> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# EC2 Audit

### Checks Performed

* [AMI Age Should Not Exceed the Configured Age](ec2monitoring/rules/age_of_ami)
* [EC2 AMIs Should Be Encrypted](ec2monitoring/rules/ami_is_encrypted)
* [Autoscaling Groups Health Checks Should Be Checked](ec2monitoring/rules/autoscaling_group_elb_healthcheck_required)
* [Autoscaling Hop Limit Should Be Checked](ec2monitoring/rules/autoscaling_launch_config_hop_limit)
* [VPN Tunnel Should Be Up](ec2monitoring/rules/aws_vpn_tunnels_up)
* [Backup Plan Should Have Retention Period](ec2monitoring/rules/backup_plan_min_retention_check)
* [Backup Manual Deletion Should Be Disabled](ec2monitoring/rules/backup_recovery_point_manual_deletion_disabled)
* [Recovery Point Retention Should Be Reviewed](ec2monitoring/rules/backup_recovery_point_minimum_retention_check)
* [Ensure Access Logging Is Enabled For Elastic Beanstalk Load Balancer](ec2monitoring/rules/beanstalk_access_logs_enabled)
* [Ensure Enhanced Health Reporting Is Enabled For Elastic Beanstalk Environments](ec2monitoring/rules/beanstalk_enhanced_health_reporting)
* [Enforce HTTPS For Elastic Beanstalk Load Balancers](ec2monitoring/rules/beanstalk_https_enabled)
* [Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment](ec2monitoring/rules/beanstalk_managed_platform_updates)
* [Enable Alert Notifications For Elastic Beanstalk Events](ec2monitoring/rules/beanstalk_notification_enabled)
* [Ensure Persistent Logs Are Enabled For Elastic Beanstalk Environments](ec2monitoring/rules/beanstalk_persistent_logs)
* [Ensure X-Ray Tracing Is Enabled For Elastic Beanstalk Environments](ec2monitoring/rules/beanstalk_xray_enabled)
* [Patch Installation Should Be Done On Systems Manager](ec2monitoring/rules/check_patch_compliance_status)
* [AWS Client VPN Authorization Rules Should Be Enabled Authorizing All Clients](ec2monitoring/rules/client_vpn_authorize_all)
* [Default Security Group Should Not Allow Unrestricted Public Traffic](ec2monitoring/rules/default_security_group_unrestricted)
* [Restrict data-tier subnet connectivity to VPC NAT Gateway](ec2monitoring/rules/dt_subnet)
* [EBS volume encrypted](ec2monitoring/rules/ebs_encryption_on)
* [EC2 AMIs Should Not Be Public](ec2monitoring/rules/ec2_ami_non_public)
* [Enforce HTTPS For Elastic Beanstalk Load Balancers](ec2monitoring/rules/ec2_beanstalk_lb_https)
* [EC2-Classic Elastic IP Address Limit Should Not Be Reached](ec2monitoring/rules/ec2_classic_elastic_ip_address_limit)
* [EC2 Instance Should Be of Desired Type](ec2monitoring/rules/ec2_desired_instance_type)
* [Detailed Monitoring for EC2 Instances Should Be Enabled](ec2monitoring/rules/ec2_detailed_monitoring)
* [Scheduled Events for EC2 Instances](ec2monitoring/rules/ec2_for_retirement)
* [EC2 Instances With Multiple Security Groups](ec2monitoring/rules/ec2_has_large_sg_groups)
* [AWS EC2 Hibernation Should Be Enabled](ec2monitoring/rules/ec2_hibernation)
* [EC2 IAM Roles Should Be Used](ec2monitoring/rules/ec2_iam_roles)
* [EC2 IAM Roles Should Be Used](ec2monitoring/rules/ec2_iam_roles)
* [EC2 Instances Should Use Latest Generation](ec2monitoring/rules/ec2_instance_generation)
* [EC2 Uses Multiple Elastic Network Interfaces](ec2monitoring/rules/ec2_instance_multiple_eni_check)
* [Scheduled Events for EC2 Instances](ec2monitoring/rules/ec2_instance_retirement)
* [EC2 Instance Tenancy](ec2monitoring/rules/ec2_instance_tenancy)
* [Require IMDSv2 For EC2 Instances](ec2monitoring/rules/ec2_instances_without_imdsv2)
* [Elastic Compute Cloud Should Have Recovery Point](ec2monitoring/rules/ec2_last_backup_recovery_point_created_with_in_specified_duration)
* [EC2 Instances Should Not Reach vCPU Limit](ec2monitoring/rules/ec2_limit_vcpu_check)
* [None Specified Applications Should Be Installed On Instance](ec2monitoring/rules/ec2_managedinstance_applications_blacklisted)
* [Specified Applications Should Be Installed On Instance](ec2monitoring/rules/ec2_managedinstance_applications_required)
* [Status OF Managed Instance Compliance Should Be Checked](ec2monitoring/rules/ec2_managedinstance_association_compliance_status_check)
* [EC2 Systems Manager Are Configured To Collect Blacklisted Inventory](ec2monitoring/rules/ec2_managedinstance_inventory_blacklisted)
* [EC2 Instance Should Not Be In Public Subnet](ec2monitoring/rules/ec2_not_in_public_subnet)
* [Long Running Instances Should Be Re-launched](ec2monitoring/rules/ec2_older_than_x_days)
* [Virtualization Type Of EC2 Instance Is Paravirtual](ec2monitoring/rules/ec2_paravirtual_instance_check)
* [EC2 Instances Should Have Backup Plan Protection](ec2monitoring/rules/ec2_resources_protected_by_backup_plan)
* [Termination Protection Should Be Enabled](ec2monitoring/rules/ec2_termination_protection)
* [EC2 Hop Limit Check](ec2monitoring/rules/ec2_token_hop_limit_check)
* [EC2-VPC Elastic IP Address Limit Should Not Be Reached](ec2monitoring/rules/ec2_vpc_elastic_ip_address_limit)
* [Elastic File System Should Be In Backup Plan](ec2monitoring/rules/efs_in_backup_plan)
* [Elastic File System Should Have Recovery Point](ec2monitoring/rules/efs_last_backup_recovery_point_created_with_in_specified_duration)
* [Enable Volume Encryption](ec2monitoring/rules/enable_volume_encryption)
* [Non-Empty Stateless Network Firewall Rule Groups Should Not Be Present](ec2monitoring/rules/firewall_stateless_rule_group_not_empty)
* [FSx Should Have Recovery Point](ec2monitoring/rules/fsx_last_backup_recovery_point_created_with_in_specified_duration)
* [FSx Should Have Backup Plan](ec2monitoring/rules/fsx_resources_protected_by_backup_plan)
* [EC2 Instances Should Not Be Idle](ec2monitoring/rules/idle_ec2_instance)
* [Instance Should Be Launched In Auto Scaling Group](ec2monitoring/rules/instance_in_auto_scaling_group)
* [Internet Gateways Should Be Attached To Authorized Virtual Private Clouds](ec2monitoring/rules/internet_gateway_authorized_vpc_only)
* [Network Firewall Deletion Protection Should Be Enabled](ec2monitoring/rules/network_firewall_deletion_protection)
* [Network Firewall Logging Should Be Enabled](ec2monitoring/rules/network_firewall_logging_enabled)
* [Network Firewalls Deployed Across Multiple Availability Zones](ec2monitoring/rules/network_firewall_multi_az)
* [Network Firewall Rule Groups Should Be Stateless Or Stateful](ec2monitoring/rules/network_firewall_stateful_stateless)
* [Blacklisted AMIs Should Not Be Used](ec2monitoring/rules/no_blacklisted_ami)
* [EC2 Instances Should Not Have Blacklisted Instance Types](ec2monitoring/rules/no_blacklisted_instance_types)
* [Default VPC Should Not Be In Use](ec2monitoring/rules/no_default_vpc_inuse)
* [EC2 Classic Should Not Be Used](ec2monitoring/rules/no_ec2_classic)
* [EC2 Instances Should Not Be Overutilized](ec2monitoring/rules/overutilized_ec2_instance)
* [Network Firewall Policy Default Action Should Be Set For Fragmented Packets](ec2monitoring/rules/policy_default_action_fragment_packets)
* [Network Firewall Policy Default Action Should Be Set For Full Packets](ec2monitoring/rules/policy_default_action_full_packets)
* [Reserved Instance Lease Expiration In The Next 7 Days](ec2monitoring/rules/reserved_instance_lease_expiry_7_days)
* [Reserved Instance Lease Expiration In The Next 30 Days](ec2monitoring/rules/reserved_instance_lease_expiry_30_days)
* [EC2 Reserved Instances Should Not Have Payment Failed](ec2monitoring/rules/reserved_instance_payment_failed)
* [EC2 Reserved Instances Should Not Have Payment Pending](ec2monitoring/rules/reserved_instance_payment_pending)
* [EC2 Reserved Instances Recent Purchases Should Be Reviewed](ec2monitoring/rules/reserved_instance_recent_purchase)
* [Non-Default Security Groups Should Be Attached To Elastic Network Interface](ec2monitoring/rules/security_group_attached_to_eni)
* [Security Group Excessive Counts](ec2monitoring/rules/security_group_counts)
* [Security Group Name Prefixed With launch-wizard Should Not Be Used](ec2monitoring/rules/security_group_name_prefixed_launch_wizard)
* [Security Group Port Range](ec2monitoring/rules/security_group_port_range)
* [Security Groups Should Not Allow Inbound Traffic From RFC 1918](ec2monitoring/rules/security_group_rfc)
* [Security Group Rules Counts](ec2monitoring/rules/security_group_rules_counts)
* [Security Groups Should Have Descriptions](ec2monitoring/rules/sg_has_description)
* [SSM Document Should Not Be Public](ec2monitoring/rules/ssm_document_not_public)
* [EC2 Instances Should Be Managed By SSM](ec2monitoring/rules/ssm_managed_instances)
* [SSM Parameters Should Be Encrypted](ec2monitoring/rules/ssm_parameter_encryption)
* [SSM Session Length Should Be Minimum](ec2monitoring/rules/ssm_session_length)
* [Storage Gateway Volume Last Backup Recovery Point Should Be Created Within Specified Duration](ec2monitoring/rules/storage_gateway_volume_last_backup_recovery_point_created_with_in_specified_duration)
* [Storage Gateway Recovery Point Should Be Created](ec2monitoring/rules/storagegateway_last_backup_recovery_point_created)
* [Storage Gateway Volumes Should Have Backup Plan](ec2monitoring/rules/storagegateway_resources_protected_by_backup_plan)
* [Unassociated Elastic IP Addresses Should Be Removed](ec2monitoring/rules/unassociated_elastic_ip_addresses)
* [EC2 Instances Should Not Be Underutilized](ec2monitoring/rules/underutilized_ec2_instance)
* [Unrestricted CIFS Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_cifs_access)
* [Unrestricted DNS Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_dns_access)
* [Unrestricted Elasticsearch Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_elasticsearch_access)
* [Unrestricted FTP Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_ftp_access)
* [Unrestricted HTTP Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_http_access)
* [Unrestricted HTTPS Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_https_access)
* [Unrestricted ICMP Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_icmp_access)
* [Unrestricted Inbound Access on All Uncommon Ports Should Not Be Allowed](ec2monitoring/rules/unrestricted_inbound_access)
* [Unrestricted MongoDB Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_mongodb_access)
* [Unrestricted MsSQL Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_mssql_access)
* [Unrestricted MySQL Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_mysql_access)
* [Unrestricted Netbios Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_netbios_access)
* [Unrestricted Oracle Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_oracle_access)
* [Unrestricted Outbound Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_outbound_access)
* [Unrestricted PostgreSQL Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_postgresql_access)
* [Unrestricted RDP Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_rdp_access)
* [Unrestricted RPC Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_rpc_access)
* [Unrestricted SMTP Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_smtp_access)
* [Unrestricted SSH Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_ssh_access)
* [Unrestricted Telnet Access Should Not Be Allowed](ec2monitoring/rules/unrestricted_telnet_access)
* [Unused AMIs Should Be Removed](ec2monitoring/rules/unused_ami)
* [Unused Elastic Network Interfaces Should Be Removed](ec2monitoring/rules/unused_elastic_network_interfaces)
* [Unused AWS EC2 Key Pairs Should Be Removed](ec2monitoring/rules/unused_key_pairs)
* [Reserved Instances Should Not Be Unused](ec2monitoring/rules/unused_reserved_instances)
* [VPC Flow Logs Should Be Enabled](ec2monitoring/rules/vpc_flow_logs_enabled)
* [Accepter/Requester VPC To Private IP Should Be Enabled](ec2monitoring/rules/vpc_peering_dns_resolution_check)
