolicy	Ensure IAM policies does not allow credentials exposure
81	CKV_AWS_290	/aws/iam.tf	aws_iam_user_policy.userpolicy	Ensure IAM policies does not allow write access without constraints
82	CKV_AWS_355	/aws/iam.tf	aws_iam_user_policy.userpolicy	Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions
83	CKV_AWS_7	/aws/kms.tf	aws_kms_key.logs_key	Ensure rotation for customer created CMKs is enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-8
84	CKV_AWS_363	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Ensure Lambda Runtime is not deprecated
85	CKV_AWS_173	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Check encryption settings for Lambda environmental variable	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5
86	CKV_AWS_116	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq
87	CKV_AWS_115	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit
88	CKV_AWS_45	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Ensure no hard-coded secrets exist in lambda environment	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-3
89	CKV_AWS_50	/aws/lambda.tf	aws_lambda_function.analysis_lambda	X-ray tracing is enabled for Lambda	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-4
90	CKV_AWS_117	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Ensure that AWS Lambda function is configured inside a VPC	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1
91	CKV_AWS_272	/aws/lambda.tf	aws_lambda_function.analysis_lambda	Ensure AWS Lambda function is configured to validate code-signing
92	CKV_AWS_347	/aws/neptune.tf	aws_neptune_cluster.default	Ensure Neptune is encrypted by KMS using a customer managed Key (CMK)
93	CKV_AWS_361	/aws/neptune.tf	aws_neptune_cluster.default	Ensure that Neptune DB cluster has automated backups enabled with adequate retention
94	CKV_AWS_101	/aws/neptune.tf	aws_neptune_cluster.default	Ensure Neptune logging is enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-24
95	CKV_AWS_362	/aws/neptune.tf	aws_neptune_cluster.default	Neptune DB clusters should be configured to copy tags to snapshots
96	CKV_AWS_44	/aws/neptune.tf	aws_neptune_cluster.default	Ensure Neptune storage is securely encrypted	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-18
97	CKV_AWS_359	/aws/neptune.tf	aws_neptune_cluster.default	Neptune DB clusters should have IAM database authentication enabled
98	CKV_AWS_280	/aws/neptune.tf	aws_neptune_cluster_snapshot.default	Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK)
99	CKV_AWS_279	/aws/neptune.tf	aws_neptune_cluster_snapshot.default	Ensure Neptune snapshot is securely encrypted
100	CKV_AWS_41	/aws/providers.tf	aws.plain_text_access_keys_provider	Ensure no hard coded AWS access key and secret key exists in provider	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-5
101	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
102	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
103	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
104	CKV_AWS_133	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure that RDS instances has backup policy	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-instances-have-backup-policy
105	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
106	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
107	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
108	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
109	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure that RDS Cluster log capture is enabled
110	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
111	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
112	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
113	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
114	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
115	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
116	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
117	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure that RDS Cluster log capture is enabled
118	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
119	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
120	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
121	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
122	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
123	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
124	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
125	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure that RDS Cluster log capture is enabled
126	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
127	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
128	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
129	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
130	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
131	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
132	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
133	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure that RDS Cluster log capture is enabled
134	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
135	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
136	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
137	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
138	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
139	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
140	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
141	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure that RDS Cluster log capture is enabled
142	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
143	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
144	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
145	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
146	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
147	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
148	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
149	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure that RDS Cluster log capture is enabled
150	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
151	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
152	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
153	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
154	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
155	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
156	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
157	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure that RDS Cluster log capture is enabled
158	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
159	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
160	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
161	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
162	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
163	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
164	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
165	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure that RDS Cluster log capture is enabled
166	CKV_AWS_327	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure RDS Clusters are encrypted using KMS CMKs
167	CKV_AWS_96	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure all data stored in Aurora is securely encrypted at rest	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38
168	CKV_AWS_326	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure that RDS Aurora Clusters have backtracking enabled
169	CKV_AWS_313	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure RDS cluster configured to copy tags to snapshots
170	CKV_AWS_139	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure that RDS clusters have deletion protection enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled
171	CKV_AWS_325	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine
172	CKV_AWS_162	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure RDS cluster has IAM authentication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled
173	CKV_AWS_324	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure that RDS Cluster log capture is enabled
174	CKV_AWS_186	/aws/s3.tf	aws_s3_bucket_object.data_object	Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-106
175	CKV_AZURE_171	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure AKS cluster upgrade channel is chosen	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-171
176	CKV_AZURE_8	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure Kubernetes Dashboard is disabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-5
177	CKV_AZURE_226	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure ephemeral disks are used for OS disks
178	CKV_AZURE_141	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure AKS local admin account is disabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-kubernetes-service-aks-local-admin-account-is-disabled
179	CKV_AZURE_170	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure that AKS use the Paid Sku for its SLA	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-170
180	CKV_AZURE_168	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/azr-kubernetes-cluster-15
181	CKV_AZURE_117	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure that AKS uses disk encryption set	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/ensure-that-aks-uses-disk-encryption-set
182	CKV_AZURE_227	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources
183	CKV_AZURE_5	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure RBAC is enabled on AKS clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-2
184	CKV_AZURE_172	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-172
185	CKV_AZURE_6	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure AKS has an API Server Authorized IP Ranges enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-3
186	CKV_AZURE_116	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure that AKS uses Azure Policies Add-on	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/ensure-that-aks-uses-azure-policies-add-on
187	CKV_AZURE_7	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure AKS cluster has Network Policy configured	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-4
188	CKV_AZURE_4	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure AKS logging to Azure Monitoring is Configured	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-1
189	CKV_AZURE_115	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure that AKS enables private clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/ensure-that-aks-enables-private-clusters
190	CKV_AZURE_14	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-5
191	CKV_AZURE_16	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that Register with Azure Active Directory is enabled on App Service	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/bc-azr-iam-1
192	CKV_AZURE_17	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure the web app has 'Client Certificates (Incoming client certificates)' set	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-7
193	CKV_AZURE_18	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that 'HTTP Version' is the latest if used to run the web app	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-8
194	CKV_AZURE_65	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that App service enables detailed error messages	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/tbdensure-that-app-service-enables-detailed-error-messages
195	CKV_AZURE_63	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that App service enables HTTP logging	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-that-app-service-enables-http-logging
196	CKV_AZURE_88	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that app services use Azure Files	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-app-services-use-azure-files
197	CKV_AZURE_13	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure App Service Authentication is set on Azure App Service	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-2
198	CKV_AZURE_213	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that App Service configures health check	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-213
199	CKV_AZURE_71	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that Managed identity provider is enabled for app services	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-managed-identity-provider-is-enabled-for-app-services
200	CKV_AZURE_66	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure that App service enables failed request tracing	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-that-app-service-enables-failed-request-tracing
201	CKV_AZURE_78	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure FTP deployments are disabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-ftp-deployments-are-disabled
202	CKV_AZURE_15	/azure/app_service.tf	azurerm_app_service.app-service1	Ensure web app is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-6
203	CKV_AZURE_16	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that Register with Azure Active Directory is enabled on App Service	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/bc-azr-iam-1
204	CKV_AZURE_17	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure the web app has 'Client Certificates (Incoming client certificates)' set	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-7
205	CKV_AZURE_18	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that 'HTTP Version' is the latest if used to run the web app	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-8
206	CKV_AZURE_65	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that App service enables detailed error messages	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/tbdensure-that-app-service-enables-detailed-error-messages
207	CKV_AZURE_63	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that App service enables HTTP logging	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-that-app-service-enables-http-logging
208	CKV_AZURE_88	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that app services use Azure Files	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-app-services-use-azure-files
209	CKV_AZURE_13	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure App Service Authentication is set on Azure App Service	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-2
210	CKV_AZURE_213	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that App Service configures health check	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-213
211	CKV_AZURE_71	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that Managed identity provider is enabled for app services	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-managed-identity-provider-is-enabled-for-app-services
212	CKV_AZURE_66	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure that App service enables failed request tracing	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-that-app-service-enables-failed-request-tracing
213	CKV_AZURE_78	/azure/app_service.tf	azurerm_app_service.app-service2	Ensure FTP deployments are disabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-ftp-deployments-are-disabled
214	CKV_AZURE_217	/azure/application_gateway.tf	azurerm_application_gateway.network	Ensure Azure Application gateways listener that allow connection requests over HTTP
215	CKV_AZURE_218	/azure/application_gateway.tf	azurerm_application_gateway.network	Ensure Application Gateway defines secure protocols for in transit communication
216	CKV_AZURE_178	/azure/instance.tf	azurerm_linux_virtual_machine.linux_machine	Ensure linux VM enables SSH with keys for secure communication	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-178
217	CKV_AZURE_1	/azure/instance.tf	azurerm_linux_virtual_machine.linux_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-1
218	CKV_AZURE_50	/azure/instance.tf	azurerm_linux_virtual_machine.linux_machine	Ensure Virtual Machine Extensions are not Installed	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-14
219	CKV_AZURE_149	/azure/instance.tf	azurerm_linux_virtual_machine.linux_machine	Ensure that Virtual machine does not enable password authentication	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-virtual-machine-does-not-enable-password-authentication
220	CKV_AZURE_151	/azure/instance.tf	azurerm_windows_virtual_machine.windows_machine	Ensure Windows VM enables encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-windows-vm-enables-encryption
221	CKV_AZURE_50	/azure/instance.tf	azurerm_windows_virtual_machine.windows_machine	Ensure Virtual Machine Extensions are not Installed	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-14
222	CKV_AZURE_110	/azure/key_vault.tf	azurerm_key_vault.example	Ensure that key vault enables purge protection	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-enables-purge-protection
223	CKV_AZURE_42	/azure/key_vault.tf	azurerm_key_vault.example	Ensure the key vault is recoverable	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-the-key-vault-is-recoverable
224	CKV_AZURE_109	/azure/key_vault.tf	azurerm_key_vault.example	Ensure that key vault allows firewall rules settings	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-key-vault-allows-firewall-rules-settings
225	CKV_AZURE_189	/azure/key_vault.tf	azurerm_key_vault.example	Ensure that Azure Key Vault disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-189
226	CKV_AZURE_40	/azure/key_vault.tf	azurerm_key_vault_key.generated	Ensure that the expiration date is set on all keys	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/set-an-expiration-date-on-all-keys
227	CKV_AZURE_112	/azure/key_vault.tf	azurerm_key_vault_key.generated	Ensure that key vault key is backed by HSM	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-key-is-backed-by-hsm
228	CKV_AZURE_41	/azure/key_vault.tf	azurerm_key_vault_secret.secret	Ensure that the expiration date is set on all secrets	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets
229	CKV_AZURE_114	/azure/key_vault.tf	azurerm_key_vault_secret.secret	Ensure that key vault secrets have "content_type" set	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set
230	CKV_AZURE_37	/azure/logging.tf	azurerm_monitor_log_profile.logging_profile	Ensure that Activity Log Retention is set 365 days or greater	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/set-activity-log-retention-to-365-days-or-greater
231	CKV_AZURE_38	/azure/logging.tf	azurerm_monitor_log_profile.logging_profile	Ensure audit profile captures all the activities	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-audit-profile-captures-all-activities
232	CKV_AZURE_206	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure that Storage Accounts use replication	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-206
233	CKV_AZURE_59	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure that Storage accounts disallow public access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access
234	CKV_AZURE_44	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure Storage Account is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2
235	CKV_AZURE_33	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure Storage logging is enabled for Queue service for read, write and delete requests	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service
236	CKV_AZURE_190	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure that Storage blobs restrict public access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-190
237	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql1	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
238	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql1	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
239	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql2	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
240	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql2	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
241	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql3	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
242	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql3	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
243	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql4	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
244	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql4	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
245	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql5	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
246	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql5	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
247	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql6	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
248	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql6	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
249	CKV_AZURE_52	/azure/mssql.tf	azurerm_mssql_server.mssql7	Ensure MSSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption
250	CKV_AZURE_113	/azure/mssql.tf	azurerm_mssql_server.mssql7	Ensure that SQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access
251	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy1	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
252	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy1	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
253	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy2	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
254	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy2	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
255	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy3	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
256	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy3	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
257	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy4	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
258	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy4	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
259	CKV_AZURE_26	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy5	Ensure that 'Send Alerts To' is enabled for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-7
260	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy5	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
261	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy5	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
262	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy6	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
263	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy6	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
264	CKV_AZURE_25	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy7	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
265	CKV_AZURE_27	/azure/mssql.tf	azurerm_mssql_server_security_alert_policy.alertpolicy7	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
266	CKV_AZURE_10	/azure/networking.tf	azurerm_network_security_group.bad_sg	Ensure that SSH access is restricted from the internet	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-3
267	CKV_AZURE_9	/azure/networking.tf	azurerm_network_security_group.bad_sg	Ensure that RDP access is restricted from the internet	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-2
268	CKV_AZURE_12	/azure/networking.tf	azurerm_network_watcher_flow_log.flow_log	Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-1
269	CKV_AZURE_39	/azure/roles.tf	azurerm_role_definition.example	Ensure that no custom subscription owner roles are created	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/do-not-create-custom-subscription-owner-roles
270	CKV_AZURE_19	/azure/security_center.tf	azurerm_security_center_subscription_pricing.pricing	Ensure that standard pricing tier is selected	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-standard-pricing-tier-is-selected
271	CKV_AZURE_20	/azure/security_center.tf	azurerm_security_center_contact.contact	Ensure that security contact 'Phone number' is set	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-3
272	CKV_AZURE_21	/azure/security_center.tf	azurerm_security_center_contact.contact	Ensure that 'Send email notification for high severity alerts' is set to 'On'	https://docs.bridgecrew.io/docs/bc_azr_general_4
273	CKV_AZURE_22	/azure/security_center.tf	azurerm_security_center_contact.contact	Ensure that 'Send email notification for high severity alerts' is set to 'On'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-5
274	CKV_AZURE_26	/azure/sql.tf	azurerm_mssql_server_security_alert_policy.example	Ensure that 'Send Alerts To' is enabled for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-7
275	CKV_AZURE_25	/azure/sql.tf	azurerm_mssql_server_security_alert_policy.example	Ensure that 'Threat Detection types' is set to 'All'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6
276	CKV_AZURE_27	/azure/sql.tf	azurerm_mssql_server_security_alert_policy.example	Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8
277	CKV_AZURE_127	/azure/sql.tf	azurerm_mysql_server.example	Ensure that My SQL server enables Threat detection policy	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-my-sql-server-enables-threat-detection-policy
278	CKV_AZURE_53	/azure/sql.tf	azurerm_mysql_server.example	Ensure 'public network access enabled' is set to 'False' for mySQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-public-network-access-enabled-is-set-to-false-for-mysql-servers
279	CKV_AZURE_54	/azure/sql.tf	azurerm_mysql_server.example	Ensure MySQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mysql-is-using-the-latest-version-of-tls-encryption
280	CKV_AZURE_28	/azure/sql.tf	azurerm_mysql_server.example	Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-9
281	CKV_AZURE_94	/azure/sql.tf	azurerm_mysql_server.example	Ensure that My SQL server enables geo-redundant backups	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-my-sql-server-enables-geo-redundant-backups
282	CKV_AZURE_68	/azure/sql.tf	azurerm_postgresql_server.example	Ensure that PostgreSQL server disables public network access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-postgresql-server-disables-public-network-access
283	CKV_AZURE_130	/azure/sql.tf	azurerm_postgresql_server.example	Ensure that PostgreSQL server enables infrastructure encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-infrastructure-encryption
284	CKV_AZURE_102	/azure/sql.tf	azurerm_postgresql_server.example	Ensure that PostgreSQL server enables geo-redundant backups	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-geo-redundant-backups
285	CKV_AZURE_147	/azure/sql.tf	azurerm_postgresql_server.example	Ensure PostgreSQL is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-postgresql-uses-the-latest-version-of-tls-encryption
286	CKV_AZURE_128	/azure/sql.tf	azurerm_postgresql_server.example	Ensure that PostgreSQL server enables Threat detection policy	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-threat-detection-policy
287	CKV_AZURE_29	/azure/sql.tf	azurerm_postgresql_server.example	Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-10
288	CKV_AZURE_32	/azure/sql.tf	azurerm_postgresql_configuration.thrtottling_config	Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-13
289	CKV_AZURE_30	/azure/sql.tf	azurerm_postgresql_configuration.example	Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-11
290	CKV_AZURE_93	/azure/storage.tf	azurerm_managed_disk.example	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-managed-disks-use-a-specific-set-of-disk-encryption-sets-for-the-customer-managed-key-encryption
291	CKV_AZURE_2	/azure/storage.tf	azurerm_managed_disk.example	Ensure Azure managed disk has encryption enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-1
292	CKV_AZURE_59	/azure/storage.tf	azurerm_storage_account.example	Ensure that Storage accounts disallow public access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access
293	CKV_AZURE_44	/azure/storage.tf	azurerm_storage_account.example	Ensure Storage Account is using the latest version of TLS encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2
294	CKV_AZURE_33	/azure/storage.tf	azurerm_storage_account.example	Ensure Storage logging is enabled for Queue service for read, write and delete requests	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service
295	CKV_AZURE_190	/azure/storage.tf	azurerm_storage_account.example	Ensure that Storage blobs restrict public access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-190
296	CKV_AZURE_36	/azure/storage.tf	azurerm_storage_account_network_rules.test	Ensure 'Trusted Microsoft Services' is enabled for Storage Account access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/enable-trusted-microsoft-services-for-storage-account-access
297	CKV_GCP_60	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure Cloud SQL database does not have public IP	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-11
298	CKV_GCP_110	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure pgAudit is enabled for your GCP PostgreSQL database
299	CKV_GCP_11	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure that Cloud SQL database Instances are not open to the world	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-4
300	CKV_GCP_79	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure SQL database is using latest Major version	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-sql-database-uses-the-latest-major-version
301	CKV_GCP_52	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure PostgreSQL database 'log_connections' flag is set to 'on'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-3
302	CKV_GCP_6	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure all Cloud SQL database instance requires all incoming connections to use SSL	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-1
303	CKV_GCP_111	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure GCP PostgreSQL logs SQL statements
304	CKV_GCP_109	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure the GCP PostgreSQL database log levels are set to ERROR or lower
305	CKV_GCP_51	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure PostgreSQL database 'log_checkpoints' flag is set to 'on'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-2
306	CKV_GCP_108	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure hostnames are logged for GCP PostgreSQL databases
307	CKV_GCP_54	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure PostgreSQL database 'log_lock_waits' flag is set to 'on'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-5
308	CKV_GCP_14	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure all Cloud SQL database instance have backup configuration enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-2
309	CKV_GCP_53	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure PostgreSQL database 'log_disconnections' flag is set to 'on'	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-4
310	CKV_GCP_81	/gcp/big_data.tf	google_bigquery_dataset.dataset	Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek-1
311	CKV_GCP_15	/gcp/big_data.tf	google_bigquery_dataset.dataset	Ensure that BigQuery datasets are not anonymously or publicly accessible	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-3
312	CKV_GCP_62	/gcp/gcs.tf	google_storage_bucket.terragoat_website	Bucket should log access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2
313	CKV_GCP_78	/gcp/gcs.tf	google_storage_bucket.terragoat_website	Ensure Cloud storage has versioning enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled
314	CKV_GCP_29	/gcp/gcs.tf	google_storage_bucket.terragoat_website	Ensure that Cloud Storage buckets have uniform bucket-level access enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-gcs-2
315	CKV_GCP_114	/gcp/gcs.tf	google_storage_bucket.terragoat_website	Ensure public access prevention is enforced on Cloud Storage bucket
316	CKV_GCP_28	/gcp/gcs.tf	google_storage_bucket_iam_binding.allow_public_read	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/bc-gcp-public-1
317	CKV_GCP_21	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Kubernetes Clusters are configured with Labels	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-13
318	CKV_GCP_70	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure the GKE Release Channel is set	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-the-gke-release-channel-is-set
319	CKV_GCP_8	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-3
320	CKV_GCP_24	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-9
321	CKV_GCP_69	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure the GKE Metadata Server is Enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-the-gke-metadata-server-is-enabled
322	CKV_GCP_13	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure client certificate authentication to Kubernetes Engine Clusters is disabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-8
323	CKV_GCP_64	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure clusters are created with Private Nodes	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-clusters-are-created-with-private-nodes
324	CKV_GCP_7	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-2
325	CKV_GCP_23	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Kubernetes Cluster is created with Alias IP ranges enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-15
326	CKV_GCP_25	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Kubernetes Cluster is created with Private cluster enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-6
327	CKV_GCP_61	/gcp/gke.tf	google_container_cluster.workload_cluster	Enable VPC Flow Logs and Intranode Visibility	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/enable-vpc-flow-logs-and-intranode-visibility
328	CKV_GCP_18	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure GKE Control Plane is not public	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-10
329	CKV_GCP_1	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-1
330	CKV_GCP_66	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure use of Binary Authorization	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-use-of-binary-authorization
331	CKV_GCP_12	/gcp/gke.tf	google_container_cluster.workload_cluster	Ensure Network Policy is enabled on Kubernetes Engine Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-7
332	CKV_GCP_65	/gcp/gke.tf	google_container_cluster.workload_cluster	Manage Kubernetes RBAC users with Google Groups for GKE	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/manage-kubernetes-rbac-users-with-google-groups-for-gke
333	CKV_GCP_69	/gcp/gke.tf	google_container_node_pool.custom_node_pool	Ensure the GKE Metadata Server is Enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-the-gke-metadata-server-is-enabled
334	CKV_GCP_22	/gcp/gke.tf	google_container_node_pool.custom_node_pool	Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-14
335	CKV_GCP_10	/gcp/gke.tf	google_container_node_pool.custom_node_pool	Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-5
336	CKV_GCP_9	/gcp/gke.tf	google_container_node_pool.custom_node_pool	Ensure 'Automatic node repair' is enabled for Kubernetes Clusters	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-4
337	CKV_GCP_68	/gcp/gke.tf	google_container_node_pool.custom_node_pool	Ensure Secure Boot for Shielded GKE Nodes is Enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-secure-boot-for-shielded-gke-nodes-is-enabled
338	CKV_GCP_32	/gcp/instances.tf	google_compute_instance.server	Ensure 'Block Project-wide SSH keys' is enabled for VM instances	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-8
339	CKV_GCP_38	/gcp/instances.tf	google_compute_instance.server	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/encrypt-boot-disks-for-instances-with-cseks
340	CKV_GCP_30	/gcp/instances.tf	google_compute_instance.server	Ensure that instances are not configured to use the default service account	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-1
341	CKV_GCP_35	/gcp/instances.tf	google_compute_instance.server	Ensure 'Enable connecting to serial ports' is not enabled for VM Instance	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-11
342	CKV_GCP_36	/gcp/instances.tf	google_compute_instance.server	Ensure that IP forwarding is not enabled on Instances	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-12
343	CKV_GCP_34	/gcp/instances.tf	google_compute_instance.server	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-10
344	CKV_GCP_39	/gcp/instances.tf	google_compute_instance.server	Ensure Compute instances are launched with Shielded VM enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-y
345	CKV_GCP_40	/gcp/instances.tf	google_compute_instance.server	Ensure that Compute instances do not have public IP addresses	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/bc-gcp-public-2
346	CKV_GCP_37	/gcp/instances.tf	google_compute_disk.unencrypted_disk	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-x
347	CKV_GCP_74	/gcp/networks.tf	google_compute_subnetwork.public-subnetwork	Ensure that private_ip_google_access is enabled for Subnet	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-subnet-has-a-private-ip-google-access
348	CKV_GCP_26	/gcp/networks.tf	google_compute_subnetwork.public-subnetwork	Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-logging-1
349	CKV_GCP_76	/gcp/networks.tf	google_compute_subnetwork.public-subnetwork	Ensure that Private google access is enabled for IPV6	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-private-google-access-is-enabled-for-ipv6
350	CKV_GCP_3	/gcp/networks.tf	google_compute_firewall.allow_all	Ensure Google compute firewall ingress does not allow unrestricted rdp access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-2
351	CKV_GCP_77	/gcp/networks.tf	google_compute_firewall.allow_all	Ensure Google compute firewall ingress does not allow on ftp port	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-ftp-port-20-access
352	CKV_GCP_88	/gcp/networks.tf	google_compute_firewall.allow_all	Ensure Google compute firewall ingress does not allow unrestricted mysql access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-compute-firewall-ingress-does-not-allow-unrestricted-mysql-access
353	CKV_GCP_2	/gcp/networks.tf	google_compute_firewall.allow_all	Ensure Google compute firewall ingress does not allow unrestricted ssh access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-1
354	CKV_GCP_106	/gcp/networks.tf	google_compute_firewall.allow_all	Ensure Google compute firewall ingress does not allow unrestricted http port 80 access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-http-port-80-access
355	CKV_GCP_75	/gcp/networks.tf	google_compute_firewall.allow_all	Ensure Google compute firewall ingress does not allow unrestricted FTP access	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-ftp-access
356	CKV2_AZURE_38	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure soft-delete is enabled on Azure storage account
357	CKV2_AZURE_38	/azure/storage.tf	azurerm_storage_account.example	Ensure soft-delete is enabled on Azure storage account
358	CKV2_AZURE_33	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure storage account is configured with private endpoint
359	CKV2_AZURE_33	/azure/storage.tf	azurerm_storage_account.example	Ensure storage account is configured with private endpoint
360	CKV2_AZURE_29	/azure/aks.tf	azurerm_kubernetes_cluster.k8s_cluster	Ensure AKS cluster has Azure CNI networking enabled
361	CKV2_AZURE_7	/azure/sql.tf	azurerm_sql_server.example	Ensure that Azure Active Directory Admin is configured	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-active-directory-admin-is-configured
362	CKV2_AZURE_31	/azure/networking.tf	azurerm_subnet.example	Ensure VNET subnet is configured with a Network Security Group (NSG)
363	CKV2_AZURE_1	/azure/mssql.tf	azurerm_storage_account.security_storage_account	Ensure storage for critical data are encrypted with Customer Managed Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key
364	CKV2_AZURE_1	/azure/storage.tf	azurerm_storage_account.example	Ensure storage for critical data are encrypted with Customer Managed Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key
365	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql1	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
366	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql2	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
367	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql3	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
368	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql4	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
369	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql5	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
370	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql6	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
371	CKV_AZURE_23	/azure/mssql.tf	azurerm_mssql_server.mssql7	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
372	CKV_AZURE_23	/azure/sql.tf	azurerm_sql_server.example	Ensure that 'Auditing' is set to 'On' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2
373	CKV_AZURE_120	/azure/application_gateway.tf	azurerm_application_gateway.network	Ensure that Application Gateway enables WAF	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-application-gateway-enables-waf
374	CKV2_GCP_13	/gcp/big_data.tf	google_sql_database_instance.master_instance	Ensure PostgreSQL database flag 'log_duration' is set to 'on'
375	CKV2_AZURE_32	/azure/key_vault.tf	azurerm_key_vault.example	Ensure private endpoint is configured to key vault
376	CKV2_AZURE_16	/azure/sql.tf	azurerm_mysql_server.example	Ensure that MySQL server enables customer-managed key for encryption	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-mysql-server-enables-customer-managed-key-for-encryption
377	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql1	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
378	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql2	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
379	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql3	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
380	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql4	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
381	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql5	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
382	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql6	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
383	CKV_AZURE_24	/azure/mssql.tf	azurerm_mssql_server.mssql7	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
384	CKV_AZURE_24	/azure/sql.tf	azurerm_sql_server.example	Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3
385	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql1	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
386	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql2	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
387	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql3	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
388	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql4	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
389	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql5	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
390	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql6	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
391	CKV2_AZURE_27	/azure/mssql.tf	azurerm_mssql_server.mssql7	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85
392	CKV2_AWS_59	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure ElasticSearch/OpenSearch has dedicated master node enabled
393	CKV2_AWS_64	/aws/kms.tf	aws_kms_key.logs_key	Ensure KMS key Policy is defined
394	CKV_AWS_20	/aws/s3.tf	aws_s3_bucket.data	S3 Bucket has an ACL defined which allows public READ access.	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-1-acl-read-permissions-everyone
395	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app1-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
396	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app2-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
397	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app3-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
398	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app4-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
399	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app5-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
400	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app6-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
401	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app7-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
402	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app8-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
403	CKV2_AWS_8	/aws/rds.tf	aws_rds_cluster.app9-rds-cluster	Ensure that RDS clusters has backup plan of AWS Backup	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup
404	CKV2_AWS_6	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure that S3 bucket has a Public Access block	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
405	CKV2_AWS_6	/aws/s3.tf	aws_s3_bucket.data	Ensure that S3 bucket has a Public Access block	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
406	CKV2_AWS_6	/aws/s3.tf	aws_s3_bucket.financials	Ensure that S3 bucket has a Public Access block	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
407	CKV2_AWS_6	/aws/s3.tf	aws_s3_bucket.operations	Ensure that S3 bucket has a Public Access block	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
408	CKV2_AWS_6	/aws/s3.tf	aws_s3_bucket.data_science	Ensure that S3 bucket has a Public Access block	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
409	CKV2_AWS_6	/aws/s3.tf	aws_s3_bucket.logs	Ensure that S3 bucket has a Public Access block	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
410	CKV2_AWS_61	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure that an S3 bucket has a lifecycle configuration
411	CKV2_AWS_61	/aws/s3.tf	aws_s3_bucket.data	Ensure that an S3 bucket has a lifecycle configuration
412	CKV2_AWS_61	/aws/s3.tf	aws_s3_bucket.financials	Ensure that an S3 bucket has a lifecycle configuration
413	CKV2_AWS_61	/aws/s3.tf	aws_s3_bucket.operations	Ensure that an S3 bucket has a lifecycle configuration
414	CKV2_AWS_61	/aws/s3.tf	aws_s3_bucket.data_science	Ensure that an S3 bucket has a lifecycle configuration
415	CKV2_AWS_61	/aws/s3.tf	aws_s3_bucket.logs	Ensure that an S3 bucket has a lifecycle configuration
416	CKV2_AWS_52	/aws/es.tf	aws_elasticsearch_domain.monitoring-framework	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled
417	CKV2_AWS_58	/aws/neptune.tf	aws_neptune_cluster.default	Ensure AWS Neptune cluster deletion protection is enabled
418	CKV2_AWS_2	/aws/ec2.tf	aws_ebs_volume.web_host_storage	Ensure that only encrypted EBS volumes are attached to EC2 instances	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-only-encrypted-ebs-volumes-are-attached-to-ec2-instances
419	CKV2_AWS_41	/aws/ec2.tf	aws_instance.web_host	Ensure an IAM role is attached to EC2 instance	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance
420	CKV2_AWS_12	/aws/ec2.tf	aws_vpc.web_vpc	Ensure the default security group of every VPC restricts all traffic	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-4
421	CKV2_AWS_12	/aws/eks.tf	aws_vpc.eks_vpc	Ensure the default security group of every VPC restricts all traffic	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-4
422	CKV_AWS_18	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure the S3 bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging
423	CKV_AWS_18	/aws/s3.tf	aws_s3_bucket.data	Ensure the S3 bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging
424	CKV_AWS_18	/aws/s3.tf	aws_s3_bucket.financials	Ensure the S3 bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging
425	CKV_AWS_18	/aws/s3.tf	aws_s3_bucket.operations	Ensure the S3 bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging
426	CKV_AWS_18	/aws/s3.tf	aws_s3_bucket.logs	Ensure the S3 bucket has access logging enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging
427	CKV_AWS_144	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure that S3 bucket has cross-region replication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled
428	CKV_AWS_144	/aws/s3.tf	aws_s3_bucket.data	Ensure that S3 bucket has cross-region replication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled
429	CKV_AWS_144	/aws/s3.tf	aws_s3_bucket.financials	Ensure that S3 bucket has cross-region replication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled
430	CKV_AWS_144	/aws/s3.tf	aws_s3_bucket.operations	Ensure that S3 bucket has cross-region replication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled
431	CKV_AWS_144	/aws/s3.tf	aws_s3_bucket.data_science	Ensure that S3 bucket has cross-region replication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled
432	CKV_AWS_144	/aws/s3.tf	aws_s3_bucket.logs	Ensure that S3 bucket has cross-region replication enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled
433	CKV2_AWS_11	/aws/eks.tf	aws_vpc.eks_vpc	Ensure VPC flow logging is enabled in all VPCs	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging
434	CKV_AWS_145	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure that S3 buckets are encrypted with KMS by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default
435	CKV_AWS_145	/aws/s3.tf	aws_s3_bucket.data	Ensure that S3 buckets are encrypted with KMS by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default
436	CKV_AWS_145	/aws/s3.tf	aws_s3_bucket.financials	Ensure that S3 buckets are encrypted with KMS by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default
437	CKV_AWS_145	/aws/s3.tf	aws_s3_bucket.operations	Ensure that S3 buckets are encrypted with KMS by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default
438	CKV_AWS_145	/aws/s3.tf	aws_s3_bucket.data_science	Ensure that S3 buckets are encrypted with KMS by default	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default
439	CKV_AWS_21	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure all data stored in the S3 bucket have versioning enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning
440	CKV_AWS_21	/aws/s3.tf	aws_s3_bucket.data	Ensure all data stored in the S3 bucket have versioning enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning
441	CKV_AWS_21	/aws/s3.tf	aws_s3_bucket.financials	Ensure all data stored in the S3 bucket have versioning enabled	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning
442	CKV2_AWS_62	/aws/ec2.tf	aws_s3_bucket.flowbucket	Ensure S3 buckets should have event notifications enabled
443	CKV2_AWS_62	/aws/s3.tf	aws_s3_bucket.data	Ensure S3 buckets should have event notifications enabled
444	CKV2_AWS_62	/aws/s3.tf	aws_s3_bucket.financials	Ensure S3 buckets should have event notifications enabled
445	CKV2_AWS_62	/aws/s3.tf	aws_s3_bucket.operations	Ensure S3 buckets should have event notifications enabled
446	CKV2_AWS_62	/aws/s3.tf	aws_s3_bucket.data_science	Ensure S3 buckets should have event notifications enabled
447	CKV2_AWS_62	/aws/s3.tf	aws_s3_bucket.logs	Ensure S3 buckets should have event notifications enabled
448	CKV2_AWS_60	/aws/db-app.tf	aws_db_instance.default	Ensure RDS instance with copy tags to snapshots is enabled

---

dockerfile scan results:

	check_id	file	resource	check_name	guideline
0	CKV_DOCKER_2	/aws/resources/Dockerfile	/aws/resources/Dockerfile.	Ensure that HEALTHCHECK instructions have been added to container images	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
1	CKV_DOCKER_3	/aws/resources/Dockerfile	/aws/resources/Dockerfile.	Ensure that a user for the container has been created	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

---

secrets scan results:

	check_id	file	resource	check_name	guideline
0	CKV_SECRET_2	/aws/ec2.tf	fc3f784491eba6121c3bfcc1652a2c57d27b16cb	AWS Access Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-2
1	CKV_SECRET_6	/aws/ec2.tf	c00f1a6e4b20aa64691d50781b810756d6254b8e	Base64 High Entropy String	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6
2	CKV_SECRET_2	/aws/lambda.tf	25910f981e85ca04baf359199dd0bd4a3ae738b6	AWS Access Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-2
3	CKV_SECRET_6	/aws/lambda.tf	d70eab08607a4d05faa2d0d6647206599e9abc65	Base64 High Entropy String	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6
4	CKV_SECRET_2	/aws/providers.tf	25910f981e85ca04baf359199dd0bd4a3ae738b6	AWS Access Key	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-2
5	CKV_SECRET_6	/aws/providers.tf	d70eab08607a4d05faa2d0d6647206599e9abc65	Base64 High Entropy String	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6
6	CKV_SECRET_6	/azure/sql.tf	a57ae0fe47084bc8a05f69f3f8083896f8b437b0	Base64 High Entropy String	https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6

---