All Checks
cloud-audit runs 80 checks across 18 AWS services.
By Category
- Security: 72 checks
- Cost: 4 checks
- Reliability: 4 checks
By Service
| Service | Checks | Check IDs |
|---|---|---|
| IAM | 16 | aws-iam-001 through aws-iam-016 |
| CloudWatch | 15 | aws-cw-001 through aws-cw-015 |
| CloudTrail | 7 | aws-ct-001 through aws-ct-007 |
| S3 | 7 | aws-s3-001 through aws-s3-007 |
| EC2 | 6 | aws-ec2-001 through aws-ec2-006 |
| VPC | 5 | aws-vpc-001 through aws-vpc-005 |
| RDS | 4 | aws-rds-001 through aws-rds-004 |
| Lambda | 3 | aws-lambda-001 through aws-lambda-003 |
| ECS | 3 | aws-ecs-001 through aws-ecs-003 |
| GuardDuty | 2 | aws-gd-001, aws-gd-002 |
| Config | 2 | aws-cfg-001, aws-cfg-002 |
| KMS | 2 | aws-kms-001, aws-kms-002 |
| SSM | 2 | aws-ssm-001, aws-ssm-002 |
| Secrets Manager | 2 | aws-sm-001, aws-sm-002 |
| Account | 1 | aws-account-001 |
| EFS | 1 | aws-efs-001 |
| EIP | 1 | aws-eip-001 |
| Security Hub | 1 | aws-sh-001 |
Design Philosophy
Every check answers one question: would an attacker exploit this?
If not, the check does not exist. cloud-audit optimizes for signal over noise. 80 curated checks that matter are more useful than 500 generic checks that cause alert fatigue.