--- layout: default title: all resource scans nav_order: 1 --- # all resource scans (auto generated) | | Id | Type | Entity | Policy | IaC | Resource Link | |------|--------------------------|----------------------------------|--------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 0 | CKV2_ADO_1 | resource | azuredevops_branch_policy_min_reviewers | Ensure at least two approving reviews for PRs | Terraform | [ADORepositoryHasMinTwoReviewers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azuredevops/ADORepositoryHasMinTwoReviewers.yaml) | | 1 | CKV2_ADO_1 | resource | azuredevops_git_repository | Ensure at least two approving reviews for PRs | Terraform | [ADORepositoryHasMinTwoReviewers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azuredevops/ADORepositoryHasMinTwoReviewers.yaml) | | 2 | CKV_ALI_1 | resource | alicloud_oss_bucket | Alibaba Cloud OSS bucket accessible to public | Terraform | [OSSBucketPublic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/alicloud/OSSBucketPublic.yaml) | | 3 | CKV_ALI_1 | resource | alicloud_oss_bucket_acl | Alibaba Cloud OSS bucket accessible to public | Terraform | [OSSBucketPublic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/alicloud/OSSBucketPublic.yaml) | | 4 | CKV_ALI_2 | resource | alicloud_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/SecurityGroupUnrestrictedIngress22.py) | | 5 | CKV_ALI_3 | resource | alicloud_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/SecurityGroupUnrestrictedIngress3389.py) | | 6 | CKV_ALI_4 | resource | alicloud_actiontrail_trail | Ensure Action Trail Logging for all regions | Terraform | [ActionTrailLogAllRegions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/ActionTrailLogAllRegions.py) | | 7 | CKV_ALI_5 | resource | alicloud_actiontrail_trail | Ensure Action Trail Logging for all events | Terraform | [ActionTrailLogAllEvents.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/ActionTrailLogAllEvents.py) | | 8 | CKV_ALI_6 | resource | alicloud_oss_bucket | Ensure OSS bucket is encrypted with Customer Master Key | Terraform | [OSSBucketEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/OSSBucketEncryptedWithCMK.py) | | 9 | CKV_ALI_7 | resource | alicloud_disk | Ensure disk is encrypted | Terraform | [DiskIsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/DiskIsEncrypted.py) | | 10 | CKV_ALI_8 | resource | alicloud_disk | Ensure Disk is encrypted with Customer Master Key | Terraform | [DiskEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/DiskEncryptedWithCMK.py) | | 11 | CKV_ALI_9 | resource | alicloud_db_instance | Ensure database instance is not public | Terraform | [RDSIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSIsPublic.py) | | 12 | CKV_ALI_10 | resource | alicloud_oss_bucket | Ensure OSS bucket has versioning enabled | Terraform | [OSSBucketVersioning.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/OSSBucketVersioning.py) | | 13 | CKV_ALI_11 | resource | alicloud_oss_bucket | Ensure OSS bucket has transfer Acceleration enabled | Terraform | [OSSBucketTransferAcceleration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/OSSBucketTransferAcceleration.py) | | 14 | CKV_ALI_12 | resource | alicloud_oss_bucket | Ensure the OSS bucket has access logging enabled | Terraform | [OSSBucketAccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/OSSBucketAccessLogs.py) | | 15 | CKV_ALI_13 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires minimum length of 14 or greater | Terraform | [RAMPasswordPolicyLength.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyLength.py) | | 16 | CKV_ALI_14 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one number | Terraform | [RAMPasswordPolicyNumber.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyNumber.py) | | 17 | CKV_ALI_15 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one symbol | Terraform | [RAMPasswordPolicySymbol.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicySymbol.py) | | 18 | CKV_ALI_16 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy expires passwords within 90 days or less | Terraform | [RAMPasswordPolicyExpiration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyExpiration.py) | | 19 | CKV_ALI_17 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one lowercase letter | Terraform | [RAMPasswordPolicyLowercaseLetter.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyLowercaseLetter.py) | | 20 | CKV_ALI_18 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy prevents password reuse | Terraform | [RAMPasswordPolicyReuse.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyReuse.py) | | 21 | CKV_ALI_19 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one uppercase letter | Terraform | [RAMPasswordPolicyUppcaseLetter.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyUppcaseLetter.py) | | 22 | CKV_ALI_20 | resource | alicloud_db_instance | Ensure RDS instance uses SSL | Terraform | [RDSInstanceSSL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSInstanceSSL.py) | | 23 | CKV_ALI_21 | resource | alicloud_api_gateway_api | Ensure API Gateway API Protocol HTTPS | Terraform | [APIGatewayProtocolHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/APIGatewayProtocolHTTPS.py) | | 24 | CKV_ALI_22 | resource | alicloud_db_instance | Ensure Transparent Data Encryption is Enabled on instance | Terraform | [RDSTransparentDataEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSTransparentDataEncryptionEnabled.py) | | 25 | CKV_ALI_23 | resource | alicloud_ram_account_password_policy | Ensure Ram Account Password Policy Max Login Attempts not > 5 | Terraform | [RAMPasswordPolicyMaxLogin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMPasswordPolicyMaxLogin.py) | | 26 | CKV_ALI_24 | resource | alicloud_ram_security_preference | Ensure RAM enforces MFA | Terraform | [RAMSecurityEnforceMFA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RAMSecurityEnforceMFA.py) | | 27 | CKV_ALI_25 | resource | alicloud_db_instance | Ensure RDS Instance SQL Collector Retention Period should be greater than 180 | Terraform | [RDSRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSRetention.py) | | 28 | CKV_ALI_26 | resource | alicloud_cs_kubernetes | Ensure Kubernetes installs plugin Terway or Flannel to support standard policies | Terraform | [K8sEnableNetworkPolicies.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/K8sEnableNetworkPolicies.py) | | 29 | CKV_ALI_27 | resource | alicloud_kms_key | Ensure KMS Key Rotation is enabled | Terraform | [KMSKeyRotationIsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/KMSKeyRotationIsEnabled.py) | | 30 | CKV_ALI_28 | resource | alicloud_kms_key | Ensure KMS Keys are enabled | Terraform | [KMSKeyIsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/KMSKeyIsEnabled.py) | | 31 | CKV_ALI_29 | resource | alicloud_alb_acl_entry_attachment | Alibaba ALB ACL does not restrict Access | Terraform | [ALBACLIsUnrestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/ALBACLIsUnrestricted.py) | | 32 | CKV_ALI_30 | resource | alicloud_db_instance | Ensure RDS instance auto upgrades for minor versions | Terraform | [RDSInstanceAutoUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSInstanceAutoUpgrade.py) | | 33 | CKV_ALI_31 | resource | alicloud_cs_kubernetes_node_pool | Ensure K8s nodepools are set to auto repair | Terraform | [K8sNodePoolAutoRepair.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/K8sNodePoolAutoRepair.py) | | 34 | CKV_ALI_32 | resource | alicloud_ecs_launch_template | Ensure launch template data disks are encrypted | Terraform | [LaunchTemplateDisksAreEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/LaunchTemplateDisksAreEncrypted.py) | | 35 | CKV_ALI_33 | resource | alicloud_slb_tls_cipher_policy | Alibaba Cloud Cypher Policy are secure | Terraform | [TLSPoliciesAreSecure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/TLSPoliciesAreSecure.py) | | 36 | CKV_ALI_35 | resource | alicloud_db_instance | Ensure RDS instance has log_duration enabled | Terraform | [RDSInstanceLogsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSInstanceLogsEnabled.py) | | 37 | CKV_ALI_36 | resource | alicloud_db_instance | Ensure RDS instance has log_disconnections enabled | Terraform | [RDSInstanceLogDisconnections.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSInstanceLogDisconnections.py) | | 38 | CKV_ALI_37 | resource | alicloud_db_instance | Ensure RDS instance has log_connections enabled | Terraform | [RDSInstanceLogConnections.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/RDSInstanceLogConnections.py) | | 39 | CKV_ALI_38 | resource | alicloud_log_audit | Ensure log audit is enabled for RDS | Terraform | [LogAuditRDSEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/LogAuditRDSEnabled.py) | | 40 | CKV_ALI_41 | resource | alicloud_mongodb_instance | Ensure MongoDB is deployed inside a VPC | Terraform | [MongoDBInsideVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/MongoDBInsideVPC.py) | | 41 | CKV_ALI_42 | resource | alicloud_mongodb_instance | Ensure Mongodb instance uses SSL | Terraform | [MongoDBInstanceSSL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/MongoDBInstanceSSL.py) | | 42 | CKV_ALI_43 | resource | alicloud_mongodb_instance | Ensure MongoDB instance is not public | Terraform | [MongoDBIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/MongoDBIsPublic.py) | | 43 | CKV_ALI_44 | resource | alicloud_mongodb_instance | Ensure MongoDB has Transparent Data Encryption Enabled | Terraform | [MongoDBTransparentDataEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/alicloud/MongoDBTransparentDataEncryptionEnabled.py) | | 44 | CKV_ANSIBLE_1 | resource | [?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 45 | CKV_ANSIBLE_1 | resource | [?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 46 | CKV_ANSIBLE_1 | resource | [].block[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 47 | CKV_ANSIBLE_1 | resource | [].block[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 48 | CKV_ANSIBLE_1 | resource | [].block[].block[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 49 | CKV_ANSIBLE_1 | resource | [].block[].block[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 50 | CKV_ANSIBLE_1 | resource | [].block[].block[].block[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 51 | CKV_ANSIBLE_1 | resource | [].block[].block[].block[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 52 | CKV_ANSIBLE_1 | resource | [].tasks[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 53 | CKV_ANSIBLE_1 | resource | [].tasks[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 54 | CKV_ANSIBLE_1 | resource | [].tasks[].block[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 55 | CKV_ANSIBLE_1 | resource | [].tasks[].block[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 56 | CKV_ANSIBLE_1 | resource | [].tasks[].block[].block[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 57 | CKV_ANSIBLE_1 | resource | [].tasks[].block[].block[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 58 | CKV_ANSIBLE_1 | resource | [].tasks[].block[].block[].block[?"ansible.builtin.uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 59 | CKV_ANSIBLE_1 | resource | [].tasks[].block[].block[].block[?"uri" != null][] | Ensure that certificate validation isn't disabled with uri | Ansible | [UriValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/UriValidateCerts.py) | | 60 | CKV_ANSIBLE_2 | resource | [?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 61 | CKV_ANSIBLE_2 | resource | [?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 62 | CKV_ANSIBLE_2 | resource | [].block[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 63 | CKV_ANSIBLE_2 | resource | [].block[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 64 | CKV_ANSIBLE_2 | resource | [].block[].block[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 65 | CKV_ANSIBLE_2 | resource | [].block[].block[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 66 | CKV_ANSIBLE_2 | resource | [].block[].block[].block[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 67 | CKV_ANSIBLE_2 | resource | [].block[].block[].block[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 68 | CKV_ANSIBLE_2 | resource | [].tasks[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 69 | CKV_ANSIBLE_2 | resource | [].tasks[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 70 | CKV_ANSIBLE_2 | resource | [].tasks[].block[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 71 | CKV_ANSIBLE_2 | resource | [].tasks[].block[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 72 | CKV_ANSIBLE_2 | resource | [].tasks[].block[].block[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 73 | CKV_ANSIBLE_2 | resource | [].tasks[].block[].block[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 74 | CKV_ANSIBLE_2 | resource | [].tasks[].block[].block[].block[?"ansible.builtin.get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 75 | CKV_ANSIBLE_2 | resource | [].tasks[].block[].block[].block[?"get_url" != null][] | Ensure that certificate validation isn't disabled with get_url | Ansible | [GetUrlValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/GetUrlValidateCerts.py) | | 76 | CKV_ANSIBLE_3 | resource | [?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 77 | CKV_ANSIBLE_3 | resource | [?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 78 | CKV_ANSIBLE_3 | resource | [].block[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 79 | CKV_ANSIBLE_3 | resource | [].block[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 80 | CKV_ANSIBLE_3 | resource | [].block[].block[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 81 | CKV_ANSIBLE_3 | resource | [].block[].block[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 82 | CKV_ANSIBLE_3 | resource | [].block[].block[].block[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 83 | CKV_ANSIBLE_3 | resource | [].block[].block[].block[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 84 | CKV_ANSIBLE_3 | resource | [].tasks[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 85 | CKV_ANSIBLE_3 | resource | [].tasks[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 86 | CKV_ANSIBLE_3 | resource | [].tasks[].block[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 87 | CKV_ANSIBLE_3 | resource | [].tasks[].block[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 88 | CKV_ANSIBLE_3 | resource | [].tasks[].block[].block[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 89 | CKV_ANSIBLE_3 | resource | [].tasks[].block[].block[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 90 | CKV_ANSIBLE_3 | resource | [].tasks[].block[].block[].block[?"ansible.builtin.yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 91 | CKV_ANSIBLE_3 | resource | [].tasks[].block[].block[].block[?"yum" != null][] | Ensure that certificate validation isn't disabled with yum | Ansible | [YumValidateCerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumValidateCerts.py) | | 92 | CKV_ANSIBLE_4 | resource | [?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 93 | CKV_ANSIBLE_4 | resource | [?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 94 | CKV_ANSIBLE_4 | resource | [].block[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 95 | CKV_ANSIBLE_4 | resource | [].block[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 96 | CKV_ANSIBLE_4 | resource | [].block[].block[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 97 | CKV_ANSIBLE_4 | resource | [].block[].block[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 98 | CKV_ANSIBLE_4 | resource | [].block[].block[].block[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 99 | CKV_ANSIBLE_4 | resource | [].block[].block[].block[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 100 | CKV_ANSIBLE_4 | resource | [].tasks[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 101 | CKV_ANSIBLE_4 | resource | [].tasks[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 102 | CKV_ANSIBLE_4 | resource | [].tasks[].block[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 103 | CKV_ANSIBLE_4 | resource | [].tasks[].block[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 104 | CKV_ANSIBLE_4 | resource | [].tasks[].block[].block[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 105 | CKV_ANSIBLE_4 | resource | [].tasks[].block[].block[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 106 | CKV_ANSIBLE_4 | resource | [].tasks[].block[].block[].block[?"ansible.builtin.yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 107 | CKV_ANSIBLE_4 | resource | [].tasks[].block[].block[].block[?"yum" != null][] | Ensure that SSL validation isn't disabled with yum | Ansible | [YumSslVerify.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/YumSslVerify.py) | | 108 | CKV_ANSIBLE_5 | resource | [?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 109 | CKV_ANSIBLE_5 | resource | [?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 110 | CKV_ANSIBLE_5 | resource | [].block[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 111 | CKV_ANSIBLE_5 | resource | [].block[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 112 | CKV_ANSIBLE_5 | resource | [].block[].block[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 113 | CKV_ANSIBLE_5 | resource | [].block[].block[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 114 | CKV_ANSIBLE_5 | resource | [].block[].block[].block[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 115 | CKV_ANSIBLE_5 | resource | [].block[].block[].block[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 116 | CKV_ANSIBLE_5 | resource | [].tasks[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 117 | CKV_ANSIBLE_5 | resource | [].tasks[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 118 | CKV_ANSIBLE_5 | resource | [].tasks[].block[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 119 | CKV_ANSIBLE_5 | resource | [].tasks[].block[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 120 | CKV_ANSIBLE_5 | resource | [].tasks[].block[].block[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 121 | CKV_ANSIBLE_5 | resource | [].tasks[].block[].block[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 122 | CKV_ANSIBLE_5 | resource | [].tasks[].block[].block[].block[?"ansible.builtin.apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 123 | CKV_ANSIBLE_5 | resource | [].tasks[].block[].block[].block[?"apt" != null][] | Ensure that packages with untrusted or missing signatures are not used | Ansible | [AptAllowUnauthenticated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptAllowUnauthenticated.py) | | 124 | CKV_ANSIBLE_6 | resource | [?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 125 | CKV_ANSIBLE_6 | resource | [?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 126 | CKV_ANSIBLE_6 | resource | [].block[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 127 | CKV_ANSIBLE_6 | resource | [].block[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 128 | CKV_ANSIBLE_6 | resource | [].block[].block[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 129 | CKV_ANSIBLE_6 | resource | [].block[].block[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 130 | CKV_ANSIBLE_6 | resource | [].block[].block[].block[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 131 | CKV_ANSIBLE_6 | resource | [].block[].block[].block[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 132 | CKV_ANSIBLE_6 | resource | [].tasks[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 133 | CKV_ANSIBLE_6 | resource | [].tasks[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 134 | CKV_ANSIBLE_6 | resource | [].tasks[].block[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 135 | CKV_ANSIBLE_6 | resource | [].tasks[].block[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 136 | CKV_ANSIBLE_6 | resource | [].tasks[].block[].block[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 137 | CKV_ANSIBLE_6 | resource | [].tasks[].block[].block[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 138 | CKV_ANSIBLE_6 | resource | [].tasks[].block[].block[].block[?"ansible.builtin.apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 139 | CKV_ANSIBLE_6 | resource | [].tasks[].block[].block[].block[?"apt" != null][] | Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | Ansible | [AptForce.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/builtin/AptForce.py) | | 140 | CKV2_ANSIBLE_1 | resource | tasks.ansible.builtin.uri | Ensure that HTTPS url is used with uri | Ansible | [UriHttpsOnly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/UriHttpsOnly.yaml) | | 141 | CKV2_ANSIBLE_1 | resource | tasks.uri | Ensure that HTTPS url is used with uri | Ansible | [UriHttpsOnly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/UriHttpsOnly.yaml) | | 142 | CKV2_ANSIBLE_2 | resource | tasks.ansible.builtin.get_url | Ensure that HTTPS url is used with get_url | Ansible | [GetUrlHttpsOnly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/GetUrlHttpsOnly.yaml) | | 143 | CKV2_ANSIBLE_2 | resource | tasks.get_url | Ensure that HTTPS url is used with get_url | Ansible | [GetUrlHttpsOnly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/GetUrlHttpsOnly.yaml) | | 144 | CKV2_ANSIBLE_3 | resource | block | Ensure block is handling task errors properly | Ansible | [BlockErrorHandling.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/BlockErrorHandling.yaml) | | 145 | CKV2_ANSIBLE_4 | resource | tasks.ansible.builtin.dnf | Ensure that packages with untrusted or missing GPG signatures are not used by dnf | Ansible | [DnfDisableGpgCheck.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/DnfDisableGpgCheck.yaml) | | 146 | CKV2_ANSIBLE_4 | resource | tasks.dnf | Ensure that packages with untrusted or missing GPG signatures are not used by dnf | Ansible | [DnfDisableGpgCheck.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/DnfDisableGpgCheck.yaml) | | 147 | CKV2_ANSIBLE_5 | resource | tasks.ansible.builtin.dnf | Ensure that SSL validation isn't disabled with dnf | Ansible | [DnfSslVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/DnfSslVerify.yaml) | | 148 | CKV2_ANSIBLE_5 | resource | tasks.dnf | Ensure that SSL validation isn't disabled with dnf | Ansible | [DnfSslVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/DnfSslVerify.yaml) | | 149 | CKV2_ANSIBLE_6 | resource | tasks.ansible.builtin.dnf | Ensure that certificate validation isn't disabled with dnf | Ansible | [DnfValidateCerts.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/DnfValidateCerts.yaml) | | 150 | CKV2_ANSIBLE_6 | resource | tasks.dnf | Ensure that certificate validation isn't disabled with dnf | Ansible | [DnfValidateCerts.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/DnfValidateCerts.yaml) | | 151 | CKV_ARGO_1 | argo_workflows | spec | Ensure Workflow pods are not using the default ServiceAccount | Argo Workflows | [DefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/argo_workflows/checks/template/DefaultServiceAccount.py) | | 152 | CKV_ARGO_2 | argo_workflows | spec | Ensure Workflow pods are running as non-root user | Argo Workflows | [RunAsNonRoot.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/argo_workflows/checks/template/RunAsNonRoot.py) | | 153 | CKV_AWS_1 | data | aws_iam_policy_document | Ensure IAM policies that allow full "*-*" administrative privileges are not created | Terraform | [AdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/AdminPolicyDocument.py) | | 154 | CKV_AWS_1 | resource | serverless_aws | Ensure IAM policies that allow full "*-*" administrative privileges are not created | serverless | [AdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/serverless/checks/function/aws/AdminPolicyDocument.py) | | 155 | CKV_AWS_2 | resource | AWS::ElasticLoadBalancingV2::Listener | Ensure ALB protocol is HTTPS | Cloudformation | [ALBListenerHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ALBListenerHTTPS.py) | | 156 | CKV_AWS_2 | resource | aws_alb_listener | Ensure ALB protocol is HTTPS | Terraform | [ALBListenerHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBListenerHTTPS.py) | | 157 | CKV_AWS_2 | resource | aws_lb_listener | Ensure ALB protocol is HTTPS | Terraform | [ALBListenerHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBListenerHTTPS.py) | | 158 | CKV_AWS_3 | resource | AWS::EC2::Volume | Ensure all data stored in the EBS is securely encrypted | Cloudformation | [EBSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EBSEncryption.py) | | 159 | CKV_AWS_3 | resource | aws_ebs_volume | Ensure all data stored in the EBS is securely encrypted | Terraform | [EBSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EBSEncryption.py) | | 160 | CKV_AWS_5 | resource | AWS::Elasticsearch::Domain | Ensure all data stored in the Elasticsearch is securely encrypted at rest | Cloudformation | [ElasticsearchEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchEncryption.py) | | 161 | CKV_AWS_5 | resource | aws_elasticsearch_domain | Ensure all data stored in the Elasticsearch is securely encrypted at rest | Terraform | [ElasticsearchEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchEncryption.py) | | 162 | CKV_AWS_5 | resource | aws_opensearch_domain | Ensure all data stored in the Elasticsearch is securely encrypted at rest | Terraform | [ElasticsearchEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchEncryption.py) | | 163 | CKV_AWS_6 | resource | AWS::Elasticsearch::Domain | Ensure all Elasticsearch has node-to-node encryption enabled | Cloudformation | [ElasticsearchNodeToNodeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchNodeToNodeEncryption.py) | | 164 | CKV_AWS_6 | resource | aws_elasticsearch_domain | Ensure all Elasticsearch has node-to-node encryption enabled | Terraform | [ElasticsearchNodeToNodeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchNodeToNodeEncryption.py) | | 165 | CKV_AWS_6 | resource | aws_opensearch_domain | Ensure all Elasticsearch has node-to-node encryption enabled | Terraform | [ElasticsearchNodeToNodeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchNodeToNodeEncryption.py) | | 166 | CKV_AWS_7 | resource | AWS::KMS::Key | Ensure rotation for customer created CMKs is enabled | Cloudformation | [KMSRotation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/KMSRotation.py) | | 167 | CKV_AWS_7 | resource | aws_kms_key | Ensure rotation for customer created CMKs is enabled | Terraform | [KMSRotation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KMSRotation.py) | | 168 | CKV_AWS_8 | resource | AWS::AutoScaling::LaunchConfiguration | Ensure all data stored in the Launch configuration EBS is securely encrypted | Cloudformation | [LaunchConfigurationEBSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LaunchConfigurationEBSEncryption.py) | | 169 | CKV_AWS_8 | resource | aws_instance | Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted | Terraform | [LaunchConfigurationEBSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LaunchConfigurationEBSEncryption.py) | | 170 | CKV_AWS_8 | resource | aws_launch_configuration | Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted | Terraform | [LaunchConfigurationEBSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LaunchConfigurationEBSEncryption.py) | | 171 | CKV_AWS_9 | resource | aws_iam_account_password_policy | Ensure IAM password policy expires passwords within 90 days or less | Terraform | [PasswordPolicyExpiration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicyExpiration.py) | | 172 | CKV_AWS_10 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires minimum length of 14 or greater | Terraform | [PasswordPolicyLength.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicyLength.py) | | 173 | CKV_AWS_11 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one lowercase letter | Terraform | [PasswordPolicyLowercaseLetter.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicyLowercaseLetter.py) | | 174 | CKV_AWS_12 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one number | Terraform | [PasswordPolicyNumber.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicyNumber.py) | | 175 | CKV_AWS_13 | resource | aws_iam_account_password_policy | Ensure IAM password policy prevents password reuse | Terraform | [PasswordPolicyReuse.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicyReuse.py) | | 176 | CKV_AWS_14 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one symbol | Terraform | [PasswordPolicySymbol.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicySymbol.py) | | 177 | CKV_AWS_15 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one uppercase letter | Terraform | [PasswordPolicyUppercaseLetter.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/PasswordPolicyUppercaseLetter.py) | | 178 | CKV_AWS_16 | resource | AWS::RDS::DBInstance | Ensure all data stored in the RDS is securely encrypted at rest | Cloudformation | [RDSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RDSEncryption.py) | | 179 | CKV_AWS_16 | resource | aws_db_instance | Ensure all data stored in the RDS is securely encrypted at rest | Terraform | [RDSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSEncryption.py) | | 180 | CKV_AWS_17 | resource | AWS::RDS::DBInstance | Ensure all data stored in RDS is not publicly accessible | Cloudformation | [RDSPubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RDSPubliclyAccessible.py) | | 181 | CKV_AWS_17 | resource | aws_db_instance | Ensure all data stored in RDS is not publicly accessible | Terraform | [RDSPubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSPubliclyAccessible.py) | | 182 | CKV_AWS_17 | resource | aws_rds_cluster_instance | Ensure all data stored in RDS is not publicly accessible | Terraform | [RDSPubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSPubliclyAccessible.py) | | 183 | CKV_AWS_18 | resource | AWS::S3::Bucket | Ensure the S3 bucket has access logging enabled | Cloudformation | [S3AccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3AccessLogs.py) | | 184 | CKV_AWS_18 | resource | aws_s3_bucket | Ensure the S3 bucket has access logging enabled | Terraform | [S3BucketLogging.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketLogging.yaml) | | 185 | CKV_AWS_19 | resource | AWS::S3::Bucket | Ensure the S3 bucket has server-side-encryption enabled | Cloudformation | [S3Encryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3Encryption.py) | | 186 | CKV_AWS_19 | resource | aws_s3_bucket | Ensure all data stored in the S3 bucket is securely encrypted at rest | Terraform | [S3BucketEncryption.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketEncryption.yaml) | | 187 | CKV_AWS_19 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure all data stored in the S3 bucket is securely encrypted at rest | Terraform | [S3BucketEncryption.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketEncryption.yaml) | | 188 | CKV_AWS_20 | resource | AWS::S3::Bucket | Ensure the S3 bucket does not allow READ permissions to everyone | Cloudformation | [S3PublicACLRead.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3PublicACLRead.py) | | 189 | CKV_AWS_20 | resource | aws_s3_bucket | S3 Bucket has an ACL defined which allows public READ access. | Terraform | [S3PublicACLRead.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3PublicACLRead.yaml) | | 190 | CKV_AWS_20 | resource | aws_s3_bucket_acl | S3 Bucket has an ACL defined which allows public READ access. | Terraform | [S3PublicACLRead.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3PublicACLRead.yaml) | | 191 | CKV_AWS_21 | resource | AWS::S3::Bucket | Ensure the S3 bucket has versioning enabled | Cloudformation | [S3Versioning.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3Versioning.py) | | 192 | CKV_AWS_21 | resource | aws_s3_bucket | Ensure all data stored in the S3 bucket have versioning enabled | Terraform | [S3BucketVersioning.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketVersioning.yaml) | | 193 | CKV_AWS_21 | resource | aws_s3_bucket_versioning | Ensure all data stored in the S3 bucket have versioning enabled | Terraform | [S3BucketVersioning.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketVersioning.yaml) | | 194 | CKV_AWS_22 | resource | aws_sagemaker_notebook_instance | Ensure SageMaker Notebook is encrypted at rest using KMS CMK | Terraform | [SagemakerNotebookEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerNotebookEncryption.py) | | 195 | CKV_AWS_23 | resource | AWS::EC2::SecurityGroup | Ensure every security groups rule has a description | Cloudformation | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupRuleDescription.py) | | 196 | CKV_AWS_23 | resource | AWS::EC2::SecurityGroupEgress | Ensure every security groups rule has a description | Cloudformation | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupRuleDescription.py) | | 197 | CKV_AWS_23 | resource | AWS::EC2::SecurityGroupIngress | Ensure every security groups rule has a description | Cloudformation | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupRuleDescription.py) | | 198 | CKV_AWS_23 | resource | aws_db_security_group | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 199 | CKV_AWS_23 | resource | aws_elasticache_security_group | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 200 | CKV_AWS_23 | resource | aws_redshift_security_group | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 201 | CKV_AWS_23 | resource | aws_security_group | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 202 | CKV_AWS_23 | resource | aws_security_group_rule | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 203 | CKV_AWS_23 | resource | aws_vpc_security_group_egress_rule | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 204 | CKV_AWS_23 | resource | aws_vpc_security_group_ingress_rule | Ensure every security group and rule has a description | Terraform | [SecurityGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupRuleDescription.py) | | 205 | CKV_AWS_24 | resource | AWS::EC2::SecurityGroup | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Cloudformation | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py) | | 206 | CKV_AWS_24 | resource | AWS::EC2::SecurityGroupIngress | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Cloudformation | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py) | | 207 | CKV_AWS_24 | resource | aws_security_group | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py) | | 208 | CKV_AWS_24 | resource | aws_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py) | | 209 | CKV_AWS_24 | resource | aws_vpc_security_group_ingress_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress22.py) | | 210 | CKV_AWS_25 | resource | AWS::EC2::SecurityGroup | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Cloudformation | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py) | | 211 | CKV_AWS_25 | resource | AWS::EC2::SecurityGroupIngress | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Cloudformation | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py) | | 212 | CKV_AWS_25 | resource | aws_security_group | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py) | | 213 | CKV_AWS_25 | resource | aws_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py) | | 214 | CKV_AWS_25 | resource | aws_vpc_security_group_ingress_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress3389.py) | | 215 | CKV_AWS_26 | resource | AWS::SNS::Topic | Ensure all data stored in the SNS topic is encrypted | Cloudformation | [SNSTopicEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SNSTopicEncryption.py) | | 216 | CKV_AWS_26 | resource | aws_sns_topic | Ensure all data stored in the SNS topic is encrypted | Terraform | [SNSTopicEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SNSTopicEncryption.py) | | 217 | CKV_AWS_27 | resource | AWS::SQS::Queue | Ensure all data stored in the SQS queue is encrypted | Cloudformation | [SQSQueueEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SQSQueueEncryption.py) | | 218 | CKV_AWS_27 | resource | aws_sqs_queue | Ensure all data stored in the SQS queue is encrypted | Terraform | [SQSQueueEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSQueueEncryption.py) | | 219 | CKV_AWS_28 | resource | AWS::DynamoDB::Table | Ensure DynamoDB point in time recovery (backup) is enabled | Cloudformation | [DynamodbRecovery.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DynamodbRecovery.py) | | 220 | CKV_AWS_28 | resource | aws_dynamodb_table | Ensure DynamoDB point in time recovery (backup) is enabled | Terraform | [DynamodbRecovery.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DynamodbRecovery.py) | | 221 | CKV_AWS_29 | resource | AWS::ElastiCache::ReplicationGroup | Ensure all data stored in the ElastiCache Replication Group is securely encrypted at rest | Cloudformation | [ElasticacheReplicationGroupEncryptionAtRest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtRest.py) | | 222 | CKV_AWS_29 | resource | aws_elasticache_replication_group | Ensure all data stored in the ElastiCache Replication Group is securely encrypted at rest | Terraform | [ElasticacheReplicationGroupEncryptionAtRest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtRest.py) | | 223 | CKV_AWS_30 | resource | AWS::ElastiCache::ReplicationGroup | Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit | Cloudformation | [ElasticacheReplicationGroupEncryptionAtTransit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtTransit.py) | | 224 | CKV_AWS_30 | resource | aws_elasticache_replication_group | Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit | Terraform | [ElasticacheReplicationGroupEncryptionAtTransit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtTransit.py) | | 225 | CKV_AWS_31 | resource | AWS::ElastiCache::ReplicationGroup | Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit and has auth token | Cloudformation | [ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py) | | 226 | CKV_AWS_31 | resource | aws_elasticache_replication_group | Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit and has auth token | Terraform | [ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py) | | 227 | CKV_AWS_32 | resource | AWS::ECR::Repository | Ensure ECR policy is not set to public | Cloudformation | [ECRPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ECRPolicy.py) | | 228 | CKV_AWS_32 | resource | aws_ecr_repository_policy | Ensure ECR policy is not set to public | Terraform | [ECRPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECRPolicy.py) | | 229 | CKV_AWS_33 | resource | AWS::KMS::Key | Ensure KMS key policy does not contain wildcard (*) principal | Cloudformation | [KMSKeyWildCardPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/KMSKeyWildCardPrincipal.py) | | 230 | CKV_AWS_33 | resource | aws_kms_key | Ensure KMS key policy does not contain wildcard (*) principal | Terraform | [KMSKeyWildcardPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KMSKeyWildcardPrincipal.py) | | 231 | CKV_AWS_34 | resource | AWS::CloudFront::Distribution | Ensure CloudFront Distribution ViewerProtocolPolicy is set to HTTPS | Cloudformation | [CloudfrontDistributionEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudfrontDistributionEncryption.py) | | 232 | CKV_AWS_34 | resource | aws_cloudfront_distribution | Ensure CloudFront distribution ViewerProtocolPolicy is set to HTTPS | Terraform | [CloudfrontDistributionEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionEncryption.py) | | 233 | CKV_AWS_35 | resource | AWS::CloudTrail::Trail | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | Cloudformation | [CloudtrailEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudtrailEncryption.py) | | 234 | CKV_AWS_35 | resource | aws_cloudtrail | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | Terraform | [CloudtrailEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailEncryptionWithCMK.py) | | 235 | CKV_AWS_36 | resource | AWS::CloudTrail::Trail | Ensure CloudTrail log file validation is enabled | Cloudformation | [CloudtrailLogValidation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudtrailLogValidation.py) | | 236 | CKV_AWS_36 | resource | aws_cloudtrail | Ensure CloudTrail log file validation is enabled | Terraform | [CloudtrailLogValidation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailLogValidation.py) | | 237 | CKV_AWS_37 | resource | aws_eks_cluster | Ensure Amazon EKS control plane logging is enabled for all log types | Terraform | [EKSControlPlaneLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EKSControlPlaneLogging.py) | | 238 | CKV_AWS_38 | resource | aws_eks_cluster | Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 | Terraform | [EKSPublicAccessCIDR.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EKSPublicAccessCIDR.py) | | 239 | CKV_AWS_39 | resource | aws_eks_cluster | Ensure Amazon EKS public endpoint disabled | Terraform | [EKSPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EKSPublicAccess.py) | | 240 | CKV_AWS_40 | resource | AWS::IAM::Policy | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Cloudformation | [IAMPolicyAttachedToGroupOrRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py) | | 241 | CKV_AWS_40 | resource | aws_iam_policy_attachment | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Terraform | [IAMPolicyAttachedToGroupOrRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py) | | 242 | CKV_AWS_40 | resource | aws_iam_user_policy | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Terraform | [IAMPolicyAttachedToGroupOrRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py) | | 243 | CKV_AWS_40 | resource | aws_iam_user_policy_attachment | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Terraform | [IAMPolicyAttachedToGroupOrRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPolicyAttachedToGroupOrRoles.py) | | 244 | CKV_AWS_41 | provider | aws | Ensure no hard coded AWS access key and secret key exists in provider | Terraform | [credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/provider/aws/credentials.py) | | 245 | CKV_AWS_41 | resource | serverless_aws | Ensure no hard coded AWS access key and secret key exists in provider | serverless | [AWSCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/serverless/checks/function/aws/AWSCredentials.py) | | 246 | CKV_AWS_42 | resource | AWS::EFS::FileSystem | Ensure EFS is securely encrypted | Cloudformation | [EFSEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EFSEncryptionEnabled.py) | | 247 | CKV_AWS_42 | resource | aws_efs_file_system | Ensure EFS is securely encrypted | Terraform | [EFSEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EFSEncryptionEnabled.py) | | 248 | CKV_AWS_43 | resource | AWS::Kinesis::Stream | Ensure Kinesis Stream is securely encrypted | Cloudformation | [KinesisStreamEncryptionType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/KinesisStreamEncryptionType.py) | | 249 | CKV_AWS_43 | resource | aws_kinesis_stream | Ensure Kinesis Stream is securely encrypted | Terraform | [KinesisStreamEncryptionType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KinesisStreamEncryptionType.py) | | 250 | CKV_AWS_44 | resource | AWS::Neptune::DBCluster | Ensure Neptune storage is securely encrypted | Cloudformation | [NeptuneClusterStorageEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/NeptuneClusterStorageEncrypted.py) | | 251 | CKV_AWS_44 | resource | aws_neptune_cluster | Ensure Neptune storage is securely encrypted | Terraform | [NeptuneClusterStorageEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterStorageEncrypted.py) | | 252 | CKV_AWS_45 | resource | AWS::Lambda::Function | Ensure no hard-coded secrets exist in Lambda environment | Cloudformation | [LambdaEnvironmentCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaEnvironmentCredentials.py) | | 253 | CKV_AWS_45 | resource | AWS::Serverless::Function | Ensure no hard-coded secrets exist in Lambda environment | Cloudformation | [LambdaEnvironmentCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaEnvironmentCredentials.py) | | 254 | CKV_AWS_45 | resource | aws_lambda_function | Ensure no hard-coded secrets exist in lambda environment | Terraform | [LambdaEnvironmentCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaEnvironmentCredentials.py) | | 255 | CKV_AWS_46 | resource | AWS::EC2::Instance | Ensure no hard-coded secrets exist in EC2 user data | Cloudformation | [EC2Credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EC2Credentials.py) | | 256 | CKV_AWS_46 | resource | aws_instance | Ensure no hard-coded secrets exist in EC2 user data | Terraform | [EC2Credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2Credentials.py) | | 257 | CKV_AWS_46 | resource | aws_launch_configuration | Ensure no hard-coded secrets exist in EC2 user data | Terraform | [EC2Credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2Credentials.py) | | 258 | CKV_AWS_46 | resource | aws_launch_template | Ensure no hard-coded secrets exist in EC2 user data | Terraform | [EC2Credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2Credentials.py) | | 259 | CKV_AWS_47 | resource | AWS::DAX::Cluster | Ensure DAX is encrypted at rest (default is unencrypted) | Cloudformation | [DAXEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DAXEncryption.py) | | 260 | CKV_AWS_47 | resource | aws_dax_cluster | Ensure DAX is encrypted at rest (default is unencrypted) | Terraform | [DAXEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DAXEncryption.py) | | 261 | CKV_AWS_48 | resource | aws_mq_broker | Ensure MQ Broker logging is enabled | Terraform | [MQBrokerLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerLogging.py) | | 262 | CKV_AWS_49 | data | aws_iam_policy_document | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform | [StarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/StarActionPolicyDocument.py) | | 263 | CKV_AWS_49 | resource | serverless_aws | Ensure no IAM policies documents allow "*" as a statement's actions | serverless | [StarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/serverless/checks/function/aws/StarActionPolicyDocument.py) | | 264 | CKV_AWS_50 | resource | aws_lambda_function | X-Ray tracing is enabled for Lambda | Terraform | [LambdaXrayEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaXrayEnabled.py) | | 265 | CKV_AWS_51 | resource | AWS::ECR::Repository | Ensure ECR Image Tags are immutable | Cloudformation | [ECRImmutableTags.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ECRImmutableTags.py) | | 266 | CKV_AWS_51 | resource | aws_ecr_repository | Ensure ECR Image Tags are immutable | Terraform | [ECRImmutableTags.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECRImmutableTags.py) | | 267 | CKV_AWS_53 | resource | AWS::S3::Bucket | Ensure S3 bucket has block public ACLs enabled | Cloudformation | [S3BlockPublicACLs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3BlockPublicACLs.py) | | 268 | CKV_AWS_53 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has block public ACLS enabled | Terraform | [S3BlockPublicACLs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3BlockPublicACLs.py) | | 269 | CKV_AWS_54 | resource | AWS::S3::Bucket | Ensure S3 bucket has block public policy enabled | Cloudformation | [S3BlockPublicPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3BlockPublicPolicy.py) | | 270 | CKV_AWS_54 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has block public policy enabled | Terraform | [S3BlockPublicPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3BlockPublicPolicy.py) | | 271 | CKV_AWS_55 | resource | AWS::S3::Bucket | Ensure S3 bucket has ignore public ACLs enabled | Cloudformation | [S3IgnorePublicACLs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3IgnorePublicACLs.py) | | 272 | CKV_AWS_55 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has ignore public ACLs enabled | Terraform | [S3IgnorePublicACLs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3IgnorePublicACLs.py) | | 273 | CKV_AWS_56 | resource | AWS::S3::Bucket | Ensure S3 bucket has RestrictPublicBuckets enabled | Cloudformation | [S3RestrictPublicBuckets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3RestrictPublicBuckets.py) | | 274 | CKV_AWS_56 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has 'restrict_public_buckets' enabled | Terraform | [S3RestrictPublicBuckets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3RestrictPublicBuckets.py) | | 275 | CKV_AWS_57 | resource | AWS::S3::Bucket | Ensure the S3 bucket does not allow WRITE permissions to everyone | Cloudformation | [S3PublicACLWrite.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/S3PublicACLWrite.py) | | 276 | CKV_AWS_57 | resource | aws_s3_bucket | S3 Bucket has an ACL defined which allows public WRITE access. | Terraform | [S3PublicACLWrite.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3PublicACLWrite.yaml) | | 277 | CKV_AWS_57 | resource | aws_s3_bucket_acl | S3 Bucket has an ACL defined which allows public WRITE access. | Terraform | [S3PublicACLWrite.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3PublicACLWrite.yaml) | | 278 | CKV_AWS_58 | resource | AWS::EKS::Cluster | Ensure EKS Cluster has Secrets Encryption Enabled | Cloudformation | [EKSSecretsEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EKSSecretsEncryption.py) | | 279 | CKV_AWS_58 | resource | aws_eks_cluster | Ensure EKS Cluster has Secrets Encryption Enabled | Terraform | [EKSSecretsEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EKSSecretsEncryption.py) | | 280 | CKV_AWS_59 | resource | AWS::ApiGateway::Method | Ensure there is no open access to back-end resources through API | Cloudformation | [APIGatewayAuthorization.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayAuthorization.py) | | 281 | CKV_AWS_59 | resource | aws_api_gateway_method | Ensure there is no open access to back-end resources through API | Terraform | [APIGatewayAuthorization.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py) | | 282 | CKV_AWS_60 | resource | AWS::IAM::Role | Ensure IAM role allows only specific services or principals to assume it | Cloudformation | [IAMRoleAllowsPublicAssume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMRoleAllowsPublicAssume.py) | | 283 | CKV_AWS_60 | resource | aws_iam_role | Ensure IAM role allows only specific services or principals to assume it | Terraform | [IAMRoleAllowsPublicAssume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMRoleAllowsPublicAssume.py) | | 284 | CKV_AWS_61 | resource | AWS::IAM::Role | Ensure AWS IAM policy does not allow assume role permission across all services | Cloudformation | [IAMRoleAllowAssumeFromAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMRoleAllowAssumeFromAccount.py) | | 285 | CKV_AWS_61 | resource | aws_iam_role | Ensure AWS IAM policy does not allow assume role permission across all services | Terraform | [IAMRoleAllowAssumeFromAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMRoleAllowAssumeFromAccount.py) | | 286 | CKV_AWS_62 | resource | AWS::IAM::Group | Ensure no IAM policies that allow full "*-*" administrative privileges are not created | Cloudformation | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMAdminPolicyDocument.py) | | 287 | CKV_AWS_62 | resource | AWS::IAM::Policy | Ensure no IAM policies that allow full "*-*" administrative privileges are not created | Cloudformation | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMAdminPolicyDocument.py) | | 288 | CKV_AWS_62 | resource | AWS::IAM::Role | Ensure no IAM policies that allow full "*-*" administrative privileges are not created | Cloudformation | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMAdminPolicyDocument.py) | | 289 | CKV_AWS_62 | resource | AWS::IAM::User | Ensure no IAM policies that allow full "*-*" administrative privileges are not created | Cloudformation | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMAdminPolicyDocument.py) | | 290 | CKV_AWS_62 | resource | aws_iam_group_policy | Ensure IAM policies that allow full "*-*" administrative privileges are not created | Terraform | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py) | | 291 | CKV_AWS_62 | resource | aws_iam_policy | Ensure IAM policies that allow full "*-*" administrative privileges are not created | Terraform | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py) | | 292 | CKV_AWS_62 | resource | aws_iam_role_policy | Ensure IAM policies that allow full "*-*" administrative privileges are not created | Terraform | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py) | | 293 | CKV_AWS_62 | resource | aws_iam_user_policy | Ensure IAM policies that allow full "*-*" administrative privileges are not created | Terraform | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py) | | 294 | CKV_AWS_62 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies that allow full "*-*" administrative privileges are not created | Terraform | [IAMAdminPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMAdminPolicyDocument.py) | | 295 | CKV_AWS_63 | resource | AWS::IAM::Group | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 296 | CKV_AWS_63 | resource | AWS::IAM::Policy | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 297 | CKV_AWS_63 | resource | AWS::IAM::Role | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 298 | CKV_AWS_63 | resource | AWS::IAM::User | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 299 | CKV_AWS_63 | resource | aws_iam_group_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 300 | CKV_AWS_63 | resource | aws_iam_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 301 | CKV_AWS_63 | resource | aws_iam_role_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 302 | CKV_AWS_63 | resource | aws_iam_user_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 303 | CKV_AWS_63 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform | [IAMStarActionPolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarActionPolicyDocument.py) | | 304 | CKV_AWS_64 | resource | AWS::Redshift::Cluster | Ensure all data stored in the Redshift cluster is securely encrypted at rest | Cloudformation | [RedshiftClusterEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RedshiftClusterEncryption.py) | | 305 | CKV_AWS_64 | resource | aws_redshift_cluster | Ensure all data stored in the Redshift cluster is securely encrypted at rest | Terraform | [RedshiftClusterEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterEncryption.py) | | 306 | CKV_AWS_65 | resource | AWS::ECS::Cluster | Ensure container insights are enabled on ECS cluster | Cloudformation | [ECSClusterContainerInsights.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ECSClusterContainerInsights.py) | | 307 | CKV_AWS_65 | resource | aws_ecs_cluster | Ensure container insights are enabled on ECS cluster | Terraform | [ECSClusterContainerInsights.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSClusterContainerInsights.py) | | 308 | CKV_AWS_66 | resource | AWS::Logs::LogGroup | Ensure that CloudWatch Log Group specifies retention days | Cloudformation | [CloudWatchLogGroupRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudWatchLogGroupRetention.py) | | 309 | CKV_AWS_66 | resource | aws_cloudwatch_log_group | Ensure that CloudWatch Log Group specifies retention days | Terraform | [CloudWatchLogGroupRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudWatchLogGroupRetention.py) | | 310 | CKV_AWS_67 | resource | AWS::CloudTrail::Trail | Ensure CloudTrail is enabled in all Regions | Cloudformation | [CloudtrailMultiRegion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudtrailMultiRegion.py) | | 311 | CKV_AWS_67 | resource | aws_cloudtrail | Ensure CloudTrail is enabled in all Regions | Terraform | [CloudtrailMultiRegion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailMultiRegion.py) | | 312 | CKV_AWS_68 | resource | AWS::CloudFront::Distribution | CloudFront Distribution should have WAF enabled | Cloudformation | [WAFEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/WAFEnabled.py) | | 313 | CKV_AWS_68 | resource | aws_cloudfront_distribution | CloudFront Distribution should have WAF enabled | Terraform | [WAFEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFEnabled.py) | | 314 | CKV_AWS_69 | resource | AWS::AmazonMQ::Broker | Ensure Amazon MQ Broker should not have public access | Cloudformation | [AmazonMQBrokerPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/AmazonMQBrokerPublicAccess.py) | | 315 | CKV_AWS_69 | resource | aws_mq_broker | Ensure MQ Broker is not publicly exposed | Terraform | [MQBrokerNotPubliclyExposed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerNotPubliclyExposed.py) | | 316 | CKV_AWS_70 | resource | aws_s3_bucket | Ensure S3 bucket does not allow an action with any Principal | Terraform | [S3AllowsAnyPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3AllowsAnyPrincipal.py) | | 317 | CKV_AWS_70 | resource | aws_s3_bucket_policy | Ensure S3 bucket does not allow an action with any Principal | Terraform | [S3AllowsAnyPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3AllowsAnyPrincipal.py) | | 318 | CKV_AWS_71 | resource | AWS::Redshift::Cluster | Ensure Redshift Cluster logging is enabled | Cloudformation | [RedshiftClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RedshiftClusterLogging.py) | | 319 | CKV_AWS_71 | resource | aws_redshift_cluster | Ensure Redshift Cluster logging is enabled | Terraform | [RedshiftClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterLogging.py) | | 320 | CKV_AWS_72 | resource | aws_sqs_queue_policy | Ensure SQS policy does not allow ALL (*) actions. | Terraform | [SQSPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSPolicy.py) | | 321 | CKV_AWS_73 | resource | AWS::ApiGateway::Stage | Ensure API Gateway has X-Ray Tracing enabled | Cloudformation | [APIGatewayXray.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayXray.py) | | 322 | CKV_AWS_73 | resource | AWS::Serverless::Api | Ensure API Gateway has X-Ray Tracing enabled | Cloudformation | [APIGatewayXray.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayXray.py) | | 323 | CKV_AWS_73 | resource | aws_api_gateway_stage | Ensure API Gateway has X-Ray Tracing enabled | Terraform | [APIGatewayXray.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayXray.py) | | 324 | CKV_AWS_74 | resource | AWS::DocDB::DBCluster | Ensure DocumentDB is encrypted at rest (default is unencrypted) | Cloudformation | [DocDBEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DocDBEncryption.py) | | 325 | CKV_AWS_74 | resource | aws_docdb_cluster | Ensure DocumentDB is encrypted at rest (default is unencrypted) | Terraform | [DocDBEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBEncryption.py) | | 326 | CKV_AWS_75 | resource | aws_globalaccelerator_accelerator | Ensure Global Accelerator accelerator has flow logs enabled | Terraform | [GlobalAcceleratorAcceleratorFlowLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlobalAcceleratorAcceleratorFlowLogs.py) | | 327 | CKV_AWS_76 | resource | AWS::ApiGateway::Stage | Ensure API Gateway has Access Logging enabled | Cloudformation | [APIGatewayAccessLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayAccessLogging.py) | | 328 | CKV_AWS_76 | resource | AWS::Serverless::Api | Ensure API Gateway has Access Logging enabled | Cloudformation | [APIGatewayAccessLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayAccessLogging.py) | | 329 | CKV_AWS_76 | resource | aws_api_gateway_stage | Ensure API Gateway has Access Logging enabled | Terraform | [APIGatewayAccessLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayAccessLogging.py) | | 330 | CKV_AWS_76 | resource | aws_apigatewayv2_stage | Ensure API Gateway has Access Logging enabled | Terraform | [APIGatewayAccessLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayAccessLogging.py) | | 331 | CKV_AWS_77 | resource | aws_athena_database | Ensure Athena Database is encrypted at rest (default is unencrypted) | Terraform | [AthenaDatabaseEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AthenaDatabaseEncryption.py) | | 332 | CKV_AWS_78 | resource | AWS::CodeBuild::Project | Ensure that CodeBuild Project encryption is not disabled | Cloudformation | [CodeBuildProjectEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CodeBuildProjectEncryption.py) | | 333 | CKV_AWS_78 | resource | aws_codebuild_project | Ensure that CodeBuild Project encryption is not disabled | Terraform | [CodeBuildProjectEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodeBuildProjectEncryption.py) | | 334 | CKV_AWS_79 | resource | AWS::EC2::LaunchTemplate | Ensure Instance Metadata Service Version 1 is not enabled | Cloudformation | [IMDSv1Disabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IMDSv1Disabled.py) | | 335 | CKV_AWS_79 | resource | aws_instance | Ensure Instance Metadata Service Version 1 is not enabled | Terraform | [IMDSv1Disabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IMDSv1Disabled.py) | | 336 | CKV_AWS_79 | resource | aws_launch_configuration | Ensure Instance Metadata Service Version 1 is not enabled | Terraform | [IMDSv1Disabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IMDSv1Disabled.py) | | 337 | CKV_AWS_79 | resource | aws_launch_template | Ensure Instance Metadata Service Version 1 is not enabled | Terraform | [IMDSv1Disabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IMDSv1Disabled.py) | | 338 | CKV_AWS_80 | resource | AWS::MSK::Cluster | Ensure MSK Cluster logging is enabled | Cloudformation | [MSKClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/MSKClusterLogging.py) | | 339 | CKV_AWS_80 | resource | aws_msk_cluster | Ensure MSK Cluster logging is enabled | Terraform | [MSKClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MSKClusterLogging.py) | | 340 | CKV_AWS_81 | resource | AWS::MSK::Cluster | Ensure MSK Cluster encryption in rest and transit is enabled | Cloudformation | [MSKClusterEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/MSKClusterEncryption.py) | | 341 | CKV_AWS_81 | resource | aws_msk_cluster | Ensure MSK Cluster encryption in rest and transit is enabled | Terraform | [MSKClusterEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MSKClusterEncryption.py) | | 342 | CKV_AWS_82 | resource | AWS::Athena::WorkGroup | Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption | Cloudformation | [AthenaWorkgroupConfiguration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/AthenaWorkgroupConfiguration.py) | | 343 | CKV_AWS_82 | resource | aws_athena_workgroup | Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption | Terraform | [AthenaWorkgroupConfiguration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AthenaWorkgroupConfiguration.py) | | 344 | CKV_AWS_83 | resource | AWS::Elasticsearch::Domain | Ensure Elasticsearch Domain enforces HTTPS | Cloudformation | [ElasticsearchDomainEnforceHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchDomainEnforceHTTPS.py) | | 345 | CKV_AWS_83 | resource | aws_elasticsearch_domain | Ensure Elasticsearch Domain enforces HTTPS | Terraform | [ElasticsearchDomainEnforceHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainEnforceHTTPS.py) | | 346 | CKV_AWS_83 | resource | aws_opensearch_domain | Ensure Elasticsearch Domain enforces HTTPS | Terraform | [ElasticsearchDomainEnforceHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainEnforceHTTPS.py) | | 347 | CKV_AWS_84 | resource | AWS::Elasticsearch::Domain | Ensure Elasticsearch Domain Logging is enabled | Cloudformation | [ElasticsearchDomainLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchDomainLogging.py) | | 348 | CKV_AWS_84 | resource | AWS::OpenSearchService::Domain | Ensure Elasticsearch Domain Logging is enabled | Cloudformation | [ElasticsearchDomainLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchDomainLogging.py) | | 349 | CKV_AWS_84 | resource | aws_elasticsearch_domain | Ensure Elasticsearch Domain Logging is enabled | Terraform | [ElasticsearchDomainLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainLogging.py) | | 350 | CKV_AWS_84 | resource | aws_opensearch_domain | Ensure Elasticsearch Domain Logging is enabled | Terraform | [ElasticsearchDomainLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainLogging.py) | | 351 | CKV_AWS_85 | resource | AWS::DocDB::DBCluster | Ensure DocumentDB Logging is enabled | Cloudformation | [DocDBLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DocDBLogging.py) | | 352 | CKV_AWS_85 | resource | aws_docdb_cluster | Ensure DocumentDB Logging is enabled | Terraform | [DocDBLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBLogging.py) | | 353 | CKV_AWS_86 | resource | AWS::CloudFront::Distribution | Ensure CloudFront Distribution has Access Logging enabled | Cloudformation | [CloudfrontDistributionLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudfrontDistributionLogging.py) | | 354 | CKV_AWS_86 | resource | aws_cloudfront_distribution | Ensure CloudFront distribution has Access Logging enabled | Terraform | [CloudfrontDistributionLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionLogging.py) | | 355 | CKV_AWS_87 | resource | AWS::Redshift::Cluster | Redshift cluster should not be publicly accessible | Cloudformation | [RedshiftClusterPubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RedshiftClusterPubliclyAccessible.py) | | 356 | CKV_AWS_87 | resource | aws_redshift_cluster | Redshift cluster should not be publicly accessible | Terraform | [RedshitClusterPubliclyAvailable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshitClusterPubliclyAvailable.py) | | 357 | CKV_AWS_88 | resource | AWS::EC2::Instance | EC2 instance should not have public IP. | Cloudformation | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EC2PublicIP.py) | | 358 | CKV_AWS_88 | resource | AWS::EC2::LaunchTemplate | EC2 instance should not have public IP. | Cloudformation | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EC2PublicIP.py) | | 359 | CKV_AWS_88 | resource | [?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 360 | CKV_AWS_88 | resource | [?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 361 | CKV_AWS_88 | resource | [].block[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 362 | CKV_AWS_88 | resource | [].block[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 363 | CKV_AWS_88 | resource | [].block[].block[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 364 | CKV_AWS_88 | resource | [].block[].block[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 365 | CKV_AWS_88 | resource | [].block[].block[].block[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 366 | CKV_AWS_88 | resource | [].block[].block[].block[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 367 | CKV_AWS_88 | resource | [].tasks[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 368 | CKV_AWS_88 | resource | [].tasks[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 369 | CKV_AWS_88 | resource | [].tasks[].block[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 370 | CKV_AWS_88 | resource | [].tasks[].block[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 371 | CKV_AWS_88 | resource | [].tasks[].block[].block[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 372 | CKV_AWS_88 | resource | [].tasks[].block[].block[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 373 | CKV_AWS_88 | resource | [].tasks[].block[].block[].block[?"amazon.aws.ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 374 | CKV_AWS_88 | resource | [].tasks[].block[].block[].block[?"ec2_instance" != null][] | EC2 instance should not have public IP. | Ansible | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2PublicIP.py) | | 375 | CKV_AWS_88 | resource | aws_instance | EC2 instance should not have public IP. | Terraform | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2PublicIP.py) | | 376 | CKV_AWS_88 | resource | aws_launch_template | EC2 instance should not have public IP. | Terraform | [EC2PublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2PublicIP.py) | | 377 | CKV_AWS_89 | resource | AWS::DMS::ReplicationInstance | DMS replication instance should not be publicly accessible | Cloudformation | [DMSReplicationInstancePubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DMSReplicationInstancePubliclyAccessible.py) | | 378 | CKV_AWS_89 | resource | aws_dms_replication_instance | DMS replication instance should not be publicly accessible | Terraform | [DMSReplicationInstancePubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSReplicationInstancePubliclyAccessible.py) | | 379 | CKV_AWS_90 | resource | AWS::DocDB::DBClusterParameterGroup | Ensure DocumentDB TLS is not disabled | Cloudformation | [DocDBTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DocDBTLS.py) | | 380 | CKV_AWS_90 | resource | aws_docdb_cluster_parameter_group | Ensure DocumentDB TLS is not disabled | Terraform | [DocDBTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBTLS.py) | | 381 | CKV_AWS_91 | resource | AWS::ElasticLoadBalancingV2::LoadBalancer | Ensure the ELBv2 (Application/Network) has access logging enabled | Cloudformation | [ELBv2AccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ELBv2AccessLogs.py) | | 382 | CKV_AWS_91 | resource | aws_alb | Ensure the ELBv2 (Application/Network) has access logging enabled | Terraform | [ELBv2AccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBv2AccessLogs.py) | | 383 | CKV_AWS_91 | resource | aws_lb | Ensure the ELBv2 (Application/Network) has access logging enabled | Terraform | [ELBv2AccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBv2AccessLogs.py) | | 384 | CKV_AWS_92 | resource | AWS::ElasticLoadBalancing::LoadBalancer | Ensure the ELB has access logging enabled | Cloudformation | [ELBAccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ELBAccessLogs.py) | | 385 | CKV_AWS_92 | resource | aws_elb | Ensure the ELB has access logging enabled | Terraform | [ELBAccessLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBAccessLogs.py) | | 386 | CKV_AWS_93 | resource | aws_s3_bucket | Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) | Terraform | [S3ProtectAgainstPolicyLockout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3ProtectAgainstPolicyLockout.py) | | 387 | CKV_AWS_93 | resource | aws_s3_bucket_policy | Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) | Terraform | [S3ProtectAgainstPolicyLockout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3ProtectAgainstPolicyLockout.py) | | 388 | CKV_AWS_94 | resource | AWS::Glue::DataCatalogEncryptionSettings | Ensure Glue Data Catalog Encryption is enabled | Cloudformation | [GlueDataCatalogEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/GlueDataCatalogEncryption.py) | | 389 | CKV_AWS_94 | resource | aws_glue_data_catalog_encryption_settings | Ensure Glue Data Catalog Encryption is enabled | Terraform | [GlueDataCatalogEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlueDataCatalogEncryption.py) | | 390 | CKV_AWS_95 | resource | AWS::ApiGatewayV2::Stage | Ensure API Gateway V2 has Access Logging enabled | Cloudformation | [APIGatewayV2AccessLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayV2AccessLogging.py) | | 391 | CKV_AWS_95 | resource | AWS::Serverless::HttpApi | Ensure API Gateway V2 has Access Logging enabled | Cloudformation | [APIGatewayV2AccessLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayV2AccessLogging.py) | | 392 | CKV_AWS_96 | resource | AWS::RDS::DBCluster | Ensure all data stored in Aurora is securely encrypted at rest | Cloudformation | [AuroraEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/AuroraEncryption.py) | | 393 | CKV_AWS_96 | resource | aws_rds_cluster | Ensure all data stored in Aurora is securely encrypted at rest | Terraform | [AuroraEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AuroraEncryption.py) | | 394 | CKV_AWS_97 | resource | AWS::ECS::TaskDefinition | Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions | Cloudformation | [ECSTaskDefinitionEFSVolumeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ECSTaskDefinitionEFSVolumeEncryption.py) | | 395 | CKV_AWS_97 | resource | aws_ecs_task_definition | Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions | Terraform | [ECSTaskDefinitionEFSVolumeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSTaskDefinitionEFSVolumeEncryption.py) | | 396 | CKV_AWS_98 | resource | aws_sagemaker_endpoint_configuration | Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest | Terraform | [SagemakerEndpointConfigurationEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerEndpointConfigurationEncryption.py) | | 397 | CKV_AWS_99 | resource | AWS::Glue::SecurityConfiguration | Ensure Glue Security Configuration Encryption is enabled | Cloudformation | [GlueSecurityConfiguration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/GlueSecurityConfiguration.py) | | 398 | CKV_AWS_99 | resource | aws_glue_security_configuration | Ensure Glue Security Configuration Encryption is enabled | Terraform | [GlueSecurityConfiguration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlueSecurityConfiguration.py) | | 399 | CKV_AWS_100 | resource | AWS::EKS::Nodegroup | Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 | Cloudformation | [EKSNodeGroupRemoteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/EKSNodeGroupRemoteAccess.py) | | 400 | CKV_AWS_100 | resource | aws_eks_node_group | Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0 | Terraform | [EKSNodeGroupRemoteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EKSNodeGroupRemoteAccess.py) | | 401 | CKV_AWS_101 | resource | AWS::Neptune::DBCluster | Ensure Neptune logging is enabled | Cloudformation | [NeptuneClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/NeptuneClusterLogging.py) | | 402 | CKV_AWS_101 | resource | aws_neptune_cluster | Ensure Neptune logging is enabled | Terraform | [NeptuneClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterLogging.py) | | 403 | CKV_AWS_102 | resource | aws_neptune_cluster_instance | Ensure Neptune Cluster instance is not publicly available | Terraform | [NeptuneClusterInstancePublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterInstancePublic.py) | | 404 | CKV_AWS_103 | resource | AWS::ElasticLoadBalancingV2::Listener | Ensure that Load Balancer Listener is using at least TLS v1.2 | Cloudformation | [ALBListenerTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ALBListenerTLS12.py) | | 405 | CKV_AWS_103 | resource | aws_alb_listener | Ensure that load balancer is using at least TLS 1.2 | Terraform | [AppLoadBalancerTLS12.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AppLoadBalancerTLS12.yaml) | | 406 | CKV_AWS_103 | resource | aws_lb | Ensure that load balancer is using at least TLS 1.2 | Terraform | [AppLoadBalancerTLS12.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AppLoadBalancerTLS12.yaml) | | 407 | CKV_AWS_103 | resource | aws_lb_listener | Ensure that load balancer is using at least TLS 1.2 | Terraform | [AppLoadBalancerTLS12.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AppLoadBalancerTLS12.yaml) | | 408 | CKV_AWS_104 | resource | AWS::DocDB::DBClusterParameterGroup | Ensure DocumentDB has audit logs enabled | Cloudformation | [DocDBAuditLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DocDBAuditLogs.py) | | 409 | CKV_AWS_104 | resource | aws_docdb_cluster_parameter_group | Ensure DocumentDB has audit logs enabled | Terraform | [DocDBAuditLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBAuditLogs.py) | | 410 | CKV_AWS_105 | resource | AWS::Redshift::ClusterParameterGroup | Ensure Redshift uses SSL | Cloudformation | [RedShiftSSL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RedShiftSSL.py) | | 411 | CKV_AWS_105 | resource | aws_redshift_parameter_group | Ensure Redshift uses SSL | Terraform | [RedShiftSSL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedShiftSSL.py) | | 412 | CKV_AWS_106 | resource | aws_ebs_encryption_by_default | Ensure EBS default encryption is enabled | Terraform | [EBSDefaultEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EBSDefaultEncryption.py) | | 413 | CKV_AWS_107 | resource | AWS::IAM::Group | Ensure IAM policies does not allow credentials exposure | Cloudformation | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMCredentialsExposure.py) | | 414 | CKV_AWS_107 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow credentials exposure | Cloudformation | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMCredentialsExposure.py) | | 415 | CKV_AWS_107 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow credentials exposure | Cloudformation | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMCredentialsExposure.py) | | 416 | CKV_AWS_107 | resource | AWS::IAM::Role | Ensure IAM policies does not allow credentials exposure | Cloudformation | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMCredentialsExposure.py) | | 417 | CKV_AWS_107 | resource | AWS::IAM::User | Ensure IAM policies does not allow credentials exposure | Cloudformation | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMCredentialsExposure.py) | | 418 | CKV_AWS_107 | data | aws_iam_policy_document | Ensure IAM policies does not allow credentials exposure | Terraform | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMCredentialsExposure.py) | | 419 | CKV_AWS_108 | resource | AWS::IAM::Group | Ensure IAM policies does not allow data exfiltration | Cloudformation | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMDataExfiltration.py) | | 420 | CKV_AWS_108 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow data exfiltration | Cloudformation | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMDataExfiltration.py) | | 421 | CKV_AWS_108 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow data exfiltration | Cloudformation | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMDataExfiltration.py) | | 422 | CKV_AWS_108 | resource | AWS::IAM::Role | Ensure IAM policies does not allow data exfiltration | Cloudformation | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMDataExfiltration.py) | | 423 | CKV_AWS_108 | resource | AWS::IAM::User | Ensure IAM policies does not allow data exfiltration | Cloudformation | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMDataExfiltration.py) | | 424 | CKV_AWS_108 | data | aws_iam_policy_document | Ensure IAM policies does not allow data exfiltration | Terraform | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMDataExfiltration.py) | | 425 | CKV_AWS_109 | resource | AWS::IAM::Group | Ensure IAM policies does not allow permissions management without constraints | Cloudformation | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPermissionsManagement.py) | | 426 | CKV_AWS_109 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow permissions management without constraints | Cloudformation | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPermissionsManagement.py) | | 427 | CKV_AWS_109 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow permissions management without constraints | Cloudformation | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPermissionsManagement.py) | | 428 | CKV_AWS_109 | resource | AWS::IAM::Role | Ensure IAM policies does not allow permissions management without constraints | Cloudformation | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPermissionsManagement.py) | | 429 | CKV_AWS_109 | resource | AWS::IAM::User | Ensure IAM policies does not allow permissions management without constraints | Cloudformation | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPermissionsManagement.py) | | 430 | CKV_AWS_109 | data | aws_iam_policy_document | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMPermissionsManagement.py) | | 431 | CKV_AWS_110 | resource | AWS::IAM::Group | Ensure IAM policies does not allow privilege escalation | Cloudformation | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPrivilegeEscalation.py) | | 432 | CKV_AWS_110 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow privilege escalation | Cloudformation | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPrivilegeEscalation.py) | | 433 | CKV_AWS_110 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow privilege escalation | Cloudformation | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPrivilegeEscalation.py) | | 434 | CKV_AWS_110 | resource | AWS::IAM::Role | Ensure IAM policies does not allow privilege escalation | Cloudformation | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPrivilegeEscalation.py) | | 435 | CKV_AWS_110 | resource | AWS::IAM::User | Ensure IAM policies does not allow privilege escalation | Cloudformation | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMPrivilegeEscalation.py) | | 436 | CKV_AWS_110 | data | aws_iam_policy_document | Ensure IAM policies does not allow privilege escalation | Terraform | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMPrivilegeEscalation.py) | | 437 | CKV_AWS_111 | resource | AWS::IAM::Group | Ensure IAM policies does not allow write access without constraints | Cloudformation | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMWriteAccess.py) | | 438 | CKV_AWS_111 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow write access without constraints | Cloudformation | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMWriteAccess.py) | | 439 | CKV_AWS_111 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow write access without constraints | Cloudformation | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMWriteAccess.py) | | 440 | CKV_AWS_111 | resource | AWS::IAM::Role | Ensure IAM policies does not allow write access without constraints | Cloudformation | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMWriteAccess.py) | | 441 | CKV_AWS_111 | resource | AWS::IAM::User | Ensure IAM policies does not allow write access without constraints | Cloudformation | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/IAMWriteAccess.py) | | 442 | CKV_AWS_111 | data | aws_iam_policy_document | Ensure IAM policies does not allow write access without constraints | Terraform | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMWriteAccess.py) | | 443 | CKV_AWS_112 | resource | aws_ssm_document | Ensure Session Manager data is encrypted in transit | Terraform | [SSMSessionManagerDocumentEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SSMSessionManagerDocumentEncryption.py) | | 444 | CKV_AWS_113 | resource | aws_ssm_document | Ensure Session Manager logs are enabled and encrypted | Terraform | [SSMSessionManagerDocumentLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SSMSessionManagerDocumentLogging.py) | | 445 | CKV_AWS_114 | resource | aws_emr_cluster | Ensure that EMR clusters with Kerberos have Kerberos Realm set | Terraform | [EMRClusterKerberosAttributes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EMRClusterKerberosAttributes.py) | | 446 | CKV_AWS_115 | resource | AWS::Lambda::Function | Ensure that AWS Lambda function is configured for function-level concurrent execution limit | Cloudformation | [LambdaFunctionLevelConcurrentExecutionLimit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaFunctionLevelConcurrentExecutionLimit.py) | | 447 | CKV_AWS_115 | resource | AWS::Serverless::Function | Ensure that AWS Lambda function is configured for function-level concurrent execution limit | Cloudformation | [LambdaFunctionLevelConcurrentExecutionLimit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaFunctionLevelConcurrentExecutionLimit.py) | | 448 | CKV_AWS_115 | resource | aws_lambda_function | Ensure that AWS Lambda function is configured for function-level concurrent execution limit | Terraform | [LambdaFunctionLevelConcurrentExecutionLimit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaFunctionLevelConcurrentExecutionLimit.py) | | 449 | CKV_AWS_116 | resource | AWS::Lambda::Function | Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) | Cloudformation | [LambdaDLQConfigured.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaDLQConfigured.py) | | 450 | CKV_AWS_116 | resource | AWS::Serverless::Function | Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) | Cloudformation | [LambdaDLQConfigured.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaDLQConfigured.py) | | 451 | CKV_AWS_116 | resource | aws_lambda_function | Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) | Terraform | [LambdaDLQConfigured.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaDLQConfigured.py) | | 452 | CKV_AWS_117 | resource | AWS::Lambda::Function | Ensure that AWS Lambda function is configured inside a VPC | Cloudformation | [LambdaInVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaInVPC.py) | | 453 | CKV_AWS_117 | resource | AWS::Serverless::Function | Ensure that AWS Lambda function is configured inside a VPC | Cloudformation | [LambdaInVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaInVPC.py) | | 454 | CKV_AWS_117 | resource | aws_lambda_function | Ensure that AWS Lambda function is configured inside a VPC | Terraform | [LambdaInVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaInVPC.py) | | 455 | CKV_AWS_118 | resource | AWS::RDS::DBInstance | Ensure that enhanced monitoring is enabled for Amazon RDS instances | Cloudformation | [RDSEnhancedMonitorEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RDSEnhancedMonitorEnabled.py) | | 456 | CKV_AWS_118 | resource | aws_db_instance | Ensure that enhanced monitoring is enabled for Amazon RDS instances | Terraform | [RDSEnhancedMonitorEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSEnhancedMonitorEnabled.py) | | 457 | CKV_AWS_118 | resource | aws_rds_cluster_instance | Ensure that enhanced monitoring is enabled for Amazon RDS instances | Terraform | [RDSEnhancedMonitorEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSEnhancedMonitorEnabled.py) | | 458 | CKV_AWS_119 | resource | AWS::DynamoDB::Table | Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK | Cloudformation | [DynamoDBTablesEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DynamoDBTablesEncrypted.py) | | 459 | CKV_AWS_119 | resource | aws_dynamodb_table | Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK | Terraform | [DynamoDBTablesEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DynamoDBTablesEncrypted.py) | | 460 | CKV_AWS_120 | resource | AWS::ApiGateway::Stage | Ensure API Gateway caching is enabled | Cloudformation | [APIGatewayCacheEnable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayCacheEnable.py) | | 461 | CKV_AWS_120 | resource | AWS::Serverless::Api | Ensure API Gateway caching is enabled | Cloudformation | [APIGatewayCacheEnable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/APIGatewayCacheEnable.py) | | 462 | CKV_AWS_120 | resource | aws_api_gateway_stage | Ensure API Gateway caching is enabled | Terraform | [APIGatewayCacheEnable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayCacheEnable.py) | | 463 | CKV_AWS_121 | resource | aws_config_configuration_aggregator | Ensure AWS Config is enabled in all regions | Terraform | [ConfigConfgurationAggregatorAllRegions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ConfigConfgurationAggregatorAllRegions.py) | | 464 | CKV_AWS_122 | resource | aws_sagemaker_notebook_instance | Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance | Terraform | [SageMakerInternetAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SageMakerInternetAccessDisabled.py) | | 465 | CKV_AWS_123 | resource | AWS::EC2::VPCEndpointService | Ensure that VPC Endpoint Service is configured for Manual Acceptance | Cloudformation | [VPCEndpointAcceptanceConfigured.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/VPCEndpointAcceptanceConfigured.py) | | 466 | CKV_AWS_123 | resource | aws_vpc_endpoint_service | Ensure that VPC Endpoint Service is configured for Manual Acceptance | Terraform | [VPCEndpointAcceptanceConfigured.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/VPCEndpointAcceptanceConfigured.py) | | 467 | CKV_AWS_124 | resource | aws_cloudformation_stack | Ensure that CloudFormation stacks are sending event notifications to an SNS topic | Terraform | [CloudformationStackNotificationArns.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudformationStackNotificationArns.py) | | 468 | CKV_AWS_126 | resource | aws_instance | Ensure that detailed monitoring is enabled for EC2 instances | Terraform | [EC2DetailedMonitoringEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2DetailedMonitoringEnabled.py) | | 469 | CKV_AWS_127 | resource | aws_elb | Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager | Terraform | [ELBUsesSSL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBUsesSSL.py) | | 470 | CKV_AWS_129 | resource | aws_db_instance | Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled | Terraform | [DBInstanceLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBInstanceLogging.py) | | 471 | CKV_AWS_130 | resource | aws_subnet | Ensure VPC subnets do not assign public IP by default | Terraform | [SubnetPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SubnetPublicIP.py) | | 472 | CKV_AWS_131 | resource | AWS::ElasticLoadBalancingV2::LoadBalancer | Ensure that ALB drops HTTP headers | Cloudformation | [ALBDropHttpHeaders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ALBDropHttpHeaders.py) | | 473 | CKV_AWS_131 | resource | aws_alb | Ensure that ALB drops HTTP headers | Terraform | [ALBDropHttpHeaders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBDropHttpHeaders.py) | | 474 | CKV_AWS_131 | resource | aws_lb | Ensure that ALB drops HTTP headers | Terraform | [ALBDropHttpHeaders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBDropHttpHeaders.py) | | 475 | CKV_AWS_133 | resource | aws_db_instance | Ensure that RDS instances has backup policy | Terraform | [DBInstanceBackupRetentionPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBInstanceBackupRetentionPeriod.py) | | 476 | CKV_AWS_133 | resource | aws_rds_cluster | Ensure that RDS instances has backup policy | Terraform | [DBInstanceBackupRetentionPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBInstanceBackupRetentionPeriod.py) | | 477 | CKV_AWS_134 | resource | aws_elasticache_cluster | Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on | Terraform | [ElasticCacheAutomaticBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticCacheAutomaticBackup.py) | | 478 | CKV_AWS_135 | resource | [?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 479 | CKV_AWS_135 | resource | [?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 480 | CKV_AWS_135 | resource | [].block[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 481 | CKV_AWS_135 | resource | [].block[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 482 | CKV_AWS_135 | resource | [].block[].block[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 483 | CKV_AWS_135 | resource | [].block[].block[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 484 | CKV_AWS_135 | resource | [].block[].block[].block[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 485 | CKV_AWS_135 | resource | [].block[].block[].block[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 486 | CKV_AWS_135 | resource | [].tasks[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 487 | CKV_AWS_135 | resource | [].tasks[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 488 | CKV_AWS_135 | resource | [].tasks[].block[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 489 | CKV_AWS_135 | resource | [].tasks[].block[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 490 | CKV_AWS_135 | resource | [].tasks[].block[].block[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 491 | CKV_AWS_135 | resource | [].tasks[].block[].block[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 492 | CKV_AWS_135 | resource | [].tasks[].block[].block[].block[?"amazon.aws.ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 493 | CKV_AWS_135 | resource | [].tasks[].block[].block[].block[?"ec2_instance" != null][] | Ensure that EC2 is EBS optimized | Ansible | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/task/aws/EC2EBSOptimized.py) | | 494 | CKV_AWS_135 | resource | aws_instance | Ensure that EC2 is EBS optimized | Terraform | [EC2EBSOptimized.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2EBSOptimized.py) | | 495 | CKV_AWS_136 | resource | AWS::ECR::Repository | Ensure that ECR repositories are encrypted using KMS | Cloudformation | [ECRRepositoryEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ECRRepositoryEncrypted.py) | | 496 | CKV_AWS_136 | resource | aws_ecr_repository | Ensure that ECR repositories are encrypted using KMS | Terraform | [ECRRepositoryEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECRRepositoryEncrypted.py) | | 497 | CKV_AWS_137 | resource | aws_elasticsearch_domain | Ensure that Elasticsearch is configured inside a VPC | Terraform | [ElasticsearchInVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchInVPC.py) | | 498 | CKV_AWS_137 | resource | aws_opensearch_domain | Ensure that Elasticsearch is configured inside a VPC | Terraform | [ElasticsearchInVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchInVPC.py) | | 499 | CKV_AWS_138 | resource | aws_elb | Ensure that ELB is cross-zone-load-balancing enabled | Terraform | [ELBCrossZoneEnable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBCrossZoneEnable.py) | | 500 | CKV_AWS_139 | resource | aws_rds_cluster | Ensure that RDS clusters have deletion protection enabled | Terraform | [RDSDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSDeletionProtection.py) | | 501 | CKV_AWS_140 | resource | aws_rds_global_cluster | Ensure that RDS global clusters are encrypted | Terraform | [RDSClusterEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterEncrypted.py) | | 502 | CKV_AWS_141 | resource | aws_redshift_cluster | Ensured that Redshift cluster allowing version upgrade by default | Terraform | [RedshiftClusterAllowVersionUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterAllowVersionUpgrade.py) | | 503 | CKV_AWS_142 | resource | aws_redshift_cluster | Ensure that Redshift cluster is encrypted by KMS | Terraform | [RedshiftClusterKMSKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterKMSKey.py) | | 504 | CKV_AWS_143 | resource | aws_s3_bucket | Ensure that S3 bucket has lock configuration enabled by default | Terraform | [S3BucketObjectLock.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3BucketObjectLock.py) | | 505 | CKV_AWS_144 | resource | aws_s3_bucket | Ensure that S3 bucket has cross-region replication enabled | Terraform | [S3BucketReplicationConfiguration.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketReplicationConfiguration.yaml) | | 506 | CKV_AWS_144 | resource | aws_s3_bucket_replication_configuration | Ensure that S3 bucket has cross-region replication enabled | Terraform | [S3BucketReplicationConfiguration.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketReplicationConfiguration.yaml) | | 507 | CKV_AWS_145 | resource | aws_s3_bucket | Ensure that S3 buckets are encrypted with KMS by default | Terraform | [S3KMSEncryptedByDefault.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3KMSEncryptedByDefault.yaml) | | 508 | CKV_AWS_145 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure that S3 buckets are encrypted with KMS by default | Terraform | [S3KMSEncryptedByDefault.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3KMSEncryptedByDefault.yaml) | | 509 | CKV_AWS_146 | resource | aws_db_cluster_snapshot | Ensure that RDS database cluster snapshot is encrypted | Terraform | [RDSClusterSnapshotEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterSnapshotEncrypted.py) | | 510 | CKV_AWS_147 | resource | aws_codebuild_project | Ensure that CodeBuild projects are encrypted using CMK | Terraform | [CodebuildUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodebuildUsesCMK.py) | | 511 | CKV_AWS_148 | resource | aws_default_vpc | Ensure no default VPC is planned to be provisioned | Terraform | [VPCDefaultNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/VPCDefaultNetwork.py) | | 512 | CKV_AWS_149 | resource | AWS::SecretsManager::Secret | Ensure that Secrets Manager secret is encrypted using KMS CMK | Cloudformation | [SecretManagerSecretEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecretManagerSecretEncrypted.py) | | 513 | CKV_AWS_149 | resource | aws_secretsmanager_secret | Ensure that Secrets Manager secret is encrypted using KMS CMK | Terraform | [SecretManagerSecretEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecretManagerSecretEncrypted.py) | | 514 | CKV_AWS_150 | resource | aws_alb | Ensure that Load Balancer has deletion protection enabled | Terraform | [LBDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LBDeletionProtection.py) | | 515 | CKV_AWS_150 | resource | aws_lb | Ensure that Load Balancer has deletion protection enabled | Terraform | [LBDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LBDeletionProtection.py) | | 516 | CKV_AWS_152 | resource | aws_alb | Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled | Terraform | [LBCrossZone.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LBCrossZone.py) | | 517 | CKV_AWS_152 | resource | aws_lb | Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled | Terraform | [LBCrossZone.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LBCrossZone.py) | | 518 | CKV_AWS_153 | resource | aws_autoscaling_group | Autoscaling groups should supply tags to launch configurations | Terraform | [AutoScalingTagging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AutoScalingTagging.py) | | 519 | CKV_AWS_154 | resource | AWS::Redshift::Cluster | Ensure Redshift is not deployed outside of a VPC | Cloudformation | [RedshiftInEc2ClassicMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RedshiftInEc2ClassicMode.py) | | 520 | CKV_AWS_154 | resource | aws_redshift_cluster | Ensure Redshift is not deployed outside of a VPC | Terraform | [RedshiftInEc2ClassicMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftInEc2ClassicMode.py) | | 521 | CKV_AWS_155 | resource | AWS::WorkSpaces::Workspace | Ensure that Workspace user volumes are encrypted | Cloudformation | [WorkspaceUserVolumeEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/WorkspaceUserVolumeEncrypted.py) | | 522 | CKV_AWS_155 | resource | aws_workspaces_workspace | Ensure that Workspace user volumes are encrypted | Terraform | [WorkspaceUserVolumeEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WorkspaceUserVolumeEncrypted.py) | | 523 | CKV_AWS_156 | resource | AWS::WorkSpaces::Workspace | Ensure that Workspace root volumes are encrypted | Cloudformation | [WorkspaceRootVolumeEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/WorkspaceRootVolumeEncrypted.py) | | 524 | CKV_AWS_156 | resource | aws_workspaces_workspace | Ensure that Workspace root volumes are encrypted | Terraform | [WorkspaceRootVolumeEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WorkspaceRootVolumeEncrypted.py) | | 525 | CKV_AWS_157 | resource | AWS::RDS::DBInstance | Ensure that RDS instances have Multi-AZ enabled | Cloudformation | [RDSMultiAZEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RDSMultiAZEnabled.py) | | 526 | CKV_AWS_157 | resource | aws_db_instance | Ensure that RDS instances have Multi-AZ enabled | Terraform | [RDSMultiAZEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSMultiAZEnabled.py) | | 527 | CKV_AWS_158 | resource | AWS::Logs::LogGroup | Ensure that CloudWatch Log Group is encrypted by KMS | Cloudformation | [CloudWatchLogGroupKMSKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudWatchLogGroupKMSKey.py) | | 528 | CKV_AWS_158 | resource | aws_cloudwatch_log_group | Ensure that CloudWatch Log Group is encrypted by KMS | Terraform | [CloudWatchLogGroupKMSKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudWatchLogGroupKMSKey.py) | | 529 | CKV_AWS_159 | resource | aws_athena_workgroup | Ensure that Athena Workgroup is encrypted | Terraform | [AthenaWorkgroupEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AthenaWorkgroupEncryption.py) | | 530 | CKV_AWS_160 | resource | AWS::Timestream::Database | Ensure that Timestream database is encrypted with KMS CMK | Cloudformation | [TimestreamDatabaseKMSKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/TimestreamDatabaseKMSKey.py) | | 531 | CKV_AWS_160 | resource | aws_timestreamwrite_database | Ensure that Timestream database is encrypted with KMS CMK | Terraform | [TimestreamDatabaseKMSKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/TimestreamDatabaseKMSKey.py) | | 532 | CKV_AWS_161 | resource | AWS::RDS::DBInstance | Ensure RDS database has IAM authentication enabled | Cloudformation | [RDSIAMAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RDSIAMAuthentication.py) | | 533 | CKV_AWS_161 | resource | aws_db_instance | Ensure RDS database has IAM authentication enabled | Terraform | [RDSIAMAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSIAMAuthentication.py) | | 534 | CKV_AWS_162 | resource | AWS::RDS::DBCluster | Ensure RDS cluster has IAM authentication enabled | Cloudformation | [RDSClusterIAMAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/RDSClusterIAMAuthentication.py) | | 535 | CKV_AWS_162 | resource | aws_rds_cluster | Ensure RDS cluster has IAM authentication enabled | Terraform | [RDSClusterIAMAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterIAMAuthentication.py) | | 536 | CKV_AWS_163 | resource | AWS::ECR::Repository | Ensure ECR image scanning on push is enabled | Cloudformation | [ECRImageScanning.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ECRImageScanning.py) | | 537 | CKV_AWS_163 | resource | aws_ecr_repository | Ensure ECR image scanning on push is enabled | Terraform | [ECRImageScanning.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECRImageScanning.py) | | 538 | CKV_AWS_164 | resource | AWS::Transfer::Server | Ensure Transfer Server is not exposed publicly. | Cloudformation | [TransferServerIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/TransferServerIsPublic.py) | | 539 | CKV_AWS_164 | resource | aws_transfer_server | Ensure Transfer Server is not exposed publicly. | Terraform | [TransferServerIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/TransferServerIsPublic.py) | | 540 | CKV_AWS_165 | resource | AWS::DynamoDB::GlobalTable | Ensure DynamoDB global table point in time recovery (backup) is enabled | Cloudformation | [DynamodbGlobalTableRecovery.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DynamodbGlobalTableRecovery.py) | | 541 | CKV_AWS_165 | resource | aws_dynamodb_global_table | Ensure DynamoDB point in time recovery (backup) is enabled for global tables | Terraform | [DynamoDBGlobalTableRecovery.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DynamoDBGlobalTableRecovery.py) | | 542 | CKV_AWS_166 | resource | AWS::Backup::BackupVault | Ensure Backup Vault is encrypted at rest using KMS CMK | Cloudformation | [BackupVaultEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/BackupVaultEncrypted.py) | | 543 | CKV_AWS_166 | resource | aws_backup_vault | Ensure Backup Vault is encrypted at rest using KMS CMK | Terraform | [BackupVaultEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/BackupVaultEncrypted.py) | | 544 | CKV_AWS_167 | resource | aws_glacier_vault | Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it | Terraform | [GlacierVaultAnyPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlacierVaultAnyPrincipal.py) | | 545 | CKV_AWS_168 | resource | aws_sqs_queue | Ensure SQS queue policy is not public by only allowing specific services or principals to access it | Terraform | [SQSQueuePolicyAnyPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSQueuePolicyAnyPrincipal.py) | | 546 | CKV_AWS_168 | resource | aws_sqs_queue_policy | Ensure SQS queue policy is not public by only allowing specific services or principals to access it | Terraform | [SQSQueuePolicyAnyPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSQueuePolicyAnyPrincipal.py) | | 547 | CKV_AWS_169 | resource | aws_sns_topic_policy | Ensure SNS topic policy is not public by only allowing specific services or principals to access it | Terraform | [SNSTopicPolicyAnyPrincipal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SNSTopicPolicyAnyPrincipal.py) | | 548 | CKV_AWS_170 | resource | AWS::QLDB::Ledger | Ensure QLDB ledger permissions mode is set to STANDARD | Cloudformation | [QLDBLedgerPermissionsMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/QLDBLedgerPermissionsMode.py) | | 549 | CKV_AWS_170 | resource | aws_qldb_ledger | Ensure QLDB ledger permissions mode is set to STANDARD | Terraform | [QLDBLedgerPermissionsMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/QLDBLedgerPermissionsMode.py) | | 550 | CKV_AWS_171 | resource | aws_emr_security_configuration | Ensure EMR Cluster security configuration encryption is using SSE-KMS | Terraform | [EMRClusterIsEncryptedKMS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EMRClusterIsEncryptedKMS.py) | | 551 | CKV_AWS_172 | resource | AWS::QLDB::Ledger | Ensure QLDB ledger has deletion protection enabled | Cloudformation | [QLDBLedgerDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/QLDBLedgerDeletionProtection.py) | | 552 | CKV_AWS_172 | resource | aws_qldb_ledger | Ensure QLDB ledger has deletion protection enabled | Terraform | [QLDBLedgerDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/QLDBLedgerDeletionProtection.py) | | 553 | CKV_AWS_173 | resource | AWS::Lambda::Function | Check encryption settings for Lambda environment variable | Cloudformation | [LambdaEnvironmentEncryptionSettings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaEnvironmentEncryptionSettings.py) | | 554 | CKV_AWS_173 | resource | AWS::Serverless::Function | Check encryption settings for Lambda environment variable | Cloudformation | [LambdaEnvironmentEncryptionSettings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaEnvironmentEncryptionSettings.py) | | 555 | CKV_AWS_173 | resource | aws_lambda_function | Check encryption settings for Lambda environmental variable | Terraform | [LambdaEnvironmentEncryptionSettings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaEnvironmentEncryptionSettings.py) | | 556 | CKV_AWS_174 | resource | AWS::CloudFront::Distribution | Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 or higher | Cloudformation | [CloudFrontTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CloudFrontTLS12.py) | | 557 | CKV_AWS_174 | resource | aws_cloudfront_distribution | Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 or higher | Terraform | [CloudfrontTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontTLS12.py) | | 558 | CKV_AWS_175 | resource | aws_waf_web_acl | Ensure WAF has associated rules | Terraform | [WAFHasAnyRules.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFHasAnyRules.py) | | 559 | CKV_AWS_175 | resource | aws_wafregional_web_acl | Ensure WAF has associated rules | Terraform | [WAFHasAnyRules.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFHasAnyRules.py) | | 560 | CKV_AWS_175 | resource | aws_wafv2_web_acl | Ensure WAF has associated rules | Terraform | [WAFHasAnyRules.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFHasAnyRules.py) | | 561 | CKV_AWS_176 | resource | aws_waf_web_acl | Ensure Logging is enabled for WAF Web Access Control Lists | Terraform | [WAFHasLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFHasLogs.py) | | 562 | CKV_AWS_176 | resource | aws_wafregional_web_acl | Ensure Logging is enabled for WAF Web Access Control Lists | Terraform | [WAFHasLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFHasLogs.py) | | 563 | CKV_AWS_177 | resource | aws_kinesis_video_stream | Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK) | Terraform | [KinesisVideoEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KinesisVideoEncryptedWithCMK.py) | | 564 | CKV_AWS_178 | resource | aws_fsx_ontap_file_system | Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK) | Terraform | [FSXOntapFSEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/FSXOntapFSEncryptedWithCMK.py) | | 565 | CKV_AWS_179 | resource | aws_fsx_windows_file_system | Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK) | Terraform | [FSXWindowsFSEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/FSXWindowsFSEncryptedWithCMK.py) | | 566 | CKV_AWS_180 | resource | aws_imagebuilder_component | Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK) | Terraform | [ImagebuilderComponentEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ImagebuilderComponentEncryptedWithCMK.py) | | 567 | CKV_AWS_181 | resource | aws_s3_object_copy | Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK) | Terraform | [S3ObjectCopyEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3ObjectCopyEncryptedWithCMK.py) | | 568 | CKV_AWS_182 | resource | aws_docdb_cluster | Ensure DocumentDB is encrypted by KMS using a customer managed Key (CMK) | Terraform | [DocDBEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBEncryptedWithCMK.py) | | 569 | CKV_AWS_183 | resource | aws_ebs_snapshot_copy | Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK) | Terraform | [EBSSnapshotCopyEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EBSSnapshotCopyEncryptedWithCMK.py) | | 570 | CKV_AWS_184 | resource | aws_efs_file_system | Ensure resource is encrypted by KMS using a customer managed Key (CMK) | Terraform | [EFSFileSystemEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EFSFileSystemEncryptedWithCMK.py) | | 571 | CKV_AWS_185 | resource | aws_kinesis_stream | Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK) | Terraform | [KinesisStreamEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KinesisStreamEncryptedWithCMK.py) | | 572 | CKV_AWS_186 | resource | aws_s3_bucket_object | Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK) | Terraform | [S3BucketObjectEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3BucketObjectEncryptedWithCMK.py) | | 573 | CKV_AWS_187 | resource | AWS::SageMaker::Domain | Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK) | Cloudformation | [SagemakerNotebookEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerNotebookEncryptedWithCMK.py) | | 574 | CKV_AWS_187 | resource | AWS::SageMaker::NotebookInstance | Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK) | Cloudformation | [SagemakerNotebookEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerNotebookEncryptedWithCMK.py) | | 575 | CKV_AWS_187 | resource | aws_sagemaker_domain | Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK) | Terraform | [SagemakerDomainEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerDomainEncryptedWithCMK.py) | | 576 | CKV_AWS_187 | resource | aws_sagemaker_notebook_instance | Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK) | Terraform | [SagemakerDomainEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerDomainEncryptedWithCMK.py) | | 577 | CKV_AWS_189 | resource | aws_ebs_volume | Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) | Terraform | [EBSVolumeEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EBSVolumeEncryptedWithCMK.py) | | 578 | CKV_AWS_190 | resource | aws_fsx_lustre_file_system | Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK) | Terraform | [LustreFSEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LustreFSEncryptedWithCMK.py) | | 579 | CKV_AWS_191 | resource | aws_elasticache_replication_group | Ensure ElastiCache replication group is encrypted by KMS using a customer managed Key (CMK) | Terraform | [ElasticacheReplicationGroupEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticacheReplicationGroupEncryptedWithCMK.py) | | 580 | CKV_AWS_192 | resource | AWS::WAFv2::WebACL | Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Cloudformation | [WAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/WAFACLCVE202144228.py) | | 581 | CKV_AWS_192 | resource | aws_wafv2_web_acl | Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform | [WAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFACLCVE202144228.py) | | 582 | CKV_AWS_193 | resource | AWS::AppSync::GraphQLApi | Ensure AppSync has Logging enabled | Cloudformation | [AppSyncLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/AppSyncLogging.py) | | 583 | CKV_AWS_193 | resource | aws_appsync_graphql_api | Ensure AppSync has Logging enabled | Terraform | [AppSyncLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AppSyncLogging.py) | | 584 | CKV_AWS_194 | resource | AWS::AppSync::GraphQLApi | Ensure AppSync has Field-Level logs enabled | Cloudformation | [AppSyncFieldLevelLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/AppSyncFieldLevelLogs.py) | | 585 | CKV_AWS_194 | resource | aws_appsync_graphql_api | Ensure AppSync has Field-Level logs enabled | Terraform | [AppSyncFieldLevelLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AppSyncFieldLevelLogs.py) | | 586 | CKV_AWS_195 | resource | AWS::Glue::Crawler | Ensure Glue component has a security configuration associated | Cloudformation | [GlueSecurityConfigurationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/GlueSecurityConfigurationEnabled.py) | | 587 | CKV_AWS_195 | resource | AWS::Glue::DevEndpoint | Ensure Glue component has a security configuration associated | Cloudformation | [GlueSecurityConfigurationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/GlueSecurityConfigurationEnabled.py) | | 588 | CKV_AWS_195 | resource | AWS::Glue::Job | Ensure Glue component has a security configuration associated | Cloudformation | [GlueSecurityConfigurationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/GlueSecurityConfigurationEnabled.py) | | 589 | CKV_AWS_195 | resource | aws_glue_crawler | Ensure Glue component has a security configuration associated | Terraform | [GlueSecurityConfigurationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlueSecurityConfigurationEnabled.py) | | 590 | CKV_AWS_195 | resource | aws_glue_dev_endpoint | Ensure Glue component has a security configuration associated | Terraform | [GlueSecurityConfigurationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlueSecurityConfigurationEnabled.py) | | 591 | CKV_AWS_195 | resource | aws_glue_job | Ensure Glue component has a security configuration associated | Terraform | [GlueSecurityConfigurationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GlueSecurityConfigurationEnabled.py) | | 592 | CKV_AWS_196 | resource | aws_elasticache_security_group | Ensure no aws_elasticache_security_group resources exist | Terraform | [ElasticacheHasSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticacheHasSecurityGroup.py) | | 593 | CKV_AWS_197 | resource | AWS::AmazonMQ::Broker | Ensure MQ Broker Audit logging is enabled | Cloudformation | [MQBrokerAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/MQBrokerAuditLogging.py) | | 594 | CKV_AWS_197 | resource | aws_mq_broker | Ensure MQ Broker Audit logging is enabled | Terraform | [MQBrokerAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerAuditLogging.py) | | 595 | CKV_AWS_198 | resource | aws_db_security_group | Ensure no aws_db_security_group resources exist | Terraform | [RDSHasSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSHasSecurityGroup.py) | | 596 | CKV_AWS_199 | resource | aws_imagebuilder_distribution_configuration | Ensure Image Builder Distribution Configuration encrypts AMI's using KMS - a customer managed Key (CMK) | Terraform | [ImagebuilderDistributionConfigurationEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ImagebuilderDistributionConfigurationEncryptedWithCMK.py) | | 597 | CKV_AWS_200 | resource | aws_imagebuilder_image_recipe | Ensure that Image Recipe EBS Disk are encrypted with CMK | Terraform | [ImagebuilderImageRecipeEBSEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ImagebuilderImageRecipeEBSEncrypted.py) | | 598 | CKV_AWS_201 | resource | aws_memorydb_cluster | Ensure MemoryDB is encrypted at rest using KMS CMKs | Terraform | [MemoryDBEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MemoryDBEncryptionWithCMK.py) | | 599 | CKV_AWS_202 | resource | aws_memorydb_cluster | Ensure MemoryDB data is encrypted in transit | Terraform | [MemoryDBClusterIntransitEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MemoryDBClusterIntransitEncryption.py) | | 600 | CKV_AWS_203 | resource | aws_fsx_openzfs_file_system | Ensure resource is encrypted by KMS using a customer managed Key (CMK) | Terraform | [FSXOpenZFSFileSystemEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/FSXOpenZFSFileSystemEncryptedWithCMK.py) | | 601 | CKV_AWS_204 | resource | aws_ami | Ensure AMIs are encrypted using KMS CMKs | Terraform | [AMIEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AMIEncryption.py) | | 602 | CKV_AWS_205 | resource | aws_ami_launch_permission | Ensure to Limit AMI launch Permissions | Terraform | [AMILaunchIsShared.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AMILaunchIsShared.py) | | 603 | CKV_AWS_206 | resource | aws_api_gateway_domain_name | Ensure API Gateway Domain uses a modern security Policy | Terraform | [APIGatewayDomainNameTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayDomainNameTLS.py) | | 604 | CKV_AWS_207 | resource | aws_mq_broker | Ensure MQ Broker minor version updates are enabled | Terraform | [MQBrokerMinorAutoUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerMinorAutoUpgrade.py) | | 605 | CKV_AWS_208 | resource | aws_mq_broker | Ensure MQ Broker version is current | Terraform | [MQBrokerVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerVersion.py) | | 606 | CKV_AWS_208 | resource | aws_mq_configuration | Ensure MQ Broker version is current | Terraform | [MQBrokerVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerVersion.py) | | 607 | CKV_AWS_209 | resource | aws_mq_broker | Ensure MQ broker encrypted by KMS using a customer managed Key (CMK) | Terraform | [MQBrokerEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MQBrokerEncryptedWithCMK.py) | | 608 | CKV_AWS_210 | resource | aws_batch_job_definition | Batch job does not define a privileged container | Terraform | [BatchJobIsNotPrivileged.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/BatchJobIsNotPrivileged.py) | | 609 | CKV_AWS_211 | resource | aws_db_instance | Ensure RDS uses a modern CaCert | Terraform | [RDSCACertIsRecent.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSCACertIsRecent.py) | | 610 | CKV_AWS_212 | resource | aws_dms_replication_instance | Ensure DMS replication instance is encrypted by KMS using a customer managed Key (CMK) | Terraform | [DMSReplicationInstanceEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSReplicationInstanceEncryptedWithCMK.py) | | 611 | CKV_AWS_213 | resource | aws_load_balancer_policy | Ensure ELB Policy uses only secure protocols | Terraform | [ELBPolicyUsesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBPolicyUsesSecureProtocols.py) | | 612 | CKV_AWS_214 | resource | aws_appsync_api_cache | Ensure AppSync API Cache is encrypted at rest | Terraform | [AppsyncAPICacheEncryptionAtRest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AppsyncAPICacheEncryptionAtRest.py) | | 613 | CKV_AWS_215 | resource | aws_appsync_api_cache | Ensure AppSync API Cache is encrypted in transit | Terraform | [AppsyncAPICacheEncryptionInTransit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AppsyncAPICacheEncryptionInTransit.py) | | 614 | CKV_AWS_216 | resource | aws_cloudfront_distribution | Ensure CloudFront distribution is enabled | Terraform | [CloudfrontDistributionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionEnabled.py) | | 615 | CKV_AWS_217 | resource | aws_api_gateway_deployment | Ensure Create before destroy for API deployments | Terraform | [APIGatewayDeploymentCreateBeforeDestroy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayDeploymentCreateBeforeDestroy.py) | | 616 | CKV_AWS_218 | resource | aws_cloudsearch_domain | Ensure that CloudSearch is using latest TLS | Terraform | [CloudsearchDomainTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudsearchDomainTLS.py) | | 617 | CKV_AWS_219 | resource | aws_codepipeline | Ensure CodePipeline Artifact store is using a KMS CMK | Terraform | [CodePipelineArtifactsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodePipelineArtifactsEncrypted.py) | | 618 | CKV_AWS_220 | resource | aws_cloudsearch_domain | Ensure that CloudSearch is using https | Terraform | [CloudsearchDomainEnforceHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudsearchDomainEnforceHttps.py) | | 619 | CKV_AWS_221 | resource | aws_codeartifact_domain | Ensure CodeArtifact Domain is encrypted by KMS using a customer managed Key (CMK) | Terraform | [CodeArtifactDomainEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodeArtifactDomainEncryptedWithCMK.py) | | 620 | CKV_AWS_222 | resource | aws_dms_replication_instance | Ensure DMS replication instance gets all minor upgrade automatically | Terraform | [DMSReplicationInstanceMinorUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSReplicationInstanceMinorUpgrade.py) | | 621 | CKV_AWS_223 | resource | aws_ecs_cluster | Ensure ECS Cluster enables logging of ECS Exec | Terraform | [ECSClusterLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSClusterLoggingEnabled.py) | | 622 | CKV_AWS_224 | resource | aws_ecs_cluster | Ensure ECS Cluster logging is enabled and client to container communication uses CMK | Terraform | [ECSClusterLoggingEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSClusterLoggingEncryptedWithCMK.py) | | 623 | CKV_AWS_225 | resource | aws_api_gateway_method_settings | Ensure API Gateway method setting caching is enabled | Terraform | [APIGatewayMethodSettingsCacheEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayMethodSettingsCacheEnabled.py) | | 624 | CKV_AWS_226 | resource | aws_db_instance | Ensure DB instance gets all minor upgrades automatically | Terraform | [DBInstanceMinorUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBInstanceMinorUpgrade.py) | | 625 | CKV_AWS_226 | resource | aws_rds_cluster_instance | Ensure DB instance gets all minor upgrades automatically | Terraform | [DBInstanceMinorUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBInstanceMinorUpgrade.py) | | 626 | CKV_AWS_227 | resource | aws_kms_key | Ensure KMS key is enabled | Terraform | [KMSKeyIsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KMSKeyIsEnabled.py) | | 627 | CKV_AWS_228 | resource | aws_elasticsearch_domain | Verify Elasticsearch domain is using an up to date TLS policy | Terraform | [ElasticsearchTLSPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchTLSPolicy.py) | | 628 | CKV_AWS_228 | resource | aws_opensearch_domain | Verify Elasticsearch domain is using an up to date TLS policy | Terraform | [ElasticsearchTLSPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchTLSPolicy.py) | | 629 | CKV_AWS_229 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 | Terraform | [NetworkACLUnrestrictedIngress21.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress21.py) | | 630 | CKV_AWS_229 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 | Terraform | [NetworkACLUnrestrictedIngress21.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress21.py) | | 631 | CKV_AWS_230 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 | Terraform | [NetworkACLUnrestrictedIngress20.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress20.py) | | 632 | CKV_AWS_230 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 | Terraform | [NetworkACLUnrestrictedIngress20.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress20.py) | | 633 | CKV_AWS_231 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 | Terraform | [NetworkACLUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress3389.py) | | 634 | CKV_AWS_231 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 | Terraform | [NetworkACLUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress3389.py) | | 635 | CKV_AWS_232 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 | Terraform | [NetworkACLUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress22.py) | | 636 | CKV_AWS_232 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 | Terraform | [NetworkACLUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestrictedIngress22.py) | | 637 | CKV_AWS_233 | resource | aws_acm_certificate | Ensure Create before destroy for ACM certificates | Terraform | [ACMCertCreateBeforeDestroy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ACMCertCreateBeforeDestroy.py) | | 638 | CKV_AWS_234 | resource | aws_acm_certificate | Verify logging preference for ACM certificates | Terraform | [ACMCertSetLoggingPreference.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ACMCertSetLoggingPreference.py) | | 639 | CKV_AWS_235 | resource | aws_ami_copy | Ensure that copied AMIs are encrypted | Terraform | [AMICopyIsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AMICopyIsEncrypted.py) | | 640 | CKV_AWS_236 | resource | aws_ami_copy | Ensure AMI copying uses a CMK | Terraform | [AMICopyUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AMICopyUsesCMK.py) | | 641 | CKV_AWS_237 | resource | aws_api_gateway_rest_api | Ensure Create before destroy for API Gateway | Terraform | [APIGatewayCreateBeforeDestroy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayCreateBeforeDestroy.py) | | 642 | CKV_AWS_238 | resource | aws_guardduty_detector | Ensure that GuardDuty detector is enabled | Terraform | [GuarddutyDetectorEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/GuarddutyDetectorEnabled.py) | | 643 | CKV_AWS_239 | resource | aws_dax_cluster | Ensure DAX cluster endpoint is using TLS | Terraform | [DAXEndpointTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DAXEndpointTLS.py) | | 644 | CKV_AWS_240 | resource | aws_kinesis_firehose_delivery_stream | Ensure Kinesis Firehose delivery stream is encrypted | Terraform | [KinesisFirehoseDeliveryStreamSSE.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KinesisFirehoseDeliveryStreamSSE.py) | | 645 | CKV_AWS_241 | resource | aws_kinesis_firehose_delivery_stream | Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK | Terraform | [KinesisFirehoseDeliveryStreamUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KinesisFirehoseDeliveryStreamUsesCMK.py) | | 646 | CKV_AWS_242 | resource | aws_mwaa_environment | Ensure MWAA environment has scheduler logs enabled | Terraform | [MWAASchedulerLogsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MWAASchedulerLogsEnabled.py) | | 647 | CKV_AWS_243 | resource | aws_mwaa_environment | Ensure MWAA environment has worker logs enabled | Terraform | [MWAAWorkerLogsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MWAAWorkerLogsEnabled.py) | | 648 | CKV_AWS_244 | resource | aws_mwaa_environment | Ensure MWAA environment has webserver logs enabled | Terraform | [MWAAWebserverLogsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MWAAWebserverLogsEnabled.py) | | 649 | CKV_AWS_245 | resource | aws_db_instance_automated_backups_replication | Ensure replicated backups are encrypted at rest using KMS CMKs | Terraform | [RDSInstanceAutoBackupEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstanceAutoBackupEncryptionWithCMK.py) | | 650 | CKV_AWS_246 | resource | aws_rds_cluster_activity_stream | Ensure RDS Cluster activity streams are encrypted using KMS CMKs | Terraform | [RDSClusterActivityStreamEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterActivityStreamEncryptedWithCMK.py) | | 651 | CKV_AWS_247 | resource | aws_elasticsearch_domain | Ensure all data stored in the Elasticsearch is encrypted with a CMK | Terraform | [ElasticsearchEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchEncryptionWithCMK.py) | | 652 | CKV_AWS_247 | resource | aws_opensearch_domain | Ensure all data stored in the Elasticsearch is encrypted with a CMK | Terraform | [ElasticsearchEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchEncryptionWithCMK.py) | | 653 | CKV_AWS_248 | resource | aws_elasticsearch_domain | Ensure that Elasticsearch is not using the default Security Group | Terraform | [ElasticsearchDefaultSG.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDefaultSG.py) | | 654 | CKV_AWS_248 | resource | aws_opensearch_domain | Ensure that Elasticsearch is not using the default Security Group | Terraform | [ElasticsearchDefaultSG.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDefaultSG.py) | | 655 | CKV_AWS_249 | resource | aws_ecs_task_definition | Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions | Terraform | [ECSTaskDefinitionRoleCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSTaskDefinitionRoleCheck.py) | | 656 | CKV_AWS_250 | resource | aws_db_instance | Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) | Terraform | [RDSPostgreSQLLogFDWExtension.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSPostgreSQLLogFDWExtension.py) | | 657 | CKV_AWS_250 | resource | aws_rds_cluster | Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) | Terraform | [RDSPostgreSQLLogFDWExtension.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSPostgreSQLLogFDWExtension.py) | | 658 | CKV_AWS_251 | resource | aws_cloudtrail | Ensure CloudTrail logging is enabled | Terraform | [CloudtrailEnableLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailEnableLogging.py) | | 659 | CKV_AWS_252 | resource | aws_cloudtrail | Ensure CloudTrail defines an SNS Topic | Terraform | [CloudtrailDefinesSNSTopic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailDefinesSNSTopic.py) | | 660 | CKV_AWS_253 | resource | aws_dlm_lifecycle_policy | Ensure DLM cross region events are encrypted | Terraform | [DLMEventsCrossRegionEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DLMEventsCrossRegionEncryption.py) | | 661 | CKV_AWS_254 | resource | aws_dlm_lifecycle_policy | Ensure DLM cross region events are encrypted with Customer Managed Key | Terraform | [DLMEventsCrossRegionEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DLMEventsCrossRegionEncryptionWithCMK.py) | | 662 | CKV_AWS_255 | resource | aws_dlm_lifecycle_policy | Ensure DLM cross region schedules are encrypted | Terraform | [DLMScheduleCrossRegionEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DLMScheduleCrossRegionEncryption.py) | | 663 | CKV_AWS_256 | resource | aws_dlm_lifecycle_policy | Ensure DLM cross region schedules are encrypted using a Customer Managed Key | Terraform | [DLMScheduleCrossRegionEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DLMScheduleCrossRegionEncryptionWithCMK.py) | | 664 | CKV_AWS_257 | resource | aws_codecommit_approval_rule_template | Ensure CodeCommit branch changes have at least 2 approvals | Terraform | [CodecommitApprovalsRulesRequireMin2.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodecommitApprovalsRulesRequireMin2.py) | | 665 | CKV_AWS_258 | resource | AWS::Lambda::Url | Ensure that Lambda function URLs AuthType is not None | Cloudformation | [LambdaFunctionURLAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaFunctionURLAuth.py) | | 666 | CKV_AWS_258 | resource | aws_lambda_function_url | Ensure that Lambda function URLs AuthType is not None | Terraform | [LambdaFunctionURLAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaFunctionURLAuth.py) | | 667 | CKV_AWS_259 | resource | aws_cloudfront_response_headers_policy | Ensure CloudFront response header policy enforces Strict Transport Security | Terraform | [CloudFrontResponseHeaderStrictTransportSecurity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudFrontResponseHeaderStrictTransportSecurity.py) | | 668 | CKV_AWS_260 | resource | AWS::EC2::SecurityGroup | Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 | Cloudformation | [SecurityGroupUnrestrictedIngress80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py) | | 669 | CKV_AWS_260 | resource | AWS::EC2::SecurityGroupIngress | Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 | Cloudformation | [SecurityGroupUnrestrictedIngress80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py) | | 670 | CKV_AWS_260 | resource | aws_security_group | Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 | Terraform | [SecurityGroupUnrestrictedIngress80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py) | | 671 | CKV_AWS_260 | resource | aws_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 | Terraform | [SecurityGroupUnrestrictedIngress80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py) | | 672 | CKV_AWS_260 | resource | aws_vpc_security_group_ingress_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 80 | Terraform | [SecurityGroupUnrestrictedIngress80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngress80.py) | | 673 | CKV_AWS_261 | resource | aws_alb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | [LBTargetGroupsDefinesHealthcheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LBTargetGroupsDefinesHealthcheck.py) | | 674 | CKV_AWS_261 | resource | aws_lb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | [LBTargetGroupsDefinesHealthcheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LBTargetGroupsDefinesHealthcheck.py) | | 675 | CKV_AWS_262 | resource | aws_kendra_index | Ensure Kendra index Server side encryption uses CMK | Terraform | [KendraIndexSSEUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KendraIndexSSEUsesCMK.py) | | 676 | CKV_AWS_263 | resource | aws_appflow_flow | Ensure AppFlow flow uses CMK | Terraform | [AppFlowUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AppFlowUsesCMK.py) | | 677 | CKV_AWS_264 | resource | aws_appflow_connector_profile | Ensure AppFlow connector profile uses CMK | Terraform | [AppFlowConnectorProfileUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AppFlowConnectorProfileUsesCMK.py) | | 678 | CKV_AWS_265 | resource | aws_keyspaces_table | Ensure Keyspaces Table uses CMK | Terraform | [KeyspacesTableUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/KeyspacesTableUsesCMK.py) | | 679 | CKV_AWS_266 | resource | aws_db_snapshot_copy | Ensure DB Snapshot copy uses CMK | Terraform | [DBSnapshotCopyUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBSnapshotCopyUsesCMK.py) | | 680 | CKV_AWS_267 | resource | aws_comprehend_entity_recognizer | Ensure that Comprehend Entity Recognizer's model is encrypted by KMS using a customer managed Key (CMK) | Terraform | [ComprehendEntityRecognizerModelUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ComprehendEntityRecognizerModelUsesCMK.py) | | 681 | CKV_AWS_268 | resource | aws_comprehend_entity_recognizer | Ensure that Comprehend Entity Recognizer's volume is encrypted by KMS using a customer managed Key (CMK) | Terraform | [ComprehendEntityRecognizerVolumeUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ComprehendEntityRecognizerVolumeUsesCMK.py) | | 682 | CKV_AWS_269 | resource | aws_connect_instance_storage_config | Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK | Terraform | [ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py) | | 683 | CKV_AWS_270 | resource | aws_connect_instance_storage_config | Ensure Connect Instance S3 Storage Config uses CMK | Terraform | [ConnectInstanceS3StorageConfigUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ConnectInstanceS3StorageConfigUsesCMK.py) | | 684 | CKV_AWS_271 | resource | aws_dynamodb_table_replica | Ensure DynamoDB table replica KMS encryption uses CMK | Terraform | [DynamoDBTableReplicaKMSUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DynamoDBTableReplicaKMSUsesCMK.py) | | 685 | CKV_AWS_272 | resource | aws_lambda_function | Ensure AWS Lambda function is configured to validate code-signing | Terraform | [LambdaCodeSigningConfigured.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaCodeSigningConfigured.py) | | 686 | CKV_AWS_273 | resource | aws_iam_user | Ensure access is controlled through SSO and not AWS IAM defined users | Terraform | [IAMUserNotUsedForAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMUserNotUsedForAccess.py) | | 687 | CKV_AWS_274 | resource | aws_iam_group_policy_attachment | Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py) | | 688 | CKV_AWS_274 | resource | aws_iam_policy_attachment | Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py) | | 689 | CKV_AWS_274 | resource | aws_iam_role | Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py) | | 690 | CKV_AWS_274 | resource | aws_iam_role_policy_attachment | Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py) | | 691 | CKV_AWS_274 | resource | aws_iam_user_policy_attachment | Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py) | | 692 | CKV_AWS_274 | resource | aws_ssoadmin_managed_policy_attachment | Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMManagedAdminPolicy.py) | | 693 | CKV_AWS_275 | data | aws_iam_policy | Disallow policies from using the AWS AdministratorAccess policy | Terraform | [IAMManagedAdminPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMManagedAdminPolicy.py) | | 694 | CKV_AWS_276 | resource | aws_api_gateway_method_settings | Ensure Data Trace is not enabled in API Gateway Method Settings | Terraform | [APIGatewayMethodSettingsDataTrace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayMethodSettingsDataTrace.py) | | 695 | CKV_AWS_277 | resource | aws_security_group | Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 | Terraform | [SecurityGroupUnrestrictedIngressAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngressAny.py) | | 696 | CKV_AWS_277 | resource | aws_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 | Terraform | [SecurityGroupUnrestrictedIngressAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngressAny.py) | | 697 | CKV_AWS_277 | resource | aws_vpc_security_group_ingress_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port -1 | Terraform | [SecurityGroupUnrestrictedIngressAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedIngressAny.py) | | 698 | CKV_AWS_278 | resource | aws_memorydb_snapshot | Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK) | Terraform | [MemoryDBSnapshotEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MemoryDBSnapshotEncryptionWithCMK.py) | | 699 | CKV_AWS_279 | resource | aws_neptune_cluster_snapshot | Ensure Neptune snapshot is securely encrypted | Terraform | [NeptuneClusterSnapshotEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterSnapshotEncrypted.py) | | 700 | CKV_AWS_280 | resource | aws_neptune_cluster_snapshot | Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK) | Terraform | [NeptuneClusterSnapshotEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterSnapshotEncryptedWithCMK.py) | | 701 | CKV_AWS_281 | resource | aws_redshift_snapshot_copy_grant | Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK) | Terraform | [RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py) | | 702 | CKV_AWS_282 | resource | aws_redshiftserverless_namespace | Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK) | Terraform | [RedshiftServerlessNamespaceKMSKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftServerlessNamespaceKMSKey.py) | | 703 | CKV_AWS_283 | data | aws_iam_policy_document | Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource | Terraform | [IAMPublicActionsPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/IAMPublicActionsPolicy.py) | | 704 | CKV_AWS_284 | resource | aws_sfn_state_machine | Ensure State Machine has X-Ray tracing enabled | Terraform | [StateMachineXray.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/StateMachineXray.py) | | 705 | CKV_AWS_285 | resource | aws_sfn_state_machine | Ensure State Machine has execution history logging enabled | Terraform | [StateMachineLoggingExecutionHistory.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/StateMachineLoggingExecutionHistory.py) | | 706 | CKV_AWS_286 | resource | aws_iam_group_policy | Ensure IAM policies does not allow privilege escalation | Terraform | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPrivilegeEscalation.py) | | 707 | CKV_AWS_286 | resource | aws_iam_policy | Ensure IAM policies does not allow privilege escalation | Terraform | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPrivilegeEscalation.py) | | 708 | CKV_AWS_286 | resource | aws_iam_role_policy | Ensure IAM policies does not allow privilege escalation | Terraform | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPrivilegeEscalation.py) | | 709 | CKV_AWS_286 | resource | aws_iam_user_policy | Ensure IAM policies does not allow privilege escalation | Terraform | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPrivilegeEscalation.py) | | 710 | CKV_AWS_286 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies does not allow privilege escalation | Terraform | [IAMPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPrivilegeEscalation.py) | | 711 | CKV_AWS_287 | resource | aws_iam_group_policy | Ensure IAM policies does not allow credentials exposure | Terraform | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMCredentialsExposure.py) | | 712 | CKV_AWS_287 | resource | aws_iam_policy | Ensure IAM policies does not allow credentials exposure | Terraform | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMCredentialsExposure.py) | | 713 | CKV_AWS_287 | resource | aws_iam_role_policy | Ensure IAM policies does not allow credentials exposure | Terraform | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMCredentialsExposure.py) | | 714 | CKV_AWS_287 | resource | aws_iam_user_policy | Ensure IAM policies does not allow credentials exposure | Terraform | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMCredentialsExposure.py) | | 715 | CKV_AWS_287 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies does not allow credentials exposure | Terraform | [IAMCredentialsExposure.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMCredentialsExposure.py) | | 716 | CKV_AWS_288 | resource | aws_iam_group_policy | Ensure IAM policies does not allow data exfiltration | Terraform | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMDataExfiltration.py) | | 717 | CKV_AWS_288 | resource | aws_iam_policy | Ensure IAM policies does not allow data exfiltration | Terraform | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMDataExfiltration.py) | | 718 | CKV_AWS_288 | resource | aws_iam_role_policy | Ensure IAM policies does not allow data exfiltration | Terraform | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMDataExfiltration.py) | | 719 | CKV_AWS_288 | resource | aws_iam_user_policy | Ensure IAM policies does not allow data exfiltration | Terraform | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMDataExfiltration.py) | | 720 | CKV_AWS_288 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies does not allow data exfiltration | Terraform | [IAMDataExfiltration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMDataExfiltration.py) | | 721 | CKV_AWS_289 | resource | aws_iam_group_policy | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPermissionsManagement.py) | | 722 | CKV_AWS_289 | resource | aws_iam_policy | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPermissionsManagement.py) | | 723 | CKV_AWS_289 | resource | aws_iam_role_policy | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPermissionsManagement.py) | | 724 | CKV_AWS_289 | resource | aws_iam_user_policy | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPermissionsManagement.py) | | 725 | CKV_AWS_289 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform | [IAMPermissionsManagement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMPermissionsManagement.py) | | 726 | CKV_AWS_290 | resource | aws_iam_group_policy | Ensure IAM policies does not allow write access without constraints | Terraform | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMWriteAccess.py) | | 727 | CKV_AWS_290 | resource | aws_iam_policy | Ensure IAM policies does not allow write access without constraints | Terraform | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMWriteAccess.py) | | 728 | CKV_AWS_290 | resource | aws_iam_role_policy | Ensure IAM policies does not allow write access without constraints | Terraform | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMWriteAccess.py) | | 729 | CKV_AWS_290 | resource | aws_iam_user_policy | Ensure IAM policies does not allow write access without constraints | Terraform | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMWriteAccess.py) | | 730 | CKV_AWS_290 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies does not allow write access without constraints | Terraform | [IAMWriteAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMWriteAccess.py) | | 731 | CKV_AWS_291 | resource | AWS::MSK::Cluster | Ensure MSK nodes are private | Cloudformation | [MSKClusterNodesArePrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/MSKClusterNodesArePrivate.py) | | 732 | CKV_AWS_291 | resource | aws_msk_cluster | Ensure MSK nodes are private | Terraform | [MSKClusterNodesArePrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MSKClusterNodesArePrivate.py) | | 733 | CKV_AWS_292 | resource | aws_docdb_global_cluster | Ensure DocumentDB Global Cluster is encrypted at rest (default is unencrypted) | Terraform | [DocDBGlobalClusterEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBGlobalClusterEncryption.py) | | 734 | CKV_AWS_293 | resource | aws_db_instance | Ensure that AWS database instances have deletion protection enabled | Terraform | [RDSInstanceDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstanceDeletionProtection.py) | | 735 | CKV_AWS_294 | resource | aws_cloudtrail_event_data_store | Ensure CloudTrail Event Data Store uses CMK | Terraform | [CloudtrailEventDataStoreUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailEventDataStoreUsesCMK.py) | | 736 | CKV_AWS_295 | resource | aws_datasync_location_object_storage | Ensure DataSync Location Object Storage doesn't expose secrets | Terraform | [DatasyncLocationExposesSecrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DatasyncLocationExposesSecrets.py) | | 737 | CKV_AWS_296 | resource | aws_dms_endpoint | Ensure DMS endpoint uses Customer Managed Key (CMK) | Terraform | [DMSEndpointUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSEndpointUsesCMK.py) | | 738 | CKV_AWS_297 | resource | aws_scheduler_schedule | Ensure EventBridge Scheduler Schedule uses Customer Managed Key (CMK) | Terraform | [SchedulerScheduleUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SchedulerScheduleUsesCMK.py) | | 739 | CKV_AWS_298 | resource | aws_dms_s3_endpoint | Ensure DMS S3 uses Customer Managed Key (CMK) | Terraform | [DMSS3UsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSS3UsesCMK.py) | | 740 | CKV_AWS_300 | resource | aws_s3_bucket_lifecycle_configuration | Ensure S3 lifecycle configuration sets period for aborting failed uploads | Terraform | [S3AbortIncompleteUploads.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3AbortIncompleteUploads.py) | | 741 | CKV_AWS_301 | resource | aws_lambda_permission | Ensure that AWS Lambda function is not publicly accessible | Terraform | [LambdaFunctionIsNotPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaFunctionIsNotPublic.py) | | 742 | CKV_AWS_302 | resource | aws_db_snapshot | Ensure DB Snapshots are not Public | Terraform | [DBSnapshotsArePrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBSnapshotsArePrivate.py) | | 743 | CKV_AWS_303 | resource | aws_ssm_document | Ensure SSM documents are not Public | Terraform | [SSMDocumentsArePrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SSMDocumentsArePrivate.py) | | 744 | CKV_AWS_304 | resource | aws_secretsmanager_secret_rotation | Ensure Secrets Manager secrets should be rotated within 90 days | Terraform | [SecretManagerSecret90days.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecretManagerSecret90days.py) | | 745 | CKV_AWS_305 | resource | aws_cloudfront_distribution | Ensure CloudFront distribution has a default root object configured | Terraform | [CloudfrontDistributionDefaultRoot.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionDefaultRoot.py) | | 746 | CKV_AWS_306 | resource | aws_sagemaker_notebook_instance | Ensure SageMaker notebook instances should be launched into a custom VPC | Terraform | [SagemakerNotebookInCustomVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerNotebookInCustomVPC.py) | | 747 | CKV_AWS_307 | resource | aws_sagemaker_notebook_instance | Ensure SageMaker Users should not have root access to SageMaker notebook instances | Terraform | [SagemakerNotebookRoot.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerNotebookRoot.py) | | 748 | CKV_AWS_308 | resource | aws_api_gateway_method_settings | Ensure API Gateway method setting caching is set to encrypted | Terraform | [APIGatewayMethodSettingsCacheEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayMethodSettingsCacheEncrypted.py) | | 749 | CKV_AWS_309 | resource | aws_apigatewayv2_route | Ensure API GatewayV2 routes specify an authorization type | Terraform | [APIGatewayV2RouteDefinesAuthorizationType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayV2RouteDefinesAuthorizationType.py) | | 750 | CKV_AWS_310 | resource | aws_cloudfront_distribution | Ensure CloudFront distributions should have origin failover configured | Terraform | [CloudfrontDistributionOriginFailover.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionOriginFailover.py) | | 751 | CKV_AWS_311 | resource | aws_codebuild_project | Ensure that CodeBuild S3 logs are encrypted | Terraform | [CodebuildS3LogsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodebuildS3LogsEncrypted.py) | | 752 | CKV_AWS_312 | resource | aws_elastic_beanstalk_environment | Ensure Elastic Beanstalk environments have enhanced health reporting enabled | Terraform | [ElasticBeanstalkUseEnhancedHealthChecks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticBeanstalkUseEnhancedHealthChecks.py) | | 753 | CKV_AWS_313 | resource | aws_rds_cluster | Ensure RDS cluster configured to copy tags to snapshots | Terraform | [RDSClusterCopyTags.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterCopyTags.py) | | 754 | CKV_AWS_314 | resource | aws_codebuild_project | Ensure CodeBuild project environments have a logging configuration | Terraform | [CodebuildHasLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodebuildHasLogs.py) | | 755 | CKV_AWS_315 | resource | aws_autoscaling_group | Ensure EC2 Auto Scaling groups use EC2 launch templates | Terraform | [AutoScalingLaunchTemplate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AutoScalingLaunchTemplate.py) | | 756 | CKV_AWS_316 | resource | aws_codebuild_project | Ensure CodeBuild project environments do not have privileged mode enabled | Terraform | [CodeBuildPrivilegedMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodeBuildPrivilegedMode.py) | | 757 | CKV_AWS_317 | resource | AWS::Elasticsearch::Domain | Ensure Elasticsearch Domain Audit Logging is enabled | Cloudformation | [ElasticsearchDomainAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchDomainAuditLogging.py) | | 758 | CKV_AWS_317 | resource | AWS::OpenSearchService::Domain | Ensure Elasticsearch Domain Audit Logging is enabled | Cloudformation | [ElasticsearchDomainAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ElasticsearchDomainAuditLogging.py) | | 759 | CKV_AWS_317 | resource | aws_elasticsearch_domain | Ensure Elasticsearch Domain Audit Logging is enabled | Terraform | [ElasticsearchDomainAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainAuditLogging.py) | | 760 | CKV_AWS_317 | resource | aws_opensearch_domain | Ensure Elasticsearch Domain Audit Logging is enabled | Terraform | [ElasticsearchDomainAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainAuditLogging.py) | | 761 | CKV_AWS_318 | resource | aws_elasticsearch_domain | Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA | Terraform | [ElasticsearchDomainHA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainHA.py) | | 762 | CKV_AWS_318 | resource | aws_opensearch_domain | Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA | Terraform | [ElasticsearchDomainHA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainHA.py) | | 763 | CKV_AWS_319 | resource | aws_cloudwatch_metric_alarm | Ensure that CloudWatch alarm actions are enabled | Terraform | [CloudWatchAlarmsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudWatchAlarmsEnabled.py) | | 764 | CKV_AWS_320 | resource | aws_redshift_cluster | Ensure Redshift clusters do not use the default database name | Terraform | [RedshiftClusterDatabaseName.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterDatabaseName.py) | | 765 | CKV_AWS_321 | resource | aws_redshift_cluster | Ensure Redshift clusters use enhanced VPC routing | Terraform | [RedshiftClusterUseEnhancedVPCRouting.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterUseEnhancedVPCRouting.py) | | 766 | CKV_AWS_322 | resource | aws_elasticache_cluster | Ensure ElastiCache for Redis cache clusters have auto minor version upgrades enabled | Terraform | [ElasticCacheAutomaticMinorUpgrades.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticCacheAutomaticMinorUpgrades.py) | | 767 | CKV_AWS_323 | resource | aws_elasticache_cluster | Ensure ElastiCache clusters do not use the default subnet group | Terraform | [ElastiCacheHasCustomSubnet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElastiCacheHasCustomSubnet.py) | | 768 | CKV_AWS_324 | resource | aws_rds_cluster | Ensure that RDS Cluster log capture is enabled | Terraform | [RDSClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterLogging.py) | | 769 | CKV_AWS_325 | resource | aws_rds_cluster | Ensure that RDS Cluster audit logging is enabled for MySQL engine | Terraform | [RDSClusterAuditLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterAuditLogging.py) | | 770 | CKV_AWS_326 | resource | aws_rds_cluster | Ensure that RDS Aurora Clusters have backtracking enabled | Terraform | [RDSClusterAuroraBacktrack.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterAuroraBacktrack.py) | | 771 | CKV_AWS_327 | resource | aws_rds_cluster | Ensure RDS Clusters are encrypted using KMS CMKs | Terraform | [RDSClusterEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterEncryptedWithCMK.py) | | 772 | CKV_AWS_328 | resource | aws_alb | Ensure that ALB is configured with defensive or strictest desync mitigation mode | Terraform | [ALBDesyncMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBDesyncMode.py) | | 773 | CKV_AWS_328 | resource | aws_elb | Ensure that ALB is configured with defensive or strictest desync mitigation mode | Terraform | [ALBDesyncMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBDesyncMode.py) | | 774 | CKV_AWS_328 | resource | aws_lb | Ensure that ALB is configured with defensive or strictest desync mitigation mode | Terraform | [ALBDesyncMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ALBDesyncMode.py) | | 775 | CKV_AWS_329 | resource | aws_efs_access_point | EFS access points should enforce a root directory | Terraform | [EFSAccessPointRoot.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EFSAccessPointRoot.py) | | 776 | CKV_AWS_330 | resource | aws_efs_access_point | EFS access points should enforce a user identity | Terraform | [EFSAccessUserIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EFSAccessUserIdentity.py) | | 777 | CKV_AWS_331 | resource | aws_ec2_transit_gateway | Ensure Transit Gateways do not automatically accept VPC attachment requests | Terraform | [Ec2TransitGatewayAutoAccept.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/Ec2TransitGatewayAutoAccept.py) | | 778 | CKV_AWS_332 | resource | aws_ecs_service | Ensure ECS Fargate services run on the latest Fargate platform version | Terraform | [ECSServiceFargateLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSServiceFargateLatest.py) | | 779 | CKV_AWS_333 | resource | aws_ecs_service | Ensure ECS services do not have public IP addresses assigned to them automatically | Terraform | [ECSServicePublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSServicePublicIP.py) | | 780 | CKV_AWS_334 | resource | aws_ecs_task_definition | Ensure ECS containers should run as non-privileged | Terraform | [ECSContainerPrivilege.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSContainerPrivilege.py) | | 781 | CKV_AWS_335 | resource | aws_ecs_task_definition | Ensure ECS task definitions should not share the host's process namespace | Terraform | [ECSContainerHostProcess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSContainerHostProcess.py) | | 782 | CKV_AWS_336 | resource | aws_ecs_task_definition | Ensure ECS containers are limited to read-only access to root filesystems | Terraform | [ECSContainerReadOnlyRoot.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSContainerReadOnlyRoot.py) | | 783 | CKV_AWS_337 | resource | aws_ssm_parameter | Ensure SSM parameters are using KMS CMK | Terraform | [SSMParameterUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SSMParameterUsesCMK.py) | | 784 | CKV_AWS_338 | resource | aws_cloudwatch_log_group | Ensure CloudWatch log groups retains logs for at least 1 year | Terraform | [CloudWatchLogGroupRetentionYear.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudWatchLogGroupRetentionYear.py) | | 785 | CKV_AWS_339 | resource | aws_eks_cluster | Ensure EKS clusters run on a supported Kubernetes version | Terraform | [EKSPlatformVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EKSPlatformVersion.py) | | 786 | CKV_AWS_340 | resource | aws_elastic_beanstalk_environment | Ensure Elastic Beanstalk managed platform updates are enabled | Terraform | [ElasticBeanstalkUseManagedUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticBeanstalkUseManagedUpdates.py) | | 787 | CKV_AWS_341 | resource | aws_launch_configuration | Ensure Launch template should not have a metadata response hop limit greater than 1 | Terraform | [LaunchTemplateMetadataHop.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LaunchTemplateMetadataHop.py) | | 788 | CKV_AWS_341 | resource | aws_launch_template | Ensure Launch template should not have a metadata response hop limit greater than 1 | Terraform | [LaunchTemplateMetadataHop.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LaunchTemplateMetadataHop.py) | | 789 | CKV_AWS_342 | resource | aws_waf_rule_group | Ensure WAF rule has any actions | Terraform | [WAFRuleHasAnyActions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFRuleHasAnyActions.py) | | 790 | CKV_AWS_342 | resource | aws_waf_web_acl | Ensure WAF rule has any actions | Terraform | [WAFRuleHasAnyActions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFRuleHasAnyActions.py) | | 791 | CKV_AWS_342 | resource | aws_wafregional_rule_group | Ensure WAF rule has any actions | Terraform | [WAFRuleHasAnyActions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFRuleHasAnyActions.py) | | 792 | CKV_AWS_342 | resource | aws_wafregional_web_acl | Ensure WAF rule has any actions | Terraform | [WAFRuleHasAnyActions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFRuleHasAnyActions.py) | | 793 | CKV_AWS_342 | resource | aws_wafv2_rule_group | Ensure WAF rule has any actions | Terraform | [WAFRuleHasAnyActions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFRuleHasAnyActions.py) | | 794 | CKV_AWS_342 | resource | aws_wafv2_web_acl | Ensure WAF rule has any actions | Terraform | [WAFRuleHasAnyActions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/WAFRuleHasAnyActions.py) | | 795 | CKV_AWS_343 | resource | aws_redshift_cluster | Ensure Amazon Redshift clusters should have automatic snapshots enabled | Terraform | [RedshiftClusterAutoSnap.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterAutoSnap.py) | | 796 | CKV_AWS_344 | resource | aws_networkfirewall_firewall | Ensure that Network firewalls have deletion protection enabled | Terraform | [NetworkFirewallDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkFirewallDeletionProtection.py) | | 797 | CKV_AWS_345 | resource | aws_networkfirewall_firewall | Ensure that Network firewall encryption is via a CMK | Terraform | [NetworkFirewallUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkFirewallUsesCMK.py) | | 798 | CKV_AWS_345 | resource | aws_networkfirewall_rule_group | Ensure that Network firewall encryption is via a CMK | Terraform | [NetworkFirewallUsesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkFirewallUsesCMK.py) | | 799 | CKV_AWS_346 | resource | aws_networkfirewall_firewall_policy | Ensure Network Firewall Policy defines an encryption configuration that uses a customer managed Key (CMK) | Terraform | [NetworkFirewallPolicyDefinesCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkFirewallPolicyDefinesCMK.py) | | 800 | CKV_AWS_347 | resource | aws_neptune_cluster | Ensure Neptune is encrypted by KMS using a customer managed Key (CMK) | Terraform | [NeptuneClusterEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterEncryptedWithCMK.py) | | 801 | CKV_AWS_348 | resource | aws_iam_access_key | Ensure IAM root user does not have Access keys | Terraform | [IAMUserRootAccessKeys.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMUserRootAccessKeys.py) | | 802 | CKV_AWS_349 | resource | aws_emr_security_configuration | Ensure EMR Cluster security configuration encrypts local disks | Terraform | [EMRClusterConfEncryptsLocalDisk.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EMRClusterConfEncryptsLocalDisk.py) | | 803 | CKV_AWS_350 | resource | aws_emr_security_configuration | Ensure EMR Cluster security configuration encrypts EBS disks | Terraform | [EMRClusterConfEncryptsEBS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EMRClusterConfEncryptsEBS.py) | | 804 | CKV_AWS_351 | resource | aws_emr_security_configuration | Ensure EMR Cluster security configuration encrypts InTransit | Terraform | [EMRClusterConfEncryptsInTransit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EMRClusterConfEncryptsInTransit.py) | | 805 | CKV_AWS_352 | resource | aws_network_acl_rule | Ensure NACL ingress does not allow all Ports | Terraform | [NetworkACLUnrestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NetworkACLUnrestricted.py) | | 806 | CKV_AWS_353 | resource | aws_db_instance | Ensure that RDS instances have performance insights enabled | Terraform | [RDSInstancePerformanceInsights.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstancePerformanceInsights.py) | | 807 | CKV_AWS_353 | resource | aws_rds_cluster_instance | Ensure that RDS instances have performance insights enabled | Terraform | [RDSInstancePerformanceInsights.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstancePerformanceInsights.py) | | 808 | CKV_AWS_354 | resource | aws_db_instance | Ensure RDS Performance Insights are encrypted using KMS CMKs | Terraform | [RDSInstancePerfInsightsEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstancePerfInsightsEncryptionWithCMK.py) | | 809 | CKV_AWS_354 | resource | aws_rds_cluster_instance | Ensure RDS Performance Insights are encrypted using KMS CMKs | Terraform | [RDSInstancePerfInsightsEncryptionWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstancePerfInsightsEncryptionWithCMK.py) | | 810 | CKV_AWS_355 | resource | aws_iam_group_policy | Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions | Terraform | [IAMStarResourcePolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarResourcePolicyDocument.py) | | 811 | CKV_AWS_355 | resource | aws_iam_policy | Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions | Terraform | [IAMStarResourcePolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarResourcePolicyDocument.py) | | 812 | CKV_AWS_355 | resource | aws_iam_role_policy | Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions | Terraform | [IAMStarResourcePolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarResourcePolicyDocument.py) | | 813 | CKV_AWS_355 | resource | aws_iam_user_policy | Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions | Terraform | [IAMStarResourcePolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarResourcePolicyDocument.py) | | 814 | CKV_AWS_355 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions | Terraform | [IAMStarResourcePolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/IAMStarResourcePolicyDocument.py) | | 815 | CKV_AWS_356 | data | aws_iam_policy_document | Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions | Terraform | [ResourcePolicyDocument.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/ResourcePolicyDocument.py) | | 816 | CKV_AWS_357 | resource | aws_transfer_server | Ensure Transfer Server allows only secure protocols | Terraform | [TransferServerAllowsOnlySecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/TransferServerAllowsOnlySecureProtocols.py) | | 817 | CKV_AWS_358 | data | aws_iam_policy_document | Ensure AWS GitHub Actions OIDC authorization policies only allow safe claims and claim order | Terraform | [GithubActionsOIDCTrustPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/GithubActionsOIDCTrustPolicy.py) | | 818 | CKV_AWS_359 | resource | aws_neptune_cluster | Neptune DB clusters should have IAM database authentication enabled | Terraform | [NeptuneDBClustersIAMDatabaseAuthenticationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneDBClustersIAMDatabaseAuthenticationEnabled.py) | | 819 | CKV_AWS_360 | resource | AWS::DocDB::DBCluster | Ensure DocumentDB has an adequate backup retention period | Cloudformation | [DocDBBackupRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DocDBBackupRetention.py) | | 820 | CKV_AWS_360 | resource | aws_docdb_cluster | Ensure DocumentDB has an adequate backup retention period | Terraform | [DocDBBackupRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBBackupRetention.py) | | 821 | CKV_AWS_361 | resource | AWS::Neptune::DBCluster | Ensure that Neptune DB cluster has automated backups enabled with adequate retention | Cloudformation | [NeptuneClusterBackupRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/NeptuneClusterBackupRetention.py) | | 822 | CKV_AWS_361 | resource | aws_neptune_cluster | Ensure that Neptune DB cluster has automated backups enabled with adequate retention | Terraform | [NeptuneClusterBackupRetention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterBackupRetention.py) | | 823 | CKV_AWS_362 | resource | aws_neptune_cluster | Neptune DB clusters should be configured to copy tags to snapshots | Terraform | [NeptuneDBClustersCopyTagsToSnapshots.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneDBClustersCopyTagsToSnapshots.py) | | 824 | CKV_AWS_363 | resource | AWS::Lambda::Function | Ensure Lambda Runtime is not deprecated | Cloudformation | [DeprecatedLambdaRuntime.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DeprecatedLambdaRuntime.py) | | 825 | CKV_AWS_363 | resource | AWS::Serverless::Function | Ensure Lambda Runtime is not deprecated | Cloudformation | [DeprecatedLambdaRuntime.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/DeprecatedLambdaRuntime.py) | | 826 | CKV_AWS_363 | resource | aws_lambda_function | Ensure Lambda Runtime is not deprecated | Terraform | [DeprecatedLambdaRuntime.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DeprecatedLambdaRuntime.py) | | 827 | CKV_AWS_364 | resource | AWS::Lambda::Permission | Ensure that AWS Lambda function permissions delegated to AWS services are limited by SourceArn or SourceAccount | Cloudformation | [LambdaServicePermission.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py) | | 828 | CKV_AWS_364 | resource | aws_lambda_permission | Ensure that AWS Lambda function permissions delegated to AWS services are limited by SourceArn or SourceAccount | Terraform | [LambdaServicePermission.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaServicePermission.py) | | 829 | CKV_AWS_365 | resource | aws_ses_configuration_set | Ensure SES Configuration Set enforces TLS usage | Terraform | [SesConfigurationSetDefinesTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SesConfigurationSetDefinesTLS.py) | | 830 | CKV_AWS_366 | resource | AWS::Cognito::IdentityPool | Ensure AWS Cognito identity pool does not allow unauthenticated guest access | Cloudformation | [CognitoUnauthenticatedIdentities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/CognitoUnauthenticatedIdentities.py) | | 831 | CKV_AWS_366 | resource | aws_cognito_identity_pool | Ensure AWS Cognito identity pool does not allow unauthenticated guest access | Terraform | [CognitoUnauthenticatedIdentities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CognitoUnauthenticatedIdentities.py) | | 832 | CKV_AWS_367 | resource | AWS::SageMaker::DataQualityJobDefinition | Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt model artifacts | Cloudformation | [SagemakerDataQualityJobDefinitionEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerDataQualityJobDefinitionEncryption.py) | | 833 | CKV_AWS_367 | resource | aws_sagemaker_data_quality_job_definition | Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt model artifacts | Terraform | [SagemakerDataQualityJobDefinitionEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerDataQualityJobDefinitionEncryption.py) | | 834 | CKV_AWS_368 | resource | AWS::SageMaker::DataQualityJobDefinition | Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt data on attached storage volume | Cloudformation | [SagemakerDataQualityJobDefinitionVolumeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerDataQualityJobDefinitionVolumeEncryption.py) | | 835 | CKV_AWS_368 | resource | aws_sagemaker_data_quality_job_definition | Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt data on attached storage volume | Terraform | [SagemakerDataQualityJobDefinitionVolumeEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerDataQualityJobDefinitionVolumeEncryption.py) | | 836 | CKV_AWS_369 | resource | AWS::SageMaker::DataQualityJobDefinition | Ensure Amazon Sagemaker Data Quality Job encrypts all communications between instances used for monitoring jobs | Cloudformation | [SagemakerDataQualityJobDefinitionTrafficEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerDataQualityJobDefinitionTrafficEncryption.py) | | 837 | CKV_AWS_369 | resource | aws_sagemaker_data_quality_job_definition | Ensure Amazon Sagemaker Data Quality Job encrypts all communications between instances used for monitoring jobs | Terraform | [SagemakerDataQualityJobDefinitionTrafficEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerDataQualityJobDefinitionTrafficEncryption.py) | | 838 | CKV_AWS_370 | resource | AWS::SageMaker::Model | Ensure Amazon SageMaker model uses network isolation | Cloudformation | [SagemakerModelWithNetworkIsolation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerModelWithNetworkIsolation.py) | | 839 | CKV_AWS_370 | resource | aws_sagemaker_model | Ensure Amazon SageMaker model uses network isolation | Terraform | [SagemakerModelWithNetworkIsolation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerModelWithNetworkIsolation.py) | | 840 | CKV_AWS_371 | resource | AWS::SageMaker::NotebookInstance | Ensure Amazon SageMaker Notebook Instance only allows for IMDSv2 | Cloudformation | [SagemakerNotebookInstanceAllowsIMDSv2.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/SagemakerNotebookInstanceAllowsIMDSv2.py) | | 841 | CKV_AWS_371 | resource | aws_sagemaker_notebook_instance | Ensure Amazon SageMaker Notebook Instance only allows for IMDSv2 | Terraform | [SagemakerNotebookInstanceAllowsIMDSv2.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerNotebookInstanceAllowsIMDSv2.py) | | 842 | CKV_AWS_372 | resource | aws_sagemaker_flow_definition | Ensure Amazon SageMaker Flow Definition uses KMS for output configurations | Terraform | [SagemakerFlowDefinitionUsesKMS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerFlowDefinitionUsesKMS.py) | | 843 | CKV_AWS_373 | resource | AWS::Bedrock::Agent | Ensure Bedrock Agent is encrypted with a CMK | Cloudformation | [BedrockAgentEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/BedrockAgentEncrypted.py) | | 844 | CKV_AWS_373 | resource | aws_bedrockagent_agent | Ensure Bedrock Agent is encrypted with a CMK | Terraform | [BedrockAgentEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/BedrockAgentEncrypted.py) | | 845 | CKV_AWS_374 | resource | aws_cloudfront_distribution | Ensure AWS CloudFront web distribution has geo restriction enabled | Terraform | [CloudFrontGeoRestrictionDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudFrontGeoRestrictionDisabled.py) | | 846 | CKV_AWS_375 | resource | aws_s3_bucket_acl | Ensure AWS S3 bucket does not have global view ACL permissions enabled | Terraform | [S3GlobalViewACL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3GlobalViewACL.py) | | 847 | CKV_AWS_376 | resource | aws_elb | Ensure AWS Elastic Load Balancer listener uses TLS/SSL | Terraform | [ELBwListenerNotTLSSSL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ELBwListenerNotTLSSSL.py) | | 848 | CKV_AWS_377 | resource | aws_route53domains_registered_domain | Ensure Route 53 domains have transfer lock protection | Terraform | [Route53TransferLock.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/Route53TransferLock.py) | | 849 | CKV_AWS_378 | resource | aws_alb_listener | Ensure AWS Load Balancer doesn't use HTTP protocol | Terraform | [LBTargetGroup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LBTargetGroup.yaml) | | 850 | CKV_AWS_378 | resource | aws_alb_target_group | Ensure AWS Load Balancer doesn't use HTTP protocol | Terraform | [LBTargetGroup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LBTargetGroup.yaml) | | 851 | CKV_AWS_378 | resource | aws_lb_listener | Ensure AWS Load Balancer doesn't use HTTP protocol | Terraform | [LBTargetGroup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LBTargetGroup.yaml) | | 852 | CKV_AWS_378 | resource | aws_lb_target_group | Ensure AWS Load Balancer doesn't use HTTP protocol | Terraform | [LBTargetGroup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LBTargetGroup.yaml) | | 853 | CKV_AWS_379 | resource | aws_s3_bucket_acl | Ensure AWS S3 bucket is configured with secure data transport policy | Terraform | [S3SecureDataTransport.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3SecureDataTransport.py) | | 854 | CKV_AWS_380 | resource | aws_transfer_server | Ensure AWS Transfer Server uses latest Security Policy | Terraform | [TransferServerLatestPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/TransferServerLatestPolicy.py) | | 855 | CKV_AWS_381 | resource | aws_codegurureviewer_repository_association | Make sure that aws_codegurureviewer_repository_association has a CMK | Terraform | [AWSCodeGuruHasCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AWSCodeGuruHasCMK.py) | | 856 | CKV_AWS_382 | resource | aws_security_group | Ensure no security groups allow egress from 0.0.0.0:0 to port -1 | Terraform | [SecurityGroupUnrestrictedEgressAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedEgressAny.py) | | 857 | CKV_AWS_382 | resource | aws_security_group_rule | Ensure no security groups allow egress from 0.0.0.0:0 to port -1 | Terraform | [SecurityGroupUnrestrictedEgressAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedEgressAny.py) | | 858 | CKV_AWS_382 | resource | aws_vpc_security_group_egress_rule | Ensure no security groups allow egress from 0.0.0.0:0 to port -1 | Terraform | [SecurityGroupUnrestrictedEgressAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecurityGroupUnrestrictedEgressAny.py) | | 859 | CKV_AWS_383 | resource | aws_bedrockagent_agent | Ensure AWS Bedrock agent is associated with Bedrock guardrails | Terraform | [BedrockGuardrails.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/BedrockGuardrails.py) | | 860 | CKV_AWS_384 | resource | AWS::SSM::Parameter | Ensure no hard-coded secrets exist in Parameter Store values | Cloudformation | [ParameterStoreCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/resource/aws/ParameterStoreCredentials.py) | | 861 | CKV_AWS_385 | resource | aws_sns_topic_policy | Ensure AWS SNS topic policies do not allow cross-account access | Terraform | [SNSCrossAccountAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SNSCrossAccountAccess.py) | | 862 | CKV_AWS_386 | data | aws_ami | Reduce potential for WhoAMI cloud image name confusion attack | Terraform | [WhoAMI.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/aws/WhoAMI.py) | | 863 | CKV_AWS_387 | resource | aws_sqs_queue_policy | Ensure SQS policy does not allow public access through wildcards | Terraform | [SQSOverlyPermissive.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSOverlyPermissive.py) | | 864 | CKV_AWS_388 | resource | aws_db_instance | Ensure AWS Aurora PostgreSQL is not exposed to local file read vulnerability | Terraform | [UnpatchedAuroraPostgresDB.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/UnpatchedAuroraPostgresDB.py) | | 865 | CKV_AWS_389 | resource | aws_launch_configuration | Ensure AWS Auto Scaling group launch configuration doesn't have public IP address assignment enabled | Terraform | [AutoScalingGroupWithPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AutoScalingGroupWithPublicAccess.py) | | 866 | CKV_AWS_390 | resource | aws_emr_block_public_access_configuration | Ensure AWS EMR block public access setting is enabled | Terraform | [EMRPubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EMRPubliclyAccessible.py) | | 867 | CKV_AWS_391 | resource | aws_redshift_cluster | Avoid AWS Redshift cluster with commonly used master username and public access setting enabled | Terraform | [RedshiftClusterWithCommonUsernameAndPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterWithCommonUsernameAndPublicAccess.py) | | 868 | CKV_AWS_392 | resource | aws_s3_access_point | Ensure AWS S3 access point block public access setting is enabled | Terraform | [S3AccessPointPubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3AccessPointPubliclyAccessible.py) | | 869 | CKV2_AWS_1 | resource | aws_network_acl | Ensure that all NACL are attached to subnets | Terraform | [SubnetHasACL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SubnetHasACL.yaml) | | 870 | CKV2_AWS_1 | resource | aws_subnet | Ensure that all NACL are attached to subnets | Terraform | [SubnetHasACL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SubnetHasACL.yaml) | | 871 | CKV2_AWS_2 | resource | aws_ebs_volume | Ensure that only encrypted EBS volumes are attached to EC2 instances | Terraform | [EncryptedEBSVolumeOnlyConnectedToEC2s.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EncryptedEBSVolumeOnlyConnectedToEC2s.yaml) | | 872 | CKV2_AWS_2 | resource | aws_volume_attachment | Ensure that only encrypted EBS volumes are attached to EC2 instances | Terraform | [EncryptedEBSVolumeOnlyConnectedToEC2s.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EncryptedEBSVolumeOnlyConnectedToEC2s.yaml) | | 873 | CKV2_AWS_3 | resource | aws_guardduty_detector | Ensure GuardDuty is enabled to specific org/region | Terraform | [GuardDutyIsEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/GuardDutyIsEnabled.yaml) | | 874 | CKV2_AWS_3 | resource | aws_guardduty_organization_configuration | Ensure GuardDuty is enabled to specific org/region | Terraform | [GuardDutyIsEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/GuardDutyIsEnabled.yaml) | | 875 | CKV2_AWS_4 | resource | aws_api_gateway_method_settings | Ensure API Gateway stage have logging level defined as appropriate | Terraform | [APIGWLoggingLevelsDefinedProperly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGWLoggingLevelsDefinedProperly.yaml) | | 876 | CKV2_AWS_4 | resource | aws_api_gateway_stage | Ensure API Gateway stage have logging level defined as appropriate | Terraform | [APIGWLoggingLevelsDefinedProperly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGWLoggingLevelsDefinedProperly.yaml) | | 877 | CKV2_AWS_5 | resource | aws_security_group | Ensure that Security Groups are attached to another resource | Terraform | [SGAttachedToResource.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SGAttachedToResource.yaml) | | 878 | CKV2_AWS_6 | resource | aws_s3_bucket | Ensure that S3 bucket has a Public Access block | Terraform | [S3BucketHasPublicAccessBlock.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketHasPublicAccessBlock.yaml) | | 879 | CKV2_AWS_6 | resource | aws_s3_bucket_public_access_block | Ensure that S3 bucket has a Public Access block | Terraform | [S3BucketHasPublicAccessBlock.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketHasPublicAccessBlock.yaml) | | 880 | CKV2_AWS_7 | resource | aws_emr_cluster | Ensure that Amazon EMR clusters' security groups are not open to the world | Terraform | [AMRClustersNotOpenToInternet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AMRClustersNotOpenToInternet.yaml) | | 881 | CKV2_AWS_7 | resource | aws_security_group | Ensure that Amazon EMR clusters' security groups are not open to the world | Terraform | [AMRClustersNotOpenToInternet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AMRClustersNotOpenToInternet.yaml) | | 882 | CKV2_AWS_8 | resource | aws_rds_cluster | Ensure that RDS clusters has backup plan of AWS Backup | Terraform | [RDSClusterHasBackupPlan.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/RDSClusterHasBackupPlan.yaml) | | 883 | CKV2_AWS_9 | resource | aws_backup_selection | Ensure that EBS are added in the backup plans of AWS Backup | Terraform | [EBSAddedBackup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EBSAddedBackup.yaml) | | 884 | CKV2_AWS_10 | resource | aws_cloudtrail | Ensure CloudTrail trails are integrated with CloudWatch Logs | Terraform | [CloudtrailHasCloudwatch.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudtrailHasCloudwatch.yaml) | | 885 | CKV2_AWS_11 | resource | aws_vpc | Ensure VPC flow logging is enabled in all VPCs | Terraform | [VPCHasFlowLog.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/VPCHasFlowLog.yaml) | | 886 | CKV2_AWS_12 | resource | aws_default_security_group | Ensure the default security group of every VPC restricts all traffic | Terraform | [VPCHasRestrictedSG.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/VPCHasRestrictedSG.yaml) | | 887 | CKV2_AWS_12 | resource | aws_vpc | Ensure the default security group of every VPC restricts all traffic | Terraform | [VPCHasRestrictedSG.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/VPCHasRestrictedSG.yaml) | | 888 | CKV2_AWS_14 | resource | aws_iam_group | Ensure that IAM groups includes at least one IAM user | Terraform | [IAMGroupHasAtLeastOneUser.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMGroupHasAtLeastOneUser.yaml) | | 889 | CKV2_AWS_14 | resource | aws_iam_group_membership | Ensure that IAM groups includes at least one IAM user | Terraform | [IAMGroupHasAtLeastOneUser.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMGroupHasAtLeastOneUser.yaml) | | 890 | CKV2_AWS_15 | resource | aws_autoscaling_group | Ensure that auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks. | Terraform | [AutoScallingEnabledELB.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AutoScallingEnabledELB.yaml) | | 891 | CKV2_AWS_15 | resource | aws_elb | Ensure that auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks. | Terraform | [AutoScallingEnabledELB.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AutoScallingEnabledELB.yaml) | | 892 | CKV2_AWS_15 | resource | aws_lb_target_group | Ensure that auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks. | Terraform | [AutoScallingEnabledELB.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AutoScallingEnabledELB.yaml) | | 893 | CKV2_AWS_16 | resource | aws_appautoscaling_target | Ensure that Auto Scaling is enabled on your DynamoDB tables | Terraform | [AutoScalingEnableOnDynamoDBTables.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AutoScalingEnableOnDynamoDBTables.yaml) | | 894 | CKV2_AWS_16 | resource | aws_dynamodb_table | Ensure that Auto Scaling is enabled on your DynamoDB tables | Terraform | [AutoScalingEnableOnDynamoDBTables.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AutoScalingEnableOnDynamoDBTables.yaml) | | 895 | CKV2_AWS_18 | resource | aws_backup_selection | Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup | Terraform | [EFSAddedBackup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EFSAddedBackup.yaml) | | 896 | CKV2_AWS_19 | resource | aws_eip | Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances | Terraform | [EIPAllocatedToVPCAttachedEC2.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EIPAllocatedToVPCAttachedEC2.yaml) | | 897 | CKV2_AWS_19 | resource | aws_eip_association | Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances | Terraform | [EIPAllocatedToVPCAttachedEC2.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EIPAllocatedToVPCAttachedEC2.yaml) | | 898 | CKV2_AWS_20 | resource | aws_alb | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform | [ALBRedirectsHTTPToHTTPS.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBRedirectsHTTPToHTTPS.yaml) | | 899 | CKV2_AWS_20 | resource | aws_alb_listener | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform | [ALBRedirectsHTTPToHTTPS.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBRedirectsHTTPToHTTPS.yaml) | | 900 | CKV2_AWS_20 | resource | aws_lb | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform | [ALBRedirectsHTTPToHTTPS.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBRedirectsHTTPToHTTPS.yaml) | | 901 | CKV2_AWS_20 | resource | aws_lb_listener | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform | [ALBRedirectsHTTPToHTTPS.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBRedirectsHTTPToHTTPS.yaml) | | 902 | CKV2_AWS_21 | resource | aws_iam_group_membership | Ensure that all IAM users are members of at least one IAM group. | Terraform | [IAMUsersAreMembersAtLeastOneGroup.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMUsersAreMembersAtLeastOneGroup.yaml) | | 903 | CKV2_AWS_22 | resource | aws_iam_user | Ensure an IAM User does not have access to the console | Terraform | [IAMUserHasNoConsoleAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMUserHasNoConsoleAccess.yaml) | | 904 | CKV2_AWS_23 | resource | aws_route53_record | Route53 A Record has Attached Resource | Terraform | [Route53ARecordAttachedResource.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/Route53ARecordAttachedResource.yaml) | | 905 | CKV2_AWS_27 | resource | aws_rds_cluster | Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled | Terraform | [PostgresRDSHasQueryLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/PostgresRDSHasQueryLoggingEnabled.yaml) | | 906 | CKV2_AWS_27 | resource | aws_rds_cluster_parameter_group | Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled | Terraform | [PostgresRDSHasQueryLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/PostgresRDSHasQueryLoggingEnabled.yaml) | | 907 | CKV2_AWS_28 | resource | aws_alb | Ensure public facing ALB are protected by WAF | Terraform | [ALBProtectedByWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBProtectedByWAF.yaml) | | 908 | CKV2_AWS_28 | resource | aws_lb | Ensure public facing ALB are protected by WAF | Terraform | [ALBProtectedByWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBProtectedByWAF.yaml) | | 909 | CKV2_AWS_29 | resource | aws_api_gateway_rest_api | Ensure public API gateway are protected by WAF | Terraform | [APIProtectedByWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIProtectedByWAF.yaml) | | 910 | CKV2_AWS_29 | resource | aws_api_gateway_stage | Ensure public API gateway are protected by WAF | Terraform | [APIProtectedByWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIProtectedByWAF.yaml) | | 911 | CKV2_AWS_30 | resource | aws_db_instance | Ensure Postgres RDS as aws_db_instance has Query Logging enabled | Terraform | [PostgresDBHasQueryLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/PostgresDBHasQueryLoggingEnabled.yaml) | | 912 | CKV2_AWS_30 | resource | aws_db_parameter_group | Ensure Postgres RDS as aws_db_instance has Query Logging enabled | Terraform | [PostgresDBHasQueryLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/PostgresDBHasQueryLoggingEnabled.yaml) | | 913 | CKV2_AWS_31 | resource | aws_wafv2_web_acl | Ensure WAF2 has a Logging Configuration | Terraform | [WAF2HasLogs.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/WAF2HasLogs.yaml) | | 914 | CKV2_AWS_32 | resource | aws_cloudfront_distribution | Ensure CloudFront distribution has a response headers policy attached | Terraform | [CloudFrontHasResponseHeadersPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudFrontHasResponseHeadersPolicy.yaml) | | 915 | CKV2_AWS_33 | resource | AWS::AppSync::GraphQLApi | Ensure AppSync is protected by WAF | Cloudformation | [AppSyncProtectedByWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/AppSyncProtectedByWAF.yaml) | | 916 | CKV2_AWS_33 | resource | aws_appsync_graphql_api | Ensure AppSync is protected by WAF | Terraform | [AppSyncProtectedByWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AppSyncProtectedByWAF.yaml) | | 917 | CKV2_AWS_34 | resource | aws_ssm_parameter | AWS SSM Parameter should be Encrypted | Terraform | [AWSSSMParameterShouldBeEncrypted.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWSSSMParameterShouldBeEncrypted.yaml) | | 918 | CKV2_AWS_35 | resource | aws_route | AWS NAT Gateways should be utilized for the default route | Terraform | [AWSNATGatewaysshouldbeutilized.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWSNATGatewaysshouldbeutilized.yaml) | | 919 | CKV2_AWS_35 | resource | aws_route_table | AWS NAT Gateways should be utilized for the default route | Terraform | [AWSNATGatewaysshouldbeutilized.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWSNATGatewaysshouldbeutilized.yaml) | | 920 | CKV2_AWS_36 | resource | aws_ssm_parameter | Ensure terraform is not sending SSM secrets to untrusted domains over HTTP | Terraform | [HTTPNotSendingPasswords.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/HTTPNotSendingPasswords.yaml) | | 921 | CKV2_AWS_36 | resource | data.http | Ensure terraform is not sending SSM secrets to untrusted domains over HTTP | Terraform | [HTTPNotSendingPasswords.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/HTTPNotSendingPasswords.yaml) | | 922 | CKV2_AWS_37 | resource | aws | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 923 | CKV2_AWS_37 | resource | aws_accessanalyzer_analyzer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 924 | CKV2_AWS_37 | resource | aws_accessanalyzer_archive_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 925 | CKV2_AWS_37 | resource | aws_account_alternate_contact | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 926 | CKV2_AWS_37 | resource | aws_account_primary_contact | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 927 | CKV2_AWS_37 | resource | aws_account_region | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 928 | CKV2_AWS_37 | resource | aws_acm_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 929 | CKV2_AWS_37 | resource | aws_acm_certificate_validation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 930 | CKV2_AWS_37 | resource | aws_acmpca_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 931 | CKV2_AWS_37 | resource | aws_acmpca_certificate_authority | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 932 | CKV2_AWS_37 | resource | aws_acmpca_certificate_authority_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 933 | CKV2_AWS_37 | resource | aws_acmpca_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 934 | CKV2_AWS_37 | resource | aws_acmpca_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 935 | CKV2_AWS_37 | resource | aws_alb | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 936 | CKV2_AWS_37 | resource | aws_alb_listener | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 937 | CKV2_AWS_37 | resource | aws_alb_listener_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 938 | CKV2_AWS_37 | resource | aws_alb_listener_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 939 | CKV2_AWS_37 | resource | aws_alb_target_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 940 | CKV2_AWS_37 | resource | aws_alb_target_group_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 941 | CKV2_AWS_37 | resource | aws_ami | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 942 | CKV2_AWS_37 | resource | aws_ami_copy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 943 | CKV2_AWS_37 | resource | aws_ami_from_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 944 | CKV2_AWS_37 | resource | aws_ami_launch_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 945 | CKV2_AWS_37 | resource | aws_amplify_app | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 946 | CKV2_AWS_37 | resource | aws_amplify_backend_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 947 | CKV2_AWS_37 | resource | aws_amplify_branch | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 948 | CKV2_AWS_37 | resource | aws_amplify_domain_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 949 | CKV2_AWS_37 | resource | aws_amplify_webhook | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 950 | CKV2_AWS_37 | resource | aws_api_gateway_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 951 | CKV2_AWS_37 | resource | aws_api_gateway_api_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 952 | CKV2_AWS_37 | resource | aws_api_gateway_authorizer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 953 | CKV2_AWS_37 | resource | aws_api_gateway_base_path_mapping | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 954 | CKV2_AWS_37 | resource | aws_api_gateway_client_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 955 | CKV2_AWS_37 | resource | aws_api_gateway_deployment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 956 | CKV2_AWS_37 | resource | aws_api_gateway_documentation_part | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 957 | CKV2_AWS_37 | resource | aws_api_gateway_documentation_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 958 | CKV2_AWS_37 | resource | aws_api_gateway_domain_name | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 959 | CKV2_AWS_37 | resource | aws_api_gateway_domain_name_access_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 960 | CKV2_AWS_37 | resource | aws_api_gateway_gateway_response | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 961 | CKV2_AWS_37 | resource | aws_api_gateway_integration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 962 | CKV2_AWS_37 | resource | aws_api_gateway_integration_response | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 963 | CKV2_AWS_37 | resource | aws_api_gateway_method | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 964 | CKV2_AWS_37 | resource | aws_api_gateway_method_response | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 965 | CKV2_AWS_37 | resource | aws_api_gateway_method_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 966 | CKV2_AWS_37 | resource | aws_api_gateway_model | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 967 | CKV2_AWS_37 | resource | aws_api_gateway_request_validator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 968 | CKV2_AWS_37 | resource | aws_api_gateway_resource | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 969 | CKV2_AWS_37 | resource | aws_api_gateway_rest_api | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 970 | CKV2_AWS_37 | resource | aws_api_gateway_rest_api_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 971 | CKV2_AWS_37 | resource | aws_api_gateway_stage | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 972 | CKV2_AWS_37 | resource | aws_api_gateway_usage_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 973 | CKV2_AWS_37 | resource | aws_api_gateway_usage_plan_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 974 | CKV2_AWS_37 | resource | aws_api_gateway_vpc_link | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 975 | CKV2_AWS_37 | resource | aws_apigatewayv2_api | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 976 | CKV2_AWS_37 | resource | aws_apigatewayv2_api_mapping | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 977 | CKV2_AWS_37 | resource | aws_apigatewayv2_authorizer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 978 | CKV2_AWS_37 | resource | aws_apigatewayv2_deployment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 979 | CKV2_AWS_37 | resource | aws_apigatewayv2_domain_name | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 980 | CKV2_AWS_37 | resource | aws_apigatewayv2_integration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 981 | CKV2_AWS_37 | resource | aws_apigatewayv2_integration_response | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 982 | CKV2_AWS_37 | resource | aws_apigatewayv2_model | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 983 | CKV2_AWS_37 | resource | aws_apigatewayv2_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 984 | CKV2_AWS_37 | resource | aws_apigatewayv2_route_response | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 985 | CKV2_AWS_37 | resource | aws_apigatewayv2_stage | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 986 | CKV2_AWS_37 | resource | aws_apigatewayv2_vpc_link | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 987 | CKV2_AWS_37 | resource | aws_app_cookie_stickiness_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 988 | CKV2_AWS_37 | resource | aws_appautoscaling_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 989 | CKV2_AWS_37 | resource | aws_appautoscaling_scheduled_action | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 990 | CKV2_AWS_37 | resource | aws_appautoscaling_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 991 | CKV2_AWS_37 | resource | aws_appconfig_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 992 | CKV2_AWS_37 | resource | aws_appconfig_configuration_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 993 | CKV2_AWS_37 | resource | aws_appconfig_deployment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 994 | CKV2_AWS_37 | resource | aws_appconfig_deployment_strategy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 995 | CKV2_AWS_37 | resource | aws_appconfig_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 996 | CKV2_AWS_37 | resource | aws_appconfig_extension | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 997 | CKV2_AWS_37 | resource | aws_appconfig_extension_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 998 | CKV2_AWS_37 | resource | aws_appconfig_hosted_configuration_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 999 | CKV2_AWS_37 | resource | aws_appfabric_app_authorization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1000 | CKV2_AWS_37 | resource | aws_appfabric_app_authorization_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1001 | CKV2_AWS_37 | resource | aws_appfabric_app_bundle | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1002 | CKV2_AWS_37 | resource | aws_appfabric_ingestion | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1003 | CKV2_AWS_37 | resource | aws_appfabric_ingestion_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1004 | CKV2_AWS_37 | resource | aws_appflow_connector_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1005 | CKV2_AWS_37 | resource | aws_appflow_flow | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1006 | CKV2_AWS_37 | resource | aws_appintegrations_data_integration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1007 | CKV2_AWS_37 | resource | aws_appintegrations_event_integration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1008 | CKV2_AWS_37 | resource | aws_applicationinsights_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1009 | CKV2_AWS_37 | resource | aws_appmesh_gateway_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1010 | CKV2_AWS_37 | resource | aws_appmesh_mesh | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1011 | CKV2_AWS_37 | resource | aws_appmesh_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1012 | CKV2_AWS_37 | resource | aws_appmesh_virtual_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1013 | CKV2_AWS_37 | resource | aws_appmesh_virtual_node | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1014 | CKV2_AWS_37 | resource | aws_appmesh_virtual_router | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1015 | CKV2_AWS_37 | resource | aws_appmesh_virtual_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1016 | CKV2_AWS_37 | resource | aws_apprunner_auto_scaling_configuration_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1017 | CKV2_AWS_37 | resource | aws_apprunner_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1018 | CKV2_AWS_37 | resource | aws_apprunner_custom_domain_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1019 | CKV2_AWS_37 | resource | aws_apprunner_default_auto_scaling_configuration_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1020 | CKV2_AWS_37 | resource | aws_apprunner_deployment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1021 | CKV2_AWS_37 | resource | aws_apprunner_observability_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1022 | CKV2_AWS_37 | resource | aws_apprunner_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1023 | CKV2_AWS_37 | resource | aws_apprunner_vpc_connector | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1024 | CKV2_AWS_37 | resource | aws_apprunner_vpc_ingress_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1025 | CKV2_AWS_37 | resource | aws_appstream_directory_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1026 | CKV2_AWS_37 | resource | aws_appstream_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1027 | CKV2_AWS_37 | resource | aws_appstream_fleet_stack_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1028 | CKV2_AWS_37 | resource | aws_appstream_image_builder | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1029 | CKV2_AWS_37 | resource | aws_appstream_stack | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1030 | CKV2_AWS_37 | resource | aws_appstream_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1031 | CKV2_AWS_37 | resource | aws_appstream_user_stack_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1032 | CKV2_AWS_37 | resource | aws_appsync_api_cache | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1033 | CKV2_AWS_37 | resource | aws_appsync_api_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1034 | CKV2_AWS_37 | resource | aws_appsync_datasource | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1035 | CKV2_AWS_37 | resource | aws_appsync_domain_name | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1036 | CKV2_AWS_37 | resource | aws_appsync_domain_name_api_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1037 | CKV2_AWS_37 | resource | aws_appsync_function | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1038 | CKV2_AWS_37 | resource | aws_appsync_graphql_api | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1039 | CKV2_AWS_37 | resource | aws_appsync_resolver | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1040 | CKV2_AWS_37 | resource | aws_appsync_source_api_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1041 | CKV2_AWS_37 | resource | aws_appsync_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1042 | CKV2_AWS_37 | resource | aws_athena_data_catalog | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1043 | CKV2_AWS_37 | resource | aws_athena_database | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1044 | CKV2_AWS_37 | resource | aws_athena_named_query | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1045 | CKV2_AWS_37 | resource | aws_athena_prepared_statement | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1046 | CKV2_AWS_37 | resource | aws_athena_workgroup | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1047 | CKV2_AWS_37 | resource | aws_auditmanager_account_registration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1048 | CKV2_AWS_37 | resource | aws_auditmanager_assessment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1049 | CKV2_AWS_37 | resource | aws_auditmanager_assessment_delegation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1050 | CKV2_AWS_37 | resource | aws_auditmanager_assessment_report | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1051 | CKV2_AWS_37 | resource | aws_auditmanager_control | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1052 | CKV2_AWS_37 | resource | aws_auditmanager_framework | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1053 | CKV2_AWS_37 | resource | aws_auditmanager_framework_share | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1054 | CKV2_AWS_37 | resource | aws_auditmanager_organization_admin_account_registration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1055 | CKV2_AWS_37 | resource | aws_autoscaling_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1056 | CKV2_AWS_37 | resource | aws_autoscaling_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1057 | CKV2_AWS_37 | resource | aws_autoscaling_group_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1058 | CKV2_AWS_37 | resource | aws_autoscaling_lifecycle_hook | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1059 | CKV2_AWS_37 | resource | aws_autoscaling_notification | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1060 | CKV2_AWS_37 | resource | aws_autoscaling_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1061 | CKV2_AWS_37 | resource | aws_autoscaling_schedule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1062 | CKV2_AWS_37 | resource | aws_autoscaling_traffic_source_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1063 | CKV2_AWS_37 | resource | aws_autoscalingplans_scaling_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1064 | CKV2_AWS_37 | resource | aws_az_info | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1065 | CKV2_AWS_37 | resource | aws_backup_framework | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1066 | CKV2_AWS_37 | resource | aws_backup_global_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1067 | CKV2_AWS_37 | resource | aws_backup_logically_air_gapped_vault | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1068 | CKV2_AWS_37 | resource | aws_backup_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1069 | CKV2_AWS_37 | resource | aws_backup_region_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1070 | CKV2_AWS_37 | resource | aws_backup_report_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1071 | CKV2_AWS_37 | resource | aws_backup_restore_testing_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1072 | CKV2_AWS_37 | resource | aws_backup_restore_testing_selection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1073 | CKV2_AWS_37 | resource | aws_backup_selection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1074 | CKV2_AWS_37 | resource | aws_backup_vault | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1075 | CKV2_AWS_37 | resource | aws_backup_vault_lock_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1076 | CKV2_AWS_37 | resource | aws_backup_vault_notifications | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1077 | CKV2_AWS_37 | resource | aws_backup_vault_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1078 | CKV2_AWS_37 | resource | aws_batch_compute_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1079 | CKV2_AWS_37 | resource | aws_batch_job_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1080 | CKV2_AWS_37 | resource | aws_batch_job_queue | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1081 | CKV2_AWS_37 | resource | aws_batch_scheduling_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1082 | CKV2_AWS_37 | resource | aws_bcmdataexports_export | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1083 | CKV2_AWS_37 | resource | aws_bedrock_custom_model | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1084 | CKV2_AWS_37 | resource | aws_bedrock_guardrail | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1085 | CKV2_AWS_37 | resource | aws_bedrock_guardrail_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1086 | CKV2_AWS_37 | resource | aws_bedrock_inference_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1087 | CKV2_AWS_37 | resource | aws_bedrock_model_invocation_logging_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1088 | CKV2_AWS_37 | resource | aws_bedrock_provisioned_model_throughput | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1089 | CKV2_AWS_37 | resource | aws_bedrockagent_agent | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1090 | CKV2_AWS_37 | resource | aws_bedrockagent_agent_action_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1091 | CKV2_AWS_37 | resource | aws_bedrockagent_agent_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1092 | CKV2_AWS_37 | resource | aws_bedrockagent_agent_collaborator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1093 | CKV2_AWS_37 | resource | aws_bedrockagent_agent_knowledge_base_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1094 | CKV2_AWS_37 | resource | aws_bedrockagent_data_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1095 | CKV2_AWS_37 | resource | aws_bedrockagent_knowledge_base | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1096 | CKV2_AWS_37 | resource | aws_budgets_budget | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1097 | CKV2_AWS_37 | resource | aws_budgets_budget_action | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1098 | CKV2_AWS_37 | resource | aws_caller_info | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1099 | CKV2_AWS_37 | resource | aws_ce_anomaly_monitor | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1100 | CKV2_AWS_37 | resource | aws_ce_anomaly_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1101 | CKV2_AWS_37 | resource | aws_ce_cost_allocation_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1102 | CKV2_AWS_37 | resource | aws_ce_cost_category | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1103 | CKV2_AWS_37 | resource | aws_chatbot_slack_channel_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1104 | CKV2_AWS_37 | resource | aws_chatbot_teams_channel_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1105 | CKV2_AWS_37 | resource | aws_chime_voice_connector | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1106 | CKV2_AWS_37 | resource | aws_chime_voice_connector_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1107 | CKV2_AWS_37 | resource | aws_chime_voice_connector_logging | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1108 | CKV2_AWS_37 | resource | aws_chime_voice_connector_origination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1109 | CKV2_AWS_37 | resource | aws_chime_voice_connector_streaming | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1110 | CKV2_AWS_37 | resource | aws_chime_voice_connector_termination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1111 | CKV2_AWS_37 | resource | aws_chime_voice_connector_termination_credentials | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1112 | CKV2_AWS_37 | resource | aws_chimesdkmediapipelines_media_insights_pipeline_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1113 | CKV2_AWS_37 | resource | aws_chimesdkvoice_global_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1114 | CKV2_AWS_37 | resource | aws_chimesdkvoice_sip_media_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1115 | CKV2_AWS_37 | resource | aws_chimesdkvoice_sip_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1116 | CKV2_AWS_37 | resource | aws_chimesdkvoice_voice_profile_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1117 | CKV2_AWS_37 | resource | aws_cleanrooms_collaboration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1118 | CKV2_AWS_37 | resource | aws_cleanrooms_configured_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1119 | CKV2_AWS_37 | resource | aws_cleanrooms_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1120 | CKV2_AWS_37 | resource | aws_cloud9_environment_ec2 | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1121 | CKV2_AWS_37 | resource | aws_cloud9_environment_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1122 | CKV2_AWS_37 | resource | aws_cloudcontrolapi_resource | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1123 | CKV2_AWS_37 | resource | aws_cloudformation_stack | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1124 | CKV2_AWS_37 | resource | aws_cloudformation_stack_instances | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1125 | CKV2_AWS_37 | resource | aws_cloudformation_stack_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1126 | CKV2_AWS_37 | resource | aws_cloudformation_stack_set_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1127 | CKV2_AWS_37 | resource | aws_cloudformation_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1128 | CKV2_AWS_37 | resource | aws_cloudfront_cache_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1129 | CKV2_AWS_37 | resource | aws_cloudfront_continuous_deployment_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1130 | CKV2_AWS_37 | resource | aws_cloudfront_distribution | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1131 | CKV2_AWS_37 | resource | aws_cloudfront_field_level_encryption_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1132 | CKV2_AWS_37 | resource | aws_cloudfront_field_level_encryption_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1133 | CKV2_AWS_37 | resource | aws_cloudfront_function | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1134 | CKV2_AWS_37 | resource | aws_cloudfront_key_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1135 | CKV2_AWS_37 | resource | aws_cloudfront_key_value_store | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1136 | CKV2_AWS_37 | resource | aws_cloudfront_monitoring_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1137 | CKV2_AWS_37 | resource | aws_cloudfront_origin_access_control | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1138 | CKV2_AWS_37 | resource | aws_cloudfront_origin_access_identity | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1139 | CKV2_AWS_37 | resource | aws_cloudfront_origin_request_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1140 | CKV2_AWS_37 | resource | aws_cloudfront_public_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1141 | CKV2_AWS_37 | resource | aws_cloudfront_realtime_log_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1142 | CKV2_AWS_37 | resource | aws_cloudfront_response_headers_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1143 | CKV2_AWS_37 | resource | aws_cloudfront_vpc_origin | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1144 | CKV2_AWS_37 | resource | aws_cloudfrontkeyvaluestore_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1145 | CKV2_AWS_37 | resource | aws_cloudhsm_v2_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1146 | CKV2_AWS_37 | resource | aws_cloudhsm_v2_hsm | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1147 | CKV2_AWS_37 | resource | aws_cloudsearch_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1148 | CKV2_AWS_37 | resource | aws_cloudsearch_domain_service_access_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1149 | CKV2_AWS_37 | resource | aws_cloudtrail | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1150 | CKV2_AWS_37 | resource | aws_cloudtrail_event_data_store | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1151 | CKV2_AWS_37 | resource | aws_cloudtrail_organization_delegated_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1152 | CKV2_AWS_37 | resource | aws_cloudwatch_composite_alarm | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1153 | CKV2_AWS_37 | resource | aws_cloudwatch_dashboard | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1154 | CKV2_AWS_37 | resource | aws_cloudwatch_event_api_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1155 | CKV2_AWS_37 | resource | aws_cloudwatch_event_archive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1156 | CKV2_AWS_37 | resource | aws_cloudwatch_event_bus | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1157 | CKV2_AWS_37 | resource | aws_cloudwatch_event_bus_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1158 | CKV2_AWS_37 | resource | aws_cloudwatch_event_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1159 | CKV2_AWS_37 | resource | aws_cloudwatch_event_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1160 | CKV2_AWS_37 | resource | aws_cloudwatch_event_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1161 | CKV2_AWS_37 | resource | aws_cloudwatch_event_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1162 | CKV2_AWS_37 | resource | aws_cloudwatch_event_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1163 | CKV2_AWS_37 | resource | aws_cloudwatch_log_account_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1164 | CKV2_AWS_37 | resource | aws_cloudwatch_log_anomaly_detector | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1165 | CKV2_AWS_37 | resource | aws_cloudwatch_log_data_protection_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1166 | CKV2_AWS_37 | resource | aws_cloudwatch_log_delivery | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1167 | CKV2_AWS_37 | resource | aws_cloudwatch_log_delivery_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1168 | CKV2_AWS_37 | resource | aws_cloudwatch_log_delivery_destination_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1169 | CKV2_AWS_37 | resource | aws_cloudwatch_log_delivery_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1170 | CKV2_AWS_37 | resource | aws_cloudwatch_log_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1171 | CKV2_AWS_37 | resource | aws_cloudwatch_log_destination_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1172 | CKV2_AWS_37 | resource | aws_cloudwatch_log_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1173 | CKV2_AWS_37 | resource | aws_cloudwatch_log_index_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1174 | CKV2_AWS_37 | resource | aws_cloudwatch_log_metric_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1175 | CKV2_AWS_37 | resource | aws_cloudwatch_log_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1176 | CKV2_AWS_37 | resource | aws_cloudwatch_log_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1177 | CKV2_AWS_37 | resource | aws_cloudwatch_log_subscription_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1178 | CKV2_AWS_37 | resource | aws_cloudwatch_metric_alarm | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1179 | CKV2_AWS_37 | resource | aws_cloudwatch_metric_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1180 | CKV2_AWS_37 | resource | aws_cloudwatch_query_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1181 | CKV2_AWS_37 | resource | aws_codeartifact_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1182 | CKV2_AWS_37 | resource | aws_codeartifact_domain_permissions_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1183 | CKV2_AWS_37 | resource | aws_codeartifact_repository | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1184 | CKV2_AWS_37 | resource | aws_codeartifact_repository_permissions_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1185 | CKV2_AWS_37 | resource | aws_codebuild_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1186 | CKV2_AWS_37 | resource | aws_codebuild_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1187 | CKV2_AWS_37 | resource | aws_codebuild_report_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1188 | CKV2_AWS_37 | resource | aws_codebuild_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1189 | CKV2_AWS_37 | resource | aws_codebuild_source_credential | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1190 | CKV2_AWS_37 | resource | aws_codebuild_webhook | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1191 | CKV2_AWS_37 | resource | aws_codecatalyst_dev_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1192 | CKV2_AWS_37 | resource | aws_codecatalyst_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1193 | CKV2_AWS_37 | resource | aws_codecatalyst_source_repository | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1194 | CKV2_AWS_37 | resource | aws_codecommit_approval_rule_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1195 | CKV2_AWS_37 | resource | aws_codecommit_approval_rule_template_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1196 | CKV2_AWS_37 | resource | aws_codecommit_repository | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1197 | CKV2_AWS_37 | resource | aws_codecommit_trigger | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1198 | CKV2_AWS_37 | resource | aws_codeconnections_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1199 | CKV2_AWS_37 | resource | aws_codeconnections_host | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1200 | CKV2_AWS_37 | resource | aws_codedeploy_app | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1201 | CKV2_AWS_37 | resource | aws_codedeploy_deployment_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1202 | CKV2_AWS_37 | resource | aws_codedeploy_deployment_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1203 | CKV2_AWS_37 | resource | aws_codeguruprofiler_profiling_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1204 | CKV2_AWS_37 | resource | aws_codegurureviewer_repository_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1205 | CKV2_AWS_37 | resource | aws_codepipeline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1206 | CKV2_AWS_37 | resource | aws_codepipeline_custom_action_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1207 | CKV2_AWS_37 | resource | aws_codepipeline_webhook | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1208 | CKV2_AWS_37 | resource | aws_codestarconnections_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1209 | CKV2_AWS_37 | resource | aws_codestarconnections_host | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1210 | CKV2_AWS_37 | resource | aws_codestarnotifications_notification_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1211 | CKV2_AWS_37 | resource | aws_cognito_identity_pool | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1212 | CKV2_AWS_37 | resource | aws_cognito_identity_pool_provider_principal_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1213 | CKV2_AWS_37 | resource | aws_cognito_identity_pool_roles_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1214 | CKV2_AWS_37 | resource | aws_cognito_identity_provider | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1215 | CKV2_AWS_37 | resource | aws_cognito_managed_user_pool_client | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1216 | CKV2_AWS_37 | resource | aws_cognito_resource_server | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1217 | CKV2_AWS_37 | resource | aws_cognito_risk_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1218 | CKV2_AWS_37 | resource | aws_cognito_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1219 | CKV2_AWS_37 | resource | aws_cognito_user_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1220 | CKV2_AWS_37 | resource | aws_cognito_user_in_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1221 | CKV2_AWS_37 | resource | aws_cognito_user_pool | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1222 | CKV2_AWS_37 | resource | aws_cognito_user_pool_client | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1223 | CKV2_AWS_37 | resource | aws_cognito_user_pool_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1224 | CKV2_AWS_37 | resource | aws_cognito_user_pool_ui_customization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1225 | CKV2_AWS_37 | resource | aws_comprehend_document_classifier | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1226 | CKV2_AWS_37 | resource | aws_comprehend_entity_recognizer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1227 | CKV2_AWS_37 | resource | aws_computeoptimizer_enrollment_status | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1228 | CKV2_AWS_37 | resource | aws_computeoptimizer_recommendation_preferences | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1229 | CKV2_AWS_37 | resource | aws_config_aggregate_authorization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1230 | CKV2_AWS_37 | resource | aws_config_config_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1231 | CKV2_AWS_37 | resource | aws_config_configuration_aggregator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1232 | CKV2_AWS_37 | resource | aws_config_configuration_recorder | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1233 | CKV2_AWS_37 | resource | aws_config_configuration_recorder_status | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1234 | CKV2_AWS_37 | resource | aws_config_conformance_pack | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1235 | CKV2_AWS_37 | resource | aws_config_delivery_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1236 | CKV2_AWS_37 | resource | aws_config_organization_conformance_pack | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1237 | CKV2_AWS_37 | resource | aws_config_organization_custom_policy_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1238 | CKV2_AWS_37 | resource | aws_config_organization_custom_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1239 | CKV2_AWS_37 | resource | aws_config_organization_managed_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1240 | CKV2_AWS_37 | resource | aws_config_remediation_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1241 | CKV2_AWS_37 | resource | aws_config_retention_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1242 | CKV2_AWS_37 | resource | aws_connect_bot_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1243 | CKV2_AWS_37 | resource | aws_connect_contact_flow | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1244 | CKV2_AWS_37 | resource | aws_connect_contact_flow_module | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1245 | CKV2_AWS_37 | resource | aws_connect_hours_of_operation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1246 | CKV2_AWS_37 | resource | aws_connect_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1247 | CKV2_AWS_37 | resource | aws_connect_instance_storage_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1248 | CKV2_AWS_37 | resource | aws_connect_lambda_function_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1249 | CKV2_AWS_37 | resource | aws_connect_phone_number | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1250 | CKV2_AWS_37 | resource | aws_connect_queue | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1251 | CKV2_AWS_37 | resource | aws_connect_quick_connect | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1252 | CKV2_AWS_37 | resource | aws_connect_routing_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1253 | CKV2_AWS_37 | resource | aws_connect_security_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1254 | CKV2_AWS_37 | resource | aws_connect_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1255 | CKV2_AWS_37 | resource | aws_connect_user_hierarchy_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1256 | CKV2_AWS_37 | resource | aws_connect_user_hierarchy_structure | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1257 | CKV2_AWS_37 | resource | aws_connect_vocabulary | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1258 | CKV2_AWS_37 | resource | aws_controltower_control | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1259 | CKV2_AWS_37 | resource | aws_controltower_landing_zone | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1260 | CKV2_AWS_37 | resource | aws_costoptimizationhub_enrollment_status | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1261 | CKV2_AWS_37 | resource | aws_costoptimizationhub_preferences | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1262 | CKV2_AWS_37 | resource | aws_cur_report_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1263 | CKV2_AWS_37 | resource | aws_customer_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1264 | CKV2_AWS_37 | resource | aws_customerprofiles_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1265 | CKV2_AWS_37 | resource | aws_customerprofiles_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1266 | CKV2_AWS_37 | resource | aws_dataexchange_data_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1267 | CKV2_AWS_37 | resource | aws_dataexchange_revision | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1268 | CKV2_AWS_37 | resource | aws_datapipeline_pipeline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1269 | CKV2_AWS_37 | resource | aws_datapipeline_pipeline_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1270 | CKV2_AWS_37 | resource | aws_datasync_agent | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1271 | CKV2_AWS_37 | resource | aws_datasync_location_azure_blob | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1272 | CKV2_AWS_37 | resource | aws_datasync_location_efs | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1273 | CKV2_AWS_37 | resource | aws_datasync_location_fsx_lustre_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1274 | CKV2_AWS_37 | resource | aws_datasync_location_fsx_ontap_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1275 | CKV2_AWS_37 | resource | aws_datasync_location_fsx_openzfs_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1276 | CKV2_AWS_37 | resource | aws_datasync_location_fsx_windows_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1277 | CKV2_AWS_37 | resource | aws_datasync_location_hdfs | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1278 | CKV2_AWS_37 | resource | aws_datasync_location_nfs | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1279 | CKV2_AWS_37 | resource | aws_datasync_location_object_storage | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1280 | CKV2_AWS_37 | resource | aws_datasync_location_s3 | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1281 | CKV2_AWS_37 | resource | aws_datasync_location_smb | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1282 | CKV2_AWS_37 | resource | aws_datasync_task | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1283 | CKV2_AWS_37 | resource | aws_datazone_asset_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1284 | CKV2_AWS_37 | resource | aws_datazone_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1285 | CKV2_AWS_37 | resource | aws_datazone_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1286 | CKV2_AWS_37 | resource | aws_datazone_environment_blueprint_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1287 | CKV2_AWS_37 | resource | aws_datazone_environment_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1288 | CKV2_AWS_37 | resource | aws_datazone_form_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1289 | CKV2_AWS_37 | resource | aws_datazone_glossary | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1290 | CKV2_AWS_37 | resource | aws_datazone_glossary_term | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1291 | CKV2_AWS_37 | resource | aws_datazone_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1292 | CKV2_AWS_37 | resource | aws_datazone_user_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1293 | CKV2_AWS_37 | resource | aws_dax_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1294 | CKV2_AWS_37 | resource | aws_dax_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1295 | CKV2_AWS_37 | resource | aws_dax_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1296 | CKV2_AWS_37 | resource | aws_db_cluster_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1297 | CKV2_AWS_37 | resource | aws_db_event_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1298 | CKV2_AWS_37 | resource | aws_db_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1299 | CKV2_AWS_37 | resource | aws_db_instance_automated_backups_replication | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1300 | CKV2_AWS_37 | resource | aws_db_instance_role_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1301 | CKV2_AWS_37 | resource | aws_db_option_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1302 | CKV2_AWS_37 | resource | aws_db_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1303 | CKV2_AWS_37 | resource | aws_db_proxy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1304 | CKV2_AWS_37 | resource | aws_db_proxy_default_target_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1305 | CKV2_AWS_37 | resource | aws_db_proxy_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1306 | CKV2_AWS_37 | resource | aws_db_proxy_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1307 | CKV2_AWS_37 | resource | aws_db_security_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1308 | CKV2_AWS_37 | resource | aws_db_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1309 | CKV2_AWS_37 | resource | aws_db_snapshot_copy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1310 | CKV2_AWS_37 | resource | aws_db_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1311 | CKV2_AWS_37 | resource | aws_default_network_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1312 | CKV2_AWS_37 | resource | aws_default_route_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1313 | CKV2_AWS_37 | resource | aws_default_security_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1314 | CKV2_AWS_37 | resource | aws_default_subnet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1315 | CKV2_AWS_37 | resource | aws_default_vpc | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1316 | CKV2_AWS_37 | resource | aws_default_vpc_dhcp_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1317 | CKV2_AWS_37 | resource | aws_detective_graph | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1318 | CKV2_AWS_37 | resource | aws_detective_invitation_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1319 | CKV2_AWS_37 | resource | aws_detective_member | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1320 | CKV2_AWS_37 | resource | aws_detective_organization_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1321 | CKV2_AWS_37 | resource | aws_detective_organization_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1322 | CKV2_AWS_37 | resource | aws_devicefarm_device_pool | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1323 | CKV2_AWS_37 | resource | aws_devicefarm_instance_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1324 | CKV2_AWS_37 | resource | aws_devicefarm_network_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1325 | CKV2_AWS_37 | resource | aws_devicefarm_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1326 | CKV2_AWS_37 | resource | aws_devicefarm_test_grid_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1327 | CKV2_AWS_37 | resource | aws_devicefarm_upload | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1328 | CKV2_AWS_37 | resource | aws_devopsguru_event_sources_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1329 | CKV2_AWS_37 | resource | aws_devopsguru_notification_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1330 | CKV2_AWS_37 | resource | aws_devopsguru_resource_collection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1331 | CKV2_AWS_37 | resource | aws_devopsguru_service_integration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1332 | CKV2_AWS_37 | resource | aws_directory_service_conditional_forwarder | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1333 | CKV2_AWS_37 | resource | aws_directory_service_directory | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1334 | CKV2_AWS_37 | resource | aws_directory_service_log_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1335 | CKV2_AWS_37 | resource | aws_directory_service_radius_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1336 | CKV2_AWS_37 | resource | aws_directory_service_region | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1337 | CKV2_AWS_37 | resource | aws_directory_service_shared_directory | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1338 | CKV2_AWS_37 | resource | aws_directory_service_shared_directory_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1339 | CKV2_AWS_37 | resource | aws_directory_service_trust | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1340 | CKV2_AWS_37 | resource | aws_dlm_lifecycle_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1341 | CKV2_AWS_37 | resource | aws_dms_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1342 | CKV2_AWS_37 | resource | aws_dms_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1343 | CKV2_AWS_37 | resource | aws_dms_event_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1344 | CKV2_AWS_37 | resource | aws_dms_replication_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1345 | CKV2_AWS_37 | resource | aws_dms_replication_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1346 | CKV2_AWS_37 | resource | aws_dms_replication_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1347 | CKV2_AWS_37 | resource | aws_dms_replication_task | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1348 | CKV2_AWS_37 | resource | aws_dms_s3_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1349 | CKV2_AWS_37 | resource | aws_docdb_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1350 | CKV2_AWS_37 | resource | aws_docdb_cluster_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1351 | CKV2_AWS_37 | resource | aws_docdb_cluster_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1352 | CKV2_AWS_37 | resource | aws_docdb_cluster_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1353 | CKV2_AWS_37 | resource | aws_docdb_event_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1354 | CKV2_AWS_37 | resource | aws_docdb_global_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1355 | CKV2_AWS_37 | resource | aws_docdb_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1356 | CKV2_AWS_37 | resource | aws_docdbelastic_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1357 | CKV2_AWS_37 | resource | aws_drs_replication_configuration_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1358 | CKV2_AWS_37 | resource | aws_dx_bgp_peer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1359 | CKV2_AWS_37 | resource | aws_dx_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1360 | CKV2_AWS_37 | resource | aws_dx_connection_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1361 | CKV2_AWS_37 | resource | aws_dx_connection_confirmation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1362 | CKV2_AWS_37 | resource | aws_dx_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1363 | CKV2_AWS_37 | resource | aws_dx_gateway_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1364 | CKV2_AWS_37 | resource | aws_dx_gateway_association_proposal | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1365 | CKV2_AWS_37 | resource | aws_dx_hosted_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1366 | CKV2_AWS_37 | resource | aws_dx_hosted_private_virtual_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1367 | CKV2_AWS_37 | resource | aws_dx_hosted_private_virtual_interface_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1368 | CKV2_AWS_37 | resource | aws_dx_hosted_public_virtual_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1369 | CKV2_AWS_37 | resource | aws_dx_hosted_public_virtual_interface_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1370 | CKV2_AWS_37 | resource | aws_dx_hosted_transit_virtual_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1371 | CKV2_AWS_37 | resource | aws_dx_hosted_transit_virtual_interface_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1372 | CKV2_AWS_37 | resource | aws_dx_lag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1373 | CKV2_AWS_37 | resource | aws_dx_macsec_key_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1374 | CKV2_AWS_37 | resource | aws_dx_private_virtual_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1375 | CKV2_AWS_37 | resource | aws_dx_public_virtual_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1376 | CKV2_AWS_37 | resource | aws_dx_transit_virtual_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1377 | CKV2_AWS_37 | resource | aws_dynamodb_contributor_insights | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1378 | CKV2_AWS_37 | resource | aws_dynamodb_global_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1379 | CKV2_AWS_37 | resource | aws_dynamodb_kinesis_streaming_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1380 | CKV2_AWS_37 | resource | aws_dynamodb_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1381 | CKV2_AWS_37 | resource | aws_dynamodb_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1382 | CKV2_AWS_37 | resource | aws_dynamodb_table_export | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1383 | CKV2_AWS_37 | resource | aws_dynamodb_table_item | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1384 | CKV2_AWS_37 | resource | aws_dynamodb_table_replica | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1385 | CKV2_AWS_37 | resource | aws_dynamodb_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1386 | CKV2_AWS_37 | resource | aws_ebs_default_kms_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1387 | CKV2_AWS_37 | resource | aws_ebs_encryption_by_default | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1388 | CKV2_AWS_37 | resource | aws_ebs_fast_snapshot_restore | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1389 | CKV2_AWS_37 | resource | aws_ebs_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1390 | CKV2_AWS_37 | resource | aws_ebs_snapshot_block_public_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1391 | CKV2_AWS_37 | resource | aws_ebs_snapshot_copy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1392 | CKV2_AWS_37 | resource | aws_ebs_snapshot_import | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1393 | CKV2_AWS_37 | resource | aws_ebs_volume | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1394 | CKV2_AWS_37 | resource | aws_ec2_availability_zone_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1395 | CKV2_AWS_37 | resource | aws_ec2_capacity_block_reservation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1396 | CKV2_AWS_37 | resource | aws_ec2_capacity_reservation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1397 | CKV2_AWS_37 | resource | aws_ec2_carrier_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1398 | CKV2_AWS_37 | resource | aws_ec2_client_vpn_authorization_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1399 | CKV2_AWS_37 | resource | aws_ec2_client_vpn_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1400 | CKV2_AWS_37 | resource | aws_ec2_client_vpn_network_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1401 | CKV2_AWS_37 | resource | aws_ec2_client_vpn_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1402 | CKV2_AWS_37 | resource | aws_ec2_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1403 | CKV2_AWS_37 | resource | aws_ec2_host | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1404 | CKV2_AWS_37 | resource | aws_ec2_image_block_public_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1405 | CKV2_AWS_37 | resource | aws_ec2_instance_connect_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1406 | CKV2_AWS_37 | resource | aws_ec2_instance_metadata_defaults | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1407 | CKV2_AWS_37 | resource | aws_ec2_instance_state | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1408 | CKV2_AWS_37 | resource | aws_ec2_local_gateway_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1409 | CKV2_AWS_37 | resource | aws_ec2_local_gateway_route_table_vpc_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1410 | CKV2_AWS_37 | resource | aws_ec2_managed_prefix_list | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1411 | CKV2_AWS_37 | resource | aws_ec2_managed_prefix_list_entry | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1412 | CKV2_AWS_37 | resource | aws_ec2_network_insights_analysis | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1413 | CKV2_AWS_37 | resource | aws_ec2_network_insights_path | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1414 | CKV2_AWS_37 | resource | aws_ec2_serial_console_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1415 | CKV2_AWS_37 | resource | aws_ec2_subnet_cidr_reservation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1416 | CKV2_AWS_37 | resource | aws_ec2_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1417 | CKV2_AWS_37 | resource | aws_ec2_traffic_mirror_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1418 | CKV2_AWS_37 | resource | aws_ec2_traffic_mirror_filter_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1419 | CKV2_AWS_37 | resource | aws_ec2_traffic_mirror_session | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1420 | CKV2_AWS_37 | resource | aws_ec2_traffic_mirror_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1421 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1422 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_connect | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1423 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_connect_peer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1424 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_default_route_table_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1425 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_default_route_table_propagation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1426 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_multicast_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1427 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_multicast_domain_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1428 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_multicast_group_member | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1429 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_multicast_group_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1430 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_peering_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1431 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_peering_attachment_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1432 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_policy_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1433 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_policy_table_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1434 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_prefix_list_reference | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1435 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1436 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_route_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1437 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_route_table_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1438 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_route_table_propagation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1439 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_vpc_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1440 | CKV2_AWS_37 | resource | aws_ec2_transit_gateway_vpc_attachment_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1441 | CKV2_AWS_37 | resource | aws_ecr_account_setting | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1442 | CKV2_AWS_37 | resource | aws_ecr_lifecycle_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1443 | CKV2_AWS_37 | resource | aws_ecr_pull_through_cache_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1444 | CKV2_AWS_37 | resource | aws_ecr_registry_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1445 | CKV2_AWS_37 | resource | aws_ecr_registry_scanning_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1446 | CKV2_AWS_37 | resource | aws_ecr_replication_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1447 | CKV2_AWS_37 | resource | aws_ecr_repository | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1448 | CKV2_AWS_37 | resource | aws_ecr_repository_creation_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1449 | CKV2_AWS_37 | resource | aws_ecr_repository_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1450 | CKV2_AWS_37 | resource | aws_ecrpublic_repository | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1451 | CKV2_AWS_37 | resource | aws_ecrpublic_repository_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1452 | CKV2_AWS_37 | resource | aws_ecs_account_setting_default | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1453 | CKV2_AWS_37 | resource | aws_ecs_capacity_provider | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1454 | CKV2_AWS_37 | resource | aws_ecs_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1455 | CKV2_AWS_37 | resource | aws_ecs_cluster_capacity_providers | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1456 | CKV2_AWS_37 | resource | aws_ecs_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1457 | CKV2_AWS_37 | resource | aws_ecs_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1458 | CKV2_AWS_37 | resource | aws_ecs_task_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1459 | CKV2_AWS_37 | resource | aws_ecs_task_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1460 | CKV2_AWS_37 | resource | aws_efs_access_point | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1461 | CKV2_AWS_37 | resource | aws_efs_backup_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1462 | CKV2_AWS_37 | resource | aws_efs_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1463 | CKV2_AWS_37 | resource | aws_efs_file_system_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1464 | CKV2_AWS_37 | resource | aws_efs_mount_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1465 | CKV2_AWS_37 | resource | aws_efs_replication_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1466 | CKV2_AWS_37 | resource | aws_egress_only_internet_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1467 | CKV2_AWS_37 | resource | aws_eip | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1468 | CKV2_AWS_37 | resource | aws_eip_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1469 | CKV2_AWS_37 | resource | aws_eip_domain_name | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1470 | CKV2_AWS_37 | resource | aws_eks_access_entry | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1471 | CKV2_AWS_37 | resource | aws_eks_access_policy_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1472 | CKV2_AWS_37 | resource | aws_eks_addon | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1473 | CKV2_AWS_37 | resource | aws_eks_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1474 | CKV2_AWS_37 | resource | aws_eks_fargate_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1475 | CKV2_AWS_37 | resource | aws_eks_identity_provider_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1476 | CKV2_AWS_37 | resource | aws_eks_node_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1477 | CKV2_AWS_37 | resource | aws_eks_pod_identity_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1478 | CKV2_AWS_37 | resource | aws_elastic_beanstalk_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1479 | CKV2_AWS_37 | resource | aws_elastic_beanstalk_application_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1480 | CKV2_AWS_37 | resource | aws_elastic_beanstalk_configuration_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1481 | CKV2_AWS_37 | resource | aws_elastic_beanstalk_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1482 | CKV2_AWS_37 | resource | aws_elasticache_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1483 | CKV2_AWS_37 | resource | aws_elasticache_global_replication_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1484 | CKV2_AWS_37 | resource | aws_elasticache_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1485 | CKV2_AWS_37 | resource | aws_elasticache_replication_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1486 | CKV2_AWS_37 | resource | aws_elasticache_reserved_cache_node | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1487 | CKV2_AWS_37 | resource | aws_elasticache_security_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1488 | CKV2_AWS_37 | resource | aws_elasticache_serverless_cache | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1489 | CKV2_AWS_37 | resource | aws_elasticache_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1490 | CKV2_AWS_37 | resource | aws_elasticache_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1491 | CKV2_AWS_37 | resource | aws_elasticache_user_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1492 | CKV2_AWS_37 | resource | aws_elasticache_user_group_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1493 | CKV2_AWS_37 | resource | aws_elasticsearch_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1494 | CKV2_AWS_37 | resource | aws_elasticsearch_domain_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1495 | CKV2_AWS_37 | resource | aws_elasticsearch_domain_saml_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1496 | CKV2_AWS_37 | resource | aws_elasticsearch_vpc_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1497 | CKV2_AWS_37 | resource | aws_elastictranscoder_pipeline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1498 | CKV2_AWS_37 | resource | aws_elastictranscoder_preset | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1499 | CKV2_AWS_37 | resource | aws_elb | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1500 | CKV2_AWS_37 | resource | aws_elb_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1501 | CKV2_AWS_37 | resource | aws_emr_block_public_access_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1502 | CKV2_AWS_37 | resource | aws_emr_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1503 | CKV2_AWS_37 | resource | aws_emr_instance_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1504 | CKV2_AWS_37 | resource | aws_emr_instance_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1505 | CKV2_AWS_37 | resource | aws_emr_managed_scaling_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1506 | CKV2_AWS_37 | resource | aws_emr_security_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1507 | CKV2_AWS_37 | resource | aws_emr_studio | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1508 | CKV2_AWS_37 | resource | aws_emr_studio_session_mapping | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1509 | CKV2_AWS_37 | resource | aws_emrcontainers_job_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1510 | CKV2_AWS_37 | resource | aws_emrcontainers_virtual_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1511 | CKV2_AWS_37 | resource | aws_emrserverless_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1512 | CKV2_AWS_37 | resource | aws_evidently_feature | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1513 | CKV2_AWS_37 | resource | aws_evidently_launch | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1514 | CKV2_AWS_37 | resource | aws_evidently_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1515 | CKV2_AWS_37 | resource | aws_evidently_segment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1516 | CKV2_AWS_37 | resource | aws_finspace_kx_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1517 | CKV2_AWS_37 | resource | aws_finspace_kx_database | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1518 | CKV2_AWS_37 | resource | aws_finspace_kx_dataview | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1519 | CKV2_AWS_37 | resource | aws_finspace_kx_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1520 | CKV2_AWS_37 | resource | aws_finspace_kx_scaling_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1521 | CKV2_AWS_37 | resource | aws_finspace_kx_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1522 | CKV2_AWS_37 | resource | aws_finspace_kx_volume | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1523 | CKV2_AWS_37 | resource | aws_fis_experiment_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1524 | CKV2_AWS_37 | resource | aws_flow_log | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1525 | CKV2_AWS_37 | resource | aws_fms_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1526 | CKV2_AWS_37 | resource | aws_fms_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1527 | CKV2_AWS_37 | resource | aws_fms_resource_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1528 | CKV2_AWS_37 | resource | aws_fsx_backup | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1529 | CKV2_AWS_37 | resource | aws_fsx_data_repository_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1530 | CKV2_AWS_37 | resource | aws_fsx_file_cache | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1531 | CKV2_AWS_37 | resource | aws_fsx_lustre_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1532 | CKV2_AWS_37 | resource | aws_fsx_ontap_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1533 | CKV2_AWS_37 | resource | aws_fsx_ontap_storage_virtual_machine | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1534 | CKV2_AWS_37 | resource | aws_fsx_ontap_volume | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1535 | CKV2_AWS_37 | resource | aws_fsx_openzfs_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1536 | CKV2_AWS_37 | resource | aws_fsx_openzfs_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1537 | CKV2_AWS_37 | resource | aws_fsx_openzfs_volume | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1538 | CKV2_AWS_37 | resource | aws_fsx_windows_file_system | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1539 | CKV2_AWS_37 | resource | aws_gamelift_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1540 | CKV2_AWS_37 | resource | aws_gamelift_build | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1541 | CKV2_AWS_37 | resource | aws_gamelift_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1542 | CKV2_AWS_37 | resource | aws_gamelift_game_server_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1543 | CKV2_AWS_37 | resource | aws_gamelift_game_session_queue | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1544 | CKV2_AWS_37 | resource | aws_gamelift_script | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1545 | CKV2_AWS_37 | resource | aws_glacier_vault | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1546 | CKV2_AWS_37 | resource | aws_glacier_vault_lock | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1547 | CKV2_AWS_37 | resource | aws_globalaccelerator_accelerator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1548 | CKV2_AWS_37 | resource | aws_globalaccelerator_cross_account_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1549 | CKV2_AWS_37 | resource | aws_globalaccelerator_custom_routing_accelerator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1550 | CKV2_AWS_37 | resource | aws_globalaccelerator_custom_routing_endpoint_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1551 | CKV2_AWS_37 | resource | aws_globalaccelerator_custom_routing_listener | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1552 | CKV2_AWS_37 | resource | aws_globalaccelerator_endpoint_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1553 | CKV2_AWS_37 | resource | aws_globalaccelerator_listener | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1554 | CKV2_AWS_37 | resource | aws_glue_catalog_database | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1555 | CKV2_AWS_37 | resource | aws_glue_catalog_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1556 | CKV2_AWS_37 | resource | aws_glue_catalog_table_optimizer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1557 | CKV2_AWS_37 | resource | aws_glue_classifier | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1558 | CKV2_AWS_37 | resource | aws_glue_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1559 | CKV2_AWS_37 | resource | aws_glue_crawler | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1560 | CKV2_AWS_37 | resource | aws_glue_data_catalog_encryption_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1561 | CKV2_AWS_37 | resource | aws_glue_data_quality_ruleset | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1562 | CKV2_AWS_37 | resource | aws_glue_dev_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1563 | CKV2_AWS_37 | resource | aws_glue_job | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1564 | CKV2_AWS_37 | resource | aws_glue_ml_transform | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1565 | CKV2_AWS_37 | resource | aws_glue_partition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1566 | CKV2_AWS_37 | resource | aws_glue_partition_index | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1567 | CKV2_AWS_37 | resource | aws_glue_registry | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1568 | CKV2_AWS_37 | resource | aws_glue_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1569 | CKV2_AWS_37 | resource | aws_glue_schema | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1570 | CKV2_AWS_37 | resource | aws_glue_security_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1571 | CKV2_AWS_37 | resource | aws_glue_trigger | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1572 | CKV2_AWS_37 | resource | aws_glue_user_defined_function | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1573 | CKV2_AWS_37 | resource | aws_glue_workflow | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1574 | CKV2_AWS_37 | resource | aws_grafana_license_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1575 | CKV2_AWS_37 | resource | aws_grafana_role_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1576 | CKV2_AWS_37 | resource | aws_grafana_workspace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1577 | CKV2_AWS_37 | resource | aws_grafana_workspace_api_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1578 | CKV2_AWS_37 | resource | aws_grafana_workspace_saml_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1579 | CKV2_AWS_37 | resource | aws_grafana_workspace_service_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1580 | CKV2_AWS_37 | resource | aws_grafana_workspace_service_account_token | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1581 | CKV2_AWS_37 | resource | aws_guardduty_detector | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1582 | CKV2_AWS_37 | resource | aws_guardduty_detector_feature | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1583 | CKV2_AWS_37 | resource | aws_guardduty_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1584 | CKV2_AWS_37 | resource | aws_guardduty_invite_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1585 | CKV2_AWS_37 | resource | aws_guardduty_ipset | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1586 | CKV2_AWS_37 | resource | aws_guardduty_malware_protection_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1587 | CKV2_AWS_37 | resource | aws_guardduty_member | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1588 | CKV2_AWS_37 | resource | aws_guardduty_member_detector_feature | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1589 | CKV2_AWS_37 | resource | aws_guardduty_organization_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1590 | CKV2_AWS_37 | resource | aws_guardduty_organization_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1591 | CKV2_AWS_37 | resource | aws_guardduty_organization_configuration_feature | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1592 | CKV2_AWS_37 | resource | aws_guardduty_publishing_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1593 | CKV2_AWS_37 | resource | aws_guardduty_threatintelset | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1594 | CKV2_AWS_37 | resource | aws_iam_access_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1595 | CKV2_AWS_37 | resource | aws_iam_account_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1596 | CKV2_AWS_37 | resource | aws_iam_account_password_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1597 | CKV2_AWS_37 | resource | aws_iam_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1598 | CKV2_AWS_37 | resource | aws_iam_group_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1599 | CKV2_AWS_37 | resource | aws_iam_group_policies_exclusive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1600 | CKV2_AWS_37 | resource | aws_iam_group_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1601 | CKV2_AWS_37 | resource | aws_iam_group_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1602 | CKV2_AWS_37 | resource | aws_iam_group_policy_attachments_exclusive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1603 | CKV2_AWS_37 | resource | aws_iam_instance_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1604 | CKV2_AWS_37 | resource | aws_iam_openid_connect_provider | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1605 | CKV2_AWS_37 | resource | aws_iam_organizations_features | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1606 | CKV2_AWS_37 | resource | aws_iam_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1607 | CKV2_AWS_37 | resource | aws_iam_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1608 | CKV2_AWS_37 | resource | aws_iam_policy_document | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1609 | CKV2_AWS_37 | resource | aws_iam_role | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1610 | CKV2_AWS_37 | resource | aws_iam_role_policies_exclusive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1611 | CKV2_AWS_37 | resource | aws_iam_role_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1612 | CKV2_AWS_37 | resource | aws_iam_role_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1613 | CKV2_AWS_37 | resource | aws_iam_role_policy_attachments_exclusive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1614 | CKV2_AWS_37 | resource | aws_iam_saml_provider | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1615 | CKV2_AWS_37 | resource | aws_iam_security_token_service_preferences | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1616 | CKV2_AWS_37 | resource | aws_iam_server_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1617 | CKV2_AWS_37 | resource | aws_iam_service_linked_role | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1618 | CKV2_AWS_37 | resource | aws_iam_service_specific_credential | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1619 | CKV2_AWS_37 | resource | aws_iam_signing_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1620 | CKV2_AWS_37 | resource | aws_iam_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1621 | CKV2_AWS_37 | resource | aws_iam_user_group_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1622 | CKV2_AWS_37 | resource | aws_iam_user_login_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1623 | CKV2_AWS_37 | resource | aws_iam_user_policies_exclusive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1624 | CKV2_AWS_37 | resource | aws_iam_user_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1625 | CKV2_AWS_37 | resource | aws_iam_user_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1626 | CKV2_AWS_37 | resource | aws_iam_user_policy_attachments_exclusive | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1627 | CKV2_AWS_37 | resource | aws_iam_user_ssh_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1628 | CKV2_AWS_37 | resource | aws_iam_virtual_mfa_device | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1629 | CKV2_AWS_37 | resource | aws_identitystore_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1630 | CKV2_AWS_37 | resource | aws_identitystore_group_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1631 | CKV2_AWS_37 | resource | aws_identitystore_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1632 | CKV2_AWS_37 | resource | aws_imagebuilder_component | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1633 | CKV2_AWS_37 | resource | aws_imagebuilder_container_recipe | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1634 | CKV2_AWS_37 | resource | aws_imagebuilder_distribution_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1635 | CKV2_AWS_37 | resource | aws_imagebuilder_image | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1636 | CKV2_AWS_37 | resource | aws_imagebuilder_image_pipeline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1637 | CKV2_AWS_37 | resource | aws_imagebuilder_image_recipe | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1638 | CKV2_AWS_37 | resource | aws_imagebuilder_infrastructure_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1639 | CKV2_AWS_37 | resource | aws_imagebuilder_lifecycle_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1640 | CKV2_AWS_37 | resource | aws_imagebuilder_workflow | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1641 | CKV2_AWS_37 | resource | aws_inspector2_delegated_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1642 | CKV2_AWS_37 | resource | aws_inspector2_enabler | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1643 | CKV2_AWS_37 | resource | aws_inspector2_member_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1644 | CKV2_AWS_37 | resource | aws_inspector2_organization_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1645 | CKV2_AWS_37 | resource | aws_inspector_assessment_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1646 | CKV2_AWS_37 | resource | aws_inspector_assessment_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1647 | CKV2_AWS_37 | resource | aws_inspector_resource_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1648 | CKV2_AWS_37 | resource | aws_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1649 | CKV2_AWS_37 | resource | aws_internet_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1650 | CKV2_AWS_37 | resource | aws_internet_gateway_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1651 | CKV2_AWS_37 | resource | aws_internetmonitor_monitor | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1652 | CKV2_AWS_37 | resource | aws_iot_authorizer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1653 | CKV2_AWS_37 | resource | aws_iot_billing_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1654 | CKV2_AWS_37 | resource | aws_iot_ca_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1655 | CKV2_AWS_37 | resource | aws_iot_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1656 | CKV2_AWS_37 | resource | aws_iot_domain_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1657 | CKV2_AWS_37 | resource | aws_iot_event_configurations | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1658 | CKV2_AWS_37 | resource | aws_iot_indexing_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1659 | CKV2_AWS_37 | resource | aws_iot_logging_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1660 | CKV2_AWS_37 | resource | aws_iot_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1661 | CKV2_AWS_37 | resource | aws_iot_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1662 | CKV2_AWS_37 | resource | aws_iot_provisioning_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1663 | CKV2_AWS_37 | resource | aws_iot_role_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1664 | CKV2_AWS_37 | resource | aws_iot_thing | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1665 | CKV2_AWS_37 | resource | aws_iot_thing_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1666 | CKV2_AWS_37 | resource | aws_iot_thing_group_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1667 | CKV2_AWS_37 | resource | aws_iot_thing_principal_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1668 | CKV2_AWS_37 | resource | aws_iot_thing_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1669 | CKV2_AWS_37 | resource | aws_iot_topic_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1670 | CKV2_AWS_37 | resource | aws_iot_topic_rule_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1671 | CKV2_AWS_37 | resource | aws_ivs_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1672 | CKV2_AWS_37 | resource | aws_ivs_playback_key_pair | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1673 | CKV2_AWS_37 | resource | aws_ivs_recording_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1674 | CKV2_AWS_37 | resource | aws_ivschat_logging_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1675 | CKV2_AWS_37 | resource | aws_ivschat_room | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1676 | CKV2_AWS_37 | resource | aws_kendra_data_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1677 | CKV2_AWS_37 | resource | aws_kendra_experience | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1678 | CKV2_AWS_37 | resource | aws_kendra_faq | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1679 | CKV2_AWS_37 | resource | aws_kendra_index | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1680 | CKV2_AWS_37 | resource | aws_kendra_query_suggestions_block_list | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1681 | CKV2_AWS_37 | resource | aws_kendra_thesaurus | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1682 | CKV2_AWS_37 | resource | aws_key_pair | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1683 | CKV2_AWS_37 | resource | aws_keyspaces_keyspace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1684 | CKV2_AWS_37 | resource | aws_keyspaces_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1685 | CKV2_AWS_37 | resource | aws_kinesis_analytics_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1686 | CKV2_AWS_37 | resource | aws_kinesis_firehose_delivery_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1687 | CKV2_AWS_37 | resource | aws_kinesis_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1688 | CKV2_AWS_37 | resource | aws_kinesis_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1689 | CKV2_AWS_37 | resource | aws_kinesis_stream_consumer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1690 | CKV2_AWS_37 | resource | aws_kinesis_video_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1691 | CKV2_AWS_37 | resource | aws_kinesisanalyticsv2_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1692 | CKV2_AWS_37 | resource | aws_kinesisanalyticsv2_application_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1693 | CKV2_AWS_37 | resource | aws_kms_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1694 | CKV2_AWS_37 | resource | aws_kms_ciphertext | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1695 | CKV2_AWS_37 | resource | aws_kms_custom_key_store | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1696 | CKV2_AWS_37 | resource | aws_kms_external_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1697 | CKV2_AWS_37 | resource | aws_kms_grant | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1698 | CKV2_AWS_37 | resource | aws_kms_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1699 | CKV2_AWS_37 | resource | aws_kms_key_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1700 | CKV2_AWS_37 | resource | aws_kms_replica_external_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1701 | CKV2_AWS_37 | resource | aws_kms_replica_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1702 | CKV2_AWS_37 | resource | aws_lakeformation_data_cells_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1703 | CKV2_AWS_37 | resource | aws_lakeformation_data_lake_settings | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1704 | CKV2_AWS_37 | resource | aws_lakeformation_lf_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1705 | CKV2_AWS_37 | resource | aws_lakeformation_permissions | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1706 | CKV2_AWS_37 | resource | aws_lakeformation_resource | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1707 | CKV2_AWS_37 | resource | aws_lakeformation_resource_lf_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1708 | CKV2_AWS_37 | resource | aws_lakeformation_resource_lf_tags | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1709 | CKV2_AWS_37 | resource | aws_lambda_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1710 | CKV2_AWS_37 | resource | aws_lambda_code_signing_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1711 | CKV2_AWS_37 | resource | aws_lambda_event_source_mapping | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1712 | CKV2_AWS_37 | resource | aws_lambda_function | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1713 | CKV2_AWS_37 | resource | aws_lambda_function_event_invoke_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1714 | CKV2_AWS_37 | resource | aws_lambda_function_recursion_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1715 | CKV2_AWS_37 | resource | aws_lambda_function_url | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1716 | CKV2_AWS_37 | resource | aws_lambda_invocation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1717 | CKV2_AWS_37 | resource | aws_lambda_layer_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1718 | CKV2_AWS_37 | resource | aws_lambda_layer_version_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1719 | CKV2_AWS_37 | resource | aws_lambda_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1720 | CKV2_AWS_37 | resource | aws_lambda_provisioned_concurrency_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1721 | CKV2_AWS_37 | resource | aws_lambda_runtime_management_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1722 | CKV2_AWS_37 | resource | aws_launch_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1723 | CKV2_AWS_37 | resource | aws_launch_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1724 | CKV2_AWS_37 | resource | aws_lb | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1725 | CKV2_AWS_37 | resource | aws_lb_cookie_stickiness_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1726 | CKV2_AWS_37 | resource | aws_lb_listener | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1727 | CKV2_AWS_37 | resource | aws_lb_listener_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1728 | CKV2_AWS_37 | resource | aws_lb_listener_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1729 | CKV2_AWS_37 | resource | aws_lb_ssl_negotiation_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1730 | CKV2_AWS_37 | resource | aws_lb_target_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1731 | CKV2_AWS_37 | resource | aws_lb_target_group_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1732 | CKV2_AWS_37 | resource | aws_lb_trust_store | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1733 | CKV2_AWS_37 | resource | aws_lb_trust_store_revocation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1734 | CKV2_AWS_37 | resource | aws_lex_bot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1735 | CKV2_AWS_37 | resource | aws_lex_bot_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1736 | CKV2_AWS_37 | resource | aws_lex_intent | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1737 | CKV2_AWS_37 | resource | aws_lex_slot_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1738 | CKV2_AWS_37 | resource | aws_lexv2models_bot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1739 | CKV2_AWS_37 | resource | aws_lexv2models_bot_locale | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1740 | CKV2_AWS_37 | resource | aws_lexv2models_bot_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1741 | CKV2_AWS_37 | resource | aws_lexv2models_intent | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1742 | CKV2_AWS_37 | resource | aws_lexv2models_slot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1743 | CKV2_AWS_37 | resource | aws_lexv2models_slot_type | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1744 | CKV2_AWS_37 | resource | aws_licensemanager_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1745 | CKV2_AWS_37 | resource | aws_licensemanager_grant | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1746 | CKV2_AWS_37 | resource | aws_licensemanager_grant_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1747 | CKV2_AWS_37 | resource | aws_licensemanager_license_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1748 | CKV2_AWS_37 | resource | aws_lightsail_bucket | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1749 | CKV2_AWS_37 | resource | aws_lightsail_bucket_access_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1750 | CKV2_AWS_37 | resource | aws_lightsail_bucket_resource_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1751 | CKV2_AWS_37 | resource | aws_lightsail_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1752 | CKV2_AWS_37 | resource | aws_lightsail_container_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1753 | CKV2_AWS_37 | resource | aws_lightsail_container_service_deployment_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1754 | CKV2_AWS_37 | resource | aws_lightsail_database | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1755 | CKV2_AWS_37 | resource | aws_lightsail_disk | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1756 | CKV2_AWS_37 | resource | aws_lightsail_disk_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1757 | CKV2_AWS_37 | resource | aws_lightsail_distribution | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1758 | CKV2_AWS_37 | resource | aws_lightsail_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1759 | CKV2_AWS_37 | resource | aws_lightsail_domain_entry | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1760 | CKV2_AWS_37 | resource | aws_lightsail_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1761 | CKV2_AWS_37 | resource | aws_lightsail_instance_public_ports | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1762 | CKV2_AWS_37 | resource | aws_lightsail_key_pair | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1763 | CKV2_AWS_37 | resource | aws_lightsail_lb | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1764 | CKV2_AWS_37 | resource | aws_lightsail_lb_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1765 | CKV2_AWS_37 | resource | aws_lightsail_lb_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1766 | CKV2_AWS_37 | resource | aws_lightsail_lb_certificate_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1767 | CKV2_AWS_37 | resource | aws_lightsail_lb_https_redirection_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1768 | CKV2_AWS_37 | resource | aws_lightsail_lb_stickiness_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1769 | CKV2_AWS_37 | resource | aws_lightsail_static_ip | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1770 | CKV2_AWS_37 | resource | aws_lightsail_static_ip_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1771 | CKV2_AWS_37 | resource | aws_load_balancer_backend_server_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1772 | CKV2_AWS_37 | resource | aws_load_balancer_listener_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1773 | CKV2_AWS_37 | resource | aws_load_balancer_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1774 | CKV2_AWS_37 | resource | aws_location_geofence_collection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1775 | CKV2_AWS_37 | resource | aws_location_map | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1776 | CKV2_AWS_37 | resource | aws_location_place_index | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1777 | CKV2_AWS_37 | resource | aws_location_route_calculator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1778 | CKV2_AWS_37 | resource | aws_location_tracker | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1779 | CKV2_AWS_37 | resource | aws_location_tracker_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1780 | CKV2_AWS_37 | resource | aws_m2_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1781 | CKV2_AWS_37 | resource | aws_m2_deployment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1782 | CKV2_AWS_37 | resource | aws_m2_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1783 | CKV2_AWS_37 | resource | aws_macie2_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1784 | CKV2_AWS_37 | resource | aws_macie2_classification_export_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1785 | CKV2_AWS_37 | resource | aws_macie2_classification_job | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1786 | CKV2_AWS_37 | resource | aws_macie2_custom_data_identifier | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1787 | CKV2_AWS_37 | resource | aws_macie2_findings_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1788 | CKV2_AWS_37 | resource | aws_macie2_invitation_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1789 | CKV2_AWS_37 | resource | aws_macie2_member | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1790 | CKV2_AWS_37 | resource | aws_macie2_organization_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1791 | CKV2_AWS_37 | resource | aws_macie_member_account_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1792 | CKV2_AWS_37 | resource | aws_macie_s3_bucket_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1793 | CKV2_AWS_37 | resource | aws_main_route_table_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1794 | CKV2_AWS_37 | resource | aws_media_convert_queue | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1795 | CKV2_AWS_37 | resource | aws_media_package_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1796 | CKV2_AWS_37 | resource | aws_media_packagev2_channel_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1797 | CKV2_AWS_37 | resource | aws_media_store_container | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1798 | CKV2_AWS_37 | resource | aws_media_store_container_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1799 | CKV2_AWS_37 | resource | aws_medialive_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1800 | CKV2_AWS_37 | resource | aws_medialive_input | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1801 | CKV2_AWS_37 | resource | aws_medialive_input_security_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1802 | CKV2_AWS_37 | resource | aws_medialive_multiplex | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1803 | CKV2_AWS_37 | resource | aws_medialive_multiplex_program | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1804 | CKV2_AWS_37 | resource | aws_memorydb_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1805 | CKV2_AWS_37 | resource | aws_memorydb_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1806 | CKV2_AWS_37 | resource | aws_memorydb_multi_region_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1807 | CKV2_AWS_37 | resource | aws_memorydb_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1808 | CKV2_AWS_37 | resource | aws_memorydb_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1809 | CKV2_AWS_37 | resource | aws_memorydb_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1810 | CKV2_AWS_37 | resource | aws_memorydb_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1811 | CKV2_AWS_37 | resource | aws_mq_broker | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1812 | CKV2_AWS_37 | resource | aws_mq_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1813 | CKV2_AWS_37 | resource | aws_msk_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1814 | CKV2_AWS_37 | resource | aws_msk_cluster_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1815 | CKV2_AWS_37 | resource | aws_msk_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1816 | CKV2_AWS_37 | resource | aws_msk_replicator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1817 | CKV2_AWS_37 | resource | aws_msk_scram_secret_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1818 | CKV2_AWS_37 | resource | aws_msk_serverless_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1819 | CKV2_AWS_37 | resource | aws_msk_single_scram_secret_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1820 | CKV2_AWS_37 | resource | aws_msk_vpc_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1821 | CKV2_AWS_37 | resource | aws_mskconnect_connector | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1822 | CKV2_AWS_37 | resource | aws_mskconnect_custom_plugin | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1823 | CKV2_AWS_37 | resource | aws_mskconnect_worker_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1824 | CKV2_AWS_37 | resource | aws_mwaa_environment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1825 | CKV2_AWS_37 | resource | aws_nat_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1826 | CKV2_AWS_37 | resource | aws_neptune_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1827 | CKV2_AWS_37 | resource | aws_neptune_cluster_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1828 | CKV2_AWS_37 | resource | aws_neptune_cluster_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1829 | CKV2_AWS_37 | resource | aws_neptune_cluster_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1830 | CKV2_AWS_37 | resource | aws_neptune_cluster_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1831 | CKV2_AWS_37 | resource | aws_neptune_event_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1832 | CKV2_AWS_37 | resource | aws_neptune_global_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1833 | CKV2_AWS_37 | resource | aws_neptune_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1834 | CKV2_AWS_37 | resource | aws_neptune_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1835 | CKV2_AWS_37 | resource | aws_network_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1836 | CKV2_AWS_37 | resource | aws_network_acl_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1837 | CKV2_AWS_37 | resource | aws_network_acl_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1838 | CKV2_AWS_37 | resource | aws_network_interface | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1839 | CKV2_AWS_37 | resource | aws_network_interface_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1840 | CKV2_AWS_37 | resource | aws_network_interface_sg_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1841 | CKV2_AWS_37 | resource | aws_networkfirewall_firewall | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1842 | CKV2_AWS_37 | resource | aws_networkfirewall_firewall_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1843 | CKV2_AWS_37 | resource | aws_networkfirewall_logging_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1844 | CKV2_AWS_37 | resource | aws_networkfirewall_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1845 | CKV2_AWS_37 | resource | aws_networkfirewall_rule_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1846 | CKV2_AWS_37 | resource | aws_networkfirewall_tls_inspection_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1847 | CKV2_AWS_37 | resource | aws_networkmanager_attachment_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1848 | CKV2_AWS_37 | resource | aws_networkmanager_connect_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1849 | CKV2_AWS_37 | resource | aws_networkmanager_connect_peer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1850 | CKV2_AWS_37 | resource | aws_networkmanager_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1851 | CKV2_AWS_37 | resource | aws_networkmanager_core_network | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1852 | CKV2_AWS_37 | resource | aws_networkmanager_core_network_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1853 | CKV2_AWS_37 | resource | aws_networkmanager_customer_gateway_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1854 | CKV2_AWS_37 | resource | aws_networkmanager_device | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1855 | CKV2_AWS_37 | resource | aws_networkmanager_dx_gateway_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1856 | CKV2_AWS_37 | resource | aws_networkmanager_global_network | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1857 | CKV2_AWS_37 | resource | aws_networkmanager_link | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1858 | CKV2_AWS_37 | resource | aws_networkmanager_link_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1859 | CKV2_AWS_37 | resource | aws_networkmanager_site | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1860 | CKV2_AWS_37 | resource | aws_networkmanager_site_to_site_vpn_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1861 | CKV2_AWS_37 | resource | aws_networkmanager_transit_gateway_connect_peer_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1862 | CKV2_AWS_37 | resource | aws_networkmanager_transit_gateway_peering | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1863 | CKV2_AWS_37 | resource | aws_networkmanager_transit_gateway_registration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1864 | CKV2_AWS_37 | resource | aws_networkmanager_transit_gateway_route_table_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1865 | CKV2_AWS_37 | resource | aws_networkmanager_vpc_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1866 | CKV2_AWS_37 | resource | aws_networkmonitor_monitor | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1867 | CKV2_AWS_37 | resource | aws_networkmonitor_probe | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1868 | CKV2_AWS_37 | resource | aws_oam_link | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1869 | CKV2_AWS_37 | resource | aws_oam_sink | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1870 | CKV2_AWS_37 | resource | aws_oam_sink_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1871 | CKV2_AWS_37 | resource | aws_opensearch_authorize_vpc_endpoint_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1872 | CKV2_AWS_37 | resource | aws_opensearch_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1873 | CKV2_AWS_37 | resource | aws_opensearch_domain_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1874 | CKV2_AWS_37 | resource | aws_opensearch_domain_saml_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1875 | CKV2_AWS_37 | resource | aws_opensearch_inbound_connection_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1876 | CKV2_AWS_37 | resource | aws_opensearch_outbound_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1877 | CKV2_AWS_37 | resource | aws_opensearch_package | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1878 | CKV2_AWS_37 | resource | aws_opensearch_package_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1879 | CKV2_AWS_37 | resource | aws_opensearch_vpc_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1880 | CKV2_AWS_37 | resource | aws_opensearchserverless_access_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1881 | CKV2_AWS_37 | resource | aws_opensearchserverless_collection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1882 | CKV2_AWS_37 | resource | aws_opensearchserverless_lifecycle_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1883 | CKV2_AWS_37 | resource | aws_opensearchserverless_security_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1884 | CKV2_AWS_37 | resource | aws_opensearchserverless_security_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1885 | CKV2_AWS_37 | resource | aws_opensearchserverless_vpc_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1886 | CKV2_AWS_37 | resource | aws_opsworks_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1887 | CKV2_AWS_37 | resource | aws_opsworks_custom_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1888 | CKV2_AWS_37 | resource | aws_opsworks_ecs_cluster_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1889 | CKV2_AWS_37 | resource | aws_opsworks_ganglia_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1890 | CKV2_AWS_37 | resource | aws_opsworks_haproxy_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1891 | CKV2_AWS_37 | resource | aws_opsworks_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1892 | CKV2_AWS_37 | resource | aws_opsworks_java_app_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1893 | CKV2_AWS_37 | resource | aws_opsworks_memcached_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1894 | CKV2_AWS_37 | resource | aws_opsworks_mysql_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1895 | CKV2_AWS_37 | resource | aws_opsworks_nodejs_app_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1896 | CKV2_AWS_37 | resource | aws_opsworks_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1897 | CKV2_AWS_37 | resource | aws_opsworks_php_app_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1898 | CKV2_AWS_37 | resource | aws_opsworks_rails_app_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1899 | CKV2_AWS_37 | resource | aws_opsworks_rds_db_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1900 | CKV2_AWS_37 | resource | aws_opsworks_stack | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1901 | CKV2_AWS_37 | resource | aws_opsworks_static_web_layer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1902 | CKV2_AWS_37 | resource | aws_opsworks_user_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1903 | CKV2_AWS_37 | resource | aws_organizations_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1904 | CKV2_AWS_37 | resource | aws_organizations_delegated_administrator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1905 | CKV2_AWS_37 | resource | aws_organizations_organization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1906 | CKV2_AWS_37 | resource | aws_organizations_organizational_unit | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1907 | CKV2_AWS_37 | resource | aws_organizations_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1908 | CKV2_AWS_37 | resource | aws_organizations_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1909 | CKV2_AWS_37 | resource | aws_organizations_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1910 | CKV2_AWS_37 | resource | aws_osis_pipeline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1911 | CKV2_AWS_37 | resource | aws_paymentcryptography_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1912 | CKV2_AWS_37 | resource | aws_paymentcryptography_key_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1913 | CKV2_AWS_37 | resource | aws_pinpoint_adm_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1914 | CKV2_AWS_37 | resource | aws_pinpoint_apns_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1915 | CKV2_AWS_37 | resource | aws_pinpoint_apns_sandbox_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1916 | CKV2_AWS_37 | resource | aws_pinpoint_apns_voip_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1917 | CKV2_AWS_37 | resource | aws_pinpoint_apns_voip_sandbox_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1918 | CKV2_AWS_37 | resource | aws_pinpoint_app | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1919 | CKV2_AWS_37 | resource | aws_pinpoint_baidu_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1920 | CKV2_AWS_37 | resource | aws_pinpoint_email_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1921 | CKV2_AWS_37 | resource | aws_pinpoint_email_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1922 | CKV2_AWS_37 | resource | aws_pinpoint_event_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1923 | CKV2_AWS_37 | resource | aws_pinpoint_gcm_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1924 | CKV2_AWS_37 | resource | aws_pinpoint_sms_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1925 | CKV2_AWS_37 | resource | aws_pinpointsmsvoicev2_configuration_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1926 | CKV2_AWS_37 | resource | aws_pinpointsmsvoicev2_opt_out_list | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1927 | CKV2_AWS_37 | resource | aws_pinpointsmsvoicev2_phone_number | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1928 | CKV2_AWS_37 | resource | aws_pipes_pipe | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1929 | CKV2_AWS_37 | resource | aws_placement_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1930 | CKV2_AWS_37 | resource | aws_prometheus_alert_manager_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1931 | CKV2_AWS_37 | resource | aws_prometheus_rule_group_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1932 | CKV2_AWS_37 | resource | aws_prometheus_scraper | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1933 | CKV2_AWS_37 | resource | aws_prometheus_workspace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1934 | CKV2_AWS_37 | resource | aws_proxy_protocol_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1935 | CKV2_AWS_37 | resource | aws_qldb_ledger | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1936 | CKV2_AWS_37 | resource | aws_qldb_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1937 | CKV2_AWS_37 | resource | aws_quicksight_account_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1938 | CKV2_AWS_37 | resource | aws_quicksight_analysis | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1939 | CKV2_AWS_37 | resource | aws_quicksight_dashboard | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1940 | CKV2_AWS_37 | resource | aws_quicksight_data_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1941 | CKV2_AWS_37 | resource | aws_quicksight_data_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1942 | CKV2_AWS_37 | resource | aws_quicksight_folder | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1943 | CKV2_AWS_37 | resource | aws_quicksight_folder_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1944 | CKV2_AWS_37 | resource | aws_quicksight_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1945 | CKV2_AWS_37 | resource | aws_quicksight_group_membership | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1946 | CKV2_AWS_37 | resource | aws_quicksight_iam_policy_assignment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1947 | CKV2_AWS_37 | resource | aws_quicksight_ingestion | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1948 | CKV2_AWS_37 | resource | aws_quicksight_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1949 | CKV2_AWS_37 | resource | aws_quicksight_refresh_schedule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1950 | CKV2_AWS_37 | resource | aws_quicksight_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1951 | CKV2_AWS_37 | resource | aws_quicksight_template_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1952 | CKV2_AWS_37 | resource | aws_quicksight_theme | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1953 | CKV2_AWS_37 | resource | aws_quicksight_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1954 | CKV2_AWS_37 | resource | aws_quicksight_vpc_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1955 | CKV2_AWS_37 | resource | aws_ram_principal_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1956 | CKV2_AWS_37 | resource | aws_ram_resource_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1957 | CKV2_AWS_37 | resource | aws_ram_resource_share | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1958 | CKV2_AWS_37 | resource | aws_ram_resource_share_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1959 | CKV2_AWS_37 | resource | aws_ram_sharing_with_organization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1960 | CKV2_AWS_37 | resource | aws_rbin_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1961 | CKV2_AWS_37 | resource | aws_rds_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1962 | CKV2_AWS_37 | resource | aws_rds_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1963 | CKV2_AWS_37 | resource | aws_rds_cluster_activity_stream | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1964 | CKV2_AWS_37 | resource | aws_rds_cluster_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1965 | CKV2_AWS_37 | resource | aws_rds_cluster_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1966 | CKV2_AWS_37 | resource | aws_rds_cluster_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1967 | CKV2_AWS_37 | resource | aws_rds_cluster_role_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1968 | CKV2_AWS_37 | resource | aws_rds_cluster_snapshot_copy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1969 | CKV2_AWS_37 | resource | aws_rds_custom_db_engine_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1970 | CKV2_AWS_37 | resource | aws_rds_export_task | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1971 | CKV2_AWS_37 | resource | aws_rds_global_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1972 | CKV2_AWS_37 | resource | aws_rds_instance_state | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1973 | CKV2_AWS_37 | resource | aws_rds_integration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1974 | CKV2_AWS_37 | resource | aws_rds_reserved_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1975 | CKV2_AWS_37 | resource | aws_redshift_authentication_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1976 | CKV2_AWS_37 | resource | aws_redshift_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1977 | CKV2_AWS_37 | resource | aws_redshift_cluster_iam_roles | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1978 | CKV2_AWS_37 | resource | aws_redshift_cluster_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1979 | CKV2_AWS_37 | resource | aws_redshift_data_share_authorization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1980 | CKV2_AWS_37 | resource | aws_redshift_data_share_consumer_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1981 | CKV2_AWS_37 | resource | aws_redshift_endpoint_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1982 | CKV2_AWS_37 | resource | aws_redshift_endpoint_authorization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1983 | CKV2_AWS_37 | resource | aws_redshift_event_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1984 | CKV2_AWS_37 | resource | aws_redshift_hsm_client_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1985 | CKV2_AWS_37 | resource | aws_redshift_hsm_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1986 | CKV2_AWS_37 | resource | aws_redshift_logging | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1987 | CKV2_AWS_37 | resource | aws_redshift_parameter_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1988 | CKV2_AWS_37 | resource | aws_redshift_partner | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1989 | CKV2_AWS_37 | resource | aws_redshift_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1990 | CKV2_AWS_37 | resource | aws_redshift_scheduled_action | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1991 | CKV2_AWS_37 | resource | aws_redshift_security_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1992 | CKV2_AWS_37 | resource | aws_redshift_snapshot_copy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1993 | CKV2_AWS_37 | resource | aws_redshift_snapshot_copy_grant | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1994 | CKV2_AWS_37 | resource | aws_redshift_snapshot_schedule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1995 | CKV2_AWS_37 | resource | aws_redshift_snapshot_schedule_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1996 | CKV2_AWS_37 | resource | aws_redshift_subnet_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1997 | CKV2_AWS_37 | resource | aws_redshift_usage_limit | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1998 | CKV2_AWS_37 | resource | aws_redshiftdata_statement | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 1999 | CKV2_AWS_37 | resource | aws_redshiftserverless_custom_domain_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2000 | CKV2_AWS_37 | resource | aws_redshiftserverless_endpoint_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2001 | CKV2_AWS_37 | resource | aws_redshiftserverless_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2002 | CKV2_AWS_37 | resource | aws_redshiftserverless_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2003 | CKV2_AWS_37 | resource | aws_redshiftserverless_snapshot | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2004 | CKV2_AWS_37 | resource | aws_redshiftserverless_usage_limit | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2005 | CKV2_AWS_37 | resource | aws_redshiftserverless_workgroup | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2006 | CKV2_AWS_37 | resource | aws_region_info | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2007 | CKV2_AWS_37 | resource | aws_rekognition_collection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2008 | CKV2_AWS_37 | resource | aws_rekognition_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2009 | CKV2_AWS_37 | resource | aws_rekognition_stream_processor | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2010 | CKV2_AWS_37 | resource | aws_resiliencehub_resiliency_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2011 | CKV2_AWS_37 | resource | aws_resourceexplorer2_index | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2012 | CKV2_AWS_37 | resource | aws_resourceexplorer2_view | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2013 | CKV2_AWS_37 | resource | aws_resourcegroups_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2014 | CKV2_AWS_37 | resource | aws_resourcegroups_resource | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2015 | CKV2_AWS_37 | resource | aws_rolesanywhere_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2016 | CKV2_AWS_37 | resource | aws_rolesanywhere_trust_anchor | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2017 | CKV2_AWS_37 | resource | aws_root | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2018 | CKV2_AWS_37 | resource | aws_root_access_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2019 | CKV2_AWS_37 | resource | aws_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2020 | CKV2_AWS_37 | resource | aws_route53_cidr_collection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2021 | CKV2_AWS_37 | resource | aws_route53_cidr_location | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2022 | CKV2_AWS_37 | resource | aws_route53_delegation_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2023 | CKV2_AWS_37 | resource | aws_route53_health_check | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2024 | CKV2_AWS_37 | resource | aws_route53_hosted_zone_dnssec | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2025 | CKV2_AWS_37 | resource | aws_route53_key_signing_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2026 | CKV2_AWS_37 | resource | aws_route53_query_log | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2027 | CKV2_AWS_37 | resource | aws_route53_record | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2028 | CKV2_AWS_37 | resource | aws_route53_resolver_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2029 | CKV2_AWS_37 | resource | aws_route53_resolver_dnssec_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2030 | CKV2_AWS_37 | resource | aws_route53_resolver_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2031 | CKV2_AWS_37 | resource | aws_route53_resolver_firewall_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2032 | CKV2_AWS_37 | resource | aws_route53_resolver_firewall_domain_list | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2033 | CKV2_AWS_37 | resource | aws_route53_resolver_firewall_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2034 | CKV2_AWS_37 | resource | aws_route53_resolver_firewall_rule_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2035 | CKV2_AWS_37 | resource | aws_route53_resolver_firewall_rule_group_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2036 | CKV2_AWS_37 | resource | aws_route53_resolver_query_log_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2037 | CKV2_AWS_37 | resource | aws_route53_resolver_query_log_config_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2038 | CKV2_AWS_37 | resource | aws_route53_resolver_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2039 | CKV2_AWS_37 | resource | aws_route53_resolver_rule_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2040 | CKV2_AWS_37 | resource | aws_route53_traffic_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2041 | CKV2_AWS_37 | resource | aws_route53_traffic_policy_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2042 | CKV2_AWS_37 | resource | aws_route53_vpc_association_authorization | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2043 | CKV2_AWS_37 | resource | aws_route53_zone | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2044 | CKV2_AWS_37 | resource | aws_route53_zone_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2045 | CKV2_AWS_37 | resource | aws_route53domains_delegation_signer_record | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2046 | CKV2_AWS_37 | resource | aws_route53domains_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2047 | CKV2_AWS_37 | resource | aws_route53domains_registered_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2048 | CKV2_AWS_37 | resource | aws_route53profiles_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2049 | CKV2_AWS_37 | resource | aws_route53profiles_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2050 | CKV2_AWS_37 | resource | aws_route53profiles_resource_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2051 | CKV2_AWS_37 | resource | aws_route53recoverycontrolconfig_cluster | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2052 | CKV2_AWS_37 | resource | aws_route53recoverycontrolconfig_control_panel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2053 | CKV2_AWS_37 | resource | aws_route53recoverycontrolconfig_routing_control | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2054 | CKV2_AWS_37 | resource | aws_route53recoverycontrolconfig_safety_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2055 | CKV2_AWS_37 | resource | aws_route53recoveryreadiness_cell | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2056 | CKV2_AWS_37 | resource | aws_route53recoveryreadiness_readiness_check | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2057 | CKV2_AWS_37 | resource | aws_route53recoveryreadiness_recovery_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2058 | CKV2_AWS_37 | resource | aws_route53recoveryreadiness_resource_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2059 | CKV2_AWS_37 | resource | aws_route_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2060 | CKV2_AWS_37 | resource | aws_route_table_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2061 | CKV2_AWS_37 | resource | aws_rum_app_monitor | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2062 | CKV2_AWS_37 | resource | aws_rum_metrics_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2063 | CKV2_AWS_37 | resource | aws_s3_access_point | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2064 | CKV2_AWS_37 | resource | aws_s3_account_public_access_block | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2065 | CKV2_AWS_37 | resource | aws_s3_bucket | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2066 | CKV2_AWS_37 | resource | aws_s3_bucket_accelerate_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2067 | CKV2_AWS_37 | resource | aws_s3_bucket_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2068 | CKV2_AWS_37 | resource | aws_s3_bucket_analytics_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2069 | CKV2_AWS_37 | resource | aws_s3_bucket_cors_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2070 | CKV2_AWS_37 | resource | aws_s3_bucket_intelligent_tiering_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2071 | CKV2_AWS_37 | resource | aws_s3_bucket_inventory | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2072 | CKV2_AWS_37 | resource | aws_s3_bucket_lifecycle_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2073 | CKV2_AWS_37 | resource | aws_s3_bucket_logging | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2074 | CKV2_AWS_37 | resource | aws_s3_bucket_metric | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2075 | CKV2_AWS_37 | resource | aws_s3_bucket_notification | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2076 | CKV2_AWS_37 | resource | aws_s3_bucket_object | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2077 | CKV2_AWS_37 | resource | aws_s3_bucket_object_lock_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2078 | CKV2_AWS_37 | resource | aws_s3_bucket_ownership_controls | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2079 | CKV2_AWS_37 | resource | aws_s3_bucket_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2080 | CKV2_AWS_37 | resource | aws_s3_bucket_public_access_block | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2081 | CKV2_AWS_37 | resource | aws_s3_bucket_replication_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2082 | CKV2_AWS_37 | resource | aws_s3_bucket_request_payment_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2083 | CKV2_AWS_37 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2084 | CKV2_AWS_37 | resource | aws_s3_bucket_versioning | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2085 | CKV2_AWS_37 | resource | aws_s3_bucket_website_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2086 | CKV2_AWS_37 | resource | aws_s3_directory_bucket | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2087 | CKV2_AWS_37 | resource | aws_s3_object | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2088 | CKV2_AWS_37 | resource | aws_s3_object_copy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2089 | CKV2_AWS_37 | resource | aws_s3control_access_grant | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2090 | CKV2_AWS_37 | resource | aws_s3control_access_grants_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2091 | CKV2_AWS_37 | resource | aws_s3control_access_grants_instance_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2092 | CKV2_AWS_37 | resource | aws_s3control_access_grants_location | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2093 | CKV2_AWS_37 | resource | aws_s3control_access_point_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2094 | CKV2_AWS_37 | resource | aws_s3control_bucket | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2095 | CKV2_AWS_37 | resource | aws_s3control_bucket_lifecycle_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2096 | CKV2_AWS_37 | resource | aws_s3control_bucket_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2097 | CKV2_AWS_37 | resource | aws_s3control_multi_region_access_point | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2098 | CKV2_AWS_37 | resource | aws_s3control_multi_region_access_point_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2099 | CKV2_AWS_37 | resource | aws_s3control_object_lambda_access_point | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2100 | CKV2_AWS_37 | resource | aws_s3control_object_lambda_access_point_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2101 | CKV2_AWS_37 | resource | aws_s3control_storage_lens_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2102 | CKV2_AWS_37 | resource | aws_s3outposts_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2103 | CKV2_AWS_37 | resource | aws_s3tables_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2104 | CKV2_AWS_37 | resource | aws_s3tables_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2105 | CKV2_AWS_37 | resource | aws_s3tables_table_bucket | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2106 | CKV2_AWS_37 | resource | aws_s3tables_table_bucket_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2107 | CKV2_AWS_37 | resource | aws_s3tables_table_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2108 | CKV2_AWS_37 | resource | aws_sagemaker_app | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2109 | CKV2_AWS_37 | resource | aws_sagemaker_app_image_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2110 | CKV2_AWS_37 | resource | aws_sagemaker_code_repository | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2111 | CKV2_AWS_37 | resource | aws_sagemaker_data_quality_job_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2112 | CKV2_AWS_37 | resource | aws_sagemaker_device | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2113 | CKV2_AWS_37 | resource | aws_sagemaker_device_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2114 | CKV2_AWS_37 | resource | aws_sagemaker_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2115 | CKV2_AWS_37 | resource | aws_sagemaker_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2116 | CKV2_AWS_37 | resource | aws_sagemaker_endpoint_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2117 | CKV2_AWS_37 | resource | aws_sagemaker_feature_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2118 | CKV2_AWS_37 | resource | aws_sagemaker_flow_definition | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2119 | CKV2_AWS_37 | resource | aws_sagemaker_hub | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2120 | CKV2_AWS_37 | resource | aws_sagemaker_human_task_ui | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2121 | CKV2_AWS_37 | resource | aws_sagemaker_image | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2122 | CKV2_AWS_37 | resource | aws_sagemaker_image_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2123 | CKV2_AWS_37 | resource | aws_sagemaker_mlflow_tracking_server | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2124 | CKV2_AWS_37 | resource | aws_sagemaker_model | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2125 | CKV2_AWS_37 | resource | aws_sagemaker_model_package_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2126 | CKV2_AWS_37 | resource | aws_sagemaker_model_package_group_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2127 | CKV2_AWS_37 | resource | aws_sagemaker_monitoring_schedule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2128 | CKV2_AWS_37 | resource | aws_sagemaker_notebook_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2129 | CKV2_AWS_37 | resource | aws_sagemaker_notebook_instance_lifecycle_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2130 | CKV2_AWS_37 | resource | aws_sagemaker_pipeline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2131 | CKV2_AWS_37 | resource | aws_sagemaker_project | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2132 | CKV2_AWS_37 | resource | aws_sagemaker_servicecatalog_portfolio_status | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2133 | CKV2_AWS_37 | resource | aws_sagemaker_space | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2134 | CKV2_AWS_37 | resource | aws_sagemaker_studio_lifecycle_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2135 | CKV2_AWS_37 | resource | aws_sagemaker_user_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2136 | CKV2_AWS_37 | resource | aws_sagemaker_workforce | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2137 | CKV2_AWS_37 | resource | aws_sagemaker_workteam | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2138 | CKV2_AWS_37 | resource | aws_scheduler_schedule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2139 | CKV2_AWS_37 | resource | aws_scheduler_schedule_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2140 | CKV2_AWS_37 | resource | aws_schemas_discoverer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2141 | CKV2_AWS_37 | resource | aws_schemas_registry | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2142 | CKV2_AWS_37 | resource | aws_schemas_registry_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2143 | CKV2_AWS_37 | resource | aws_schemas_schema | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2144 | CKV2_AWS_37 | resource | aws_secretsmanager_secret | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2145 | CKV2_AWS_37 | resource | aws_secretsmanager_secret_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2146 | CKV2_AWS_37 | resource | aws_secretsmanager_secret_rotation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2147 | CKV2_AWS_37 | resource | aws_secretsmanager_secret_version | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2148 | CKV2_AWS_37 | resource | aws_security_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2149 | CKV2_AWS_37 | resource | aws_security_group_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2150 | CKV2_AWS_37 | resource | aws_securityhub_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2151 | CKV2_AWS_37 | resource | aws_securityhub_action_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2152 | CKV2_AWS_37 | resource | aws_securityhub_automation_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2153 | CKV2_AWS_37 | resource | aws_securityhub_configuration_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2154 | CKV2_AWS_37 | resource | aws_securityhub_configuration_policy_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2155 | CKV2_AWS_37 | resource | aws_securityhub_finding_aggregator | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2156 | CKV2_AWS_37 | resource | aws_securityhub_insight | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2157 | CKV2_AWS_37 | resource | aws_securityhub_invite_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2158 | CKV2_AWS_37 | resource | aws_securityhub_member | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2159 | CKV2_AWS_37 | resource | aws_securityhub_organization_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2160 | CKV2_AWS_37 | resource | aws_securityhub_organization_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2161 | CKV2_AWS_37 | resource | aws_securityhub_product_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2162 | CKV2_AWS_37 | resource | aws_securityhub_standards_control | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2163 | CKV2_AWS_37 | resource | aws_securityhub_standards_control_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2164 | CKV2_AWS_37 | resource | aws_securityhub_standards_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2165 | CKV2_AWS_37 | resource | aws_securitylake_aws_log_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2166 | CKV2_AWS_37 | resource | aws_securitylake_custom_log_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2167 | CKV2_AWS_37 | resource | aws_securitylake_data_lake | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2168 | CKV2_AWS_37 | resource | aws_securitylake_subscriber | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2169 | CKV2_AWS_37 | resource | aws_securitylake_subscriber_notification | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2170 | CKV2_AWS_37 | resource | aws_serverlessapplicationrepository_cloudformation_stack | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2171 | CKV2_AWS_37 | resource | aws_service_discovery_http_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2172 | CKV2_AWS_37 | resource | aws_service_discovery_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2173 | CKV2_AWS_37 | resource | aws_service_discovery_private_dns_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2174 | CKV2_AWS_37 | resource | aws_service_discovery_public_dns_namespace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2175 | CKV2_AWS_37 | resource | aws_service_discovery_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2176 | CKV2_AWS_37 | resource | aws_servicecatalog_budget_resource_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2177 | CKV2_AWS_37 | resource | aws_servicecatalog_constraint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2178 | CKV2_AWS_37 | resource | aws_servicecatalog_organizations_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2179 | CKV2_AWS_37 | resource | aws_servicecatalog_portfolio | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2180 | CKV2_AWS_37 | resource | aws_servicecatalog_portfolio_share | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2181 | CKV2_AWS_37 | resource | aws_servicecatalog_principal_portfolio_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2182 | CKV2_AWS_37 | resource | aws_servicecatalog_product | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2183 | CKV2_AWS_37 | resource | aws_servicecatalog_product_portfolio_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2184 | CKV2_AWS_37 | resource | aws_servicecatalog_provisioned_product | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2185 | CKV2_AWS_37 | resource | aws_servicecatalog_provisioning_artifact | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2186 | CKV2_AWS_37 | resource | aws_servicecatalog_service_action | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2187 | CKV2_AWS_37 | resource | aws_servicecatalog_tag_option | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2188 | CKV2_AWS_37 | resource | aws_servicecatalog_tag_option_resource_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2189 | CKV2_AWS_37 | resource | aws_servicecatalogappregistry_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2190 | CKV2_AWS_37 | resource | aws_servicecatalogappregistry_attribute_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2191 | CKV2_AWS_37 | resource | aws_servicecatalogappregistry_attribute_group_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2192 | CKV2_AWS_37 | resource | aws_servicequotas_service_quota | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2193 | CKV2_AWS_37 | resource | aws_servicequotas_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2194 | CKV2_AWS_37 | resource | aws_servicequotas_template_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2195 | CKV2_AWS_37 | resource | aws_ses_active_receipt_rule_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2196 | CKV2_AWS_37 | resource | aws_ses_configuration_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2197 | CKV2_AWS_37 | resource | aws_ses_domain_dkim | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2198 | CKV2_AWS_37 | resource | aws_ses_domain_identity | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2199 | CKV2_AWS_37 | resource | aws_ses_domain_identity_verification | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2200 | CKV2_AWS_37 | resource | aws_ses_domain_mail_from | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2201 | CKV2_AWS_37 | resource | aws_ses_email_identity | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2202 | CKV2_AWS_37 | resource | aws_ses_event_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2203 | CKV2_AWS_37 | resource | aws_ses_identity_notification_topic | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2204 | CKV2_AWS_37 | resource | aws_ses_identity_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2205 | CKV2_AWS_37 | resource | aws_ses_receipt_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2206 | CKV2_AWS_37 | resource | aws_ses_receipt_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2207 | CKV2_AWS_37 | resource | aws_ses_receipt_rule_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2208 | CKV2_AWS_37 | resource | aws_ses_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2209 | CKV2_AWS_37 | resource | aws_sesv2_account_suppression_attributes | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2210 | CKV2_AWS_37 | resource | aws_sesv2_account_vdm_attributes | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2211 | CKV2_AWS_37 | resource | aws_sesv2_configuration_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2212 | CKV2_AWS_37 | resource | aws_sesv2_configuration_set_event_destination | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2213 | CKV2_AWS_37 | resource | aws_sesv2_contact_list | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2214 | CKV2_AWS_37 | resource | aws_sesv2_dedicated_ip_assignment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2215 | CKV2_AWS_37 | resource | aws_sesv2_dedicated_ip_pool | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2216 | CKV2_AWS_37 | resource | aws_sesv2_email_identity | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2217 | CKV2_AWS_37 | resource | aws_sesv2_email_identity_feedback_attributes | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2218 | CKV2_AWS_37 | resource | aws_sesv2_email_identity_mail_from_attributes | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2219 | CKV2_AWS_37 | resource | aws_sesv2_email_identity_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2220 | CKV2_AWS_37 | resource | aws_sfn_activity | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2221 | CKV2_AWS_37 | resource | aws_sfn_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2222 | CKV2_AWS_37 | resource | aws_sfn_state_machine | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2223 | CKV2_AWS_37 | resource | aws_shield_application_layer_automatic_response | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2224 | CKV2_AWS_37 | resource | aws_shield_drt_access_log_bucket_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2225 | CKV2_AWS_37 | resource | aws_shield_drt_access_role_arn_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2226 | CKV2_AWS_37 | resource | aws_shield_proactive_engagement | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2227 | CKV2_AWS_37 | resource | aws_shield_protection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2228 | CKV2_AWS_37 | resource | aws_shield_protection_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2229 | CKV2_AWS_37 | resource | aws_shield_protection_health_check_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2230 | CKV2_AWS_37 | resource | aws_shield_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2231 | CKV2_AWS_37 | resource | aws_signer_signing_job | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2232 | CKV2_AWS_37 | resource | aws_signer_signing_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2233 | CKV2_AWS_37 | resource | aws_signer_signing_profile_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2234 | CKV2_AWS_37 | resource | aws_simpledb_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2235 | CKV2_AWS_37 | resource | aws_snapshot_create_volume_permission | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2236 | CKV2_AWS_37 | resource | aws_sns_platform_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2237 | CKV2_AWS_37 | resource | aws_sns_sms_preferences | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2238 | CKV2_AWS_37 | resource | aws_sns_topic | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2239 | CKV2_AWS_37 | resource | aws_sns_topic_data_protection_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2240 | CKV2_AWS_37 | resource | aws_sns_topic_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2241 | CKV2_AWS_37 | resource | aws_sns_topic_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2242 | CKV2_AWS_37 | resource | aws_spot_datafeed_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2243 | CKV2_AWS_37 | resource | aws_spot_fleet_request | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2244 | CKV2_AWS_37 | resource | aws_spot_instance_request | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2245 | CKV2_AWS_37 | resource | aws_sqs_queue | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2246 | CKV2_AWS_37 | resource | aws_sqs_queue_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2247 | CKV2_AWS_37 | resource | aws_sqs_queue_redrive_allow_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2248 | CKV2_AWS_37 | resource | aws_sqs_queue_redrive_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2249 | CKV2_AWS_37 | resource | aws_ssm_activation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2250 | CKV2_AWS_37 | resource | aws_ssm_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2251 | CKV2_AWS_37 | resource | aws_ssm_default_patch_baseline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2252 | CKV2_AWS_37 | resource | aws_ssm_document | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2253 | CKV2_AWS_37 | resource | aws_ssm_maintenance_window | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2254 | CKV2_AWS_37 | resource | aws_ssm_maintenance_window_target | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2255 | CKV2_AWS_37 | resource | aws_ssm_maintenance_window_task | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2256 | CKV2_AWS_37 | resource | aws_ssm_parameter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2257 | CKV2_AWS_37 | resource | aws_ssm_patch_baseline | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2258 | CKV2_AWS_37 | resource | aws_ssm_patch_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2259 | CKV2_AWS_37 | resource | aws_ssm_resource_data_sync | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2260 | CKV2_AWS_37 | resource | aws_ssm_service_setting | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2261 | CKV2_AWS_37 | resource | aws_ssmcontacts_contact | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2262 | CKV2_AWS_37 | resource | aws_ssmcontacts_contact_channel | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2263 | CKV2_AWS_37 | resource | aws_ssmcontacts_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2264 | CKV2_AWS_37 | resource | aws_ssmcontacts_rotation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2265 | CKV2_AWS_37 | resource | aws_ssmincidents_replication_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2266 | CKV2_AWS_37 | resource | aws_ssmincidents_response_plan | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2267 | CKV2_AWS_37 | resource | aws_ssmquicksetup_configuration_manager | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2268 | CKV2_AWS_37 | resource | aws_ssoadmin_account_assignment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2269 | CKV2_AWS_37 | resource | aws_ssoadmin_application | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2270 | CKV2_AWS_37 | resource | aws_ssoadmin_application_access_scope | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2271 | CKV2_AWS_37 | resource | aws_ssoadmin_application_assignment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2272 | CKV2_AWS_37 | resource | aws_ssoadmin_application_assignment_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2273 | CKV2_AWS_37 | resource | aws_ssoadmin_customer_managed_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2274 | CKV2_AWS_37 | resource | aws_ssoadmin_instance_access_control_attributes | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2275 | CKV2_AWS_37 | resource | aws_ssoadmin_managed_policy_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2276 | CKV2_AWS_37 | resource | aws_ssoadmin_permission_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2277 | CKV2_AWS_37 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2278 | CKV2_AWS_37 | resource | aws_ssoadmin_permissions_boundary_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2279 | CKV2_AWS_37 | resource | aws_ssoadmin_trusted_token_issuer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2280 | CKV2_AWS_37 | resource | aws_storagegateway_cache | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2281 | CKV2_AWS_37 | resource | aws_storagegateway_cached_iscsi_volume | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2282 | CKV2_AWS_37 | resource | aws_storagegateway_file_system_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2283 | CKV2_AWS_37 | resource | aws_storagegateway_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2284 | CKV2_AWS_37 | resource | aws_storagegateway_nfs_file_share | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2285 | CKV2_AWS_37 | resource | aws_storagegateway_smb_file_share | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2286 | CKV2_AWS_37 | resource | aws_storagegateway_stored_iscsi_volume | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2287 | CKV2_AWS_37 | resource | aws_storagegateway_tape_pool | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2288 | CKV2_AWS_37 | resource | aws_storagegateway_upload_buffer | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2289 | CKV2_AWS_37 | resource | aws_storagegateway_working_storage | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2290 | CKV2_AWS_37 | resource | aws_subnet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2291 | CKV2_AWS_37 | resource | aws_swf_domain | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2292 | CKV2_AWS_37 | resource | aws_synthetics_canary | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2293 | CKV2_AWS_37 | resource | aws_synthetics_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2294 | CKV2_AWS_37 | resource | aws_synthetics_group_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2295 | CKV2_AWS_37 | resource | aws_timestreaminfluxdb_db_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2296 | CKV2_AWS_37 | resource | aws_timestreamquery_scheduled_query | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2297 | CKV2_AWS_37 | resource | aws_timestreamwrite_database | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2298 | CKV2_AWS_37 | resource | aws_timestreamwrite_table | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2299 | CKV2_AWS_37 | resource | aws_transcribe_language_model | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2300 | CKV2_AWS_37 | resource | aws_transcribe_medical_vocabulary | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2301 | CKV2_AWS_37 | resource | aws_transcribe_vocabulary | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2302 | CKV2_AWS_37 | resource | aws_transcribe_vocabulary_filter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2303 | CKV2_AWS_37 | resource | aws_transfer_access | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2304 | CKV2_AWS_37 | resource | aws_transfer_agreement | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2305 | CKV2_AWS_37 | resource | aws_transfer_certificate | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2306 | CKV2_AWS_37 | resource | aws_transfer_connector | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2307 | CKV2_AWS_37 | resource | aws_transfer_profile | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2308 | CKV2_AWS_37 | resource | aws_transfer_server | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2309 | CKV2_AWS_37 | resource | aws_transfer_ssh_key | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2310 | CKV2_AWS_37 | resource | aws_transfer_tag | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2311 | CKV2_AWS_37 | resource | aws_transfer_user | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2312 | CKV2_AWS_37 | resource | aws_transfer_workflow | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2313 | CKV2_AWS_37 | resource | aws_verifiedaccess_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2314 | CKV2_AWS_37 | resource | aws_verifiedaccess_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2315 | CKV2_AWS_37 | resource | aws_verifiedaccess_instance | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2316 | CKV2_AWS_37 | resource | aws_verifiedaccess_instance_logging_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2317 | CKV2_AWS_37 | resource | aws_verifiedaccess_instance_trust_provider_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2318 | CKV2_AWS_37 | resource | aws_verifiedaccess_trust_provider | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2319 | CKV2_AWS_37 | resource | aws_verifiedpermissions_identity_source | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2320 | CKV2_AWS_37 | resource | aws_verifiedpermissions_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2321 | CKV2_AWS_37 | resource | aws_verifiedpermissions_policy_store | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2322 | CKV2_AWS_37 | resource | aws_verifiedpermissions_policy_template | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2323 | CKV2_AWS_37 | resource | aws_verifiedpermissions_schema | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2324 | CKV2_AWS_37 | resource | aws_volume_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2325 | CKV2_AWS_37 | resource | aws_vpc | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2326 | CKV2_AWS_37 | resource | aws_vpc_block_public_access_exclusion | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2327 | CKV2_AWS_37 | resource | aws_vpc_block_public_access_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2328 | CKV2_AWS_37 | resource | aws_vpc_dhcp_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2329 | CKV2_AWS_37 | resource | aws_vpc_dhcp_options_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2330 | CKV2_AWS_37 | resource | aws_vpc_endpoint | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2331 | CKV2_AWS_37 | resource | aws_vpc_endpoint_connection_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2332 | CKV2_AWS_37 | resource | aws_vpc_endpoint_connection_notification | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2333 | CKV2_AWS_37 | resource | aws_vpc_endpoint_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2334 | CKV2_AWS_37 | resource | aws_vpc_endpoint_private_dns | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2335 | CKV2_AWS_37 | resource | aws_vpc_endpoint_route_table_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2336 | CKV2_AWS_37 | resource | aws_vpc_endpoint_security_group_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2337 | CKV2_AWS_37 | resource | aws_vpc_endpoint_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2338 | CKV2_AWS_37 | resource | aws_vpc_endpoint_service_allowed_principal | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2339 | CKV2_AWS_37 | resource | aws_vpc_endpoint_service_private_dns_verification | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2340 | CKV2_AWS_37 | resource | aws_vpc_endpoint_subnet_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2341 | CKV2_AWS_37 | resource | aws_vpc_ipam | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2342 | CKV2_AWS_37 | resource | aws_vpc_ipam_organization_admin_account | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2343 | CKV2_AWS_37 | resource | aws_vpc_ipam_pool | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2344 | CKV2_AWS_37 | resource | aws_vpc_ipam_pool_cidr | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2345 | CKV2_AWS_37 | resource | aws_vpc_ipam_pool_cidr_allocation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2346 | CKV2_AWS_37 | resource | aws_vpc_ipam_preview_next_cidr | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2347 | CKV2_AWS_37 | resource | aws_vpc_ipam_resource_discovery | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2348 | CKV2_AWS_37 | resource | aws_vpc_ipam_resource_discovery_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2349 | CKV2_AWS_37 | resource | aws_vpc_ipam_scope | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2350 | CKV2_AWS_37 | resource | aws_vpc_ipv4_cidr_block_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2351 | CKV2_AWS_37 | resource | aws_vpc_ipv6_cidr_block_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2352 | CKV2_AWS_37 | resource | aws_vpc_network_performance_metric_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2353 | CKV2_AWS_37 | resource | aws_vpc_peering_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2354 | CKV2_AWS_37 | resource | aws_vpc_peering_connection_accepter | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2355 | CKV2_AWS_37 | resource | aws_vpc_peering_connection_options | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2356 | CKV2_AWS_37 | resource | aws_vpc_security_group_egress_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2357 | CKV2_AWS_37 | resource | aws_vpc_security_group_ingress_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2358 | CKV2_AWS_37 | resource | aws_vpc_security_group_vpc_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2359 | CKV2_AWS_37 | resource | aws_vpclattice_access_log_subscription | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2360 | CKV2_AWS_37 | resource | aws_vpclattice_auth_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2361 | CKV2_AWS_37 | resource | aws_vpclattice_listener | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2362 | CKV2_AWS_37 | resource | aws_vpclattice_listener_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2363 | CKV2_AWS_37 | resource | aws_vpclattice_resource_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2364 | CKV2_AWS_37 | resource | aws_vpclattice_resource_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2365 | CKV2_AWS_37 | resource | aws_vpclattice_resource_policy | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2366 | CKV2_AWS_37 | resource | aws_vpclattice_service | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2367 | CKV2_AWS_37 | resource | aws_vpclattice_service_network | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2368 | CKV2_AWS_37 | resource | aws_vpclattice_service_network_resource_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2369 | CKV2_AWS_37 | resource | aws_vpclattice_service_network_service_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2370 | CKV2_AWS_37 | resource | aws_vpclattice_service_network_vpc_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2371 | CKV2_AWS_37 | resource | aws_vpclattice_target_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2372 | CKV2_AWS_37 | resource | aws_vpclattice_target_group_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2373 | CKV2_AWS_37 | resource | aws_vpn_connection | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2374 | CKV2_AWS_37 | resource | aws_vpn_connection_route | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2375 | CKV2_AWS_37 | resource | aws_vpn_gateway | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2376 | CKV2_AWS_37 | resource | aws_vpn_gateway_attachment | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2377 | CKV2_AWS_37 | resource | aws_vpn_gateway_route_propagation | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2378 | CKV2_AWS_37 | resource | aws_waf_byte_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2379 | CKV2_AWS_37 | resource | aws_waf_geo_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2380 | CKV2_AWS_37 | resource | aws_waf_ipset | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2381 | CKV2_AWS_37 | resource | aws_waf_rate_based_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2382 | CKV2_AWS_37 | resource | aws_waf_regex_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2383 | CKV2_AWS_37 | resource | aws_waf_regex_pattern_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2384 | CKV2_AWS_37 | resource | aws_waf_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2385 | CKV2_AWS_37 | resource | aws_waf_rule_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2386 | CKV2_AWS_37 | resource | aws_waf_size_constraint_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2387 | CKV2_AWS_37 | resource | aws_waf_sql_injection_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2388 | CKV2_AWS_37 | resource | aws_waf_web_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2389 | CKV2_AWS_37 | resource | aws_waf_xss_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2390 | CKV2_AWS_37 | resource | aws_wafregional_byte_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2391 | CKV2_AWS_37 | resource | aws_wafregional_geo_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2392 | CKV2_AWS_37 | resource | aws_wafregional_ipset | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2393 | CKV2_AWS_37 | resource | aws_wafregional_rate_based_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2394 | CKV2_AWS_37 | resource | aws_wafregional_regex_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2395 | CKV2_AWS_37 | resource | aws_wafregional_regex_pattern_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2396 | CKV2_AWS_37 | resource | aws_wafregional_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2397 | CKV2_AWS_37 | resource | aws_wafregional_rule_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2398 | CKV2_AWS_37 | resource | aws_wafregional_size_constraint_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2399 | CKV2_AWS_37 | resource | aws_wafregional_sql_injection_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2400 | CKV2_AWS_37 | resource | aws_wafregional_web_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2401 | CKV2_AWS_37 | resource | aws_wafregional_web_acl_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2402 | CKV2_AWS_37 | resource | aws_wafregional_xss_match_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2403 | CKV2_AWS_37 | resource | aws_wafv2_ip_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2404 | CKV2_AWS_37 | resource | aws_wafv2_regex_pattern_set | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2405 | CKV2_AWS_37 | resource | aws_wafv2_rule_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2406 | CKV2_AWS_37 | resource | aws_wafv2_web_acl | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2407 | CKV2_AWS_37 | resource | aws_wafv2_web_acl_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2408 | CKV2_AWS_37 | resource | aws_wafv2_web_acl_logging_configuration | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2409 | CKV2_AWS_37 | resource | aws_worklink_fleet | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2410 | CKV2_AWS_37 | resource | aws_worklink_website_certificate_authority_association | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2411 | CKV2_AWS_37 | resource | aws_workspaces_connection_alias | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2412 | CKV2_AWS_37 | resource | aws_workspaces_directory | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2413 | CKV2_AWS_37 | resource | aws_workspaces_ip_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2414 | CKV2_AWS_37 | resource | aws_workspaces_workspace | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2415 | CKV2_AWS_37 | resource | aws_xray_encryption_config | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2416 | CKV2_AWS_37 | resource | aws_xray_group | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2417 | CKV2_AWS_37 | resource | aws_xray_sampling_rule | Ensure CodeCommit associates an approval rule | Terraform | [CodecommitApprovalRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CodecommitApprovalRulesAttached.yaml) | | 2418 | CKV2_AWS_38 | resource | aws_route53_zone | Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones | Terraform | [Route53ZoneEnableDNSSECSigning.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/Route53ZoneEnableDNSSECSigning.yaml) | | 2419 | CKV2_AWS_39 | resource | aws_route53_zone | Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones | Terraform | [Route53ZoneHasMatchingQueryLog.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/Route53ZoneHasMatchingQueryLog.yaml) | | 2420 | CKV2_AWS_40 | resource | aws_iam_group_policy | Ensure AWS IAM policy does not allow full IAM privileges | Terraform | [IAMPolicyNotAllowFullIAMAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMPolicyNotAllowFullIAMAccess.yaml) | | 2421 | CKV2_AWS_40 | resource | aws_iam_policy | Ensure AWS IAM policy does not allow full IAM privileges | Terraform | [IAMPolicyNotAllowFullIAMAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMPolicyNotAllowFullIAMAccess.yaml) | | 2422 | CKV2_AWS_40 | resource | aws_iam_role_policy | Ensure AWS IAM policy does not allow full IAM privileges | Terraform | [IAMPolicyNotAllowFullIAMAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMPolicyNotAllowFullIAMAccess.yaml) | | 2423 | CKV2_AWS_40 | resource | aws_iam_user_policy | Ensure AWS IAM policy does not allow full IAM privileges | Terraform | [IAMPolicyNotAllowFullIAMAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMPolicyNotAllowFullIAMAccess.yaml) | | 2424 | CKV2_AWS_40 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure AWS IAM policy does not allow full IAM privileges | Terraform | [IAMPolicyNotAllowFullIAMAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMPolicyNotAllowFullIAMAccess.yaml) | | 2425 | CKV2_AWS_40 | resource | data.aws_iam_policy_document | Ensure AWS IAM policy does not allow full IAM privileges | Terraform | [IAMPolicyNotAllowFullIAMAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMPolicyNotAllowFullIAMAccess.yaml) | | 2426 | CKV2_AWS_41 | resource | aws_instance | Ensure an IAM role is attached to EC2 instance | Terraform | [EC2InstanceHasIAMRoleAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EC2InstanceHasIAMRoleAttached.yaml) | | 2427 | CKV2_AWS_42 | resource | aws_cloudfront_distribution | Ensure AWS CloudFront distribution uses custom SSL certificate | Terraform | [CloudFrontHasCustomSSLCertificate.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudFrontHasCustomSSLCertificate.yaml) | | 2428 | CKV2_AWS_43 | resource | aws_s3_bucket_acl | Ensure S3 Bucket does not allow access to all Authenticated users | Terraform | [S3NotAllowAccessToAllAuthenticatedUsers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3NotAllowAccessToAllAuthenticatedUsers.yaml) | | 2429 | CKV2_AWS_44 | resource | aws_route | Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic | Terraform | [VPCPeeringRouteTableOverlyPermissive.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/VPCPeeringRouteTableOverlyPermissive.yaml) | | 2430 | CKV2_AWS_44 | resource | aws_route_table | Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic | Terraform | [VPCPeeringRouteTableOverlyPermissive.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/VPCPeeringRouteTableOverlyPermissive.yaml) | | 2431 | CKV2_AWS_45 | resource | aws_config_configuration_recorder | Ensure AWS Config recorder is enabled to record all supported resources | Terraform | [AWSConfigRecorderEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWSConfigRecorderEnabled.yaml) | | 2432 | CKV2_AWS_45 | resource | aws_config_configuration_recorder_status | Ensure AWS Config recorder is enabled to record all supported resources | Terraform | [AWSConfigRecorderEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWSConfigRecorderEnabled.yaml) | | 2433 | CKV2_AWS_46 | resource | aws_cloudfront_distribution | Ensure AWS CloudFront Distribution with S3 have Origin Access set to enabled | Terraform | [CLoudFrontS3OriginConfigWithOAI.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CLoudFrontS3OriginConfigWithOAI.yaml) | | 2434 | CKV2_AWS_47 | resource | aws_cloudfront_distribution | Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml) | | 2435 | CKV2_AWS_47 | resource | aws_wafv2_web_acl | Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml) | | 2436 | CKV2_AWS_48 | resource | aws_config_configuration_recorder | Ensure AWS Config must record all possible resources | Terraform | [ConfigRecorderRecordsAllGlobalResources.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ConfigRecorderRecordsAllGlobalResources.yaml) | | 2437 | CKV2_AWS_49 | resource | aws_dms_endpoint | Ensure AWS Database Migration Service endpoints have SSL configured | Terraform | [DMSEndpointHaveSSLConfigured.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/DMSEndpointHaveSSLConfigured.yaml) | | 2438 | CKV2_AWS_50 | resource | aws_elasticache_replication_group | Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled | Terraform | [ElastiCacheRedisConfiguredAutomaticFailOver.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ElastiCacheRedisConfiguredAutomaticFailOver.yaml) | | 2439 | CKV2_AWS_51 | resource | aws_api_gateway_stage | Ensure AWS API Gateway endpoints uses client certificate authentication | Terraform | [APIGatewayEndpointsUsesCertificateForAuthentication.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayEndpointsUsesCertificateForAuthentication.yaml) | | 2440 | CKV2_AWS_51 | resource | aws_apigatewayv2_api | Ensure AWS API Gateway endpoints uses client certificate authentication | Terraform | [APIGatewayEndpointsUsesCertificateForAuthentication.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayEndpointsUsesCertificateForAuthentication.yaml) | | 2441 | CKV2_AWS_51 | resource | aws_apigatewayv2_stage | Ensure AWS API Gateway endpoints uses client certificate authentication | Terraform | [APIGatewayEndpointsUsesCertificateForAuthentication.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayEndpointsUsesCertificateForAuthentication.yaml) | | 2442 | CKV2_AWS_52 | resource | aws_elasticsearch_domain | Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled | Terraform | [OpenSearchDomainHasFineGrainedControl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/OpenSearchDomainHasFineGrainedControl.yaml) | | 2443 | CKV2_AWS_52 | resource | aws_opensearch_domain | Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled | Terraform | [OpenSearchDomainHasFineGrainedControl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/OpenSearchDomainHasFineGrainedControl.yaml) | | 2444 | CKV2_AWS_53 | resource | aws_api_gateway_method | Ensure AWS API gateway request is validated | Terraform | [APIGatewayRequestParameterValidationEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayRequestParameterValidationEnabled.yaml) | | 2445 | CKV2_AWS_54 | resource | aws_cloudfront_distribution | Ensure AWS CloudFront distribution is using secure SSL protocols for HTTPS communication | Terraform | [CloudFrontUsesSecureProtocolsForHTTPS.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudFrontUsesSecureProtocolsForHTTPS.yaml) | | 2446 | CKV2_AWS_55 | resource | aws_emr_cluster | Ensure AWS EMR cluster is configured with security configuration | Terraform | [EMRClusterHasSecurityConfiguration.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EMRClusterHasSecurityConfiguration.yaml) | | 2447 | CKV2_AWS_56 | resource | aws_iam_group_policy_attachment | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2448 | CKV2_AWS_56 | resource | aws_iam_policy_attachment | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2449 | CKV2_AWS_56 | resource | aws_iam_role | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2450 | CKV2_AWS_56 | resource | aws_iam_role_policy_attachment | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2451 | CKV2_AWS_56 | resource | aws_iam_user_policy_attachment | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2452 | CKV2_AWS_56 | resource | aws_ssoadmin_managed_policy_attachment | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2453 | CKV2_AWS_56 | resource | data.aws_iam_policy | Ensure AWS Managed IAMFullAccess IAM policy is not used. | Terraform | [IAMManagedIAMFullAccessPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/IAMManagedIAMFullAccessPolicy.yaml) | | 2454 | CKV2_AWS_57 | resource | aws_secretsmanager_secret | Ensure Secrets Manager secrets should have automatic rotation enabled | Terraform | [SecretsAreRotated.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SecretsAreRotated.yaml) | | 2455 | CKV2_AWS_58 | resource | aws_neptune_cluster | Ensure AWS Neptune cluster deletion protection is enabled | Terraform | [NeptuneDeletionProtectionEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/NeptuneDeletionProtectionEnabled.yaml) | | 2456 | CKV2_AWS_59 | resource | aws_elasticsearch_domain | Ensure ElasticSearch/OpenSearch has dedicated master node enabled | Terraform | [ElasticSearchDedicatedMasterEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ElasticSearchDedicatedMasterEnabled.yaml) | | 2457 | CKV2_AWS_59 | resource | aws_opensearch_domain | Ensure ElasticSearch/OpenSearch has dedicated master node enabled | Terraform | [ElasticSearchDedicatedMasterEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ElasticSearchDedicatedMasterEnabled.yaml) | | 2458 | CKV2_AWS_60 | resource | aws_db_instance | Ensure RDS instance with copy tags to snapshots is enabled | Terraform | [RDSEnableCopyTagsToSnapshot.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/RDSEnableCopyTagsToSnapshot.yaml) | | 2459 | CKV2_AWS_61 | resource | aws_s3_bucket | Ensure that an S3 bucket has a lifecycle configuration | Terraform | [S3BucketLifecycle.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketLifecycle.yaml) | | 2460 | CKV2_AWS_62 | resource | aws_s3_bucket | Ensure S3 buckets should have event notifications enabled | Terraform | [S3BucketEventNotifications.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/S3BucketEventNotifications.yaml) | | 2461 | CKV2_AWS_63 | resource | aws_networkfirewall_firewall | Ensure Network firewall has logging configuration defined | Terraform | [NetworkFirewallHasLogging.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/NetworkFirewallHasLogging.yaml) | | 2462 | CKV2_AWS_64 | resource | aws_kms_key | Ensure KMS key Policy is defined | Terraform | [KmsKeyPolicyIsDefined.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/KmsKeyPolicyIsDefined.yaml) | | 2463 | CKV2_AWS_65 | resource | aws_s3_bucket_ownership_controls | Ensure access control lists for S3 buckets are disabled | Terraform | [AWSdisableS3ACL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWSdisableS3ACL.yaml) | | 2464 | CKV2_AWS_66 | resource | aws_mwaa_environment | Ensure MWAA environment is not publicly accessible | Terraform | [AWS_private_MWAA_environment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AWS_private_MWAA_environment.yaml) | | 2465 | CKV2_AWS_68 | resource | AWS::IAM::Role | Ensure SageMaker notebook instance IAM policy is not overly permissive | Cloudformation | [SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml) | | 2466 | CKV2_AWS_68 | resource | AWS::SageMaker::NotebookInstance | Ensure SageMaker notebook instance IAM policy is not overly permissive | Cloudformation | [SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml) | | 2467 | CKV2_AWS_68 | resource | aws_iam_role | Ensure SageMaker notebook instance IAM policy is not overly permissive | Terraform | [SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml) | | 2468 | CKV2_AWS_68 | resource | aws_sagemaker_notebook_instance | Ensure SageMaker notebook instance IAM policy is not overly permissive | Terraform | [SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml) | | 2469 | CKV2_AWS_69 | resource | AWS::RDS::DBInstance | Ensure AWS RDS database instance configured with encryption in transit | Cloudformation | [RDSEncryptionInTransit.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/RDSEncryptionInTransit.yaml) | | 2470 | CKV2_AWS_69 | resource | AWS::RDS::DBParameterGroup | Ensure AWS RDS database instance configured with encryption in transit | Cloudformation | [RDSEncryptionInTransit.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/RDSEncryptionInTransit.yaml) | | 2471 | CKV2_AWS_69 | resource | aws_db_instance | Ensure AWS RDS database instance configured with encryption in transit | Terraform | [RDSEncryptionInTransit.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/RDSEncryptionInTransit.yaml) | | 2472 | CKV2_AWS_69 | resource | aws_db_parameter_group | Ensure AWS RDS database instance configured with encryption in transit | Terraform | [RDSEncryptionInTransit.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/RDSEncryptionInTransit.yaml) | | 2473 | CKV2_AWS_70 | resource | aws_api_gateway_method | Ensure API gateway method has authorization or API key set | Terraform | [APIGatewayMethodWOAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayMethodWOAuth.py) | | 2474 | CKV2_AWS_71 | resource | AWS::CertificateManager::Certificate | Ensure AWS ACM Certificate domain name does not include wildcards | Cloudformation | [ACMWildcardDomainName.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/ACMWildcardDomainName.yaml) | | 2475 | CKV2_AWS_71 | resource | aws_acm_certificate | Ensure AWS ACM Certificate domain name does not include wildcards | Terraform | [ACMWildcardDomainName.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ACMWildcardDomainName.yaml) | | 2476 | CKV2_AWS_72 | resource | AWS::CloudFront::Distribution | Ensure AWS CloudFront origin protocol policy enforces HTTPS-only | Cloudformation | [CloudfrontOriginNotHTTPSOnly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/CloudfrontOriginNotHTTPSOnly.yaml) | | 2477 | CKV2_AWS_72 | resource | aws_cloudfront_distribution | Ensure AWS CloudFront origin protocol policy enforces HTTPS-only | Terraform | [CloudfrontOriginNotHTTPSOnly.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/CloudfrontOriginNotHTTPSOnly.yaml) | | 2478 | CKV2_AWS_73 | resource | aws_sqs_queue | Ensure AWS SQS uses CMK not AWS default keys for encryption | Terraform | [SQSEncryptionCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SQSEncryptionCMK.yaml) | | 2479 | CKV2_AWS_74 | resource | aws_alb_listener | Ensure AWS Load Balancers use strong ciphers | Terraform | [LBWeakCiphers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LBWeakCiphers.yaml) | | 2480 | CKV2_AWS_74 | resource | aws_lb_listener | Ensure AWS Load Balancers use strong ciphers | Terraform | [LBWeakCiphers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LBWeakCiphers.yaml) | | 2481 | CKV2_AWS_75 | resource | AWS::Lambda::Function | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2482 | CKV2_AWS_75 | resource | AWS::Lambda::Url | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2483 | CKV2_AWS_75 | resource | aws | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2484 | CKV2_AWS_75 | resource | aws | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2485 | CKV2_AWS_75 | resource | aws_accessanalyzer_analyzer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2486 | CKV2_AWS_75 | resource | aws_accessanalyzer_analyzer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2487 | CKV2_AWS_75 | resource | aws_accessanalyzer_archive_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2488 | CKV2_AWS_75 | resource | aws_accessanalyzer_archive_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2489 | CKV2_AWS_75 | resource | aws_account_alternate_contact | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2490 | CKV2_AWS_75 | resource | aws_account_alternate_contact | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2491 | CKV2_AWS_75 | resource | aws_account_primary_contact | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2492 | CKV2_AWS_75 | resource | aws_account_primary_contact | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2493 | CKV2_AWS_75 | resource | aws_account_region | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2494 | CKV2_AWS_75 | resource | aws_account_region | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2495 | CKV2_AWS_75 | resource | aws_acm_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2496 | CKV2_AWS_75 | resource | aws_acm_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2497 | CKV2_AWS_75 | resource | aws_acm_certificate_validation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2498 | CKV2_AWS_75 | resource | aws_acm_certificate_validation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2499 | CKV2_AWS_75 | resource | aws_acmpca_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2500 | CKV2_AWS_75 | resource | aws_acmpca_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2501 | CKV2_AWS_75 | resource | aws_acmpca_certificate_authority | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2502 | CKV2_AWS_75 | resource | aws_acmpca_certificate_authority | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2503 | CKV2_AWS_75 | resource | aws_acmpca_certificate_authority_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2504 | CKV2_AWS_75 | resource | aws_acmpca_certificate_authority_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2505 | CKV2_AWS_75 | resource | aws_acmpca_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2506 | CKV2_AWS_75 | resource | aws_acmpca_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2507 | CKV2_AWS_75 | resource | aws_acmpca_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2508 | CKV2_AWS_75 | resource | aws_acmpca_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2509 | CKV2_AWS_75 | resource | aws_alb | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2510 | CKV2_AWS_75 | resource | aws_alb | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2511 | CKV2_AWS_75 | resource | aws_alb_listener | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2512 | CKV2_AWS_75 | resource | aws_alb_listener | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2513 | CKV2_AWS_75 | resource | aws_alb_listener_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2514 | CKV2_AWS_75 | resource | aws_alb_listener_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2515 | CKV2_AWS_75 | resource | aws_alb_listener_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2516 | CKV2_AWS_75 | resource | aws_alb_listener_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2517 | CKV2_AWS_75 | resource | aws_alb_target_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2518 | CKV2_AWS_75 | resource | aws_alb_target_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2519 | CKV2_AWS_75 | resource | aws_alb_target_group_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2520 | CKV2_AWS_75 | resource | aws_alb_target_group_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2521 | CKV2_AWS_75 | resource | aws_ami | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2522 | CKV2_AWS_75 | resource | aws_ami | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2523 | CKV2_AWS_75 | resource | aws_ami_copy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2524 | CKV2_AWS_75 | resource | aws_ami_copy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2525 | CKV2_AWS_75 | resource | aws_ami_from_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2526 | CKV2_AWS_75 | resource | aws_ami_from_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2527 | CKV2_AWS_75 | resource | aws_ami_launch_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2528 | CKV2_AWS_75 | resource | aws_ami_launch_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2529 | CKV2_AWS_75 | resource | aws_amplify_app | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2530 | CKV2_AWS_75 | resource | aws_amplify_app | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2531 | CKV2_AWS_75 | resource | aws_amplify_backend_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2532 | CKV2_AWS_75 | resource | aws_amplify_backend_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2533 | CKV2_AWS_75 | resource | aws_amplify_branch | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2534 | CKV2_AWS_75 | resource | aws_amplify_branch | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2535 | CKV2_AWS_75 | resource | aws_amplify_domain_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2536 | CKV2_AWS_75 | resource | aws_amplify_domain_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2537 | CKV2_AWS_75 | resource | aws_amplify_webhook | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2538 | CKV2_AWS_75 | resource | aws_amplify_webhook | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2539 | CKV2_AWS_75 | resource | aws_api_gateway_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2540 | CKV2_AWS_75 | resource | aws_api_gateway_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2541 | CKV2_AWS_75 | resource | aws_api_gateway_api_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2542 | CKV2_AWS_75 | resource | aws_api_gateway_api_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2543 | CKV2_AWS_75 | resource | aws_api_gateway_authorizer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2544 | CKV2_AWS_75 | resource | aws_api_gateway_authorizer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2545 | CKV2_AWS_75 | resource | aws_api_gateway_base_path_mapping | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2546 | CKV2_AWS_75 | resource | aws_api_gateway_base_path_mapping | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2547 | CKV2_AWS_75 | resource | aws_api_gateway_client_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2548 | CKV2_AWS_75 | resource | aws_api_gateway_client_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2549 | CKV2_AWS_75 | resource | aws_api_gateway_deployment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2550 | CKV2_AWS_75 | resource | aws_api_gateway_deployment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2551 | CKV2_AWS_75 | resource | aws_api_gateway_documentation_part | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2552 | CKV2_AWS_75 | resource | aws_api_gateway_documentation_part | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2553 | CKV2_AWS_75 | resource | aws_api_gateway_documentation_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2554 | CKV2_AWS_75 | resource | aws_api_gateway_documentation_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2555 | CKV2_AWS_75 | resource | aws_api_gateway_domain_name | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2556 | CKV2_AWS_75 | resource | aws_api_gateway_domain_name | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2557 | CKV2_AWS_75 | resource | aws_api_gateway_domain_name_access_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2558 | CKV2_AWS_75 | resource | aws_api_gateway_domain_name_access_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2559 | CKV2_AWS_75 | resource | aws_api_gateway_gateway_response | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2560 | CKV2_AWS_75 | resource | aws_api_gateway_gateway_response | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2561 | CKV2_AWS_75 | resource | aws_api_gateway_integration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2562 | CKV2_AWS_75 | resource | aws_api_gateway_integration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2563 | CKV2_AWS_75 | resource | aws_api_gateway_integration_response | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2564 | CKV2_AWS_75 | resource | aws_api_gateway_integration_response | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2565 | CKV2_AWS_75 | resource | aws_api_gateway_method | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2566 | CKV2_AWS_75 | resource | aws_api_gateway_method | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2567 | CKV2_AWS_75 | resource | aws_api_gateway_method_response | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2568 | CKV2_AWS_75 | resource | aws_api_gateway_method_response | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2569 | CKV2_AWS_75 | resource | aws_api_gateway_method_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2570 | CKV2_AWS_75 | resource | aws_api_gateway_method_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2571 | CKV2_AWS_75 | resource | aws_api_gateway_model | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2572 | CKV2_AWS_75 | resource | aws_api_gateway_model | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2573 | CKV2_AWS_75 | resource | aws_api_gateway_request_validator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2574 | CKV2_AWS_75 | resource | aws_api_gateway_request_validator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2575 | CKV2_AWS_75 | resource | aws_api_gateway_resource | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2576 | CKV2_AWS_75 | resource | aws_api_gateway_resource | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2577 | CKV2_AWS_75 | resource | aws_api_gateway_rest_api | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2578 | CKV2_AWS_75 | resource | aws_api_gateway_rest_api | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2579 | CKV2_AWS_75 | resource | aws_api_gateway_rest_api_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2580 | CKV2_AWS_75 | resource | aws_api_gateway_rest_api_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2581 | CKV2_AWS_75 | resource | aws_api_gateway_stage | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2582 | CKV2_AWS_75 | resource | aws_api_gateway_stage | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2583 | CKV2_AWS_75 | resource | aws_api_gateway_usage_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2584 | CKV2_AWS_75 | resource | aws_api_gateway_usage_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2585 | CKV2_AWS_75 | resource | aws_api_gateway_usage_plan_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2586 | CKV2_AWS_75 | resource | aws_api_gateway_usage_plan_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2587 | CKV2_AWS_75 | resource | aws_api_gateway_vpc_link | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2588 | CKV2_AWS_75 | resource | aws_api_gateway_vpc_link | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2589 | CKV2_AWS_75 | resource | aws_apigatewayv2_api | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2590 | CKV2_AWS_75 | resource | aws_apigatewayv2_api | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2591 | CKV2_AWS_75 | resource | aws_apigatewayv2_api_mapping | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2592 | CKV2_AWS_75 | resource | aws_apigatewayv2_api_mapping | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2593 | CKV2_AWS_75 | resource | aws_apigatewayv2_authorizer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2594 | CKV2_AWS_75 | resource | aws_apigatewayv2_authorizer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2595 | CKV2_AWS_75 | resource | aws_apigatewayv2_deployment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2596 | CKV2_AWS_75 | resource | aws_apigatewayv2_deployment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2597 | CKV2_AWS_75 | resource | aws_apigatewayv2_domain_name | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2598 | CKV2_AWS_75 | resource | aws_apigatewayv2_domain_name | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2599 | CKV2_AWS_75 | resource | aws_apigatewayv2_integration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2600 | CKV2_AWS_75 | resource | aws_apigatewayv2_integration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2601 | CKV2_AWS_75 | resource | aws_apigatewayv2_integration_response | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2602 | CKV2_AWS_75 | resource | aws_apigatewayv2_integration_response | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2603 | CKV2_AWS_75 | resource | aws_apigatewayv2_model | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2604 | CKV2_AWS_75 | resource | aws_apigatewayv2_model | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2605 | CKV2_AWS_75 | resource | aws_apigatewayv2_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2606 | CKV2_AWS_75 | resource | aws_apigatewayv2_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2607 | CKV2_AWS_75 | resource | aws_apigatewayv2_route_response | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2608 | CKV2_AWS_75 | resource | aws_apigatewayv2_route_response | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2609 | CKV2_AWS_75 | resource | aws_apigatewayv2_stage | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2610 | CKV2_AWS_75 | resource | aws_apigatewayv2_stage | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2611 | CKV2_AWS_75 | resource | aws_apigatewayv2_vpc_link | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2612 | CKV2_AWS_75 | resource | aws_apigatewayv2_vpc_link | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2613 | CKV2_AWS_75 | resource | aws_app_cookie_stickiness_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2614 | CKV2_AWS_75 | resource | aws_app_cookie_stickiness_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2615 | CKV2_AWS_75 | resource | aws_appautoscaling_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2616 | CKV2_AWS_75 | resource | aws_appautoscaling_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2617 | CKV2_AWS_75 | resource | aws_appautoscaling_scheduled_action | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2618 | CKV2_AWS_75 | resource | aws_appautoscaling_scheduled_action | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2619 | CKV2_AWS_75 | resource | aws_appautoscaling_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2620 | CKV2_AWS_75 | resource | aws_appautoscaling_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2621 | CKV2_AWS_75 | resource | aws_appconfig_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2622 | CKV2_AWS_75 | resource | aws_appconfig_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2623 | CKV2_AWS_75 | resource | aws_appconfig_configuration_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2624 | CKV2_AWS_75 | resource | aws_appconfig_configuration_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2625 | CKV2_AWS_75 | resource | aws_appconfig_deployment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2626 | CKV2_AWS_75 | resource | aws_appconfig_deployment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2627 | CKV2_AWS_75 | resource | aws_appconfig_deployment_strategy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2628 | CKV2_AWS_75 | resource | aws_appconfig_deployment_strategy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2629 | CKV2_AWS_75 | resource | aws_appconfig_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2630 | CKV2_AWS_75 | resource | aws_appconfig_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2631 | CKV2_AWS_75 | resource | aws_appconfig_extension | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2632 | CKV2_AWS_75 | resource | aws_appconfig_extension | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2633 | CKV2_AWS_75 | resource | aws_appconfig_extension_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2634 | CKV2_AWS_75 | resource | aws_appconfig_extension_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2635 | CKV2_AWS_75 | resource | aws_appconfig_hosted_configuration_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2636 | CKV2_AWS_75 | resource | aws_appconfig_hosted_configuration_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2637 | CKV2_AWS_75 | resource | aws_appfabric_app_authorization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2638 | CKV2_AWS_75 | resource | aws_appfabric_app_authorization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2639 | CKV2_AWS_75 | resource | aws_appfabric_app_authorization_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2640 | CKV2_AWS_75 | resource | aws_appfabric_app_authorization_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2641 | CKV2_AWS_75 | resource | aws_appfabric_app_bundle | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2642 | CKV2_AWS_75 | resource | aws_appfabric_app_bundle | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2643 | CKV2_AWS_75 | resource | aws_appfabric_ingestion | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2644 | CKV2_AWS_75 | resource | aws_appfabric_ingestion | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2645 | CKV2_AWS_75 | resource | aws_appfabric_ingestion_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2646 | CKV2_AWS_75 | resource | aws_appfabric_ingestion_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2647 | CKV2_AWS_75 | resource | aws_appflow_connector_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2648 | CKV2_AWS_75 | resource | aws_appflow_connector_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2649 | CKV2_AWS_75 | resource | aws_appflow_flow | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2650 | CKV2_AWS_75 | resource | aws_appflow_flow | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2651 | CKV2_AWS_75 | resource | aws_appintegrations_data_integration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2652 | CKV2_AWS_75 | resource | aws_appintegrations_data_integration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2653 | CKV2_AWS_75 | resource | aws_appintegrations_event_integration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2654 | CKV2_AWS_75 | resource | aws_appintegrations_event_integration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2655 | CKV2_AWS_75 | resource | aws_applicationinsights_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2656 | CKV2_AWS_75 | resource | aws_applicationinsights_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2657 | CKV2_AWS_75 | resource | aws_appmesh_gateway_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2658 | CKV2_AWS_75 | resource | aws_appmesh_gateway_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2659 | CKV2_AWS_75 | resource | aws_appmesh_mesh | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2660 | CKV2_AWS_75 | resource | aws_appmesh_mesh | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2661 | CKV2_AWS_75 | resource | aws_appmesh_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2662 | CKV2_AWS_75 | resource | aws_appmesh_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2663 | CKV2_AWS_75 | resource | aws_appmesh_virtual_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2664 | CKV2_AWS_75 | resource | aws_appmesh_virtual_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2665 | CKV2_AWS_75 | resource | aws_appmesh_virtual_node | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2666 | CKV2_AWS_75 | resource | aws_appmesh_virtual_node | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2667 | CKV2_AWS_75 | resource | aws_appmesh_virtual_router | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2668 | CKV2_AWS_75 | resource | aws_appmesh_virtual_router | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2669 | CKV2_AWS_75 | resource | aws_appmesh_virtual_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2670 | CKV2_AWS_75 | resource | aws_appmesh_virtual_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2671 | CKV2_AWS_75 | resource | aws_apprunner_auto_scaling_configuration_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2672 | CKV2_AWS_75 | resource | aws_apprunner_auto_scaling_configuration_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2673 | CKV2_AWS_75 | resource | aws_apprunner_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2674 | CKV2_AWS_75 | resource | aws_apprunner_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2675 | CKV2_AWS_75 | resource | aws_apprunner_custom_domain_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2676 | CKV2_AWS_75 | resource | aws_apprunner_custom_domain_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2677 | CKV2_AWS_75 | resource | aws_apprunner_default_auto_scaling_configuration_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2678 | CKV2_AWS_75 | resource | aws_apprunner_default_auto_scaling_configuration_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2679 | CKV2_AWS_75 | resource | aws_apprunner_deployment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2680 | CKV2_AWS_75 | resource | aws_apprunner_deployment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2681 | CKV2_AWS_75 | resource | aws_apprunner_observability_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2682 | CKV2_AWS_75 | resource | aws_apprunner_observability_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2683 | CKV2_AWS_75 | resource | aws_apprunner_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2684 | CKV2_AWS_75 | resource | aws_apprunner_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2685 | CKV2_AWS_75 | resource | aws_apprunner_vpc_connector | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2686 | CKV2_AWS_75 | resource | aws_apprunner_vpc_connector | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2687 | CKV2_AWS_75 | resource | aws_apprunner_vpc_ingress_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2688 | CKV2_AWS_75 | resource | aws_apprunner_vpc_ingress_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2689 | CKV2_AWS_75 | resource | aws_appstream_directory_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2690 | CKV2_AWS_75 | resource | aws_appstream_directory_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2691 | CKV2_AWS_75 | resource | aws_appstream_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2692 | CKV2_AWS_75 | resource | aws_appstream_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2693 | CKV2_AWS_75 | resource | aws_appstream_fleet_stack_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2694 | CKV2_AWS_75 | resource | aws_appstream_fleet_stack_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2695 | CKV2_AWS_75 | resource | aws_appstream_image_builder | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2696 | CKV2_AWS_75 | resource | aws_appstream_image_builder | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2697 | CKV2_AWS_75 | resource | aws_appstream_stack | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2698 | CKV2_AWS_75 | resource | aws_appstream_stack | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2699 | CKV2_AWS_75 | resource | aws_appstream_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2700 | CKV2_AWS_75 | resource | aws_appstream_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2701 | CKV2_AWS_75 | resource | aws_appstream_user_stack_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2702 | CKV2_AWS_75 | resource | aws_appstream_user_stack_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2703 | CKV2_AWS_75 | resource | aws_appsync_api_cache | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2704 | CKV2_AWS_75 | resource | aws_appsync_api_cache | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2705 | CKV2_AWS_75 | resource | aws_appsync_api_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2706 | CKV2_AWS_75 | resource | aws_appsync_api_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2707 | CKV2_AWS_75 | resource | aws_appsync_datasource | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2708 | CKV2_AWS_75 | resource | aws_appsync_datasource | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2709 | CKV2_AWS_75 | resource | aws_appsync_domain_name | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2710 | CKV2_AWS_75 | resource | aws_appsync_domain_name | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2711 | CKV2_AWS_75 | resource | aws_appsync_domain_name_api_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2712 | CKV2_AWS_75 | resource | aws_appsync_domain_name_api_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2713 | CKV2_AWS_75 | resource | aws_appsync_function | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2714 | CKV2_AWS_75 | resource | aws_appsync_function | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2715 | CKV2_AWS_75 | resource | aws_appsync_graphql_api | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2716 | CKV2_AWS_75 | resource | aws_appsync_graphql_api | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2717 | CKV2_AWS_75 | resource | aws_appsync_resolver | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2718 | CKV2_AWS_75 | resource | aws_appsync_resolver | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2719 | CKV2_AWS_75 | resource | aws_appsync_source_api_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2720 | CKV2_AWS_75 | resource | aws_appsync_source_api_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2721 | CKV2_AWS_75 | resource | aws_appsync_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2722 | CKV2_AWS_75 | resource | aws_appsync_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2723 | CKV2_AWS_75 | resource | aws_athena_data_catalog | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2724 | CKV2_AWS_75 | resource | aws_athena_data_catalog | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2725 | CKV2_AWS_75 | resource | aws_athena_database | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2726 | CKV2_AWS_75 | resource | aws_athena_database | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2727 | CKV2_AWS_75 | resource | aws_athena_named_query | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2728 | CKV2_AWS_75 | resource | aws_athena_named_query | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2729 | CKV2_AWS_75 | resource | aws_athena_prepared_statement | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2730 | CKV2_AWS_75 | resource | aws_athena_prepared_statement | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2731 | CKV2_AWS_75 | resource | aws_athena_workgroup | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2732 | CKV2_AWS_75 | resource | aws_athena_workgroup | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2733 | CKV2_AWS_75 | resource | aws_auditmanager_account_registration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2734 | CKV2_AWS_75 | resource | aws_auditmanager_account_registration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2735 | CKV2_AWS_75 | resource | aws_auditmanager_assessment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2736 | CKV2_AWS_75 | resource | aws_auditmanager_assessment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2737 | CKV2_AWS_75 | resource | aws_auditmanager_assessment_delegation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2738 | CKV2_AWS_75 | resource | aws_auditmanager_assessment_delegation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2739 | CKV2_AWS_75 | resource | aws_auditmanager_assessment_report | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2740 | CKV2_AWS_75 | resource | aws_auditmanager_assessment_report | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2741 | CKV2_AWS_75 | resource | aws_auditmanager_control | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2742 | CKV2_AWS_75 | resource | aws_auditmanager_control | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2743 | CKV2_AWS_75 | resource | aws_auditmanager_framework | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2744 | CKV2_AWS_75 | resource | aws_auditmanager_framework | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2745 | CKV2_AWS_75 | resource | aws_auditmanager_framework_share | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2746 | CKV2_AWS_75 | resource | aws_auditmanager_framework_share | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2747 | CKV2_AWS_75 | resource | aws_auditmanager_organization_admin_account_registration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2748 | CKV2_AWS_75 | resource | aws_auditmanager_organization_admin_account_registration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2749 | CKV2_AWS_75 | resource | aws_autoscaling_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2750 | CKV2_AWS_75 | resource | aws_autoscaling_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2751 | CKV2_AWS_75 | resource | aws_autoscaling_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2752 | CKV2_AWS_75 | resource | aws_autoscaling_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2753 | CKV2_AWS_75 | resource | aws_autoscaling_group_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2754 | CKV2_AWS_75 | resource | aws_autoscaling_group_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2755 | CKV2_AWS_75 | resource | aws_autoscaling_lifecycle_hook | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2756 | CKV2_AWS_75 | resource | aws_autoscaling_lifecycle_hook | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2757 | CKV2_AWS_75 | resource | aws_autoscaling_notification | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2758 | CKV2_AWS_75 | resource | aws_autoscaling_notification | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2759 | CKV2_AWS_75 | resource | aws_autoscaling_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2760 | CKV2_AWS_75 | resource | aws_autoscaling_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2761 | CKV2_AWS_75 | resource | aws_autoscaling_schedule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2762 | CKV2_AWS_75 | resource | aws_autoscaling_schedule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2763 | CKV2_AWS_75 | resource | aws_autoscaling_traffic_source_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2764 | CKV2_AWS_75 | resource | aws_autoscaling_traffic_source_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2765 | CKV2_AWS_75 | resource | aws_autoscalingplans_scaling_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2766 | CKV2_AWS_75 | resource | aws_autoscalingplans_scaling_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2767 | CKV2_AWS_75 | resource | aws_az_info | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2768 | CKV2_AWS_75 | resource | aws_az_info | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2769 | CKV2_AWS_75 | resource | aws_backup_framework | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2770 | CKV2_AWS_75 | resource | aws_backup_framework | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2771 | CKV2_AWS_75 | resource | aws_backup_global_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2772 | CKV2_AWS_75 | resource | aws_backup_global_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2773 | CKV2_AWS_75 | resource | aws_backup_logically_air_gapped_vault | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2774 | CKV2_AWS_75 | resource | aws_backup_logically_air_gapped_vault | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2775 | CKV2_AWS_75 | resource | aws_backup_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2776 | CKV2_AWS_75 | resource | aws_backup_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2777 | CKV2_AWS_75 | resource | aws_backup_region_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2778 | CKV2_AWS_75 | resource | aws_backup_region_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2779 | CKV2_AWS_75 | resource | aws_backup_report_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2780 | CKV2_AWS_75 | resource | aws_backup_report_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2781 | CKV2_AWS_75 | resource | aws_backup_restore_testing_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2782 | CKV2_AWS_75 | resource | aws_backup_restore_testing_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2783 | CKV2_AWS_75 | resource | aws_backup_restore_testing_selection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2784 | CKV2_AWS_75 | resource | aws_backup_restore_testing_selection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2785 | CKV2_AWS_75 | resource | aws_backup_selection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2786 | CKV2_AWS_75 | resource | aws_backup_selection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2787 | CKV2_AWS_75 | resource | aws_backup_vault | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2788 | CKV2_AWS_75 | resource | aws_backup_vault | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2789 | CKV2_AWS_75 | resource | aws_backup_vault_lock_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2790 | CKV2_AWS_75 | resource | aws_backup_vault_lock_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2791 | CKV2_AWS_75 | resource | aws_backup_vault_notifications | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2792 | CKV2_AWS_75 | resource | aws_backup_vault_notifications | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2793 | CKV2_AWS_75 | resource | aws_backup_vault_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2794 | CKV2_AWS_75 | resource | aws_backup_vault_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2795 | CKV2_AWS_75 | resource | aws_batch_compute_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2796 | CKV2_AWS_75 | resource | aws_batch_compute_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2797 | CKV2_AWS_75 | resource | aws_batch_job_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2798 | CKV2_AWS_75 | resource | aws_batch_job_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2799 | CKV2_AWS_75 | resource | aws_batch_job_queue | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2800 | CKV2_AWS_75 | resource | aws_batch_job_queue | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2801 | CKV2_AWS_75 | resource | aws_batch_scheduling_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2802 | CKV2_AWS_75 | resource | aws_batch_scheduling_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2803 | CKV2_AWS_75 | resource | aws_bcmdataexports_export | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2804 | CKV2_AWS_75 | resource | aws_bcmdataexports_export | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2805 | CKV2_AWS_75 | resource | aws_bedrock_custom_model | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2806 | CKV2_AWS_75 | resource | aws_bedrock_custom_model | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2807 | CKV2_AWS_75 | resource | aws_bedrock_guardrail | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2808 | CKV2_AWS_75 | resource | aws_bedrock_guardrail | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2809 | CKV2_AWS_75 | resource | aws_bedrock_guardrail_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2810 | CKV2_AWS_75 | resource | aws_bedrock_guardrail_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2811 | CKV2_AWS_75 | resource | aws_bedrock_inference_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2812 | CKV2_AWS_75 | resource | aws_bedrock_inference_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2813 | CKV2_AWS_75 | resource | aws_bedrock_model_invocation_logging_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2814 | CKV2_AWS_75 | resource | aws_bedrock_model_invocation_logging_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2815 | CKV2_AWS_75 | resource | aws_bedrock_provisioned_model_throughput | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2816 | CKV2_AWS_75 | resource | aws_bedrock_provisioned_model_throughput | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2817 | CKV2_AWS_75 | resource | aws_bedrockagent_agent | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2818 | CKV2_AWS_75 | resource | aws_bedrockagent_agent | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2819 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_action_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2820 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_action_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2821 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2822 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2823 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_collaborator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2824 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_collaborator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2825 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_knowledge_base_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2826 | CKV2_AWS_75 | resource | aws_bedrockagent_agent_knowledge_base_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2827 | CKV2_AWS_75 | resource | aws_bedrockagent_data_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2828 | CKV2_AWS_75 | resource | aws_bedrockagent_data_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2829 | CKV2_AWS_75 | resource | aws_bedrockagent_knowledge_base | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2830 | CKV2_AWS_75 | resource | aws_bedrockagent_knowledge_base | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2831 | CKV2_AWS_75 | resource | aws_budgets_budget | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2832 | CKV2_AWS_75 | resource | aws_budgets_budget | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2833 | CKV2_AWS_75 | resource | aws_budgets_budget_action | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2834 | CKV2_AWS_75 | resource | aws_budgets_budget_action | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2835 | CKV2_AWS_75 | resource | aws_caller_info | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2836 | CKV2_AWS_75 | resource | aws_caller_info | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2837 | CKV2_AWS_75 | resource | aws_ce_anomaly_monitor | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2838 | CKV2_AWS_75 | resource | aws_ce_anomaly_monitor | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2839 | CKV2_AWS_75 | resource | aws_ce_anomaly_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2840 | CKV2_AWS_75 | resource | aws_ce_anomaly_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2841 | CKV2_AWS_75 | resource | aws_ce_cost_allocation_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2842 | CKV2_AWS_75 | resource | aws_ce_cost_allocation_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2843 | CKV2_AWS_75 | resource | aws_ce_cost_category | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2844 | CKV2_AWS_75 | resource | aws_ce_cost_category | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2845 | CKV2_AWS_75 | resource | aws_chatbot_slack_channel_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2846 | CKV2_AWS_75 | resource | aws_chatbot_slack_channel_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2847 | CKV2_AWS_75 | resource | aws_chatbot_teams_channel_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2848 | CKV2_AWS_75 | resource | aws_chatbot_teams_channel_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2849 | CKV2_AWS_75 | resource | aws_chime_voice_connector | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2850 | CKV2_AWS_75 | resource | aws_chime_voice_connector | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2851 | CKV2_AWS_75 | resource | aws_chime_voice_connector_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2852 | CKV2_AWS_75 | resource | aws_chime_voice_connector_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2853 | CKV2_AWS_75 | resource | aws_chime_voice_connector_logging | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2854 | CKV2_AWS_75 | resource | aws_chime_voice_connector_logging | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2855 | CKV2_AWS_75 | resource | aws_chime_voice_connector_origination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2856 | CKV2_AWS_75 | resource | aws_chime_voice_connector_origination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2857 | CKV2_AWS_75 | resource | aws_chime_voice_connector_streaming | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2858 | CKV2_AWS_75 | resource | aws_chime_voice_connector_streaming | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2859 | CKV2_AWS_75 | resource | aws_chime_voice_connector_termination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2860 | CKV2_AWS_75 | resource | aws_chime_voice_connector_termination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2861 | CKV2_AWS_75 | resource | aws_chime_voice_connector_termination_credentials | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2862 | CKV2_AWS_75 | resource | aws_chime_voice_connector_termination_credentials | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2863 | CKV2_AWS_75 | resource | aws_chimesdkmediapipelines_media_insights_pipeline_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2864 | CKV2_AWS_75 | resource | aws_chimesdkmediapipelines_media_insights_pipeline_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2865 | CKV2_AWS_75 | resource | aws_chimesdkvoice_global_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2866 | CKV2_AWS_75 | resource | aws_chimesdkvoice_global_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2867 | CKV2_AWS_75 | resource | aws_chimesdkvoice_sip_media_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2868 | CKV2_AWS_75 | resource | aws_chimesdkvoice_sip_media_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2869 | CKV2_AWS_75 | resource | aws_chimesdkvoice_sip_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2870 | CKV2_AWS_75 | resource | aws_chimesdkvoice_sip_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2871 | CKV2_AWS_75 | resource | aws_chimesdkvoice_voice_profile_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2872 | CKV2_AWS_75 | resource | aws_chimesdkvoice_voice_profile_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2873 | CKV2_AWS_75 | resource | aws_cleanrooms_collaboration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2874 | CKV2_AWS_75 | resource | aws_cleanrooms_collaboration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2875 | CKV2_AWS_75 | resource | aws_cleanrooms_configured_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2876 | CKV2_AWS_75 | resource | aws_cleanrooms_configured_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2877 | CKV2_AWS_75 | resource | aws_cleanrooms_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2878 | CKV2_AWS_75 | resource | aws_cleanrooms_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2879 | CKV2_AWS_75 | resource | aws_cloud9_environment_ec2 | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2880 | CKV2_AWS_75 | resource | aws_cloud9_environment_ec2 | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2881 | CKV2_AWS_75 | resource | aws_cloud9_environment_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2882 | CKV2_AWS_75 | resource | aws_cloud9_environment_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2883 | CKV2_AWS_75 | resource | aws_cloudcontrolapi_resource | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2884 | CKV2_AWS_75 | resource | aws_cloudcontrolapi_resource | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2885 | CKV2_AWS_75 | resource | aws_cloudformation_stack | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2886 | CKV2_AWS_75 | resource | aws_cloudformation_stack | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2887 | CKV2_AWS_75 | resource | aws_cloudformation_stack_instances | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2888 | CKV2_AWS_75 | resource | aws_cloudformation_stack_instances | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2889 | CKV2_AWS_75 | resource | aws_cloudformation_stack_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2890 | CKV2_AWS_75 | resource | aws_cloudformation_stack_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2891 | CKV2_AWS_75 | resource | aws_cloudformation_stack_set_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2892 | CKV2_AWS_75 | resource | aws_cloudformation_stack_set_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2893 | CKV2_AWS_75 | resource | aws_cloudformation_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2894 | CKV2_AWS_75 | resource | aws_cloudformation_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2895 | CKV2_AWS_75 | resource | aws_cloudfront_cache_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2896 | CKV2_AWS_75 | resource | aws_cloudfront_cache_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2897 | CKV2_AWS_75 | resource | aws_cloudfront_continuous_deployment_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2898 | CKV2_AWS_75 | resource | aws_cloudfront_continuous_deployment_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2899 | CKV2_AWS_75 | resource | aws_cloudfront_distribution | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2900 | CKV2_AWS_75 | resource | aws_cloudfront_distribution | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2901 | CKV2_AWS_75 | resource | aws_cloudfront_field_level_encryption_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2902 | CKV2_AWS_75 | resource | aws_cloudfront_field_level_encryption_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2903 | CKV2_AWS_75 | resource | aws_cloudfront_field_level_encryption_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2904 | CKV2_AWS_75 | resource | aws_cloudfront_field_level_encryption_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2905 | CKV2_AWS_75 | resource | aws_cloudfront_function | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2906 | CKV2_AWS_75 | resource | aws_cloudfront_function | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2907 | CKV2_AWS_75 | resource | aws_cloudfront_key_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2908 | CKV2_AWS_75 | resource | aws_cloudfront_key_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2909 | CKV2_AWS_75 | resource | aws_cloudfront_key_value_store | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2910 | CKV2_AWS_75 | resource | aws_cloudfront_key_value_store | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2911 | CKV2_AWS_75 | resource | aws_cloudfront_monitoring_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2912 | CKV2_AWS_75 | resource | aws_cloudfront_monitoring_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2913 | CKV2_AWS_75 | resource | aws_cloudfront_origin_access_control | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2914 | CKV2_AWS_75 | resource | aws_cloudfront_origin_access_control | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2915 | CKV2_AWS_75 | resource | aws_cloudfront_origin_access_identity | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2916 | CKV2_AWS_75 | resource | aws_cloudfront_origin_access_identity | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2917 | CKV2_AWS_75 | resource | aws_cloudfront_origin_request_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2918 | CKV2_AWS_75 | resource | aws_cloudfront_origin_request_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2919 | CKV2_AWS_75 | resource | aws_cloudfront_public_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2920 | CKV2_AWS_75 | resource | aws_cloudfront_public_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2921 | CKV2_AWS_75 | resource | aws_cloudfront_realtime_log_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2922 | CKV2_AWS_75 | resource | aws_cloudfront_realtime_log_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2923 | CKV2_AWS_75 | resource | aws_cloudfront_response_headers_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2924 | CKV2_AWS_75 | resource | aws_cloudfront_response_headers_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2925 | CKV2_AWS_75 | resource | aws_cloudfront_vpc_origin | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2926 | CKV2_AWS_75 | resource | aws_cloudfront_vpc_origin | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2927 | CKV2_AWS_75 | resource | aws_cloudfrontkeyvaluestore_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2928 | CKV2_AWS_75 | resource | aws_cloudfrontkeyvaluestore_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2929 | CKV2_AWS_75 | resource | aws_cloudhsm_v2_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2930 | CKV2_AWS_75 | resource | aws_cloudhsm_v2_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2931 | CKV2_AWS_75 | resource | aws_cloudhsm_v2_hsm | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2932 | CKV2_AWS_75 | resource | aws_cloudhsm_v2_hsm | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2933 | CKV2_AWS_75 | resource | aws_cloudsearch_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2934 | CKV2_AWS_75 | resource | aws_cloudsearch_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2935 | CKV2_AWS_75 | resource | aws_cloudsearch_domain_service_access_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2936 | CKV2_AWS_75 | resource | aws_cloudsearch_domain_service_access_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2937 | CKV2_AWS_75 | resource | aws_cloudtrail | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2938 | CKV2_AWS_75 | resource | aws_cloudtrail | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2939 | CKV2_AWS_75 | resource | aws_cloudtrail_event_data_store | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2940 | CKV2_AWS_75 | resource | aws_cloudtrail_event_data_store | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2941 | CKV2_AWS_75 | resource | aws_cloudtrail_organization_delegated_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2942 | CKV2_AWS_75 | resource | aws_cloudtrail_organization_delegated_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2943 | CKV2_AWS_75 | resource | aws_cloudwatch_composite_alarm | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2944 | CKV2_AWS_75 | resource | aws_cloudwatch_composite_alarm | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2945 | CKV2_AWS_75 | resource | aws_cloudwatch_dashboard | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2946 | CKV2_AWS_75 | resource | aws_cloudwatch_dashboard | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2947 | CKV2_AWS_75 | resource | aws_cloudwatch_event_api_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2948 | CKV2_AWS_75 | resource | aws_cloudwatch_event_api_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2949 | CKV2_AWS_75 | resource | aws_cloudwatch_event_archive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2950 | CKV2_AWS_75 | resource | aws_cloudwatch_event_archive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2951 | CKV2_AWS_75 | resource | aws_cloudwatch_event_bus | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2952 | CKV2_AWS_75 | resource | aws_cloudwatch_event_bus | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2953 | CKV2_AWS_75 | resource | aws_cloudwatch_event_bus_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2954 | CKV2_AWS_75 | resource | aws_cloudwatch_event_bus_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2955 | CKV2_AWS_75 | resource | aws_cloudwatch_event_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2956 | CKV2_AWS_75 | resource | aws_cloudwatch_event_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2957 | CKV2_AWS_75 | resource | aws_cloudwatch_event_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2958 | CKV2_AWS_75 | resource | aws_cloudwatch_event_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2959 | CKV2_AWS_75 | resource | aws_cloudwatch_event_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2960 | CKV2_AWS_75 | resource | aws_cloudwatch_event_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2961 | CKV2_AWS_75 | resource | aws_cloudwatch_event_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2962 | CKV2_AWS_75 | resource | aws_cloudwatch_event_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2963 | CKV2_AWS_75 | resource | aws_cloudwatch_event_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2964 | CKV2_AWS_75 | resource | aws_cloudwatch_event_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2965 | CKV2_AWS_75 | resource | aws_cloudwatch_log_account_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2966 | CKV2_AWS_75 | resource | aws_cloudwatch_log_account_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2967 | CKV2_AWS_75 | resource | aws_cloudwatch_log_anomaly_detector | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2968 | CKV2_AWS_75 | resource | aws_cloudwatch_log_anomaly_detector | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2969 | CKV2_AWS_75 | resource | aws_cloudwatch_log_data_protection_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2970 | CKV2_AWS_75 | resource | aws_cloudwatch_log_data_protection_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2971 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2972 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2973 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2974 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2975 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery_destination_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2976 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery_destination_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2977 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2978 | CKV2_AWS_75 | resource | aws_cloudwatch_log_delivery_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2979 | CKV2_AWS_75 | resource | aws_cloudwatch_log_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2980 | CKV2_AWS_75 | resource | aws_cloudwatch_log_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2981 | CKV2_AWS_75 | resource | aws_cloudwatch_log_destination_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2982 | CKV2_AWS_75 | resource | aws_cloudwatch_log_destination_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2983 | CKV2_AWS_75 | resource | aws_cloudwatch_log_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2984 | CKV2_AWS_75 | resource | aws_cloudwatch_log_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2985 | CKV2_AWS_75 | resource | aws_cloudwatch_log_index_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2986 | CKV2_AWS_75 | resource | aws_cloudwatch_log_index_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2987 | CKV2_AWS_75 | resource | aws_cloudwatch_log_metric_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2988 | CKV2_AWS_75 | resource | aws_cloudwatch_log_metric_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2989 | CKV2_AWS_75 | resource | aws_cloudwatch_log_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2990 | CKV2_AWS_75 | resource | aws_cloudwatch_log_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2991 | CKV2_AWS_75 | resource | aws_cloudwatch_log_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2992 | CKV2_AWS_75 | resource | aws_cloudwatch_log_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2993 | CKV2_AWS_75 | resource | aws_cloudwatch_log_subscription_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2994 | CKV2_AWS_75 | resource | aws_cloudwatch_log_subscription_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2995 | CKV2_AWS_75 | resource | aws_cloudwatch_metric_alarm | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2996 | CKV2_AWS_75 | resource | aws_cloudwatch_metric_alarm | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2997 | CKV2_AWS_75 | resource | aws_cloudwatch_metric_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 2998 | CKV2_AWS_75 | resource | aws_cloudwatch_metric_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 2999 | CKV2_AWS_75 | resource | aws_cloudwatch_query_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3000 | CKV2_AWS_75 | resource | aws_cloudwatch_query_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3001 | CKV2_AWS_75 | resource | aws_codeartifact_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3002 | CKV2_AWS_75 | resource | aws_codeartifact_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3003 | CKV2_AWS_75 | resource | aws_codeartifact_domain_permissions_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3004 | CKV2_AWS_75 | resource | aws_codeartifact_domain_permissions_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3005 | CKV2_AWS_75 | resource | aws_codeartifact_repository | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3006 | CKV2_AWS_75 | resource | aws_codeartifact_repository | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3007 | CKV2_AWS_75 | resource | aws_codeartifact_repository_permissions_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3008 | CKV2_AWS_75 | resource | aws_codeartifact_repository_permissions_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3009 | CKV2_AWS_75 | resource | aws_codebuild_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3010 | CKV2_AWS_75 | resource | aws_codebuild_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3011 | CKV2_AWS_75 | resource | aws_codebuild_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3012 | CKV2_AWS_75 | resource | aws_codebuild_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3013 | CKV2_AWS_75 | resource | aws_codebuild_report_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3014 | CKV2_AWS_75 | resource | aws_codebuild_report_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3015 | CKV2_AWS_75 | resource | aws_codebuild_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3016 | CKV2_AWS_75 | resource | aws_codebuild_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3017 | CKV2_AWS_75 | resource | aws_codebuild_source_credential | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3018 | CKV2_AWS_75 | resource | aws_codebuild_source_credential | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3019 | CKV2_AWS_75 | resource | aws_codebuild_webhook | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3020 | CKV2_AWS_75 | resource | aws_codebuild_webhook | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3021 | CKV2_AWS_75 | resource | aws_codecatalyst_dev_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3022 | CKV2_AWS_75 | resource | aws_codecatalyst_dev_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3023 | CKV2_AWS_75 | resource | aws_codecatalyst_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3024 | CKV2_AWS_75 | resource | aws_codecatalyst_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3025 | CKV2_AWS_75 | resource | aws_codecatalyst_source_repository | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3026 | CKV2_AWS_75 | resource | aws_codecatalyst_source_repository | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3027 | CKV2_AWS_75 | resource | aws_codecommit_approval_rule_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3028 | CKV2_AWS_75 | resource | aws_codecommit_approval_rule_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3029 | CKV2_AWS_75 | resource | aws_codecommit_approval_rule_template_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3030 | CKV2_AWS_75 | resource | aws_codecommit_approval_rule_template_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3031 | CKV2_AWS_75 | resource | aws_codecommit_repository | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3032 | CKV2_AWS_75 | resource | aws_codecommit_repository | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3033 | CKV2_AWS_75 | resource | aws_codecommit_trigger | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3034 | CKV2_AWS_75 | resource | aws_codecommit_trigger | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3035 | CKV2_AWS_75 | resource | aws_codeconnections_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3036 | CKV2_AWS_75 | resource | aws_codeconnections_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3037 | CKV2_AWS_75 | resource | aws_codeconnections_host | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3038 | CKV2_AWS_75 | resource | aws_codeconnections_host | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3039 | CKV2_AWS_75 | resource | aws_codedeploy_app | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3040 | CKV2_AWS_75 | resource | aws_codedeploy_app | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3041 | CKV2_AWS_75 | resource | aws_codedeploy_deployment_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3042 | CKV2_AWS_75 | resource | aws_codedeploy_deployment_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3043 | CKV2_AWS_75 | resource | aws_codedeploy_deployment_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3044 | CKV2_AWS_75 | resource | aws_codedeploy_deployment_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3045 | CKV2_AWS_75 | resource | aws_codeguruprofiler_profiling_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3046 | CKV2_AWS_75 | resource | aws_codeguruprofiler_profiling_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3047 | CKV2_AWS_75 | resource | aws_codegurureviewer_repository_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3048 | CKV2_AWS_75 | resource | aws_codegurureviewer_repository_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3049 | CKV2_AWS_75 | resource | aws_codepipeline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3050 | CKV2_AWS_75 | resource | aws_codepipeline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3051 | CKV2_AWS_75 | resource | aws_codepipeline_custom_action_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3052 | CKV2_AWS_75 | resource | aws_codepipeline_custom_action_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3053 | CKV2_AWS_75 | resource | aws_codepipeline_webhook | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3054 | CKV2_AWS_75 | resource | aws_codepipeline_webhook | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3055 | CKV2_AWS_75 | resource | aws_codestarconnections_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3056 | CKV2_AWS_75 | resource | aws_codestarconnections_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3057 | CKV2_AWS_75 | resource | aws_codestarconnections_host | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3058 | CKV2_AWS_75 | resource | aws_codestarconnections_host | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3059 | CKV2_AWS_75 | resource | aws_codestarnotifications_notification_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3060 | CKV2_AWS_75 | resource | aws_codestarnotifications_notification_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3061 | CKV2_AWS_75 | resource | aws_cognito_identity_pool | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3062 | CKV2_AWS_75 | resource | aws_cognito_identity_pool | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3063 | CKV2_AWS_75 | resource | aws_cognito_identity_pool_provider_principal_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3064 | CKV2_AWS_75 | resource | aws_cognito_identity_pool_provider_principal_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3065 | CKV2_AWS_75 | resource | aws_cognito_identity_pool_roles_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3066 | CKV2_AWS_75 | resource | aws_cognito_identity_pool_roles_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3067 | CKV2_AWS_75 | resource | aws_cognito_identity_provider | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3068 | CKV2_AWS_75 | resource | aws_cognito_identity_provider | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3069 | CKV2_AWS_75 | resource | aws_cognito_managed_user_pool_client | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3070 | CKV2_AWS_75 | resource | aws_cognito_managed_user_pool_client | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3071 | CKV2_AWS_75 | resource | aws_cognito_resource_server | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3072 | CKV2_AWS_75 | resource | aws_cognito_resource_server | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3073 | CKV2_AWS_75 | resource | aws_cognito_risk_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3074 | CKV2_AWS_75 | resource | aws_cognito_risk_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3075 | CKV2_AWS_75 | resource | aws_cognito_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3076 | CKV2_AWS_75 | resource | aws_cognito_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3077 | CKV2_AWS_75 | resource | aws_cognito_user_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3078 | CKV2_AWS_75 | resource | aws_cognito_user_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3079 | CKV2_AWS_75 | resource | aws_cognito_user_in_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3080 | CKV2_AWS_75 | resource | aws_cognito_user_in_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3081 | CKV2_AWS_75 | resource | aws_cognito_user_pool | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3082 | CKV2_AWS_75 | resource | aws_cognito_user_pool | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3083 | CKV2_AWS_75 | resource | aws_cognito_user_pool_client | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3084 | CKV2_AWS_75 | resource | aws_cognito_user_pool_client | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3085 | CKV2_AWS_75 | resource | aws_cognito_user_pool_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3086 | CKV2_AWS_75 | resource | aws_cognito_user_pool_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3087 | CKV2_AWS_75 | resource | aws_cognito_user_pool_ui_customization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3088 | CKV2_AWS_75 | resource | aws_cognito_user_pool_ui_customization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3089 | CKV2_AWS_75 | resource | aws_comprehend_document_classifier | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3090 | CKV2_AWS_75 | resource | aws_comprehend_document_classifier | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3091 | CKV2_AWS_75 | resource | aws_comprehend_entity_recognizer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3092 | CKV2_AWS_75 | resource | aws_comprehend_entity_recognizer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3093 | CKV2_AWS_75 | resource | aws_computeoptimizer_enrollment_status | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3094 | CKV2_AWS_75 | resource | aws_computeoptimizer_enrollment_status | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3095 | CKV2_AWS_75 | resource | aws_computeoptimizer_recommendation_preferences | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3096 | CKV2_AWS_75 | resource | aws_computeoptimizer_recommendation_preferences | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3097 | CKV2_AWS_75 | resource | aws_config_aggregate_authorization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3098 | CKV2_AWS_75 | resource | aws_config_aggregate_authorization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3099 | CKV2_AWS_75 | resource | aws_config_config_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3100 | CKV2_AWS_75 | resource | aws_config_config_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3101 | CKV2_AWS_75 | resource | aws_config_configuration_aggregator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3102 | CKV2_AWS_75 | resource | aws_config_configuration_aggregator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3103 | CKV2_AWS_75 | resource | aws_config_configuration_recorder | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3104 | CKV2_AWS_75 | resource | aws_config_configuration_recorder | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3105 | CKV2_AWS_75 | resource | aws_config_configuration_recorder_status | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3106 | CKV2_AWS_75 | resource | aws_config_configuration_recorder_status | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3107 | CKV2_AWS_75 | resource | aws_config_conformance_pack | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3108 | CKV2_AWS_75 | resource | aws_config_conformance_pack | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3109 | CKV2_AWS_75 | resource | aws_config_delivery_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3110 | CKV2_AWS_75 | resource | aws_config_delivery_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3111 | CKV2_AWS_75 | resource | aws_config_organization_conformance_pack | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3112 | CKV2_AWS_75 | resource | aws_config_organization_conformance_pack | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3113 | CKV2_AWS_75 | resource | aws_config_organization_custom_policy_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3114 | CKV2_AWS_75 | resource | aws_config_organization_custom_policy_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3115 | CKV2_AWS_75 | resource | aws_config_organization_custom_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3116 | CKV2_AWS_75 | resource | aws_config_organization_custom_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3117 | CKV2_AWS_75 | resource | aws_config_organization_managed_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3118 | CKV2_AWS_75 | resource | aws_config_organization_managed_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3119 | CKV2_AWS_75 | resource | aws_config_remediation_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3120 | CKV2_AWS_75 | resource | aws_config_remediation_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3121 | CKV2_AWS_75 | resource | aws_config_retention_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3122 | CKV2_AWS_75 | resource | aws_config_retention_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3123 | CKV2_AWS_75 | resource | aws_connect_bot_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3124 | CKV2_AWS_75 | resource | aws_connect_bot_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3125 | CKV2_AWS_75 | resource | aws_connect_contact_flow | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3126 | CKV2_AWS_75 | resource | aws_connect_contact_flow | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3127 | CKV2_AWS_75 | resource | aws_connect_contact_flow_module | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3128 | CKV2_AWS_75 | resource | aws_connect_contact_flow_module | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3129 | CKV2_AWS_75 | resource | aws_connect_hours_of_operation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3130 | CKV2_AWS_75 | resource | aws_connect_hours_of_operation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3131 | CKV2_AWS_75 | resource | aws_connect_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3132 | CKV2_AWS_75 | resource | aws_connect_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3133 | CKV2_AWS_75 | resource | aws_connect_instance_storage_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3134 | CKV2_AWS_75 | resource | aws_connect_instance_storage_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3135 | CKV2_AWS_75 | resource | aws_connect_lambda_function_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3136 | CKV2_AWS_75 | resource | aws_connect_lambda_function_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3137 | CKV2_AWS_75 | resource | aws_connect_phone_number | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3138 | CKV2_AWS_75 | resource | aws_connect_phone_number | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3139 | CKV2_AWS_75 | resource | aws_connect_queue | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3140 | CKV2_AWS_75 | resource | aws_connect_queue | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3141 | CKV2_AWS_75 | resource | aws_connect_quick_connect | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3142 | CKV2_AWS_75 | resource | aws_connect_quick_connect | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3143 | CKV2_AWS_75 | resource | aws_connect_routing_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3144 | CKV2_AWS_75 | resource | aws_connect_routing_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3145 | CKV2_AWS_75 | resource | aws_connect_security_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3146 | CKV2_AWS_75 | resource | aws_connect_security_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3147 | CKV2_AWS_75 | resource | aws_connect_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3148 | CKV2_AWS_75 | resource | aws_connect_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3149 | CKV2_AWS_75 | resource | aws_connect_user_hierarchy_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3150 | CKV2_AWS_75 | resource | aws_connect_user_hierarchy_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3151 | CKV2_AWS_75 | resource | aws_connect_user_hierarchy_structure | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3152 | CKV2_AWS_75 | resource | aws_connect_user_hierarchy_structure | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3153 | CKV2_AWS_75 | resource | aws_connect_vocabulary | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3154 | CKV2_AWS_75 | resource | aws_connect_vocabulary | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3155 | CKV2_AWS_75 | resource | aws_controltower_control | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3156 | CKV2_AWS_75 | resource | aws_controltower_control | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3157 | CKV2_AWS_75 | resource | aws_controltower_landing_zone | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3158 | CKV2_AWS_75 | resource | aws_controltower_landing_zone | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3159 | CKV2_AWS_75 | resource | aws_costoptimizationhub_enrollment_status | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3160 | CKV2_AWS_75 | resource | aws_costoptimizationhub_enrollment_status | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3161 | CKV2_AWS_75 | resource | aws_costoptimizationhub_preferences | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3162 | CKV2_AWS_75 | resource | aws_costoptimizationhub_preferences | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3163 | CKV2_AWS_75 | resource | aws_cur_report_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3164 | CKV2_AWS_75 | resource | aws_cur_report_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3165 | CKV2_AWS_75 | resource | aws_customer_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3166 | CKV2_AWS_75 | resource | aws_customer_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3167 | CKV2_AWS_75 | resource | aws_customerprofiles_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3168 | CKV2_AWS_75 | resource | aws_customerprofiles_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3169 | CKV2_AWS_75 | resource | aws_customerprofiles_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3170 | CKV2_AWS_75 | resource | aws_customerprofiles_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3171 | CKV2_AWS_75 | resource | aws_dataexchange_data_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3172 | CKV2_AWS_75 | resource | aws_dataexchange_data_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3173 | CKV2_AWS_75 | resource | aws_dataexchange_revision | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3174 | CKV2_AWS_75 | resource | aws_dataexchange_revision | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3175 | CKV2_AWS_75 | resource | aws_datapipeline_pipeline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3176 | CKV2_AWS_75 | resource | aws_datapipeline_pipeline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3177 | CKV2_AWS_75 | resource | aws_datapipeline_pipeline_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3178 | CKV2_AWS_75 | resource | aws_datapipeline_pipeline_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3179 | CKV2_AWS_75 | resource | aws_datasync_agent | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3180 | CKV2_AWS_75 | resource | aws_datasync_agent | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3181 | CKV2_AWS_75 | resource | aws_datasync_location_azure_blob | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3182 | CKV2_AWS_75 | resource | aws_datasync_location_azure_blob | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3183 | CKV2_AWS_75 | resource | aws_datasync_location_efs | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3184 | CKV2_AWS_75 | resource | aws_datasync_location_efs | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3185 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_lustre_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3186 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_lustre_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3187 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_ontap_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3188 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_ontap_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3189 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_openzfs_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3190 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_openzfs_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3191 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_windows_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3192 | CKV2_AWS_75 | resource | aws_datasync_location_fsx_windows_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3193 | CKV2_AWS_75 | resource | aws_datasync_location_hdfs | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3194 | CKV2_AWS_75 | resource | aws_datasync_location_hdfs | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3195 | CKV2_AWS_75 | resource | aws_datasync_location_nfs | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3196 | CKV2_AWS_75 | resource | aws_datasync_location_nfs | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3197 | CKV2_AWS_75 | resource | aws_datasync_location_object_storage | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3198 | CKV2_AWS_75 | resource | aws_datasync_location_object_storage | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3199 | CKV2_AWS_75 | resource | aws_datasync_location_s3 | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3200 | CKV2_AWS_75 | resource | aws_datasync_location_s3 | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3201 | CKV2_AWS_75 | resource | aws_datasync_location_smb | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3202 | CKV2_AWS_75 | resource | aws_datasync_location_smb | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3203 | CKV2_AWS_75 | resource | aws_datasync_task | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3204 | CKV2_AWS_75 | resource | aws_datasync_task | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3205 | CKV2_AWS_75 | resource | aws_datazone_asset_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3206 | CKV2_AWS_75 | resource | aws_datazone_asset_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3207 | CKV2_AWS_75 | resource | aws_datazone_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3208 | CKV2_AWS_75 | resource | aws_datazone_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3209 | CKV2_AWS_75 | resource | aws_datazone_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3210 | CKV2_AWS_75 | resource | aws_datazone_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3211 | CKV2_AWS_75 | resource | aws_datazone_environment_blueprint_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3212 | CKV2_AWS_75 | resource | aws_datazone_environment_blueprint_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3213 | CKV2_AWS_75 | resource | aws_datazone_environment_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3214 | CKV2_AWS_75 | resource | aws_datazone_environment_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3215 | CKV2_AWS_75 | resource | aws_datazone_form_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3216 | CKV2_AWS_75 | resource | aws_datazone_form_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3217 | CKV2_AWS_75 | resource | aws_datazone_glossary | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3218 | CKV2_AWS_75 | resource | aws_datazone_glossary | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3219 | CKV2_AWS_75 | resource | aws_datazone_glossary_term | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3220 | CKV2_AWS_75 | resource | aws_datazone_glossary_term | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3221 | CKV2_AWS_75 | resource | aws_datazone_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3222 | CKV2_AWS_75 | resource | aws_datazone_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3223 | CKV2_AWS_75 | resource | aws_datazone_user_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3224 | CKV2_AWS_75 | resource | aws_datazone_user_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3225 | CKV2_AWS_75 | resource | aws_dax_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3226 | CKV2_AWS_75 | resource | aws_dax_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3227 | CKV2_AWS_75 | resource | aws_dax_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3228 | CKV2_AWS_75 | resource | aws_dax_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3229 | CKV2_AWS_75 | resource | aws_dax_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3230 | CKV2_AWS_75 | resource | aws_dax_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3231 | CKV2_AWS_75 | resource | aws_db_cluster_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3232 | CKV2_AWS_75 | resource | aws_db_cluster_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3233 | CKV2_AWS_75 | resource | aws_db_event_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3234 | CKV2_AWS_75 | resource | aws_db_event_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3235 | CKV2_AWS_75 | resource | aws_db_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3236 | CKV2_AWS_75 | resource | aws_db_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3237 | CKV2_AWS_75 | resource | aws_db_instance_automated_backups_replication | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3238 | CKV2_AWS_75 | resource | aws_db_instance_automated_backups_replication | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3239 | CKV2_AWS_75 | resource | aws_db_instance_role_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3240 | CKV2_AWS_75 | resource | aws_db_instance_role_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3241 | CKV2_AWS_75 | resource | aws_db_option_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3242 | CKV2_AWS_75 | resource | aws_db_option_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3243 | CKV2_AWS_75 | resource | aws_db_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3244 | CKV2_AWS_75 | resource | aws_db_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3245 | CKV2_AWS_75 | resource | aws_db_proxy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3246 | CKV2_AWS_75 | resource | aws_db_proxy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3247 | CKV2_AWS_75 | resource | aws_db_proxy_default_target_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3248 | CKV2_AWS_75 | resource | aws_db_proxy_default_target_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3249 | CKV2_AWS_75 | resource | aws_db_proxy_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3250 | CKV2_AWS_75 | resource | aws_db_proxy_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3251 | CKV2_AWS_75 | resource | aws_db_proxy_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3252 | CKV2_AWS_75 | resource | aws_db_proxy_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3253 | CKV2_AWS_75 | resource | aws_db_security_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3254 | CKV2_AWS_75 | resource | aws_db_security_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3255 | CKV2_AWS_75 | resource | aws_db_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3256 | CKV2_AWS_75 | resource | aws_db_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3257 | CKV2_AWS_75 | resource | aws_db_snapshot_copy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3258 | CKV2_AWS_75 | resource | aws_db_snapshot_copy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3259 | CKV2_AWS_75 | resource | aws_db_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3260 | CKV2_AWS_75 | resource | aws_db_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3261 | CKV2_AWS_75 | resource | aws_default_network_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3262 | CKV2_AWS_75 | resource | aws_default_network_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3263 | CKV2_AWS_75 | resource | aws_default_route_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3264 | CKV2_AWS_75 | resource | aws_default_route_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3265 | CKV2_AWS_75 | resource | aws_default_security_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3266 | CKV2_AWS_75 | resource | aws_default_security_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3267 | CKV2_AWS_75 | resource | aws_default_subnet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3268 | CKV2_AWS_75 | resource | aws_default_subnet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3269 | CKV2_AWS_75 | resource | aws_default_vpc | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3270 | CKV2_AWS_75 | resource | aws_default_vpc | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3271 | CKV2_AWS_75 | resource | aws_default_vpc_dhcp_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3272 | CKV2_AWS_75 | resource | aws_default_vpc_dhcp_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3273 | CKV2_AWS_75 | resource | aws_detective_graph | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3274 | CKV2_AWS_75 | resource | aws_detective_graph | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3275 | CKV2_AWS_75 | resource | aws_detective_invitation_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3276 | CKV2_AWS_75 | resource | aws_detective_invitation_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3277 | CKV2_AWS_75 | resource | aws_detective_member | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3278 | CKV2_AWS_75 | resource | aws_detective_member | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3279 | CKV2_AWS_75 | resource | aws_detective_organization_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3280 | CKV2_AWS_75 | resource | aws_detective_organization_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3281 | CKV2_AWS_75 | resource | aws_detective_organization_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3282 | CKV2_AWS_75 | resource | aws_detective_organization_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3283 | CKV2_AWS_75 | resource | aws_devicefarm_device_pool | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3284 | CKV2_AWS_75 | resource | aws_devicefarm_device_pool | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3285 | CKV2_AWS_75 | resource | aws_devicefarm_instance_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3286 | CKV2_AWS_75 | resource | aws_devicefarm_instance_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3287 | CKV2_AWS_75 | resource | aws_devicefarm_network_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3288 | CKV2_AWS_75 | resource | aws_devicefarm_network_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3289 | CKV2_AWS_75 | resource | aws_devicefarm_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3290 | CKV2_AWS_75 | resource | aws_devicefarm_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3291 | CKV2_AWS_75 | resource | aws_devicefarm_test_grid_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3292 | CKV2_AWS_75 | resource | aws_devicefarm_test_grid_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3293 | CKV2_AWS_75 | resource | aws_devicefarm_upload | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3294 | CKV2_AWS_75 | resource | aws_devicefarm_upload | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3295 | CKV2_AWS_75 | resource | aws_devopsguru_event_sources_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3296 | CKV2_AWS_75 | resource | aws_devopsguru_event_sources_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3297 | CKV2_AWS_75 | resource | aws_devopsguru_notification_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3298 | CKV2_AWS_75 | resource | aws_devopsguru_notification_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3299 | CKV2_AWS_75 | resource | aws_devopsguru_resource_collection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3300 | CKV2_AWS_75 | resource | aws_devopsguru_resource_collection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3301 | CKV2_AWS_75 | resource | aws_devopsguru_service_integration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3302 | CKV2_AWS_75 | resource | aws_devopsguru_service_integration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3303 | CKV2_AWS_75 | resource | aws_directory_service_conditional_forwarder | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3304 | CKV2_AWS_75 | resource | aws_directory_service_conditional_forwarder | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3305 | CKV2_AWS_75 | resource | aws_directory_service_directory | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3306 | CKV2_AWS_75 | resource | aws_directory_service_directory | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3307 | CKV2_AWS_75 | resource | aws_directory_service_log_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3308 | CKV2_AWS_75 | resource | aws_directory_service_log_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3309 | CKV2_AWS_75 | resource | aws_directory_service_radius_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3310 | CKV2_AWS_75 | resource | aws_directory_service_radius_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3311 | CKV2_AWS_75 | resource | aws_directory_service_region | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3312 | CKV2_AWS_75 | resource | aws_directory_service_region | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3313 | CKV2_AWS_75 | resource | aws_directory_service_shared_directory | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3314 | CKV2_AWS_75 | resource | aws_directory_service_shared_directory | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3315 | CKV2_AWS_75 | resource | aws_directory_service_shared_directory_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3316 | CKV2_AWS_75 | resource | aws_directory_service_shared_directory_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3317 | CKV2_AWS_75 | resource | aws_directory_service_trust | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3318 | CKV2_AWS_75 | resource | aws_directory_service_trust | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3319 | CKV2_AWS_75 | resource | aws_dlm_lifecycle_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3320 | CKV2_AWS_75 | resource | aws_dlm_lifecycle_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3321 | CKV2_AWS_75 | resource | aws_dms_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3322 | CKV2_AWS_75 | resource | aws_dms_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3323 | CKV2_AWS_75 | resource | aws_dms_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3324 | CKV2_AWS_75 | resource | aws_dms_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3325 | CKV2_AWS_75 | resource | aws_dms_event_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3326 | CKV2_AWS_75 | resource | aws_dms_event_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3327 | CKV2_AWS_75 | resource | aws_dms_replication_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3328 | CKV2_AWS_75 | resource | aws_dms_replication_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3329 | CKV2_AWS_75 | resource | aws_dms_replication_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3330 | CKV2_AWS_75 | resource | aws_dms_replication_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3331 | CKV2_AWS_75 | resource | aws_dms_replication_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3332 | CKV2_AWS_75 | resource | aws_dms_replication_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3333 | CKV2_AWS_75 | resource | aws_dms_replication_task | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3334 | CKV2_AWS_75 | resource | aws_dms_replication_task | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3335 | CKV2_AWS_75 | resource | aws_dms_s3_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3336 | CKV2_AWS_75 | resource | aws_dms_s3_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3337 | CKV2_AWS_75 | resource | aws_docdb_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3338 | CKV2_AWS_75 | resource | aws_docdb_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3339 | CKV2_AWS_75 | resource | aws_docdb_cluster_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3340 | CKV2_AWS_75 | resource | aws_docdb_cluster_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3341 | CKV2_AWS_75 | resource | aws_docdb_cluster_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3342 | CKV2_AWS_75 | resource | aws_docdb_cluster_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3343 | CKV2_AWS_75 | resource | aws_docdb_cluster_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3344 | CKV2_AWS_75 | resource | aws_docdb_cluster_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3345 | CKV2_AWS_75 | resource | aws_docdb_event_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3346 | CKV2_AWS_75 | resource | aws_docdb_event_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3347 | CKV2_AWS_75 | resource | aws_docdb_global_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3348 | CKV2_AWS_75 | resource | aws_docdb_global_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3349 | CKV2_AWS_75 | resource | aws_docdb_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3350 | CKV2_AWS_75 | resource | aws_docdb_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3351 | CKV2_AWS_75 | resource | aws_docdbelastic_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3352 | CKV2_AWS_75 | resource | aws_docdbelastic_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3353 | CKV2_AWS_75 | resource | aws_drs_replication_configuration_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3354 | CKV2_AWS_75 | resource | aws_drs_replication_configuration_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3355 | CKV2_AWS_75 | resource | aws_dx_bgp_peer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3356 | CKV2_AWS_75 | resource | aws_dx_bgp_peer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3357 | CKV2_AWS_75 | resource | aws_dx_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3358 | CKV2_AWS_75 | resource | aws_dx_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3359 | CKV2_AWS_75 | resource | aws_dx_connection_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3360 | CKV2_AWS_75 | resource | aws_dx_connection_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3361 | CKV2_AWS_75 | resource | aws_dx_connection_confirmation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3362 | CKV2_AWS_75 | resource | aws_dx_connection_confirmation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3363 | CKV2_AWS_75 | resource | aws_dx_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3364 | CKV2_AWS_75 | resource | aws_dx_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3365 | CKV2_AWS_75 | resource | aws_dx_gateway_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3366 | CKV2_AWS_75 | resource | aws_dx_gateway_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3367 | CKV2_AWS_75 | resource | aws_dx_gateway_association_proposal | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3368 | CKV2_AWS_75 | resource | aws_dx_gateway_association_proposal | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3369 | CKV2_AWS_75 | resource | aws_dx_hosted_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3370 | CKV2_AWS_75 | resource | aws_dx_hosted_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3371 | CKV2_AWS_75 | resource | aws_dx_hosted_private_virtual_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3372 | CKV2_AWS_75 | resource | aws_dx_hosted_private_virtual_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3373 | CKV2_AWS_75 | resource | aws_dx_hosted_private_virtual_interface_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3374 | CKV2_AWS_75 | resource | aws_dx_hosted_private_virtual_interface_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3375 | CKV2_AWS_75 | resource | aws_dx_hosted_public_virtual_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3376 | CKV2_AWS_75 | resource | aws_dx_hosted_public_virtual_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3377 | CKV2_AWS_75 | resource | aws_dx_hosted_public_virtual_interface_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3378 | CKV2_AWS_75 | resource | aws_dx_hosted_public_virtual_interface_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3379 | CKV2_AWS_75 | resource | aws_dx_hosted_transit_virtual_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3380 | CKV2_AWS_75 | resource | aws_dx_hosted_transit_virtual_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3381 | CKV2_AWS_75 | resource | aws_dx_hosted_transit_virtual_interface_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3382 | CKV2_AWS_75 | resource | aws_dx_hosted_transit_virtual_interface_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3383 | CKV2_AWS_75 | resource | aws_dx_lag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3384 | CKV2_AWS_75 | resource | aws_dx_lag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3385 | CKV2_AWS_75 | resource | aws_dx_macsec_key_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3386 | CKV2_AWS_75 | resource | aws_dx_macsec_key_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3387 | CKV2_AWS_75 | resource | aws_dx_private_virtual_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3388 | CKV2_AWS_75 | resource | aws_dx_private_virtual_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3389 | CKV2_AWS_75 | resource | aws_dx_public_virtual_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3390 | CKV2_AWS_75 | resource | aws_dx_public_virtual_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3391 | CKV2_AWS_75 | resource | aws_dx_transit_virtual_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3392 | CKV2_AWS_75 | resource | aws_dx_transit_virtual_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3393 | CKV2_AWS_75 | resource | aws_dynamodb_contributor_insights | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3394 | CKV2_AWS_75 | resource | aws_dynamodb_contributor_insights | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3395 | CKV2_AWS_75 | resource | aws_dynamodb_global_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3396 | CKV2_AWS_75 | resource | aws_dynamodb_global_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3397 | CKV2_AWS_75 | resource | aws_dynamodb_kinesis_streaming_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3398 | CKV2_AWS_75 | resource | aws_dynamodb_kinesis_streaming_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3399 | CKV2_AWS_75 | resource | aws_dynamodb_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3400 | CKV2_AWS_75 | resource | aws_dynamodb_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3401 | CKV2_AWS_75 | resource | aws_dynamodb_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3402 | CKV2_AWS_75 | resource | aws_dynamodb_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3403 | CKV2_AWS_75 | resource | aws_dynamodb_table_export | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3404 | CKV2_AWS_75 | resource | aws_dynamodb_table_export | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3405 | CKV2_AWS_75 | resource | aws_dynamodb_table_item | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3406 | CKV2_AWS_75 | resource | aws_dynamodb_table_item | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3407 | CKV2_AWS_75 | resource | aws_dynamodb_table_replica | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3408 | CKV2_AWS_75 | resource | aws_dynamodb_table_replica | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3409 | CKV2_AWS_75 | resource | aws_dynamodb_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3410 | CKV2_AWS_75 | resource | aws_dynamodb_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3411 | CKV2_AWS_75 | resource | aws_ebs_default_kms_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3412 | CKV2_AWS_75 | resource | aws_ebs_default_kms_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3413 | CKV2_AWS_75 | resource | aws_ebs_encryption_by_default | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3414 | CKV2_AWS_75 | resource | aws_ebs_encryption_by_default | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3415 | CKV2_AWS_75 | resource | aws_ebs_fast_snapshot_restore | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3416 | CKV2_AWS_75 | resource | aws_ebs_fast_snapshot_restore | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3417 | CKV2_AWS_75 | resource | aws_ebs_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3418 | CKV2_AWS_75 | resource | aws_ebs_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3419 | CKV2_AWS_75 | resource | aws_ebs_snapshot_block_public_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3420 | CKV2_AWS_75 | resource | aws_ebs_snapshot_block_public_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3421 | CKV2_AWS_75 | resource | aws_ebs_snapshot_copy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3422 | CKV2_AWS_75 | resource | aws_ebs_snapshot_copy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3423 | CKV2_AWS_75 | resource | aws_ebs_snapshot_import | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3424 | CKV2_AWS_75 | resource | aws_ebs_snapshot_import | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3425 | CKV2_AWS_75 | resource | aws_ebs_volume | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3426 | CKV2_AWS_75 | resource | aws_ebs_volume | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3427 | CKV2_AWS_75 | resource | aws_ec2_availability_zone_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3428 | CKV2_AWS_75 | resource | aws_ec2_availability_zone_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3429 | CKV2_AWS_75 | resource | aws_ec2_capacity_block_reservation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3430 | CKV2_AWS_75 | resource | aws_ec2_capacity_block_reservation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3431 | CKV2_AWS_75 | resource | aws_ec2_capacity_reservation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3432 | CKV2_AWS_75 | resource | aws_ec2_capacity_reservation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3433 | CKV2_AWS_75 | resource | aws_ec2_carrier_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3434 | CKV2_AWS_75 | resource | aws_ec2_carrier_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3435 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_authorization_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3436 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_authorization_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3437 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3438 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3439 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_network_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3440 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_network_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3441 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3442 | CKV2_AWS_75 | resource | aws_ec2_client_vpn_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3443 | CKV2_AWS_75 | resource | aws_ec2_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3444 | CKV2_AWS_75 | resource | aws_ec2_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3445 | CKV2_AWS_75 | resource | aws_ec2_host | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3446 | CKV2_AWS_75 | resource | aws_ec2_host | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3447 | CKV2_AWS_75 | resource | aws_ec2_image_block_public_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3448 | CKV2_AWS_75 | resource | aws_ec2_image_block_public_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3449 | CKV2_AWS_75 | resource | aws_ec2_instance_connect_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3450 | CKV2_AWS_75 | resource | aws_ec2_instance_connect_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3451 | CKV2_AWS_75 | resource | aws_ec2_instance_metadata_defaults | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3452 | CKV2_AWS_75 | resource | aws_ec2_instance_metadata_defaults | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3453 | CKV2_AWS_75 | resource | aws_ec2_instance_state | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3454 | CKV2_AWS_75 | resource | aws_ec2_instance_state | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3455 | CKV2_AWS_75 | resource | aws_ec2_local_gateway_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3456 | CKV2_AWS_75 | resource | aws_ec2_local_gateway_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3457 | CKV2_AWS_75 | resource | aws_ec2_local_gateway_route_table_vpc_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3458 | CKV2_AWS_75 | resource | aws_ec2_local_gateway_route_table_vpc_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3459 | CKV2_AWS_75 | resource | aws_ec2_managed_prefix_list | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3460 | CKV2_AWS_75 | resource | aws_ec2_managed_prefix_list | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3461 | CKV2_AWS_75 | resource | aws_ec2_managed_prefix_list_entry | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3462 | CKV2_AWS_75 | resource | aws_ec2_managed_prefix_list_entry | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3463 | CKV2_AWS_75 | resource | aws_ec2_network_insights_analysis | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3464 | CKV2_AWS_75 | resource | aws_ec2_network_insights_analysis | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3465 | CKV2_AWS_75 | resource | aws_ec2_network_insights_path | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3466 | CKV2_AWS_75 | resource | aws_ec2_network_insights_path | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3467 | CKV2_AWS_75 | resource | aws_ec2_serial_console_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3468 | CKV2_AWS_75 | resource | aws_ec2_serial_console_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3469 | CKV2_AWS_75 | resource | aws_ec2_subnet_cidr_reservation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3470 | CKV2_AWS_75 | resource | aws_ec2_subnet_cidr_reservation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3471 | CKV2_AWS_75 | resource | aws_ec2_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3472 | CKV2_AWS_75 | resource | aws_ec2_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3473 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3474 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3475 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_filter_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3476 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_filter_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3477 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_session | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3478 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_session | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3479 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3480 | CKV2_AWS_75 | resource | aws_ec2_traffic_mirror_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3481 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3482 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3483 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_connect | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3484 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_connect | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3485 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_connect_peer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3486 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_connect_peer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3487 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_default_route_table_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3488 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_default_route_table_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3489 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_default_route_table_propagation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3490 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_default_route_table_propagation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3491 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3492 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3493 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_domain_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3494 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_domain_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3495 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_group_member | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3496 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_group_member | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3497 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_group_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3498 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_multicast_group_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3499 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_peering_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3500 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_peering_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3501 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_peering_attachment_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3502 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_peering_attachment_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3503 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_policy_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3504 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_policy_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3505 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_policy_table_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3506 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_policy_table_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3507 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_prefix_list_reference | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3508 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_prefix_list_reference | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3509 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3510 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3511 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3512 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3513 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route_table_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3514 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route_table_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3515 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route_table_propagation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3516 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_route_table_propagation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3517 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_vpc_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3518 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_vpc_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3519 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_vpc_attachment_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3520 | CKV2_AWS_75 | resource | aws_ec2_transit_gateway_vpc_attachment_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3521 | CKV2_AWS_75 | resource | aws_ecr_account_setting | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3522 | CKV2_AWS_75 | resource | aws_ecr_account_setting | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3523 | CKV2_AWS_75 | resource | aws_ecr_lifecycle_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3524 | CKV2_AWS_75 | resource | aws_ecr_lifecycle_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3525 | CKV2_AWS_75 | resource | aws_ecr_pull_through_cache_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3526 | CKV2_AWS_75 | resource | aws_ecr_pull_through_cache_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3527 | CKV2_AWS_75 | resource | aws_ecr_registry_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3528 | CKV2_AWS_75 | resource | aws_ecr_registry_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3529 | CKV2_AWS_75 | resource | aws_ecr_registry_scanning_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3530 | CKV2_AWS_75 | resource | aws_ecr_registry_scanning_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3531 | CKV2_AWS_75 | resource | aws_ecr_replication_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3532 | CKV2_AWS_75 | resource | aws_ecr_replication_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3533 | CKV2_AWS_75 | resource | aws_ecr_repository | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3534 | CKV2_AWS_75 | resource | aws_ecr_repository | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3535 | CKV2_AWS_75 | resource | aws_ecr_repository_creation_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3536 | CKV2_AWS_75 | resource | aws_ecr_repository_creation_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3537 | CKV2_AWS_75 | resource | aws_ecr_repository_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3538 | CKV2_AWS_75 | resource | aws_ecr_repository_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3539 | CKV2_AWS_75 | resource | aws_ecrpublic_repository | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3540 | CKV2_AWS_75 | resource | aws_ecrpublic_repository | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3541 | CKV2_AWS_75 | resource | aws_ecrpublic_repository_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3542 | CKV2_AWS_75 | resource | aws_ecrpublic_repository_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3543 | CKV2_AWS_75 | resource | aws_ecs_account_setting_default | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3544 | CKV2_AWS_75 | resource | aws_ecs_account_setting_default | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3545 | CKV2_AWS_75 | resource | aws_ecs_capacity_provider | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3546 | CKV2_AWS_75 | resource | aws_ecs_capacity_provider | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3547 | CKV2_AWS_75 | resource | aws_ecs_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3548 | CKV2_AWS_75 | resource | aws_ecs_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3549 | CKV2_AWS_75 | resource | aws_ecs_cluster_capacity_providers | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3550 | CKV2_AWS_75 | resource | aws_ecs_cluster_capacity_providers | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3551 | CKV2_AWS_75 | resource | aws_ecs_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3552 | CKV2_AWS_75 | resource | aws_ecs_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3553 | CKV2_AWS_75 | resource | aws_ecs_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3554 | CKV2_AWS_75 | resource | aws_ecs_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3555 | CKV2_AWS_75 | resource | aws_ecs_task_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3556 | CKV2_AWS_75 | resource | aws_ecs_task_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3557 | CKV2_AWS_75 | resource | aws_ecs_task_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3558 | CKV2_AWS_75 | resource | aws_ecs_task_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3559 | CKV2_AWS_75 | resource | aws_efs_access_point | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3560 | CKV2_AWS_75 | resource | aws_efs_access_point | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3561 | CKV2_AWS_75 | resource | aws_efs_backup_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3562 | CKV2_AWS_75 | resource | aws_efs_backup_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3563 | CKV2_AWS_75 | resource | aws_efs_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3564 | CKV2_AWS_75 | resource | aws_efs_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3565 | CKV2_AWS_75 | resource | aws_efs_file_system_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3566 | CKV2_AWS_75 | resource | aws_efs_file_system_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3567 | CKV2_AWS_75 | resource | aws_efs_mount_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3568 | CKV2_AWS_75 | resource | aws_efs_mount_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3569 | CKV2_AWS_75 | resource | aws_efs_replication_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3570 | CKV2_AWS_75 | resource | aws_efs_replication_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3571 | CKV2_AWS_75 | resource | aws_egress_only_internet_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3572 | CKV2_AWS_75 | resource | aws_egress_only_internet_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3573 | CKV2_AWS_75 | resource | aws_eip | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3574 | CKV2_AWS_75 | resource | aws_eip | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3575 | CKV2_AWS_75 | resource | aws_eip_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3576 | CKV2_AWS_75 | resource | aws_eip_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3577 | CKV2_AWS_75 | resource | aws_eip_domain_name | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3578 | CKV2_AWS_75 | resource | aws_eip_domain_name | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3579 | CKV2_AWS_75 | resource | aws_eks_access_entry | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3580 | CKV2_AWS_75 | resource | aws_eks_access_entry | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3581 | CKV2_AWS_75 | resource | aws_eks_access_policy_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3582 | CKV2_AWS_75 | resource | aws_eks_access_policy_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3583 | CKV2_AWS_75 | resource | aws_eks_addon | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3584 | CKV2_AWS_75 | resource | aws_eks_addon | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3585 | CKV2_AWS_75 | resource | aws_eks_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3586 | CKV2_AWS_75 | resource | aws_eks_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3587 | CKV2_AWS_75 | resource | aws_eks_fargate_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3588 | CKV2_AWS_75 | resource | aws_eks_fargate_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3589 | CKV2_AWS_75 | resource | aws_eks_identity_provider_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3590 | CKV2_AWS_75 | resource | aws_eks_identity_provider_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3591 | CKV2_AWS_75 | resource | aws_eks_node_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3592 | CKV2_AWS_75 | resource | aws_eks_node_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3593 | CKV2_AWS_75 | resource | aws_eks_pod_identity_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3594 | CKV2_AWS_75 | resource | aws_eks_pod_identity_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3595 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3596 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3597 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_application_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3598 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_application_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3599 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_configuration_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3600 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_configuration_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3601 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3602 | CKV2_AWS_75 | resource | aws_elastic_beanstalk_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3603 | CKV2_AWS_75 | resource | aws_elasticache_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3604 | CKV2_AWS_75 | resource | aws_elasticache_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3605 | CKV2_AWS_75 | resource | aws_elasticache_global_replication_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3606 | CKV2_AWS_75 | resource | aws_elasticache_global_replication_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3607 | CKV2_AWS_75 | resource | aws_elasticache_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3608 | CKV2_AWS_75 | resource | aws_elasticache_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3609 | CKV2_AWS_75 | resource | aws_elasticache_replication_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3610 | CKV2_AWS_75 | resource | aws_elasticache_replication_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3611 | CKV2_AWS_75 | resource | aws_elasticache_reserved_cache_node | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3612 | CKV2_AWS_75 | resource | aws_elasticache_reserved_cache_node | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3613 | CKV2_AWS_75 | resource | aws_elasticache_security_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3614 | CKV2_AWS_75 | resource | aws_elasticache_security_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3615 | CKV2_AWS_75 | resource | aws_elasticache_serverless_cache | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3616 | CKV2_AWS_75 | resource | aws_elasticache_serverless_cache | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3617 | CKV2_AWS_75 | resource | aws_elasticache_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3618 | CKV2_AWS_75 | resource | aws_elasticache_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3619 | CKV2_AWS_75 | resource | aws_elasticache_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3620 | CKV2_AWS_75 | resource | aws_elasticache_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3621 | CKV2_AWS_75 | resource | aws_elasticache_user_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3622 | CKV2_AWS_75 | resource | aws_elasticache_user_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3623 | CKV2_AWS_75 | resource | aws_elasticache_user_group_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3624 | CKV2_AWS_75 | resource | aws_elasticache_user_group_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3625 | CKV2_AWS_75 | resource | aws_elasticsearch_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3626 | CKV2_AWS_75 | resource | aws_elasticsearch_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3627 | CKV2_AWS_75 | resource | aws_elasticsearch_domain_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3628 | CKV2_AWS_75 | resource | aws_elasticsearch_domain_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3629 | CKV2_AWS_75 | resource | aws_elasticsearch_domain_saml_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3630 | CKV2_AWS_75 | resource | aws_elasticsearch_domain_saml_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3631 | CKV2_AWS_75 | resource | aws_elasticsearch_vpc_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3632 | CKV2_AWS_75 | resource | aws_elasticsearch_vpc_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3633 | CKV2_AWS_75 | resource | aws_elastictranscoder_pipeline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3634 | CKV2_AWS_75 | resource | aws_elastictranscoder_pipeline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3635 | CKV2_AWS_75 | resource | aws_elastictranscoder_preset | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3636 | CKV2_AWS_75 | resource | aws_elastictranscoder_preset | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3637 | CKV2_AWS_75 | resource | aws_elb | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3638 | CKV2_AWS_75 | resource | aws_elb | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3639 | CKV2_AWS_75 | resource | aws_elb_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3640 | CKV2_AWS_75 | resource | aws_elb_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3641 | CKV2_AWS_75 | resource | aws_emr_block_public_access_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3642 | CKV2_AWS_75 | resource | aws_emr_block_public_access_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3643 | CKV2_AWS_75 | resource | aws_emr_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3644 | CKV2_AWS_75 | resource | aws_emr_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3645 | CKV2_AWS_75 | resource | aws_emr_instance_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3646 | CKV2_AWS_75 | resource | aws_emr_instance_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3647 | CKV2_AWS_75 | resource | aws_emr_instance_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3648 | CKV2_AWS_75 | resource | aws_emr_instance_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3649 | CKV2_AWS_75 | resource | aws_emr_managed_scaling_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3650 | CKV2_AWS_75 | resource | aws_emr_managed_scaling_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3651 | CKV2_AWS_75 | resource | aws_emr_security_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3652 | CKV2_AWS_75 | resource | aws_emr_security_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3653 | CKV2_AWS_75 | resource | aws_emr_studio | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3654 | CKV2_AWS_75 | resource | aws_emr_studio | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3655 | CKV2_AWS_75 | resource | aws_emr_studio_session_mapping | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3656 | CKV2_AWS_75 | resource | aws_emr_studio_session_mapping | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3657 | CKV2_AWS_75 | resource | aws_emrcontainers_job_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3658 | CKV2_AWS_75 | resource | aws_emrcontainers_job_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3659 | CKV2_AWS_75 | resource | aws_emrcontainers_virtual_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3660 | CKV2_AWS_75 | resource | aws_emrcontainers_virtual_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3661 | CKV2_AWS_75 | resource | aws_emrserverless_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3662 | CKV2_AWS_75 | resource | aws_emrserverless_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3663 | CKV2_AWS_75 | resource | aws_evidently_feature | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3664 | CKV2_AWS_75 | resource | aws_evidently_feature | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3665 | CKV2_AWS_75 | resource | aws_evidently_launch | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3666 | CKV2_AWS_75 | resource | aws_evidently_launch | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3667 | CKV2_AWS_75 | resource | aws_evidently_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3668 | CKV2_AWS_75 | resource | aws_evidently_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3669 | CKV2_AWS_75 | resource | aws_evidently_segment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3670 | CKV2_AWS_75 | resource | aws_evidently_segment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3671 | CKV2_AWS_75 | resource | aws_finspace_kx_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3672 | CKV2_AWS_75 | resource | aws_finspace_kx_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3673 | CKV2_AWS_75 | resource | aws_finspace_kx_database | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3674 | CKV2_AWS_75 | resource | aws_finspace_kx_database | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3675 | CKV2_AWS_75 | resource | aws_finspace_kx_dataview | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3676 | CKV2_AWS_75 | resource | aws_finspace_kx_dataview | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3677 | CKV2_AWS_75 | resource | aws_finspace_kx_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3678 | CKV2_AWS_75 | resource | aws_finspace_kx_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3679 | CKV2_AWS_75 | resource | aws_finspace_kx_scaling_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3680 | CKV2_AWS_75 | resource | aws_finspace_kx_scaling_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3681 | CKV2_AWS_75 | resource | aws_finspace_kx_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3682 | CKV2_AWS_75 | resource | aws_finspace_kx_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3683 | CKV2_AWS_75 | resource | aws_finspace_kx_volume | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3684 | CKV2_AWS_75 | resource | aws_finspace_kx_volume | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3685 | CKV2_AWS_75 | resource | aws_fis_experiment_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3686 | CKV2_AWS_75 | resource | aws_fis_experiment_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3687 | CKV2_AWS_75 | resource | aws_flow_log | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3688 | CKV2_AWS_75 | resource | aws_flow_log | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3689 | CKV2_AWS_75 | resource | aws_fms_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3690 | CKV2_AWS_75 | resource | aws_fms_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3691 | CKV2_AWS_75 | resource | aws_fms_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3692 | CKV2_AWS_75 | resource | aws_fms_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3693 | CKV2_AWS_75 | resource | aws_fms_resource_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3694 | CKV2_AWS_75 | resource | aws_fms_resource_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3695 | CKV2_AWS_75 | resource | aws_fsx_backup | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3696 | CKV2_AWS_75 | resource | aws_fsx_backup | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3697 | CKV2_AWS_75 | resource | aws_fsx_data_repository_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3698 | CKV2_AWS_75 | resource | aws_fsx_data_repository_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3699 | CKV2_AWS_75 | resource | aws_fsx_file_cache | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3700 | CKV2_AWS_75 | resource | aws_fsx_file_cache | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3701 | CKV2_AWS_75 | resource | aws_fsx_lustre_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3702 | CKV2_AWS_75 | resource | aws_fsx_lustre_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3703 | CKV2_AWS_75 | resource | aws_fsx_ontap_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3704 | CKV2_AWS_75 | resource | aws_fsx_ontap_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3705 | CKV2_AWS_75 | resource | aws_fsx_ontap_storage_virtual_machine | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3706 | CKV2_AWS_75 | resource | aws_fsx_ontap_storage_virtual_machine | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3707 | CKV2_AWS_75 | resource | aws_fsx_ontap_volume | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3708 | CKV2_AWS_75 | resource | aws_fsx_ontap_volume | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3709 | CKV2_AWS_75 | resource | aws_fsx_openzfs_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3710 | CKV2_AWS_75 | resource | aws_fsx_openzfs_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3711 | CKV2_AWS_75 | resource | aws_fsx_openzfs_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3712 | CKV2_AWS_75 | resource | aws_fsx_openzfs_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3713 | CKV2_AWS_75 | resource | aws_fsx_openzfs_volume | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3714 | CKV2_AWS_75 | resource | aws_fsx_openzfs_volume | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3715 | CKV2_AWS_75 | resource | aws_fsx_windows_file_system | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3716 | CKV2_AWS_75 | resource | aws_fsx_windows_file_system | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3717 | CKV2_AWS_75 | resource | aws_gamelift_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3718 | CKV2_AWS_75 | resource | aws_gamelift_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3719 | CKV2_AWS_75 | resource | aws_gamelift_build | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3720 | CKV2_AWS_75 | resource | aws_gamelift_build | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3721 | CKV2_AWS_75 | resource | aws_gamelift_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3722 | CKV2_AWS_75 | resource | aws_gamelift_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3723 | CKV2_AWS_75 | resource | aws_gamelift_game_server_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3724 | CKV2_AWS_75 | resource | aws_gamelift_game_server_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3725 | CKV2_AWS_75 | resource | aws_gamelift_game_session_queue | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3726 | CKV2_AWS_75 | resource | aws_gamelift_game_session_queue | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3727 | CKV2_AWS_75 | resource | aws_gamelift_script | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3728 | CKV2_AWS_75 | resource | aws_gamelift_script | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3729 | CKV2_AWS_75 | resource | aws_glacier_vault | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3730 | CKV2_AWS_75 | resource | aws_glacier_vault | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3731 | CKV2_AWS_75 | resource | aws_glacier_vault_lock | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3732 | CKV2_AWS_75 | resource | aws_glacier_vault_lock | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3733 | CKV2_AWS_75 | resource | aws_globalaccelerator_accelerator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3734 | CKV2_AWS_75 | resource | aws_globalaccelerator_accelerator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3735 | CKV2_AWS_75 | resource | aws_globalaccelerator_cross_account_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3736 | CKV2_AWS_75 | resource | aws_globalaccelerator_cross_account_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3737 | CKV2_AWS_75 | resource | aws_globalaccelerator_custom_routing_accelerator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3738 | CKV2_AWS_75 | resource | aws_globalaccelerator_custom_routing_accelerator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3739 | CKV2_AWS_75 | resource | aws_globalaccelerator_custom_routing_endpoint_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3740 | CKV2_AWS_75 | resource | aws_globalaccelerator_custom_routing_endpoint_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3741 | CKV2_AWS_75 | resource | aws_globalaccelerator_custom_routing_listener | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3742 | CKV2_AWS_75 | resource | aws_globalaccelerator_custom_routing_listener | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3743 | CKV2_AWS_75 | resource | aws_globalaccelerator_endpoint_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3744 | CKV2_AWS_75 | resource | aws_globalaccelerator_endpoint_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3745 | CKV2_AWS_75 | resource | aws_globalaccelerator_listener | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3746 | CKV2_AWS_75 | resource | aws_globalaccelerator_listener | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3747 | CKV2_AWS_75 | resource | aws_glue_catalog_database | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3748 | CKV2_AWS_75 | resource | aws_glue_catalog_database | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3749 | CKV2_AWS_75 | resource | aws_glue_catalog_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3750 | CKV2_AWS_75 | resource | aws_glue_catalog_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3751 | CKV2_AWS_75 | resource | aws_glue_catalog_table_optimizer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3752 | CKV2_AWS_75 | resource | aws_glue_catalog_table_optimizer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3753 | CKV2_AWS_75 | resource | aws_glue_classifier | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3754 | CKV2_AWS_75 | resource | aws_glue_classifier | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3755 | CKV2_AWS_75 | resource | aws_glue_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3756 | CKV2_AWS_75 | resource | aws_glue_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3757 | CKV2_AWS_75 | resource | aws_glue_crawler | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3758 | CKV2_AWS_75 | resource | aws_glue_crawler | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3759 | CKV2_AWS_75 | resource | aws_glue_data_catalog_encryption_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3760 | CKV2_AWS_75 | resource | aws_glue_data_catalog_encryption_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3761 | CKV2_AWS_75 | resource | aws_glue_data_quality_ruleset | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3762 | CKV2_AWS_75 | resource | aws_glue_data_quality_ruleset | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3763 | CKV2_AWS_75 | resource | aws_glue_dev_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3764 | CKV2_AWS_75 | resource | aws_glue_dev_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3765 | CKV2_AWS_75 | resource | aws_glue_job | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3766 | CKV2_AWS_75 | resource | aws_glue_job | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3767 | CKV2_AWS_75 | resource | aws_glue_ml_transform | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3768 | CKV2_AWS_75 | resource | aws_glue_ml_transform | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3769 | CKV2_AWS_75 | resource | aws_glue_partition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3770 | CKV2_AWS_75 | resource | aws_glue_partition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3771 | CKV2_AWS_75 | resource | aws_glue_partition_index | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3772 | CKV2_AWS_75 | resource | aws_glue_partition_index | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3773 | CKV2_AWS_75 | resource | aws_glue_registry | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3774 | CKV2_AWS_75 | resource | aws_glue_registry | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3775 | CKV2_AWS_75 | resource | aws_glue_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3776 | CKV2_AWS_75 | resource | aws_glue_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3777 | CKV2_AWS_75 | resource | aws_glue_schema | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3778 | CKV2_AWS_75 | resource | aws_glue_schema | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3779 | CKV2_AWS_75 | resource | aws_glue_security_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3780 | CKV2_AWS_75 | resource | aws_glue_security_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3781 | CKV2_AWS_75 | resource | aws_glue_trigger | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3782 | CKV2_AWS_75 | resource | aws_glue_trigger | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3783 | CKV2_AWS_75 | resource | aws_glue_user_defined_function | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3784 | CKV2_AWS_75 | resource | aws_glue_user_defined_function | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3785 | CKV2_AWS_75 | resource | aws_glue_workflow | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3786 | CKV2_AWS_75 | resource | aws_glue_workflow | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3787 | CKV2_AWS_75 | resource | aws_grafana_license_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3788 | CKV2_AWS_75 | resource | aws_grafana_license_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3789 | CKV2_AWS_75 | resource | aws_grafana_role_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3790 | CKV2_AWS_75 | resource | aws_grafana_role_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3791 | CKV2_AWS_75 | resource | aws_grafana_workspace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3792 | CKV2_AWS_75 | resource | aws_grafana_workspace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3793 | CKV2_AWS_75 | resource | aws_grafana_workspace_api_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3794 | CKV2_AWS_75 | resource | aws_grafana_workspace_api_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3795 | CKV2_AWS_75 | resource | aws_grafana_workspace_saml_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3796 | CKV2_AWS_75 | resource | aws_grafana_workspace_saml_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3797 | CKV2_AWS_75 | resource | aws_grafana_workspace_service_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3798 | CKV2_AWS_75 | resource | aws_grafana_workspace_service_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3799 | CKV2_AWS_75 | resource | aws_grafana_workspace_service_account_token | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3800 | CKV2_AWS_75 | resource | aws_grafana_workspace_service_account_token | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3801 | CKV2_AWS_75 | resource | aws_guardduty_detector | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3802 | CKV2_AWS_75 | resource | aws_guardduty_detector | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3803 | CKV2_AWS_75 | resource | aws_guardduty_detector_feature | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3804 | CKV2_AWS_75 | resource | aws_guardduty_detector_feature | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3805 | CKV2_AWS_75 | resource | aws_guardduty_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3806 | CKV2_AWS_75 | resource | aws_guardduty_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3807 | CKV2_AWS_75 | resource | aws_guardduty_invite_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3808 | CKV2_AWS_75 | resource | aws_guardduty_invite_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3809 | CKV2_AWS_75 | resource | aws_guardduty_ipset | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3810 | CKV2_AWS_75 | resource | aws_guardduty_ipset | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3811 | CKV2_AWS_75 | resource | aws_guardduty_malware_protection_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3812 | CKV2_AWS_75 | resource | aws_guardduty_malware_protection_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3813 | CKV2_AWS_75 | resource | aws_guardduty_member | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3814 | CKV2_AWS_75 | resource | aws_guardduty_member | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3815 | CKV2_AWS_75 | resource | aws_guardduty_member_detector_feature | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3816 | CKV2_AWS_75 | resource | aws_guardduty_member_detector_feature | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3817 | CKV2_AWS_75 | resource | aws_guardduty_organization_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3818 | CKV2_AWS_75 | resource | aws_guardduty_organization_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3819 | CKV2_AWS_75 | resource | aws_guardduty_organization_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3820 | CKV2_AWS_75 | resource | aws_guardduty_organization_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3821 | CKV2_AWS_75 | resource | aws_guardduty_organization_configuration_feature | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3822 | CKV2_AWS_75 | resource | aws_guardduty_organization_configuration_feature | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3823 | CKV2_AWS_75 | resource | aws_guardduty_publishing_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3824 | CKV2_AWS_75 | resource | aws_guardduty_publishing_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3825 | CKV2_AWS_75 | resource | aws_guardduty_threatintelset | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3826 | CKV2_AWS_75 | resource | aws_guardduty_threatintelset | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3827 | CKV2_AWS_75 | resource | aws_iam_access_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3828 | CKV2_AWS_75 | resource | aws_iam_access_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3829 | CKV2_AWS_75 | resource | aws_iam_account_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3830 | CKV2_AWS_75 | resource | aws_iam_account_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3831 | CKV2_AWS_75 | resource | aws_iam_account_password_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3832 | CKV2_AWS_75 | resource | aws_iam_account_password_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3833 | CKV2_AWS_75 | resource | aws_iam_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3834 | CKV2_AWS_75 | resource | aws_iam_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3835 | CKV2_AWS_75 | resource | aws_iam_group_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3836 | CKV2_AWS_75 | resource | aws_iam_group_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3837 | CKV2_AWS_75 | resource | aws_iam_group_policies_exclusive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3838 | CKV2_AWS_75 | resource | aws_iam_group_policies_exclusive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3839 | CKV2_AWS_75 | resource | aws_iam_group_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3840 | CKV2_AWS_75 | resource | aws_iam_group_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3841 | CKV2_AWS_75 | resource | aws_iam_group_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3842 | CKV2_AWS_75 | resource | aws_iam_group_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3843 | CKV2_AWS_75 | resource | aws_iam_group_policy_attachments_exclusive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3844 | CKV2_AWS_75 | resource | aws_iam_group_policy_attachments_exclusive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3845 | CKV2_AWS_75 | resource | aws_iam_instance_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3846 | CKV2_AWS_75 | resource | aws_iam_instance_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3847 | CKV2_AWS_75 | resource | aws_iam_openid_connect_provider | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3848 | CKV2_AWS_75 | resource | aws_iam_openid_connect_provider | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3849 | CKV2_AWS_75 | resource | aws_iam_organizations_features | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3850 | CKV2_AWS_75 | resource | aws_iam_organizations_features | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3851 | CKV2_AWS_75 | resource | aws_iam_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3852 | CKV2_AWS_75 | resource | aws_iam_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3853 | CKV2_AWS_75 | resource | aws_iam_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3854 | CKV2_AWS_75 | resource | aws_iam_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3855 | CKV2_AWS_75 | resource | aws_iam_policy_document | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3856 | CKV2_AWS_75 | resource | aws_iam_policy_document | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3857 | CKV2_AWS_75 | resource | aws_iam_role | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3858 | CKV2_AWS_75 | resource | aws_iam_role | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3859 | CKV2_AWS_75 | resource | aws_iam_role_policies_exclusive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3860 | CKV2_AWS_75 | resource | aws_iam_role_policies_exclusive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3861 | CKV2_AWS_75 | resource | aws_iam_role_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3862 | CKV2_AWS_75 | resource | aws_iam_role_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3863 | CKV2_AWS_75 | resource | aws_iam_role_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3864 | CKV2_AWS_75 | resource | aws_iam_role_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3865 | CKV2_AWS_75 | resource | aws_iam_role_policy_attachments_exclusive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3866 | CKV2_AWS_75 | resource | aws_iam_role_policy_attachments_exclusive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3867 | CKV2_AWS_75 | resource | aws_iam_saml_provider | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3868 | CKV2_AWS_75 | resource | aws_iam_saml_provider | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3869 | CKV2_AWS_75 | resource | aws_iam_security_token_service_preferences | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3870 | CKV2_AWS_75 | resource | aws_iam_security_token_service_preferences | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3871 | CKV2_AWS_75 | resource | aws_iam_server_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3872 | CKV2_AWS_75 | resource | aws_iam_server_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3873 | CKV2_AWS_75 | resource | aws_iam_service_linked_role | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3874 | CKV2_AWS_75 | resource | aws_iam_service_linked_role | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3875 | CKV2_AWS_75 | resource | aws_iam_service_specific_credential | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3876 | CKV2_AWS_75 | resource | aws_iam_service_specific_credential | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3877 | CKV2_AWS_75 | resource | aws_iam_signing_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3878 | CKV2_AWS_75 | resource | aws_iam_signing_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3879 | CKV2_AWS_75 | resource | aws_iam_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3880 | CKV2_AWS_75 | resource | aws_iam_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3881 | CKV2_AWS_75 | resource | aws_iam_user_group_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3882 | CKV2_AWS_75 | resource | aws_iam_user_group_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3883 | CKV2_AWS_75 | resource | aws_iam_user_login_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3884 | CKV2_AWS_75 | resource | aws_iam_user_login_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3885 | CKV2_AWS_75 | resource | aws_iam_user_policies_exclusive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3886 | CKV2_AWS_75 | resource | aws_iam_user_policies_exclusive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3887 | CKV2_AWS_75 | resource | aws_iam_user_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3888 | CKV2_AWS_75 | resource | aws_iam_user_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3889 | CKV2_AWS_75 | resource | aws_iam_user_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3890 | CKV2_AWS_75 | resource | aws_iam_user_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3891 | CKV2_AWS_75 | resource | aws_iam_user_policy_attachments_exclusive | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3892 | CKV2_AWS_75 | resource | aws_iam_user_policy_attachments_exclusive | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3893 | CKV2_AWS_75 | resource | aws_iam_user_ssh_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3894 | CKV2_AWS_75 | resource | aws_iam_user_ssh_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3895 | CKV2_AWS_75 | resource | aws_iam_virtual_mfa_device | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3896 | CKV2_AWS_75 | resource | aws_iam_virtual_mfa_device | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3897 | CKV2_AWS_75 | resource | aws_identitystore_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3898 | CKV2_AWS_75 | resource | aws_identitystore_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3899 | CKV2_AWS_75 | resource | aws_identitystore_group_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3900 | CKV2_AWS_75 | resource | aws_identitystore_group_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3901 | CKV2_AWS_75 | resource | aws_identitystore_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3902 | CKV2_AWS_75 | resource | aws_identitystore_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3903 | CKV2_AWS_75 | resource | aws_imagebuilder_component | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3904 | CKV2_AWS_75 | resource | aws_imagebuilder_component | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3905 | CKV2_AWS_75 | resource | aws_imagebuilder_container_recipe | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3906 | CKV2_AWS_75 | resource | aws_imagebuilder_container_recipe | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3907 | CKV2_AWS_75 | resource | aws_imagebuilder_distribution_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3908 | CKV2_AWS_75 | resource | aws_imagebuilder_distribution_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3909 | CKV2_AWS_75 | resource | aws_imagebuilder_image | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3910 | CKV2_AWS_75 | resource | aws_imagebuilder_image | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3911 | CKV2_AWS_75 | resource | aws_imagebuilder_image_pipeline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3912 | CKV2_AWS_75 | resource | aws_imagebuilder_image_pipeline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3913 | CKV2_AWS_75 | resource | aws_imagebuilder_image_recipe | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3914 | CKV2_AWS_75 | resource | aws_imagebuilder_image_recipe | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3915 | CKV2_AWS_75 | resource | aws_imagebuilder_infrastructure_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3916 | CKV2_AWS_75 | resource | aws_imagebuilder_infrastructure_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3917 | CKV2_AWS_75 | resource | aws_imagebuilder_lifecycle_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3918 | CKV2_AWS_75 | resource | aws_imagebuilder_lifecycle_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3919 | CKV2_AWS_75 | resource | aws_imagebuilder_workflow | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3920 | CKV2_AWS_75 | resource | aws_imagebuilder_workflow | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3921 | CKV2_AWS_75 | resource | aws_inspector2_delegated_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3922 | CKV2_AWS_75 | resource | aws_inspector2_delegated_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3923 | CKV2_AWS_75 | resource | aws_inspector2_enabler | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3924 | CKV2_AWS_75 | resource | aws_inspector2_enabler | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3925 | CKV2_AWS_75 | resource | aws_inspector2_member_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3926 | CKV2_AWS_75 | resource | aws_inspector2_member_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3927 | CKV2_AWS_75 | resource | aws_inspector2_organization_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3928 | CKV2_AWS_75 | resource | aws_inspector2_organization_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3929 | CKV2_AWS_75 | resource | aws_inspector_assessment_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3930 | CKV2_AWS_75 | resource | aws_inspector_assessment_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3931 | CKV2_AWS_75 | resource | aws_inspector_assessment_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3932 | CKV2_AWS_75 | resource | aws_inspector_assessment_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3933 | CKV2_AWS_75 | resource | aws_inspector_resource_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3934 | CKV2_AWS_75 | resource | aws_inspector_resource_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3935 | CKV2_AWS_75 | resource | aws_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3936 | CKV2_AWS_75 | resource | aws_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3937 | CKV2_AWS_75 | resource | aws_internet_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3938 | CKV2_AWS_75 | resource | aws_internet_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3939 | CKV2_AWS_75 | resource | aws_internet_gateway_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3940 | CKV2_AWS_75 | resource | aws_internet_gateway_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3941 | CKV2_AWS_75 | resource | aws_internetmonitor_monitor | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3942 | CKV2_AWS_75 | resource | aws_internetmonitor_monitor | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3943 | CKV2_AWS_75 | resource | aws_iot_authorizer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3944 | CKV2_AWS_75 | resource | aws_iot_authorizer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3945 | CKV2_AWS_75 | resource | aws_iot_billing_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3946 | CKV2_AWS_75 | resource | aws_iot_billing_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3947 | CKV2_AWS_75 | resource | aws_iot_ca_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3948 | CKV2_AWS_75 | resource | aws_iot_ca_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3949 | CKV2_AWS_75 | resource | aws_iot_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3950 | CKV2_AWS_75 | resource | aws_iot_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3951 | CKV2_AWS_75 | resource | aws_iot_domain_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3952 | CKV2_AWS_75 | resource | aws_iot_domain_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3953 | CKV2_AWS_75 | resource | aws_iot_event_configurations | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3954 | CKV2_AWS_75 | resource | aws_iot_event_configurations | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3955 | CKV2_AWS_75 | resource | aws_iot_indexing_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3956 | CKV2_AWS_75 | resource | aws_iot_indexing_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3957 | CKV2_AWS_75 | resource | aws_iot_logging_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3958 | CKV2_AWS_75 | resource | aws_iot_logging_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3959 | CKV2_AWS_75 | resource | aws_iot_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3960 | CKV2_AWS_75 | resource | aws_iot_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3961 | CKV2_AWS_75 | resource | aws_iot_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3962 | CKV2_AWS_75 | resource | aws_iot_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3963 | CKV2_AWS_75 | resource | aws_iot_provisioning_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3964 | CKV2_AWS_75 | resource | aws_iot_provisioning_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3965 | CKV2_AWS_75 | resource | aws_iot_role_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3966 | CKV2_AWS_75 | resource | aws_iot_role_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3967 | CKV2_AWS_75 | resource | aws_iot_thing | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3968 | CKV2_AWS_75 | resource | aws_iot_thing | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3969 | CKV2_AWS_75 | resource | aws_iot_thing_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3970 | CKV2_AWS_75 | resource | aws_iot_thing_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3971 | CKV2_AWS_75 | resource | aws_iot_thing_group_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3972 | CKV2_AWS_75 | resource | aws_iot_thing_group_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3973 | CKV2_AWS_75 | resource | aws_iot_thing_principal_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3974 | CKV2_AWS_75 | resource | aws_iot_thing_principal_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3975 | CKV2_AWS_75 | resource | aws_iot_thing_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3976 | CKV2_AWS_75 | resource | aws_iot_thing_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3977 | CKV2_AWS_75 | resource | aws_iot_topic_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3978 | CKV2_AWS_75 | resource | aws_iot_topic_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3979 | CKV2_AWS_75 | resource | aws_iot_topic_rule_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3980 | CKV2_AWS_75 | resource | aws_iot_topic_rule_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3981 | CKV2_AWS_75 | resource | aws_ivs_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3982 | CKV2_AWS_75 | resource | aws_ivs_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3983 | CKV2_AWS_75 | resource | aws_ivs_playback_key_pair | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3984 | CKV2_AWS_75 | resource | aws_ivs_playback_key_pair | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3985 | CKV2_AWS_75 | resource | aws_ivs_recording_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3986 | CKV2_AWS_75 | resource | aws_ivs_recording_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3987 | CKV2_AWS_75 | resource | aws_ivschat_logging_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3988 | CKV2_AWS_75 | resource | aws_ivschat_logging_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3989 | CKV2_AWS_75 | resource | aws_ivschat_room | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3990 | CKV2_AWS_75 | resource | aws_ivschat_room | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3991 | CKV2_AWS_75 | resource | aws_kendra_data_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3992 | CKV2_AWS_75 | resource | aws_kendra_data_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3993 | CKV2_AWS_75 | resource | aws_kendra_experience | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3994 | CKV2_AWS_75 | resource | aws_kendra_experience | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3995 | CKV2_AWS_75 | resource | aws_kendra_faq | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3996 | CKV2_AWS_75 | resource | aws_kendra_faq | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3997 | CKV2_AWS_75 | resource | aws_kendra_index | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 3998 | CKV2_AWS_75 | resource | aws_kendra_index | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 3999 | CKV2_AWS_75 | resource | aws_kendra_query_suggestions_block_list | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4000 | CKV2_AWS_75 | resource | aws_kendra_query_suggestions_block_list | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4001 | CKV2_AWS_75 | resource | aws_kendra_thesaurus | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4002 | CKV2_AWS_75 | resource | aws_kendra_thesaurus | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4003 | CKV2_AWS_75 | resource | aws_key_pair | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4004 | CKV2_AWS_75 | resource | aws_key_pair | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4005 | CKV2_AWS_75 | resource | aws_keyspaces_keyspace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4006 | CKV2_AWS_75 | resource | aws_keyspaces_keyspace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4007 | CKV2_AWS_75 | resource | aws_keyspaces_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4008 | CKV2_AWS_75 | resource | aws_keyspaces_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4009 | CKV2_AWS_75 | resource | aws_kinesis_analytics_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4010 | CKV2_AWS_75 | resource | aws_kinesis_analytics_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4011 | CKV2_AWS_75 | resource | aws_kinesis_firehose_delivery_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4012 | CKV2_AWS_75 | resource | aws_kinesis_firehose_delivery_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4013 | CKV2_AWS_75 | resource | aws_kinesis_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4014 | CKV2_AWS_75 | resource | aws_kinesis_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4015 | CKV2_AWS_75 | resource | aws_kinesis_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4016 | CKV2_AWS_75 | resource | aws_kinesis_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4017 | CKV2_AWS_75 | resource | aws_kinesis_stream_consumer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4018 | CKV2_AWS_75 | resource | aws_kinesis_stream_consumer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4019 | CKV2_AWS_75 | resource | aws_kinesis_video_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4020 | CKV2_AWS_75 | resource | aws_kinesis_video_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4021 | CKV2_AWS_75 | resource | aws_kinesisanalyticsv2_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4022 | CKV2_AWS_75 | resource | aws_kinesisanalyticsv2_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4023 | CKV2_AWS_75 | resource | aws_kinesisanalyticsv2_application_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4024 | CKV2_AWS_75 | resource | aws_kinesisanalyticsv2_application_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4025 | CKV2_AWS_75 | resource | aws_kms_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4026 | CKV2_AWS_75 | resource | aws_kms_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4027 | CKV2_AWS_75 | resource | aws_kms_ciphertext | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4028 | CKV2_AWS_75 | resource | aws_kms_ciphertext | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4029 | CKV2_AWS_75 | resource | aws_kms_custom_key_store | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4030 | CKV2_AWS_75 | resource | aws_kms_custom_key_store | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4031 | CKV2_AWS_75 | resource | aws_kms_external_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4032 | CKV2_AWS_75 | resource | aws_kms_external_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4033 | CKV2_AWS_75 | resource | aws_kms_grant | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4034 | CKV2_AWS_75 | resource | aws_kms_grant | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4035 | CKV2_AWS_75 | resource | aws_kms_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4036 | CKV2_AWS_75 | resource | aws_kms_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4037 | CKV2_AWS_75 | resource | aws_kms_key_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4038 | CKV2_AWS_75 | resource | aws_kms_key_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4039 | CKV2_AWS_75 | resource | aws_kms_replica_external_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4040 | CKV2_AWS_75 | resource | aws_kms_replica_external_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4041 | CKV2_AWS_75 | resource | aws_kms_replica_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4042 | CKV2_AWS_75 | resource | aws_kms_replica_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4043 | CKV2_AWS_75 | resource | aws_lakeformation_data_cells_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4044 | CKV2_AWS_75 | resource | aws_lakeformation_data_cells_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4045 | CKV2_AWS_75 | resource | aws_lakeformation_data_lake_settings | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4046 | CKV2_AWS_75 | resource | aws_lakeformation_data_lake_settings | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4047 | CKV2_AWS_75 | resource | aws_lakeformation_lf_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4048 | CKV2_AWS_75 | resource | aws_lakeformation_lf_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4049 | CKV2_AWS_75 | resource | aws_lakeformation_permissions | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4050 | CKV2_AWS_75 | resource | aws_lakeformation_permissions | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4051 | CKV2_AWS_75 | resource | aws_lakeformation_resource | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4052 | CKV2_AWS_75 | resource | aws_lakeformation_resource | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4053 | CKV2_AWS_75 | resource | aws_lakeformation_resource_lf_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4054 | CKV2_AWS_75 | resource | aws_lakeformation_resource_lf_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4055 | CKV2_AWS_75 | resource | aws_lakeformation_resource_lf_tags | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4056 | CKV2_AWS_75 | resource | aws_lakeformation_resource_lf_tags | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4057 | CKV2_AWS_75 | resource | aws_lambda_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4058 | CKV2_AWS_75 | resource | aws_lambda_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4059 | CKV2_AWS_75 | resource | aws_lambda_code_signing_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4060 | CKV2_AWS_75 | resource | aws_lambda_code_signing_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4061 | CKV2_AWS_75 | resource | aws_lambda_event_source_mapping | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4062 | CKV2_AWS_75 | resource | aws_lambda_event_source_mapping | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4063 | CKV2_AWS_75 | resource | aws_lambda_function | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4064 | CKV2_AWS_75 | resource | aws_lambda_function | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4065 | CKV2_AWS_75 | resource | aws_lambda_function_event_invoke_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4066 | CKV2_AWS_75 | resource | aws_lambda_function_event_invoke_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4067 | CKV2_AWS_75 | resource | aws_lambda_function_recursion_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4068 | CKV2_AWS_75 | resource | aws_lambda_function_recursion_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4069 | CKV2_AWS_75 | resource | aws_lambda_function_url | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4070 | CKV2_AWS_75 | resource | aws_lambda_function_url | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4071 | CKV2_AWS_75 | resource | aws_lambda_invocation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4072 | CKV2_AWS_75 | resource | aws_lambda_invocation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4073 | CKV2_AWS_75 | resource | aws_lambda_layer_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4074 | CKV2_AWS_75 | resource | aws_lambda_layer_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4075 | CKV2_AWS_75 | resource | aws_lambda_layer_version_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4076 | CKV2_AWS_75 | resource | aws_lambda_layer_version_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4077 | CKV2_AWS_75 | resource | aws_lambda_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4078 | CKV2_AWS_75 | resource | aws_lambda_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4079 | CKV2_AWS_75 | resource | aws_lambda_provisioned_concurrency_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4080 | CKV2_AWS_75 | resource | aws_lambda_provisioned_concurrency_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4081 | CKV2_AWS_75 | resource | aws_lambda_runtime_management_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4082 | CKV2_AWS_75 | resource | aws_lambda_runtime_management_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4083 | CKV2_AWS_75 | resource | aws_launch_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4084 | CKV2_AWS_75 | resource | aws_launch_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4085 | CKV2_AWS_75 | resource | aws_launch_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4086 | CKV2_AWS_75 | resource | aws_launch_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4087 | CKV2_AWS_75 | resource | aws_lb | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4088 | CKV2_AWS_75 | resource | aws_lb | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4089 | CKV2_AWS_75 | resource | aws_lb_cookie_stickiness_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4090 | CKV2_AWS_75 | resource | aws_lb_cookie_stickiness_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4091 | CKV2_AWS_75 | resource | aws_lb_listener | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4092 | CKV2_AWS_75 | resource | aws_lb_listener | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4093 | CKV2_AWS_75 | resource | aws_lb_listener_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4094 | CKV2_AWS_75 | resource | aws_lb_listener_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4095 | CKV2_AWS_75 | resource | aws_lb_listener_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4096 | CKV2_AWS_75 | resource | aws_lb_listener_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4097 | CKV2_AWS_75 | resource | aws_lb_ssl_negotiation_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4098 | CKV2_AWS_75 | resource | aws_lb_ssl_negotiation_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4099 | CKV2_AWS_75 | resource | aws_lb_target_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4100 | CKV2_AWS_75 | resource | aws_lb_target_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4101 | CKV2_AWS_75 | resource | aws_lb_target_group_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4102 | CKV2_AWS_75 | resource | aws_lb_target_group_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4103 | CKV2_AWS_75 | resource | aws_lb_trust_store | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4104 | CKV2_AWS_75 | resource | aws_lb_trust_store | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4105 | CKV2_AWS_75 | resource | aws_lb_trust_store_revocation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4106 | CKV2_AWS_75 | resource | aws_lb_trust_store_revocation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4107 | CKV2_AWS_75 | resource | aws_lex_bot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4108 | CKV2_AWS_75 | resource | aws_lex_bot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4109 | CKV2_AWS_75 | resource | aws_lex_bot_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4110 | CKV2_AWS_75 | resource | aws_lex_bot_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4111 | CKV2_AWS_75 | resource | aws_lex_intent | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4112 | CKV2_AWS_75 | resource | aws_lex_intent | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4113 | CKV2_AWS_75 | resource | aws_lex_slot_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4114 | CKV2_AWS_75 | resource | aws_lex_slot_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4115 | CKV2_AWS_75 | resource | aws_lexv2models_bot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4116 | CKV2_AWS_75 | resource | aws_lexv2models_bot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4117 | CKV2_AWS_75 | resource | aws_lexv2models_bot_locale | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4118 | CKV2_AWS_75 | resource | aws_lexv2models_bot_locale | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4119 | CKV2_AWS_75 | resource | aws_lexv2models_bot_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4120 | CKV2_AWS_75 | resource | aws_lexv2models_bot_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4121 | CKV2_AWS_75 | resource | aws_lexv2models_intent | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4122 | CKV2_AWS_75 | resource | aws_lexv2models_intent | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4123 | CKV2_AWS_75 | resource | aws_lexv2models_slot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4124 | CKV2_AWS_75 | resource | aws_lexv2models_slot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4125 | CKV2_AWS_75 | resource | aws_lexv2models_slot_type | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4126 | CKV2_AWS_75 | resource | aws_lexv2models_slot_type | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4127 | CKV2_AWS_75 | resource | aws_licensemanager_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4128 | CKV2_AWS_75 | resource | aws_licensemanager_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4129 | CKV2_AWS_75 | resource | aws_licensemanager_grant | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4130 | CKV2_AWS_75 | resource | aws_licensemanager_grant | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4131 | CKV2_AWS_75 | resource | aws_licensemanager_grant_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4132 | CKV2_AWS_75 | resource | aws_licensemanager_grant_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4133 | CKV2_AWS_75 | resource | aws_licensemanager_license_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4134 | CKV2_AWS_75 | resource | aws_licensemanager_license_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4135 | CKV2_AWS_75 | resource | aws_lightsail_bucket | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4136 | CKV2_AWS_75 | resource | aws_lightsail_bucket | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4137 | CKV2_AWS_75 | resource | aws_lightsail_bucket_access_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4138 | CKV2_AWS_75 | resource | aws_lightsail_bucket_access_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4139 | CKV2_AWS_75 | resource | aws_lightsail_bucket_resource_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4140 | CKV2_AWS_75 | resource | aws_lightsail_bucket_resource_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4141 | CKV2_AWS_75 | resource | aws_lightsail_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4142 | CKV2_AWS_75 | resource | aws_lightsail_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4143 | CKV2_AWS_75 | resource | aws_lightsail_container_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4144 | CKV2_AWS_75 | resource | aws_lightsail_container_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4145 | CKV2_AWS_75 | resource | aws_lightsail_container_service_deployment_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4146 | CKV2_AWS_75 | resource | aws_lightsail_container_service_deployment_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4147 | CKV2_AWS_75 | resource | aws_lightsail_database | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4148 | CKV2_AWS_75 | resource | aws_lightsail_database | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4149 | CKV2_AWS_75 | resource | aws_lightsail_disk | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4150 | CKV2_AWS_75 | resource | aws_lightsail_disk | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4151 | CKV2_AWS_75 | resource | aws_lightsail_disk_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4152 | CKV2_AWS_75 | resource | aws_lightsail_disk_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4153 | CKV2_AWS_75 | resource | aws_lightsail_distribution | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4154 | CKV2_AWS_75 | resource | aws_lightsail_distribution | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4155 | CKV2_AWS_75 | resource | aws_lightsail_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4156 | CKV2_AWS_75 | resource | aws_lightsail_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4157 | CKV2_AWS_75 | resource | aws_lightsail_domain_entry | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4158 | CKV2_AWS_75 | resource | aws_lightsail_domain_entry | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4159 | CKV2_AWS_75 | resource | aws_lightsail_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4160 | CKV2_AWS_75 | resource | aws_lightsail_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4161 | CKV2_AWS_75 | resource | aws_lightsail_instance_public_ports | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4162 | CKV2_AWS_75 | resource | aws_lightsail_instance_public_ports | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4163 | CKV2_AWS_75 | resource | aws_lightsail_key_pair | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4164 | CKV2_AWS_75 | resource | aws_lightsail_key_pair | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4165 | CKV2_AWS_75 | resource | aws_lightsail_lb | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4166 | CKV2_AWS_75 | resource | aws_lightsail_lb | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4167 | CKV2_AWS_75 | resource | aws_lightsail_lb_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4168 | CKV2_AWS_75 | resource | aws_lightsail_lb_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4169 | CKV2_AWS_75 | resource | aws_lightsail_lb_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4170 | CKV2_AWS_75 | resource | aws_lightsail_lb_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4171 | CKV2_AWS_75 | resource | aws_lightsail_lb_certificate_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4172 | CKV2_AWS_75 | resource | aws_lightsail_lb_certificate_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4173 | CKV2_AWS_75 | resource | aws_lightsail_lb_https_redirection_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4174 | CKV2_AWS_75 | resource | aws_lightsail_lb_https_redirection_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4175 | CKV2_AWS_75 | resource | aws_lightsail_lb_stickiness_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4176 | CKV2_AWS_75 | resource | aws_lightsail_lb_stickiness_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4177 | CKV2_AWS_75 | resource | aws_lightsail_static_ip | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4178 | CKV2_AWS_75 | resource | aws_lightsail_static_ip | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4179 | CKV2_AWS_75 | resource | aws_lightsail_static_ip_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4180 | CKV2_AWS_75 | resource | aws_lightsail_static_ip_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4181 | CKV2_AWS_75 | resource | aws_load_balancer_backend_server_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4182 | CKV2_AWS_75 | resource | aws_load_balancer_backend_server_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4183 | CKV2_AWS_75 | resource | aws_load_balancer_listener_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4184 | CKV2_AWS_75 | resource | aws_load_balancer_listener_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4185 | CKV2_AWS_75 | resource | aws_load_balancer_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4186 | CKV2_AWS_75 | resource | aws_load_balancer_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4187 | CKV2_AWS_75 | resource | aws_location_geofence_collection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4188 | CKV2_AWS_75 | resource | aws_location_geofence_collection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4189 | CKV2_AWS_75 | resource | aws_location_map | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4190 | CKV2_AWS_75 | resource | aws_location_map | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4191 | CKV2_AWS_75 | resource | aws_location_place_index | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4192 | CKV2_AWS_75 | resource | aws_location_place_index | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4193 | CKV2_AWS_75 | resource | aws_location_route_calculator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4194 | CKV2_AWS_75 | resource | aws_location_route_calculator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4195 | CKV2_AWS_75 | resource | aws_location_tracker | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4196 | CKV2_AWS_75 | resource | aws_location_tracker | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4197 | CKV2_AWS_75 | resource | aws_location_tracker_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4198 | CKV2_AWS_75 | resource | aws_location_tracker_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4199 | CKV2_AWS_75 | resource | aws_m2_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4200 | CKV2_AWS_75 | resource | aws_m2_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4201 | CKV2_AWS_75 | resource | aws_m2_deployment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4202 | CKV2_AWS_75 | resource | aws_m2_deployment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4203 | CKV2_AWS_75 | resource | aws_m2_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4204 | CKV2_AWS_75 | resource | aws_m2_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4205 | CKV2_AWS_75 | resource | aws_macie2_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4206 | CKV2_AWS_75 | resource | aws_macie2_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4207 | CKV2_AWS_75 | resource | aws_macie2_classification_export_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4208 | CKV2_AWS_75 | resource | aws_macie2_classification_export_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4209 | CKV2_AWS_75 | resource | aws_macie2_classification_job | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4210 | CKV2_AWS_75 | resource | aws_macie2_classification_job | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4211 | CKV2_AWS_75 | resource | aws_macie2_custom_data_identifier | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4212 | CKV2_AWS_75 | resource | aws_macie2_custom_data_identifier | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4213 | CKV2_AWS_75 | resource | aws_macie2_findings_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4214 | CKV2_AWS_75 | resource | aws_macie2_findings_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4215 | CKV2_AWS_75 | resource | aws_macie2_invitation_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4216 | CKV2_AWS_75 | resource | aws_macie2_invitation_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4217 | CKV2_AWS_75 | resource | aws_macie2_member | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4218 | CKV2_AWS_75 | resource | aws_macie2_member | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4219 | CKV2_AWS_75 | resource | aws_macie2_organization_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4220 | CKV2_AWS_75 | resource | aws_macie2_organization_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4221 | CKV2_AWS_75 | resource | aws_macie_member_account_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4222 | CKV2_AWS_75 | resource | aws_macie_member_account_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4223 | CKV2_AWS_75 | resource | aws_macie_s3_bucket_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4224 | CKV2_AWS_75 | resource | aws_macie_s3_bucket_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4225 | CKV2_AWS_75 | resource | aws_main_route_table_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4226 | CKV2_AWS_75 | resource | aws_main_route_table_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4227 | CKV2_AWS_75 | resource | aws_media_convert_queue | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4228 | CKV2_AWS_75 | resource | aws_media_convert_queue | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4229 | CKV2_AWS_75 | resource | aws_media_package_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4230 | CKV2_AWS_75 | resource | aws_media_package_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4231 | CKV2_AWS_75 | resource | aws_media_packagev2_channel_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4232 | CKV2_AWS_75 | resource | aws_media_packagev2_channel_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4233 | CKV2_AWS_75 | resource | aws_media_store_container | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4234 | CKV2_AWS_75 | resource | aws_media_store_container | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4235 | CKV2_AWS_75 | resource | aws_media_store_container_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4236 | CKV2_AWS_75 | resource | aws_media_store_container_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4237 | CKV2_AWS_75 | resource | aws_medialive_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4238 | CKV2_AWS_75 | resource | aws_medialive_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4239 | CKV2_AWS_75 | resource | aws_medialive_input | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4240 | CKV2_AWS_75 | resource | aws_medialive_input | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4241 | CKV2_AWS_75 | resource | aws_medialive_input_security_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4242 | CKV2_AWS_75 | resource | aws_medialive_input_security_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4243 | CKV2_AWS_75 | resource | aws_medialive_multiplex | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4244 | CKV2_AWS_75 | resource | aws_medialive_multiplex | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4245 | CKV2_AWS_75 | resource | aws_medialive_multiplex_program | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4246 | CKV2_AWS_75 | resource | aws_medialive_multiplex_program | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4247 | CKV2_AWS_75 | resource | aws_memorydb_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4248 | CKV2_AWS_75 | resource | aws_memorydb_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4249 | CKV2_AWS_75 | resource | aws_memorydb_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4250 | CKV2_AWS_75 | resource | aws_memorydb_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4251 | CKV2_AWS_75 | resource | aws_memorydb_multi_region_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4252 | CKV2_AWS_75 | resource | aws_memorydb_multi_region_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4253 | CKV2_AWS_75 | resource | aws_memorydb_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4254 | CKV2_AWS_75 | resource | aws_memorydb_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4255 | CKV2_AWS_75 | resource | aws_memorydb_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4256 | CKV2_AWS_75 | resource | aws_memorydb_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4257 | CKV2_AWS_75 | resource | aws_memorydb_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4258 | CKV2_AWS_75 | resource | aws_memorydb_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4259 | CKV2_AWS_75 | resource | aws_memorydb_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4260 | CKV2_AWS_75 | resource | aws_memorydb_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4261 | CKV2_AWS_75 | resource | aws_mq_broker | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4262 | CKV2_AWS_75 | resource | aws_mq_broker | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4263 | CKV2_AWS_75 | resource | aws_mq_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4264 | CKV2_AWS_75 | resource | aws_mq_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4265 | CKV2_AWS_75 | resource | aws_msk_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4266 | CKV2_AWS_75 | resource | aws_msk_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4267 | CKV2_AWS_75 | resource | aws_msk_cluster_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4268 | CKV2_AWS_75 | resource | aws_msk_cluster_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4269 | CKV2_AWS_75 | resource | aws_msk_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4270 | CKV2_AWS_75 | resource | aws_msk_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4271 | CKV2_AWS_75 | resource | aws_msk_replicator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4272 | CKV2_AWS_75 | resource | aws_msk_replicator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4273 | CKV2_AWS_75 | resource | aws_msk_scram_secret_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4274 | CKV2_AWS_75 | resource | aws_msk_scram_secret_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4275 | CKV2_AWS_75 | resource | aws_msk_serverless_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4276 | CKV2_AWS_75 | resource | aws_msk_serverless_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4277 | CKV2_AWS_75 | resource | aws_msk_single_scram_secret_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4278 | CKV2_AWS_75 | resource | aws_msk_single_scram_secret_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4279 | CKV2_AWS_75 | resource | aws_msk_vpc_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4280 | CKV2_AWS_75 | resource | aws_msk_vpc_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4281 | CKV2_AWS_75 | resource | aws_mskconnect_connector | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4282 | CKV2_AWS_75 | resource | aws_mskconnect_connector | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4283 | CKV2_AWS_75 | resource | aws_mskconnect_custom_plugin | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4284 | CKV2_AWS_75 | resource | aws_mskconnect_custom_plugin | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4285 | CKV2_AWS_75 | resource | aws_mskconnect_worker_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4286 | CKV2_AWS_75 | resource | aws_mskconnect_worker_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4287 | CKV2_AWS_75 | resource | aws_mwaa_environment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4288 | CKV2_AWS_75 | resource | aws_mwaa_environment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4289 | CKV2_AWS_75 | resource | aws_nat_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4290 | CKV2_AWS_75 | resource | aws_nat_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4291 | CKV2_AWS_75 | resource | aws_neptune_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4292 | CKV2_AWS_75 | resource | aws_neptune_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4293 | CKV2_AWS_75 | resource | aws_neptune_cluster_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4294 | CKV2_AWS_75 | resource | aws_neptune_cluster_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4295 | CKV2_AWS_75 | resource | aws_neptune_cluster_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4296 | CKV2_AWS_75 | resource | aws_neptune_cluster_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4297 | CKV2_AWS_75 | resource | aws_neptune_cluster_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4298 | CKV2_AWS_75 | resource | aws_neptune_cluster_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4299 | CKV2_AWS_75 | resource | aws_neptune_cluster_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4300 | CKV2_AWS_75 | resource | aws_neptune_cluster_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4301 | CKV2_AWS_75 | resource | aws_neptune_event_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4302 | CKV2_AWS_75 | resource | aws_neptune_event_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4303 | CKV2_AWS_75 | resource | aws_neptune_global_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4304 | CKV2_AWS_75 | resource | aws_neptune_global_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4305 | CKV2_AWS_75 | resource | aws_neptune_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4306 | CKV2_AWS_75 | resource | aws_neptune_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4307 | CKV2_AWS_75 | resource | aws_neptune_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4308 | CKV2_AWS_75 | resource | aws_neptune_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4309 | CKV2_AWS_75 | resource | aws_network_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4310 | CKV2_AWS_75 | resource | aws_network_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4311 | CKV2_AWS_75 | resource | aws_network_acl_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4312 | CKV2_AWS_75 | resource | aws_network_acl_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4313 | CKV2_AWS_75 | resource | aws_network_acl_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4314 | CKV2_AWS_75 | resource | aws_network_acl_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4315 | CKV2_AWS_75 | resource | aws_network_interface | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4316 | CKV2_AWS_75 | resource | aws_network_interface | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4317 | CKV2_AWS_75 | resource | aws_network_interface_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4318 | CKV2_AWS_75 | resource | aws_network_interface_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4319 | CKV2_AWS_75 | resource | aws_network_interface_sg_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4320 | CKV2_AWS_75 | resource | aws_network_interface_sg_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4321 | CKV2_AWS_75 | resource | aws_networkfirewall_firewall | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4322 | CKV2_AWS_75 | resource | aws_networkfirewall_firewall | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4323 | CKV2_AWS_75 | resource | aws_networkfirewall_firewall_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4324 | CKV2_AWS_75 | resource | aws_networkfirewall_firewall_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4325 | CKV2_AWS_75 | resource | aws_networkfirewall_logging_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4326 | CKV2_AWS_75 | resource | aws_networkfirewall_logging_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4327 | CKV2_AWS_75 | resource | aws_networkfirewall_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4328 | CKV2_AWS_75 | resource | aws_networkfirewall_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4329 | CKV2_AWS_75 | resource | aws_networkfirewall_rule_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4330 | CKV2_AWS_75 | resource | aws_networkfirewall_rule_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4331 | CKV2_AWS_75 | resource | aws_networkfirewall_tls_inspection_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4332 | CKV2_AWS_75 | resource | aws_networkfirewall_tls_inspection_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4333 | CKV2_AWS_75 | resource | aws_networkmanager_attachment_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4334 | CKV2_AWS_75 | resource | aws_networkmanager_attachment_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4335 | CKV2_AWS_75 | resource | aws_networkmanager_connect_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4336 | CKV2_AWS_75 | resource | aws_networkmanager_connect_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4337 | CKV2_AWS_75 | resource | aws_networkmanager_connect_peer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4338 | CKV2_AWS_75 | resource | aws_networkmanager_connect_peer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4339 | CKV2_AWS_75 | resource | aws_networkmanager_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4340 | CKV2_AWS_75 | resource | aws_networkmanager_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4341 | CKV2_AWS_75 | resource | aws_networkmanager_core_network | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4342 | CKV2_AWS_75 | resource | aws_networkmanager_core_network | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4343 | CKV2_AWS_75 | resource | aws_networkmanager_core_network_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4344 | CKV2_AWS_75 | resource | aws_networkmanager_core_network_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4345 | CKV2_AWS_75 | resource | aws_networkmanager_customer_gateway_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4346 | CKV2_AWS_75 | resource | aws_networkmanager_customer_gateway_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4347 | CKV2_AWS_75 | resource | aws_networkmanager_device | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4348 | CKV2_AWS_75 | resource | aws_networkmanager_device | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4349 | CKV2_AWS_75 | resource | aws_networkmanager_dx_gateway_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4350 | CKV2_AWS_75 | resource | aws_networkmanager_dx_gateway_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4351 | CKV2_AWS_75 | resource | aws_networkmanager_global_network | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4352 | CKV2_AWS_75 | resource | aws_networkmanager_global_network | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4353 | CKV2_AWS_75 | resource | aws_networkmanager_link | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4354 | CKV2_AWS_75 | resource | aws_networkmanager_link | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4355 | CKV2_AWS_75 | resource | aws_networkmanager_link_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4356 | CKV2_AWS_75 | resource | aws_networkmanager_link_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4357 | CKV2_AWS_75 | resource | aws_networkmanager_site | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4358 | CKV2_AWS_75 | resource | aws_networkmanager_site | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4359 | CKV2_AWS_75 | resource | aws_networkmanager_site_to_site_vpn_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4360 | CKV2_AWS_75 | resource | aws_networkmanager_site_to_site_vpn_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4361 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_connect_peer_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4362 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_connect_peer_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4363 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_peering | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4364 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_peering | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4365 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_registration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4366 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_registration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4367 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_route_table_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4368 | CKV2_AWS_75 | resource | aws_networkmanager_transit_gateway_route_table_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4369 | CKV2_AWS_75 | resource | aws_networkmanager_vpc_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4370 | CKV2_AWS_75 | resource | aws_networkmanager_vpc_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4371 | CKV2_AWS_75 | resource | aws_networkmonitor_monitor | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4372 | CKV2_AWS_75 | resource | aws_networkmonitor_monitor | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4373 | CKV2_AWS_75 | resource | aws_networkmonitor_probe | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4374 | CKV2_AWS_75 | resource | aws_networkmonitor_probe | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4375 | CKV2_AWS_75 | resource | aws_oam_link | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4376 | CKV2_AWS_75 | resource | aws_oam_link | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4377 | CKV2_AWS_75 | resource | aws_oam_sink | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4378 | CKV2_AWS_75 | resource | aws_oam_sink | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4379 | CKV2_AWS_75 | resource | aws_oam_sink_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4380 | CKV2_AWS_75 | resource | aws_oam_sink_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4381 | CKV2_AWS_75 | resource | aws_opensearch_authorize_vpc_endpoint_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4382 | CKV2_AWS_75 | resource | aws_opensearch_authorize_vpc_endpoint_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4383 | CKV2_AWS_75 | resource | aws_opensearch_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4384 | CKV2_AWS_75 | resource | aws_opensearch_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4385 | CKV2_AWS_75 | resource | aws_opensearch_domain_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4386 | CKV2_AWS_75 | resource | aws_opensearch_domain_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4387 | CKV2_AWS_75 | resource | aws_opensearch_domain_saml_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4388 | CKV2_AWS_75 | resource | aws_opensearch_domain_saml_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4389 | CKV2_AWS_75 | resource | aws_opensearch_inbound_connection_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4390 | CKV2_AWS_75 | resource | aws_opensearch_inbound_connection_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4391 | CKV2_AWS_75 | resource | aws_opensearch_outbound_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4392 | CKV2_AWS_75 | resource | aws_opensearch_outbound_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4393 | CKV2_AWS_75 | resource | aws_opensearch_package | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4394 | CKV2_AWS_75 | resource | aws_opensearch_package | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4395 | CKV2_AWS_75 | resource | aws_opensearch_package_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4396 | CKV2_AWS_75 | resource | aws_opensearch_package_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4397 | CKV2_AWS_75 | resource | aws_opensearch_vpc_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4398 | CKV2_AWS_75 | resource | aws_opensearch_vpc_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4399 | CKV2_AWS_75 | resource | aws_opensearchserverless_access_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4400 | CKV2_AWS_75 | resource | aws_opensearchserverless_access_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4401 | CKV2_AWS_75 | resource | aws_opensearchserverless_collection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4402 | CKV2_AWS_75 | resource | aws_opensearchserverless_collection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4403 | CKV2_AWS_75 | resource | aws_opensearchserverless_lifecycle_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4404 | CKV2_AWS_75 | resource | aws_opensearchserverless_lifecycle_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4405 | CKV2_AWS_75 | resource | aws_opensearchserverless_security_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4406 | CKV2_AWS_75 | resource | aws_opensearchserverless_security_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4407 | CKV2_AWS_75 | resource | aws_opensearchserverless_security_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4408 | CKV2_AWS_75 | resource | aws_opensearchserverless_security_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4409 | CKV2_AWS_75 | resource | aws_opensearchserverless_vpc_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4410 | CKV2_AWS_75 | resource | aws_opensearchserverless_vpc_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4411 | CKV2_AWS_75 | resource | aws_opsworks_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4412 | CKV2_AWS_75 | resource | aws_opsworks_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4413 | CKV2_AWS_75 | resource | aws_opsworks_custom_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4414 | CKV2_AWS_75 | resource | aws_opsworks_custom_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4415 | CKV2_AWS_75 | resource | aws_opsworks_ecs_cluster_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4416 | CKV2_AWS_75 | resource | aws_opsworks_ecs_cluster_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4417 | CKV2_AWS_75 | resource | aws_opsworks_ganglia_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4418 | CKV2_AWS_75 | resource | aws_opsworks_ganglia_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4419 | CKV2_AWS_75 | resource | aws_opsworks_haproxy_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4420 | CKV2_AWS_75 | resource | aws_opsworks_haproxy_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4421 | CKV2_AWS_75 | resource | aws_opsworks_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4422 | CKV2_AWS_75 | resource | aws_opsworks_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4423 | CKV2_AWS_75 | resource | aws_opsworks_java_app_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4424 | CKV2_AWS_75 | resource | aws_opsworks_java_app_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4425 | CKV2_AWS_75 | resource | aws_opsworks_memcached_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4426 | CKV2_AWS_75 | resource | aws_opsworks_memcached_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4427 | CKV2_AWS_75 | resource | aws_opsworks_mysql_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4428 | CKV2_AWS_75 | resource | aws_opsworks_mysql_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4429 | CKV2_AWS_75 | resource | aws_opsworks_nodejs_app_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4430 | CKV2_AWS_75 | resource | aws_opsworks_nodejs_app_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4431 | CKV2_AWS_75 | resource | aws_opsworks_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4432 | CKV2_AWS_75 | resource | aws_opsworks_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4433 | CKV2_AWS_75 | resource | aws_opsworks_php_app_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4434 | CKV2_AWS_75 | resource | aws_opsworks_php_app_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4435 | CKV2_AWS_75 | resource | aws_opsworks_rails_app_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4436 | CKV2_AWS_75 | resource | aws_opsworks_rails_app_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4437 | CKV2_AWS_75 | resource | aws_opsworks_rds_db_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4438 | CKV2_AWS_75 | resource | aws_opsworks_rds_db_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4439 | CKV2_AWS_75 | resource | aws_opsworks_stack | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4440 | CKV2_AWS_75 | resource | aws_opsworks_stack | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4441 | CKV2_AWS_75 | resource | aws_opsworks_static_web_layer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4442 | CKV2_AWS_75 | resource | aws_opsworks_static_web_layer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4443 | CKV2_AWS_75 | resource | aws_opsworks_user_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4444 | CKV2_AWS_75 | resource | aws_opsworks_user_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4445 | CKV2_AWS_75 | resource | aws_organizations_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4446 | CKV2_AWS_75 | resource | aws_organizations_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4447 | CKV2_AWS_75 | resource | aws_organizations_delegated_administrator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4448 | CKV2_AWS_75 | resource | aws_organizations_delegated_administrator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4449 | CKV2_AWS_75 | resource | aws_organizations_organization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4450 | CKV2_AWS_75 | resource | aws_organizations_organization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4451 | CKV2_AWS_75 | resource | aws_organizations_organizational_unit | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4452 | CKV2_AWS_75 | resource | aws_organizations_organizational_unit | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4453 | CKV2_AWS_75 | resource | aws_organizations_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4454 | CKV2_AWS_75 | resource | aws_organizations_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4455 | CKV2_AWS_75 | resource | aws_organizations_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4456 | CKV2_AWS_75 | resource | aws_organizations_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4457 | CKV2_AWS_75 | resource | aws_organizations_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4458 | CKV2_AWS_75 | resource | aws_organizations_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4459 | CKV2_AWS_75 | resource | aws_osis_pipeline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4460 | CKV2_AWS_75 | resource | aws_osis_pipeline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4461 | CKV2_AWS_75 | resource | aws_paymentcryptography_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4462 | CKV2_AWS_75 | resource | aws_paymentcryptography_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4463 | CKV2_AWS_75 | resource | aws_paymentcryptography_key_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4464 | CKV2_AWS_75 | resource | aws_paymentcryptography_key_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4465 | CKV2_AWS_75 | resource | aws_pinpoint_adm_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4466 | CKV2_AWS_75 | resource | aws_pinpoint_adm_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4467 | CKV2_AWS_75 | resource | aws_pinpoint_apns_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4468 | CKV2_AWS_75 | resource | aws_pinpoint_apns_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4469 | CKV2_AWS_75 | resource | aws_pinpoint_apns_sandbox_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4470 | CKV2_AWS_75 | resource | aws_pinpoint_apns_sandbox_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4471 | CKV2_AWS_75 | resource | aws_pinpoint_apns_voip_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4472 | CKV2_AWS_75 | resource | aws_pinpoint_apns_voip_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4473 | CKV2_AWS_75 | resource | aws_pinpoint_apns_voip_sandbox_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4474 | CKV2_AWS_75 | resource | aws_pinpoint_apns_voip_sandbox_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4475 | CKV2_AWS_75 | resource | aws_pinpoint_app | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4476 | CKV2_AWS_75 | resource | aws_pinpoint_app | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4477 | CKV2_AWS_75 | resource | aws_pinpoint_baidu_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4478 | CKV2_AWS_75 | resource | aws_pinpoint_baidu_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4479 | CKV2_AWS_75 | resource | aws_pinpoint_email_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4480 | CKV2_AWS_75 | resource | aws_pinpoint_email_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4481 | CKV2_AWS_75 | resource | aws_pinpoint_email_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4482 | CKV2_AWS_75 | resource | aws_pinpoint_email_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4483 | CKV2_AWS_75 | resource | aws_pinpoint_event_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4484 | CKV2_AWS_75 | resource | aws_pinpoint_event_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4485 | CKV2_AWS_75 | resource | aws_pinpoint_gcm_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4486 | CKV2_AWS_75 | resource | aws_pinpoint_gcm_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4487 | CKV2_AWS_75 | resource | aws_pinpoint_sms_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4488 | CKV2_AWS_75 | resource | aws_pinpoint_sms_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4489 | CKV2_AWS_75 | resource | aws_pinpointsmsvoicev2_configuration_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4490 | CKV2_AWS_75 | resource | aws_pinpointsmsvoicev2_configuration_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4491 | CKV2_AWS_75 | resource | aws_pinpointsmsvoicev2_opt_out_list | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4492 | CKV2_AWS_75 | resource | aws_pinpointsmsvoicev2_opt_out_list | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4493 | CKV2_AWS_75 | resource | aws_pinpointsmsvoicev2_phone_number | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4494 | CKV2_AWS_75 | resource | aws_pinpointsmsvoicev2_phone_number | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4495 | CKV2_AWS_75 | resource | aws_pipes_pipe | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4496 | CKV2_AWS_75 | resource | aws_pipes_pipe | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4497 | CKV2_AWS_75 | resource | aws_placement_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4498 | CKV2_AWS_75 | resource | aws_placement_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4499 | CKV2_AWS_75 | resource | aws_prometheus_alert_manager_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4500 | CKV2_AWS_75 | resource | aws_prometheus_alert_manager_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4501 | CKV2_AWS_75 | resource | aws_prometheus_rule_group_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4502 | CKV2_AWS_75 | resource | aws_prometheus_rule_group_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4503 | CKV2_AWS_75 | resource | aws_prometheus_scraper | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4504 | CKV2_AWS_75 | resource | aws_prometheus_scraper | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4505 | CKV2_AWS_75 | resource | aws_prometheus_workspace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4506 | CKV2_AWS_75 | resource | aws_prometheus_workspace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4507 | CKV2_AWS_75 | resource | aws_proxy_protocol_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4508 | CKV2_AWS_75 | resource | aws_proxy_protocol_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4509 | CKV2_AWS_75 | resource | aws_qldb_ledger | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4510 | CKV2_AWS_75 | resource | aws_qldb_ledger | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4511 | CKV2_AWS_75 | resource | aws_qldb_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4512 | CKV2_AWS_75 | resource | aws_qldb_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4513 | CKV2_AWS_75 | resource | aws_quicksight_account_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4514 | CKV2_AWS_75 | resource | aws_quicksight_account_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4515 | CKV2_AWS_75 | resource | aws_quicksight_analysis | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4516 | CKV2_AWS_75 | resource | aws_quicksight_analysis | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4517 | CKV2_AWS_75 | resource | aws_quicksight_dashboard | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4518 | CKV2_AWS_75 | resource | aws_quicksight_dashboard | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4519 | CKV2_AWS_75 | resource | aws_quicksight_data_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4520 | CKV2_AWS_75 | resource | aws_quicksight_data_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4521 | CKV2_AWS_75 | resource | aws_quicksight_data_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4522 | CKV2_AWS_75 | resource | aws_quicksight_data_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4523 | CKV2_AWS_75 | resource | aws_quicksight_folder | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4524 | CKV2_AWS_75 | resource | aws_quicksight_folder | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4525 | CKV2_AWS_75 | resource | aws_quicksight_folder_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4526 | CKV2_AWS_75 | resource | aws_quicksight_folder_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4527 | CKV2_AWS_75 | resource | aws_quicksight_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4528 | CKV2_AWS_75 | resource | aws_quicksight_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4529 | CKV2_AWS_75 | resource | aws_quicksight_group_membership | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4530 | CKV2_AWS_75 | resource | aws_quicksight_group_membership | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4531 | CKV2_AWS_75 | resource | aws_quicksight_iam_policy_assignment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4532 | CKV2_AWS_75 | resource | aws_quicksight_iam_policy_assignment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4533 | CKV2_AWS_75 | resource | aws_quicksight_ingestion | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4534 | CKV2_AWS_75 | resource | aws_quicksight_ingestion | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4535 | CKV2_AWS_75 | resource | aws_quicksight_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4536 | CKV2_AWS_75 | resource | aws_quicksight_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4537 | CKV2_AWS_75 | resource | aws_quicksight_refresh_schedule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4538 | CKV2_AWS_75 | resource | aws_quicksight_refresh_schedule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4539 | CKV2_AWS_75 | resource | aws_quicksight_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4540 | CKV2_AWS_75 | resource | aws_quicksight_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4541 | CKV2_AWS_75 | resource | aws_quicksight_template_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4542 | CKV2_AWS_75 | resource | aws_quicksight_template_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4543 | CKV2_AWS_75 | resource | aws_quicksight_theme | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4544 | CKV2_AWS_75 | resource | aws_quicksight_theme | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4545 | CKV2_AWS_75 | resource | aws_quicksight_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4546 | CKV2_AWS_75 | resource | aws_quicksight_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4547 | CKV2_AWS_75 | resource | aws_quicksight_vpc_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4548 | CKV2_AWS_75 | resource | aws_quicksight_vpc_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4549 | CKV2_AWS_75 | resource | aws_ram_principal_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4550 | CKV2_AWS_75 | resource | aws_ram_principal_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4551 | CKV2_AWS_75 | resource | aws_ram_resource_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4552 | CKV2_AWS_75 | resource | aws_ram_resource_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4553 | CKV2_AWS_75 | resource | aws_ram_resource_share | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4554 | CKV2_AWS_75 | resource | aws_ram_resource_share | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4555 | CKV2_AWS_75 | resource | aws_ram_resource_share_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4556 | CKV2_AWS_75 | resource | aws_ram_resource_share_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4557 | CKV2_AWS_75 | resource | aws_ram_sharing_with_organization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4558 | CKV2_AWS_75 | resource | aws_ram_sharing_with_organization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4559 | CKV2_AWS_75 | resource | aws_rbin_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4560 | CKV2_AWS_75 | resource | aws_rbin_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4561 | CKV2_AWS_75 | resource | aws_rds_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4562 | CKV2_AWS_75 | resource | aws_rds_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4563 | CKV2_AWS_75 | resource | aws_rds_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4564 | CKV2_AWS_75 | resource | aws_rds_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4565 | CKV2_AWS_75 | resource | aws_rds_cluster_activity_stream | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4566 | CKV2_AWS_75 | resource | aws_rds_cluster_activity_stream | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4567 | CKV2_AWS_75 | resource | aws_rds_cluster_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4568 | CKV2_AWS_75 | resource | aws_rds_cluster_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4569 | CKV2_AWS_75 | resource | aws_rds_cluster_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4570 | CKV2_AWS_75 | resource | aws_rds_cluster_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4571 | CKV2_AWS_75 | resource | aws_rds_cluster_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4572 | CKV2_AWS_75 | resource | aws_rds_cluster_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4573 | CKV2_AWS_75 | resource | aws_rds_cluster_role_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4574 | CKV2_AWS_75 | resource | aws_rds_cluster_role_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4575 | CKV2_AWS_75 | resource | aws_rds_cluster_snapshot_copy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4576 | CKV2_AWS_75 | resource | aws_rds_cluster_snapshot_copy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4577 | CKV2_AWS_75 | resource | aws_rds_custom_db_engine_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4578 | CKV2_AWS_75 | resource | aws_rds_custom_db_engine_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4579 | CKV2_AWS_75 | resource | aws_rds_export_task | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4580 | CKV2_AWS_75 | resource | aws_rds_export_task | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4581 | CKV2_AWS_75 | resource | aws_rds_global_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4582 | CKV2_AWS_75 | resource | aws_rds_global_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4583 | CKV2_AWS_75 | resource | aws_rds_instance_state | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4584 | CKV2_AWS_75 | resource | aws_rds_instance_state | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4585 | CKV2_AWS_75 | resource | aws_rds_integration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4586 | CKV2_AWS_75 | resource | aws_rds_integration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4587 | CKV2_AWS_75 | resource | aws_rds_reserved_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4588 | CKV2_AWS_75 | resource | aws_rds_reserved_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4589 | CKV2_AWS_75 | resource | aws_redshift_authentication_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4590 | CKV2_AWS_75 | resource | aws_redshift_authentication_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4591 | CKV2_AWS_75 | resource | aws_redshift_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4592 | CKV2_AWS_75 | resource | aws_redshift_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4593 | CKV2_AWS_75 | resource | aws_redshift_cluster_iam_roles | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4594 | CKV2_AWS_75 | resource | aws_redshift_cluster_iam_roles | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4595 | CKV2_AWS_75 | resource | aws_redshift_cluster_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4596 | CKV2_AWS_75 | resource | aws_redshift_cluster_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4597 | CKV2_AWS_75 | resource | aws_redshift_data_share_authorization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4598 | CKV2_AWS_75 | resource | aws_redshift_data_share_authorization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4599 | CKV2_AWS_75 | resource | aws_redshift_data_share_consumer_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4600 | CKV2_AWS_75 | resource | aws_redshift_data_share_consumer_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4601 | CKV2_AWS_75 | resource | aws_redshift_endpoint_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4602 | CKV2_AWS_75 | resource | aws_redshift_endpoint_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4603 | CKV2_AWS_75 | resource | aws_redshift_endpoint_authorization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4604 | CKV2_AWS_75 | resource | aws_redshift_endpoint_authorization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4605 | CKV2_AWS_75 | resource | aws_redshift_event_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4606 | CKV2_AWS_75 | resource | aws_redshift_event_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4607 | CKV2_AWS_75 | resource | aws_redshift_hsm_client_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4608 | CKV2_AWS_75 | resource | aws_redshift_hsm_client_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4609 | CKV2_AWS_75 | resource | aws_redshift_hsm_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4610 | CKV2_AWS_75 | resource | aws_redshift_hsm_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4611 | CKV2_AWS_75 | resource | aws_redshift_logging | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4612 | CKV2_AWS_75 | resource | aws_redshift_logging | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4613 | CKV2_AWS_75 | resource | aws_redshift_parameter_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4614 | CKV2_AWS_75 | resource | aws_redshift_parameter_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4615 | CKV2_AWS_75 | resource | aws_redshift_partner | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4616 | CKV2_AWS_75 | resource | aws_redshift_partner | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4617 | CKV2_AWS_75 | resource | aws_redshift_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4618 | CKV2_AWS_75 | resource | aws_redshift_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4619 | CKV2_AWS_75 | resource | aws_redshift_scheduled_action | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4620 | CKV2_AWS_75 | resource | aws_redshift_scheduled_action | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4621 | CKV2_AWS_75 | resource | aws_redshift_security_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4622 | CKV2_AWS_75 | resource | aws_redshift_security_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4623 | CKV2_AWS_75 | resource | aws_redshift_snapshot_copy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4624 | CKV2_AWS_75 | resource | aws_redshift_snapshot_copy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4625 | CKV2_AWS_75 | resource | aws_redshift_snapshot_copy_grant | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4626 | CKV2_AWS_75 | resource | aws_redshift_snapshot_copy_grant | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4627 | CKV2_AWS_75 | resource | aws_redshift_snapshot_schedule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4628 | CKV2_AWS_75 | resource | aws_redshift_snapshot_schedule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4629 | CKV2_AWS_75 | resource | aws_redshift_snapshot_schedule_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4630 | CKV2_AWS_75 | resource | aws_redshift_snapshot_schedule_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4631 | CKV2_AWS_75 | resource | aws_redshift_subnet_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4632 | CKV2_AWS_75 | resource | aws_redshift_subnet_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4633 | CKV2_AWS_75 | resource | aws_redshift_usage_limit | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4634 | CKV2_AWS_75 | resource | aws_redshift_usage_limit | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4635 | CKV2_AWS_75 | resource | aws_redshiftdata_statement | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4636 | CKV2_AWS_75 | resource | aws_redshiftdata_statement | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4637 | CKV2_AWS_75 | resource | aws_redshiftserverless_custom_domain_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4638 | CKV2_AWS_75 | resource | aws_redshiftserverless_custom_domain_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4639 | CKV2_AWS_75 | resource | aws_redshiftserverless_endpoint_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4640 | CKV2_AWS_75 | resource | aws_redshiftserverless_endpoint_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4641 | CKV2_AWS_75 | resource | aws_redshiftserverless_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4642 | CKV2_AWS_75 | resource | aws_redshiftserverless_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4643 | CKV2_AWS_75 | resource | aws_redshiftserverless_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4644 | CKV2_AWS_75 | resource | aws_redshiftserverless_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4645 | CKV2_AWS_75 | resource | aws_redshiftserverless_snapshot | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4646 | CKV2_AWS_75 | resource | aws_redshiftserverless_snapshot | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4647 | CKV2_AWS_75 | resource | aws_redshiftserverless_usage_limit | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4648 | CKV2_AWS_75 | resource | aws_redshiftserverless_usage_limit | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4649 | CKV2_AWS_75 | resource | aws_redshiftserverless_workgroup | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4650 | CKV2_AWS_75 | resource | aws_redshiftserverless_workgroup | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4651 | CKV2_AWS_75 | resource | aws_region_info | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4652 | CKV2_AWS_75 | resource | aws_region_info | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4653 | CKV2_AWS_75 | resource | aws_rekognition_collection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4654 | CKV2_AWS_75 | resource | aws_rekognition_collection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4655 | CKV2_AWS_75 | resource | aws_rekognition_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4656 | CKV2_AWS_75 | resource | aws_rekognition_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4657 | CKV2_AWS_75 | resource | aws_rekognition_stream_processor | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4658 | CKV2_AWS_75 | resource | aws_rekognition_stream_processor | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4659 | CKV2_AWS_75 | resource | aws_resiliencehub_resiliency_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4660 | CKV2_AWS_75 | resource | aws_resiliencehub_resiliency_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4661 | CKV2_AWS_75 | resource | aws_resourceexplorer2_index | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4662 | CKV2_AWS_75 | resource | aws_resourceexplorer2_index | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4663 | CKV2_AWS_75 | resource | aws_resourceexplorer2_view | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4664 | CKV2_AWS_75 | resource | aws_resourceexplorer2_view | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4665 | CKV2_AWS_75 | resource | aws_resourcegroups_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4666 | CKV2_AWS_75 | resource | aws_resourcegroups_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4667 | CKV2_AWS_75 | resource | aws_resourcegroups_resource | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4668 | CKV2_AWS_75 | resource | aws_resourcegroups_resource | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4669 | CKV2_AWS_75 | resource | aws_rolesanywhere_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4670 | CKV2_AWS_75 | resource | aws_rolesanywhere_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4671 | CKV2_AWS_75 | resource | aws_rolesanywhere_trust_anchor | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4672 | CKV2_AWS_75 | resource | aws_rolesanywhere_trust_anchor | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4673 | CKV2_AWS_75 | resource | aws_root | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4674 | CKV2_AWS_75 | resource | aws_root | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4675 | CKV2_AWS_75 | resource | aws_root_access_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4676 | CKV2_AWS_75 | resource | aws_root_access_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4677 | CKV2_AWS_75 | resource | aws_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4678 | CKV2_AWS_75 | resource | aws_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4679 | CKV2_AWS_75 | resource | aws_route53_cidr_collection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4680 | CKV2_AWS_75 | resource | aws_route53_cidr_collection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4681 | CKV2_AWS_75 | resource | aws_route53_cidr_location | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4682 | CKV2_AWS_75 | resource | aws_route53_cidr_location | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4683 | CKV2_AWS_75 | resource | aws_route53_delegation_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4684 | CKV2_AWS_75 | resource | aws_route53_delegation_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4685 | CKV2_AWS_75 | resource | aws_route53_health_check | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4686 | CKV2_AWS_75 | resource | aws_route53_health_check | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4687 | CKV2_AWS_75 | resource | aws_route53_hosted_zone_dnssec | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4688 | CKV2_AWS_75 | resource | aws_route53_hosted_zone_dnssec | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4689 | CKV2_AWS_75 | resource | aws_route53_key_signing_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4690 | CKV2_AWS_75 | resource | aws_route53_key_signing_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4691 | CKV2_AWS_75 | resource | aws_route53_query_log | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4692 | CKV2_AWS_75 | resource | aws_route53_query_log | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4693 | CKV2_AWS_75 | resource | aws_route53_record | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4694 | CKV2_AWS_75 | resource | aws_route53_record | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4695 | CKV2_AWS_75 | resource | aws_route53_resolver_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4696 | CKV2_AWS_75 | resource | aws_route53_resolver_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4697 | CKV2_AWS_75 | resource | aws_route53_resolver_dnssec_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4698 | CKV2_AWS_75 | resource | aws_route53_resolver_dnssec_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4699 | CKV2_AWS_75 | resource | aws_route53_resolver_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4700 | CKV2_AWS_75 | resource | aws_route53_resolver_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4701 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4702 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4703 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_domain_list | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4704 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_domain_list | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4705 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4706 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4707 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_rule_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4708 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_rule_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4709 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_rule_group_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4710 | CKV2_AWS_75 | resource | aws_route53_resolver_firewall_rule_group_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4711 | CKV2_AWS_75 | resource | aws_route53_resolver_query_log_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4712 | CKV2_AWS_75 | resource | aws_route53_resolver_query_log_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4713 | CKV2_AWS_75 | resource | aws_route53_resolver_query_log_config_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4714 | CKV2_AWS_75 | resource | aws_route53_resolver_query_log_config_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4715 | CKV2_AWS_75 | resource | aws_route53_resolver_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4716 | CKV2_AWS_75 | resource | aws_route53_resolver_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4717 | CKV2_AWS_75 | resource | aws_route53_resolver_rule_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4718 | CKV2_AWS_75 | resource | aws_route53_resolver_rule_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4719 | CKV2_AWS_75 | resource | aws_route53_traffic_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4720 | CKV2_AWS_75 | resource | aws_route53_traffic_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4721 | CKV2_AWS_75 | resource | aws_route53_traffic_policy_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4722 | CKV2_AWS_75 | resource | aws_route53_traffic_policy_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4723 | CKV2_AWS_75 | resource | aws_route53_vpc_association_authorization | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4724 | CKV2_AWS_75 | resource | aws_route53_vpc_association_authorization | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4725 | CKV2_AWS_75 | resource | aws_route53_zone | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4726 | CKV2_AWS_75 | resource | aws_route53_zone | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4727 | CKV2_AWS_75 | resource | aws_route53_zone_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4728 | CKV2_AWS_75 | resource | aws_route53_zone_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4729 | CKV2_AWS_75 | resource | aws_route53domains_delegation_signer_record | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4730 | CKV2_AWS_75 | resource | aws_route53domains_delegation_signer_record | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4731 | CKV2_AWS_75 | resource | aws_route53domains_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4732 | CKV2_AWS_75 | resource | aws_route53domains_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4733 | CKV2_AWS_75 | resource | aws_route53domains_registered_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4734 | CKV2_AWS_75 | resource | aws_route53domains_registered_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4735 | CKV2_AWS_75 | resource | aws_route53profiles_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4736 | CKV2_AWS_75 | resource | aws_route53profiles_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4737 | CKV2_AWS_75 | resource | aws_route53profiles_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4738 | CKV2_AWS_75 | resource | aws_route53profiles_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4739 | CKV2_AWS_75 | resource | aws_route53profiles_resource_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4740 | CKV2_AWS_75 | resource | aws_route53profiles_resource_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4741 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_cluster | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4742 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_cluster | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4743 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_control_panel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4744 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_control_panel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4745 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_routing_control | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4746 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_routing_control | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4747 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_safety_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4748 | CKV2_AWS_75 | resource | aws_route53recoverycontrolconfig_safety_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4749 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_cell | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4750 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_cell | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4751 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_readiness_check | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4752 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_readiness_check | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4753 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_recovery_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4754 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_recovery_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4755 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_resource_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4756 | CKV2_AWS_75 | resource | aws_route53recoveryreadiness_resource_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4757 | CKV2_AWS_75 | resource | aws_route_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4758 | CKV2_AWS_75 | resource | aws_route_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4759 | CKV2_AWS_75 | resource | aws_route_table_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4760 | CKV2_AWS_75 | resource | aws_route_table_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4761 | CKV2_AWS_75 | resource | aws_rum_app_monitor | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4762 | CKV2_AWS_75 | resource | aws_rum_app_monitor | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4763 | CKV2_AWS_75 | resource | aws_rum_metrics_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4764 | CKV2_AWS_75 | resource | aws_rum_metrics_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4765 | CKV2_AWS_75 | resource | aws_s3_access_point | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4766 | CKV2_AWS_75 | resource | aws_s3_access_point | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4767 | CKV2_AWS_75 | resource | aws_s3_account_public_access_block | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4768 | CKV2_AWS_75 | resource | aws_s3_account_public_access_block | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4769 | CKV2_AWS_75 | resource | aws_s3_bucket | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4770 | CKV2_AWS_75 | resource | aws_s3_bucket | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4771 | CKV2_AWS_75 | resource | aws_s3_bucket_accelerate_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4772 | CKV2_AWS_75 | resource | aws_s3_bucket_accelerate_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4773 | CKV2_AWS_75 | resource | aws_s3_bucket_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4774 | CKV2_AWS_75 | resource | aws_s3_bucket_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4775 | CKV2_AWS_75 | resource | aws_s3_bucket_analytics_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4776 | CKV2_AWS_75 | resource | aws_s3_bucket_analytics_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4777 | CKV2_AWS_75 | resource | aws_s3_bucket_cors_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4778 | CKV2_AWS_75 | resource | aws_s3_bucket_cors_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4779 | CKV2_AWS_75 | resource | aws_s3_bucket_intelligent_tiering_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4780 | CKV2_AWS_75 | resource | aws_s3_bucket_intelligent_tiering_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4781 | CKV2_AWS_75 | resource | aws_s3_bucket_inventory | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4782 | CKV2_AWS_75 | resource | aws_s3_bucket_inventory | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4783 | CKV2_AWS_75 | resource | aws_s3_bucket_lifecycle_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4784 | CKV2_AWS_75 | resource | aws_s3_bucket_lifecycle_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4785 | CKV2_AWS_75 | resource | aws_s3_bucket_logging | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4786 | CKV2_AWS_75 | resource | aws_s3_bucket_logging | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4787 | CKV2_AWS_75 | resource | aws_s3_bucket_metric | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4788 | CKV2_AWS_75 | resource | aws_s3_bucket_metric | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4789 | CKV2_AWS_75 | resource | aws_s3_bucket_notification | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4790 | CKV2_AWS_75 | resource | aws_s3_bucket_notification | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4791 | CKV2_AWS_75 | resource | aws_s3_bucket_object | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4792 | CKV2_AWS_75 | resource | aws_s3_bucket_object | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4793 | CKV2_AWS_75 | resource | aws_s3_bucket_object_lock_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4794 | CKV2_AWS_75 | resource | aws_s3_bucket_object_lock_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4795 | CKV2_AWS_75 | resource | aws_s3_bucket_ownership_controls | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4796 | CKV2_AWS_75 | resource | aws_s3_bucket_ownership_controls | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4797 | CKV2_AWS_75 | resource | aws_s3_bucket_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4798 | CKV2_AWS_75 | resource | aws_s3_bucket_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4799 | CKV2_AWS_75 | resource | aws_s3_bucket_public_access_block | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4800 | CKV2_AWS_75 | resource | aws_s3_bucket_public_access_block | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4801 | CKV2_AWS_75 | resource | aws_s3_bucket_replication_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4802 | CKV2_AWS_75 | resource | aws_s3_bucket_replication_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4803 | CKV2_AWS_75 | resource | aws_s3_bucket_request_payment_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4804 | CKV2_AWS_75 | resource | aws_s3_bucket_request_payment_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4805 | CKV2_AWS_75 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4806 | CKV2_AWS_75 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4807 | CKV2_AWS_75 | resource | aws_s3_bucket_versioning | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4808 | CKV2_AWS_75 | resource | aws_s3_bucket_versioning | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4809 | CKV2_AWS_75 | resource | aws_s3_bucket_website_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4810 | CKV2_AWS_75 | resource | aws_s3_bucket_website_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4811 | CKV2_AWS_75 | resource | aws_s3_directory_bucket | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4812 | CKV2_AWS_75 | resource | aws_s3_directory_bucket | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4813 | CKV2_AWS_75 | resource | aws_s3_object | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4814 | CKV2_AWS_75 | resource | aws_s3_object | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4815 | CKV2_AWS_75 | resource | aws_s3_object_copy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4816 | CKV2_AWS_75 | resource | aws_s3_object_copy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4817 | CKV2_AWS_75 | resource | aws_s3control_access_grant | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4818 | CKV2_AWS_75 | resource | aws_s3control_access_grant | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4819 | CKV2_AWS_75 | resource | aws_s3control_access_grants_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4820 | CKV2_AWS_75 | resource | aws_s3control_access_grants_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4821 | CKV2_AWS_75 | resource | aws_s3control_access_grants_instance_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4822 | CKV2_AWS_75 | resource | aws_s3control_access_grants_instance_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4823 | CKV2_AWS_75 | resource | aws_s3control_access_grants_location | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4824 | CKV2_AWS_75 | resource | aws_s3control_access_grants_location | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4825 | CKV2_AWS_75 | resource | aws_s3control_access_point_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4826 | CKV2_AWS_75 | resource | aws_s3control_access_point_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4827 | CKV2_AWS_75 | resource | aws_s3control_bucket | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4828 | CKV2_AWS_75 | resource | aws_s3control_bucket | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4829 | CKV2_AWS_75 | resource | aws_s3control_bucket_lifecycle_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4830 | CKV2_AWS_75 | resource | aws_s3control_bucket_lifecycle_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4831 | CKV2_AWS_75 | resource | aws_s3control_bucket_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4832 | CKV2_AWS_75 | resource | aws_s3control_bucket_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4833 | CKV2_AWS_75 | resource | aws_s3control_multi_region_access_point | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4834 | CKV2_AWS_75 | resource | aws_s3control_multi_region_access_point | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4835 | CKV2_AWS_75 | resource | aws_s3control_multi_region_access_point_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4836 | CKV2_AWS_75 | resource | aws_s3control_multi_region_access_point_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4837 | CKV2_AWS_75 | resource | aws_s3control_object_lambda_access_point | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4838 | CKV2_AWS_75 | resource | aws_s3control_object_lambda_access_point | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4839 | CKV2_AWS_75 | resource | aws_s3control_object_lambda_access_point_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4840 | CKV2_AWS_75 | resource | aws_s3control_object_lambda_access_point_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4841 | CKV2_AWS_75 | resource | aws_s3control_storage_lens_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4842 | CKV2_AWS_75 | resource | aws_s3control_storage_lens_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4843 | CKV2_AWS_75 | resource | aws_s3outposts_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4844 | CKV2_AWS_75 | resource | aws_s3outposts_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4845 | CKV2_AWS_75 | resource | aws_s3tables_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4846 | CKV2_AWS_75 | resource | aws_s3tables_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4847 | CKV2_AWS_75 | resource | aws_s3tables_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4848 | CKV2_AWS_75 | resource | aws_s3tables_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4849 | CKV2_AWS_75 | resource | aws_s3tables_table_bucket | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4850 | CKV2_AWS_75 | resource | aws_s3tables_table_bucket | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4851 | CKV2_AWS_75 | resource | aws_s3tables_table_bucket_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4852 | CKV2_AWS_75 | resource | aws_s3tables_table_bucket_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4853 | CKV2_AWS_75 | resource | aws_s3tables_table_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4854 | CKV2_AWS_75 | resource | aws_s3tables_table_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4855 | CKV2_AWS_75 | resource | aws_sagemaker_app | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4856 | CKV2_AWS_75 | resource | aws_sagemaker_app | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4857 | CKV2_AWS_75 | resource | aws_sagemaker_app_image_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4858 | CKV2_AWS_75 | resource | aws_sagemaker_app_image_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4859 | CKV2_AWS_75 | resource | aws_sagemaker_code_repository | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4860 | CKV2_AWS_75 | resource | aws_sagemaker_code_repository | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4861 | CKV2_AWS_75 | resource | aws_sagemaker_data_quality_job_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4862 | CKV2_AWS_75 | resource | aws_sagemaker_data_quality_job_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4863 | CKV2_AWS_75 | resource | aws_sagemaker_device | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4864 | CKV2_AWS_75 | resource | aws_sagemaker_device | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4865 | CKV2_AWS_75 | resource | aws_sagemaker_device_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4866 | CKV2_AWS_75 | resource | aws_sagemaker_device_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4867 | CKV2_AWS_75 | resource | aws_sagemaker_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4868 | CKV2_AWS_75 | resource | aws_sagemaker_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4869 | CKV2_AWS_75 | resource | aws_sagemaker_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4870 | CKV2_AWS_75 | resource | aws_sagemaker_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4871 | CKV2_AWS_75 | resource | aws_sagemaker_endpoint_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4872 | CKV2_AWS_75 | resource | aws_sagemaker_endpoint_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4873 | CKV2_AWS_75 | resource | aws_sagemaker_feature_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4874 | CKV2_AWS_75 | resource | aws_sagemaker_feature_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4875 | CKV2_AWS_75 | resource | aws_sagemaker_flow_definition | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4876 | CKV2_AWS_75 | resource | aws_sagemaker_flow_definition | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4877 | CKV2_AWS_75 | resource | aws_sagemaker_hub | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4878 | CKV2_AWS_75 | resource | aws_sagemaker_hub | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4879 | CKV2_AWS_75 | resource | aws_sagemaker_human_task_ui | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4880 | CKV2_AWS_75 | resource | aws_sagemaker_human_task_ui | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4881 | CKV2_AWS_75 | resource | aws_sagemaker_image | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4882 | CKV2_AWS_75 | resource | aws_sagemaker_image | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4883 | CKV2_AWS_75 | resource | aws_sagemaker_image_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4884 | CKV2_AWS_75 | resource | aws_sagemaker_image_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4885 | CKV2_AWS_75 | resource | aws_sagemaker_mlflow_tracking_server | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4886 | CKV2_AWS_75 | resource | aws_sagemaker_mlflow_tracking_server | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4887 | CKV2_AWS_75 | resource | aws_sagemaker_model | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4888 | CKV2_AWS_75 | resource | aws_sagemaker_model | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4889 | CKV2_AWS_75 | resource | aws_sagemaker_model_package_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4890 | CKV2_AWS_75 | resource | aws_sagemaker_model_package_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4891 | CKV2_AWS_75 | resource | aws_sagemaker_model_package_group_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4892 | CKV2_AWS_75 | resource | aws_sagemaker_model_package_group_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4893 | CKV2_AWS_75 | resource | aws_sagemaker_monitoring_schedule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4894 | CKV2_AWS_75 | resource | aws_sagemaker_monitoring_schedule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4895 | CKV2_AWS_75 | resource | aws_sagemaker_notebook_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4896 | CKV2_AWS_75 | resource | aws_sagemaker_notebook_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4897 | CKV2_AWS_75 | resource | aws_sagemaker_notebook_instance_lifecycle_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4898 | CKV2_AWS_75 | resource | aws_sagemaker_notebook_instance_lifecycle_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4899 | CKV2_AWS_75 | resource | aws_sagemaker_pipeline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4900 | CKV2_AWS_75 | resource | aws_sagemaker_pipeline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4901 | CKV2_AWS_75 | resource | aws_sagemaker_project | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4902 | CKV2_AWS_75 | resource | aws_sagemaker_project | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4903 | CKV2_AWS_75 | resource | aws_sagemaker_servicecatalog_portfolio_status | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4904 | CKV2_AWS_75 | resource | aws_sagemaker_servicecatalog_portfolio_status | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4905 | CKV2_AWS_75 | resource | aws_sagemaker_space | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4906 | CKV2_AWS_75 | resource | aws_sagemaker_space | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4907 | CKV2_AWS_75 | resource | aws_sagemaker_studio_lifecycle_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4908 | CKV2_AWS_75 | resource | aws_sagemaker_studio_lifecycle_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4909 | CKV2_AWS_75 | resource | aws_sagemaker_user_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4910 | CKV2_AWS_75 | resource | aws_sagemaker_user_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4911 | CKV2_AWS_75 | resource | aws_sagemaker_workforce | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4912 | CKV2_AWS_75 | resource | aws_sagemaker_workforce | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4913 | CKV2_AWS_75 | resource | aws_sagemaker_workteam | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4914 | CKV2_AWS_75 | resource | aws_sagemaker_workteam | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4915 | CKV2_AWS_75 | resource | aws_scheduler_schedule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4916 | CKV2_AWS_75 | resource | aws_scheduler_schedule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4917 | CKV2_AWS_75 | resource | aws_scheduler_schedule_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4918 | CKV2_AWS_75 | resource | aws_scheduler_schedule_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4919 | CKV2_AWS_75 | resource | aws_schemas_discoverer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4920 | CKV2_AWS_75 | resource | aws_schemas_discoverer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4921 | CKV2_AWS_75 | resource | aws_schemas_registry | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4922 | CKV2_AWS_75 | resource | aws_schemas_registry | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4923 | CKV2_AWS_75 | resource | aws_schemas_registry_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4924 | CKV2_AWS_75 | resource | aws_schemas_registry_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4925 | CKV2_AWS_75 | resource | aws_schemas_schema | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4926 | CKV2_AWS_75 | resource | aws_schemas_schema | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4927 | CKV2_AWS_75 | resource | aws_secretsmanager_secret | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4928 | CKV2_AWS_75 | resource | aws_secretsmanager_secret | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4929 | CKV2_AWS_75 | resource | aws_secretsmanager_secret_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4930 | CKV2_AWS_75 | resource | aws_secretsmanager_secret_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4931 | CKV2_AWS_75 | resource | aws_secretsmanager_secret_rotation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4932 | CKV2_AWS_75 | resource | aws_secretsmanager_secret_rotation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4933 | CKV2_AWS_75 | resource | aws_secretsmanager_secret_version | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4934 | CKV2_AWS_75 | resource | aws_secretsmanager_secret_version | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4935 | CKV2_AWS_75 | resource | aws_security_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4936 | CKV2_AWS_75 | resource | aws_security_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4937 | CKV2_AWS_75 | resource | aws_security_group_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4938 | CKV2_AWS_75 | resource | aws_security_group_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4939 | CKV2_AWS_75 | resource | aws_securityhub_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4940 | CKV2_AWS_75 | resource | aws_securityhub_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4941 | CKV2_AWS_75 | resource | aws_securityhub_action_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4942 | CKV2_AWS_75 | resource | aws_securityhub_action_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4943 | CKV2_AWS_75 | resource | aws_securityhub_automation_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4944 | CKV2_AWS_75 | resource | aws_securityhub_automation_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4945 | CKV2_AWS_75 | resource | aws_securityhub_configuration_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4946 | CKV2_AWS_75 | resource | aws_securityhub_configuration_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4947 | CKV2_AWS_75 | resource | aws_securityhub_configuration_policy_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4948 | CKV2_AWS_75 | resource | aws_securityhub_configuration_policy_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4949 | CKV2_AWS_75 | resource | aws_securityhub_finding_aggregator | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4950 | CKV2_AWS_75 | resource | aws_securityhub_finding_aggregator | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4951 | CKV2_AWS_75 | resource | aws_securityhub_insight | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4952 | CKV2_AWS_75 | resource | aws_securityhub_insight | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4953 | CKV2_AWS_75 | resource | aws_securityhub_invite_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4954 | CKV2_AWS_75 | resource | aws_securityhub_invite_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4955 | CKV2_AWS_75 | resource | aws_securityhub_member | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4956 | CKV2_AWS_75 | resource | aws_securityhub_member | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4957 | CKV2_AWS_75 | resource | aws_securityhub_organization_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4958 | CKV2_AWS_75 | resource | aws_securityhub_organization_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4959 | CKV2_AWS_75 | resource | aws_securityhub_organization_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4960 | CKV2_AWS_75 | resource | aws_securityhub_organization_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4961 | CKV2_AWS_75 | resource | aws_securityhub_product_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4962 | CKV2_AWS_75 | resource | aws_securityhub_product_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4963 | CKV2_AWS_75 | resource | aws_securityhub_standards_control | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4964 | CKV2_AWS_75 | resource | aws_securityhub_standards_control | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4965 | CKV2_AWS_75 | resource | aws_securityhub_standards_control_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4966 | CKV2_AWS_75 | resource | aws_securityhub_standards_control_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4967 | CKV2_AWS_75 | resource | aws_securityhub_standards_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4968 | CKV2_AWS_75 | resource | aws_securityhub_standards_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4969 | CKV2_AWS_75 | resource | aws_securitylake_aws_log_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4970 | CKV2_AWS_75 | resource | aws_securitylake_aws_log_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4971 | CKV2_AWS_75 | resource | aws_securitylake_custom_log_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4972 | CKV2_AWS_75 | resource | aws_securitylake_custom_log_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4973 | CKV2_AWS_75 | resource | aws_securitylake_data_lake | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4974 | CKV2_AWS_75 | resource | aws_securitylake_data_lake | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4975 | CKV2_AWS_75 | resource | aws_securitylake_subscriber | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4976 | CKV2_AWS_75 | resource | aws_securitylake_subscriber | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4977 | CKV2_AWS_75 | resource | aws_securitylake_subscriber_notification | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4978 | CKV2_AWS_75 | resource | aws_securitylake_subscriber_notification | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4979 | CKV2_AWS_75 | resource | aws_serverlessapplicationrepository_cloudformation_stack | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4980 | CKV2_AWS_75 | resource | aws_serverlessapplicationrepository_cloudformation_stack | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4981 | CKV2_AWS_75 | resource | aws_service_discovery_http_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4982 | CKV2_AWS_75 | resource | aws_service_discovery_http_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4983 | CKV2_AWS_75 | resource | aws_service_discovery_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4984 | CKV2_AWS_75 | resource | aws_service_discovery_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4985 | CKV2_AWS_75 | resource | aws_service_discovery_private_dns_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4986 | CKV2_AWS_75 | resource | aws_service_discovery_private_dns_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4987 | CKV2_AWS_75 | resource | aws_service_discovery_public_dns_namespace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4988 | CKV2_AWS_75 | resource | aws_service_discovery_public_dns_namespace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4989 | CKV2_AWS_75 | resource | aws_service_discovery_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4990 | CKV2_AWS_75 | resource | aws_service_discovery_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4991 | CKV2_AWS_75 | resource | aws_servicecatalog_budget_resource_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4992 | CKV2_AWS_75 | resource | aws_servicecatalog_budget_resource_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4993 | CKV2_AWS_75 | resource | aws_servicecatalog_constraint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4994 | CKV2_AWS_75 | resource | aws_servicecatalog_constraint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4995 | CKV2_AWS_75 | resource | aws_servicecatalog_organizations_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4996 | CKV2_AWS_75 | resource | aws_servicecatalog_organizations_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4997 | CKV2_AWS_75 | resource | aws_servicecatalog_portfolio | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 4998 | CKV2_AWS_75 | resource | aws_servicecatalog_portfolio | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 4999 | CKV2_AWS_75 | resource | aws_servicecatalog_portfolio_share | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5000 | CKV2_AWS_75 | resource | aws_servicecatalog_portfolio_share | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5001 | CKV2_AWS_75 | resource | aws_servicecatalog_principal_portfolio_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5002 | CKV2_AWS_75 | resource | aws_servicecatalog_principal_portfolio_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5003 | CKV2_AWS_75 | resource | aws_servicecatalog_product | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5004 | CKV2_AWS_75 | resource | aws_servicecatalog_product | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5005 | CKV2_AWS_75 | resource | aws_servicecatalog_product_portfolio_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5006 | CKV2_AWS_75 | resource | aws_servicecatalog_product_portfolio_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5007 | CKV2_AWS_75 | resource | aws_servicecatalog_provisioned_product | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5008 | CKV2_AWS_75 | resource | aws_servicecatalog_provisioned_product | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5009 | CKV2_AWS_75 | resource | aws_servicecatalog_provisioning_artifact | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5010 | CKV2_AWS_75 | resource | aws_servicecatalog_provisioning_artifact | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5011 | CKV2_AWS_75 | resource | aws_servicecatalog_service_action | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5012 | CKV2_AWS_75 | resource | aws_servicecatalog_service_action | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5013 | CKV2_AWS_75 | resource | aws_servicecatalog_tag_option | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5014 | CKV2_AWS_75 | resource | aws_servicecatalog_tag_option | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5015 | CKV2_AWS_75 | resource | aws_servicecatalog_tag_option_resource_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5016 | CKV2_AWS_75 | resource | aws_servicecatalog_tag_option_resource_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5017 | CKV2_AWS_75 | resource | aws_servicecatalogappregistry_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5018 | CKV2_AWS_75 | resource | aws_servicecatalogappregistry_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5019 | CKV2_AWS_75 | resource | aws_servicecatalogappregistry_attribute_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5020 | CKV2_AWS_75 | resource | aws_servicecatalogappregistry_attribute_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5021 | CKV2_AWS_75 | resource | aws_servicecatalogappregistry_attribute_group_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5022 | CKV2_AWS_75 | resource | aws_servicecatalogappregistry_attribute_group_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5023 | CKV2_AWS_75 | resource | aws_servicequotas_service_quota | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5024 | CKV2_AWS_75 | resource | aws_servicequotas_service_quota | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5025 | CKV2_AWS_75 | resource | aws_servicequotas_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5026 | CKV2_AWS_75 | resource | aws_servicequotas_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5027 | CKV2_AWS_75 | resource | aws_servicequotas_template_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5028 | CKV2_AWS_75 | resource | aws_servicequotas_template_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5029 | CKV2_AWS_75 | resource | aws_ses_active_receipt_rule_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5030 | CKV2_AWS_75 | resource | aws_ses_active_receipt_rule_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5031 | CKV2_AWS_75 | resource | aws_ses_configuration_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5032 | CKV2_AWS_75 | resource | aws_ses_configuration_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5033 | CKV2_AWS_75 | resource | aws_ses_domain_dkim | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5034 | CKV2_AWS_75 | resource | aws_ses_domain_dkim | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5035 | CKV2_AWS_75 | resource | aws_ses_domain_identity | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5036 | CKV2_AWS_75 | resource | aws_ses_domain_identity | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5037 | CKV2_AWS_75 | resource | aws_ses_domain_identity_verification | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5038 | CKV2_AWS_75 | resource | aws_ses_domain_identity_verification | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5039 | CKV2_AWS_75 | resource | aws_ses_domain_mail_from | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5040 | CKV2_AWS_75 | resource | aws_ses_domain_mail_from | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5041 | CKV2_AWS_75 | resource | aws_ses_email_identity | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5042 | CKV2_AWS_75 | resource | aws_ses_email_identity | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5043 | CKV2_AWS_75 | resource | aws_ses_event_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5044 | CKV2_AWS_75 | resource | aws_ses_event_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5045 | CKV2_AWS_75 | resource | aws_ses_identity_notification_topic | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5046 | CKV2_AWS_75 | resource | aws_ses_identity_notification_topic | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5047 | CKV2_AWS_75 | resource | aws_ses_identity_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5048 | CKV2_AWS_75 | resource | aws_ses_identity_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5049 | CKV2_AWS_75 | resource | aws_ses_receipt_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5050 | CKV2_AWS_75 | resource | aws_ses_receipt_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5051 | CKV2_AWS_75 | resource | aws_ses_receipt_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5052 | CKV2_AWS_75 | resource | aws_ses_receipt_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5053 | CKV2_AWS_75 | resource | aws_ses_receipt_rule_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5054 | CKV2_AWS_75 | resource | aws_ses_receipt_rule_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5055 | CKV2_AWS_75 | resource | aws_ses_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5056 | CKV2_AWS_75 | resource | aws_ses_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5057 | CKV2_AWS_75 | resource | aws_sesv2_account_suppression_attributes | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5058 | CKV2_AWS_75 | resource | aws_sesv2_account_suppression_attributes | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5059 | CKV2_AWS_75 | resource | aws_sesv2_account_vdm_attributes | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5060 | CKV2_AWS_75 | resource | aws_sesv2_account_vdm_attributes | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5061 | CKV2_AWS_75 | resource | aws_sesv2_configuration_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5062 | CKV2_AWS_75 | resource | aws_sesv2_configuration_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5063 | CKV2_AWS_75 | resource | aws_sesv2_configuration_set_event_destination | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5064 | CKV2_AWS_75 | resource | aws_sesv2_configuration_set_event_destination | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5065 | CKV2_AWS_75 | resource | aws_sesv2_contact_list | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5066 | CKV2_AWS_75 | resource | aws_sesv2_contact_list | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5067 | CKV2_AWS_75 | resource | aws_sesv2_dedicated_ip_assignment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5068 | CKV2_AWS_75 | resource | aws_sesv2_dedicated_ip_assignment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5069 | CKV2_AWS_75 | resource | aws_sesv2_dedicated_ip_pool | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5070 | CKV2_AWS_75 | resource | aws_sesv2_dedicated_ip_pool | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5071 | CKV2_AWS_75 | resource | aws_sesv2_email_identity | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5072 | CKV2_AWS_75 | resource | aws_sesv2_email_identity | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5073 | CKV2_AWS_75 | resource | aws_sesv2_email_identity_feedback_attributes | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5074 | CKV2_AWS_75 | resource | aws_sesv2_email_identity_feedback_attributes | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5075 | CKV2_AWS_75 | resource | aws_sesv2_email_identity_mail_from_attributes | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5076 | CKV2_AWS_75 | resource | aws_sesv2_email_identity_mail_from_attributes | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5077 | CKV2_AWS_75 | resource | aws_sesv2_email_identity_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5078 | CKV2_AWS_75 | resource | aws_sesv2_email_identity_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5079 | CKV2_AWS_75 | resource | aws_sfn_activity | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5080 | CKV2_AWS_75 | resource | aws_sfn_activity | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5081 | CKV2_AWS_75 | resource | aws_sfn_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5082 | CKV2_AWS_75 | resource | aws_sfn_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5083 | CKV2_AWS_75 | resource | aws_sfn_state_machine | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5084 | CKV2_AWS_75 | resource | aws_sfn_state_machine | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5085 | CKV2_AWS_75 | resource | aws_shield_application_layer_automatic_response | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5086 | CKV2_AWS_75 | resource | aws_shield_application_layer_automatic_response | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5087 | CKV2_AWS_75 | resource | aws_shield_drt_access_log_bucket_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5088 | CKV2_AWS_75 | resource | aws_shield_drt_access_log_bucket_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5089 | CKV2_AWS_75 | resource | aws_shield_drt_access_role_arn_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5090 | CKV2_AWS_75 | resource | aws_shield_drt_access_role_arn_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5091 | CKV2_AWS_75 | resource | aws_shield_proactive_engagement | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5092 | CKV2_AWS_75 | resource | aws_shield_proactive_engagement | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5093 | CKV2_AWS_75 | resource | aws_shield_protection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5094 | CKV2_AWS_75 | resource | aws_shield_protection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5095 | CKV2_AWS_75 | resource | aws_shield_protection_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5096 | CKV2_AWS_75 | resource | aws_shield_protection_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5097 | CKV2_AWS_75 | resource | aws_shield_protection_health_check_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5098 | CKV2_AWS_75 | resource | aws_shield_protection_health_check_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5099 | CKV2_AWS_75 | resource | aws_shield_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5100 | CKV2_AWS_75 | resource | aws_shield_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5101 | CKV2_AWS_75 | resource | aws_signer_signing_job | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5102 | CKV2_AWS_75 | resource | aws_signer_signing_job | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5103 | CKV2_AWS_75 | resource | aws_signer_signing_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5104 | CKV2_AWS_75 | resource | aws_signer_signing_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5105 | CKV2_AWS_75 | resource | aws_signer_signing_profile_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5106 | CKV2_AWS_75 | resource | aws_signer_signing_profile_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5107 | CKV2_AWS_75 | resource | aws_simpledb_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5108 | CKV2_AWS_75 | resource | aws_simpledb_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5109 | CKV2_AWS_75 | resource | aws_snapshot_create_volume_permission | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5110 | CKV2_AWS_75 | resource | aws_snapshot_create_volume_permission | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5111 | CKV2_AWS_75 | resource | aws_sns_platform_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5112 | CKV2_AWS_75 | resource | aws_sns_platform_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5113 | CKV2_AWS_75 | resource | aws_sns_sms_preferences | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5114 | CKV2_AWS_75 | resource | aws_sns_sms_preferences | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5115 | CKV2_AWS_75 | resource | aws_sns_topic | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5116 | CKV2_AWS_75 | resource | aws_sns_topic | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5117 | CKV2_AWS_75 | resource | aws_sns_topic_data_protection_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5118 | CKV2_AWS_75 | resource | aws_sns_topic_data_protection_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5119 | CKV2_AWS_75 | resource | aws_sns_topic_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5120 | CKV2_AWS_75 | resource | aws_sns_topic_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5121 | CKV2_AWS_75 | resource | aws_sns_topic_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5122 | CKV2_AWS_75 | resource | aws_sns_topic_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5123 | CKV2_AWS_75 | resource | aws_spot_datafeed_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5124 | CKV2_AWS_75 | resource | aws_spot_datafeed_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5125 | CKV2_AWS_75 | resource | aws_spot_fleet_request | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5126 | CKV2_AWS_75 | resource | aws_spot_fleet_request | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5127 | CKV2_AWS_75 | resource | aws_spot_instance_request | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5128 | CKV2_AWS_75 | resource | aws_spot_instance_request | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5129 | CKV2_AWS_75 | resource | aws_sqs_queue | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5130 | CKV2_AWS_75 | resource | aws_sqs_queue | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5131 | CKV2_AWS_75 | resource | aws_sqs_queue_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5132 | CKV2_AWS_75 | resource | aws_sqs_queue_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5133 | CKV2_AWS_75 | resource | aws_sqs_queue_redrive_allow_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5134 | CKV2_AWS_75 | resource | aws_sqs_queue_redrive_allow_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5135 | CKV2_AWS_75 | resource | aws_sqs_queue_redrive_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5136 | CKV2_AWS_75 | resource | aws_sqs_queue_redrive_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5137 | CKV2_AWS_75 | resource | aws_ssm_activation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5138 | CKV2_AWS_75 | resource | aws_ssm_activation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5139 | CKV2_AWS_75 | resource | aws_ssm_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5140 | CKV2_AWS_75 | resource | aws_ssm_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5141 | CKV2_AWS_75 | resource | aws_ssm_default_patch_baseline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5142 | CKV2_AWS_75 | resource | aws_ssm_default_patch_baseline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5143 | CKV2_AWS_75 | resource | aws_ssm_document | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5144 | CKV2_AWS_75 | resource | aws_ssm_document | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5145 | CKV2_AWS_75 | resource | aws_ssm_maintenance_window | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5146 | CKV2_AWS_75 | resource | aws_ssm_maintenance_window | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5147 | CKV2_AWS_75 | resource | aws_ssm_maintenance_window_target | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5148 | CKV2_AWS_75 | resource | aws_ssm_maintenance_window_target | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5149 | CKV2_AWS_75 | resource | aws_ssm_maintenance_window_task | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5150 | CKV2_AWS_75 | resource | aws_ssm_maintenance_window_task | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5151 | CKV2_AWS_75 | resource | aws_ssm_parameter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5152 | CKV2_AWS_75 | resource | aws_ssm_parameter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5153 | CKV2_AWS_75 | resource | aws_ssm_patch_baseline | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5154 | CKV2_AWS_75 | resource | aws_ssm_patch_baseline | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5155 | CKV2_AWS_75 | resource | aws_ssm_patch_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5156 | CKV2_AWS_75 | resource | aws_ssm_patch_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5157 | CKV2_AWS_75 | resource | aws_ssm_resource_data_sync | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5158 | CKV2_AWS_75 | resource | aws_ssm_resource_data_sync | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5159 | CKV2_AWS_75 | resource | aws_ssm_service_setting | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5160 | CKV2_AWS_75 | resource | aws_ssm_service_setting | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5161 | CKV2_AWS_75 | resource | aws_ssmcontacts_contact | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5162 | CKV2_AWS_75 | resource | aws_ssmcontacts_contact | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5163 | CKV2_AWS_75 | resource | aws_ssmcontacts_contact_channel | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5164 | CKV2_AWS_75 | resource | aws_ssmcontacts_contact_channel | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5165 | CKV2_AWS_75 | resource | aws_ssmcontacts_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5166 | CKV2_AWS_75 | resource | aws_ssmcontacts_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5167 | CKV2_AWS_75 | resource | aws_ssmcontacts_rotation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5168 | CKV2_AWS_75 | resource | aws_ssmcontacts_rotation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5169 | CKV2_AWS_75 | resource | aws_ssmincidents_replication_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5170 | CKV2_AWS_75 | resource | aws_ssmincidents_replication_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5171 | CKV2_AWS_75 | resource | aws_ssmincidents_response_plan | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5172 | CKV2_AWS_75 | resource | aws_ssmincidents_response_plan | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5173 | CKV2_AWS_75 | resource | aws_ssmquicksetup_configuration_manager | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5174 | CKV2_AWS_75 | resource | aws_ssmquicksetup_configuration_manager | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5175 | CKV2_AWS_75 | resource | aws_ssoadmin_account_assignment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5176 | CKV2_AWS_75 | resource | aws_ssoadmin_account_assignment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5177 | CKV2_AWS_75 | resource | aws_ssoadmin_application | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5178 | CKV2_AWS_75 | resource | aws_ssoadmin_application | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5179 | CKV2_AWS_75 | resource | aws_ssoadmin_application_access_scope | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5180 | CKV2_AWS_75 | resource | aws_ssoadmin_application_access_scope | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5181 | CKV2_AWS_75 | resource | aws_ssoadmin_application_assignment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5182 | CKV2_AWS_75 | resource | aws_ssoadmin_application_assignment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5183 | CKV2_AWS_75 | resource | aws_ssoadmin_application_assignment_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5184 | CKV2_AWS_75 | resource | aws_ssoadmin_application_assignment_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5185 | CKV2_AWS_75 | resource | aws_ssoadmin_customer_managed_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5186 | CKV2_AWS_75 | resource | aws_ssoadmin_customer_managed_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5187 | CKV2_AWS_75 | resource | aws_ssoadmin_instance_access_control_attributes | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5188 | CKV2_AWS_75 | resource | aws_ssoadmin_instance_access_control_attributes | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5189 | CKV2_AWS_75 | resource | aws_ssoadmin_managed_policy_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5190 | CKV2_AWS_75 | resource | aws_ssoadmin_managed_policy_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5191 | CKV2_AWS_75 | resource | aws_ssoadmin_permission_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5192 | CKV2_AWS_75 | resource | aws_ssoadmin_permission_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5193 | CKV2_AWS_75 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5194 | CKV2_AWS_75 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5195 | CKV2_AWS_75 | resource | aws_ssoadmin_permissions_boundary_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5196 | CKV2_AWS_75 | resource | aws_ssoadmin_permissions_boundary_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5197 | CKV2_AWS_75 | resource | aws_ssoadmin_trusted_token_issuer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5198 | CKV2_AWS_75 | resource | aws_ssoadmin_trusted_token_issuer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5199 | CKV2_AWS_75 | resource | aws_storagegateway_cache | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5200 | CKV2_AWS_75 | resource | aws_storagegateway_cache | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5201 | CKV2_AWS_75 | resource | aws_storagegateway_cached_iscsi_volume | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5202 | CKV2_AWS_75 | resource | aws_storagegateway_cached_iscsi_volume | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5203 | CKV2_AWS_75 | resource | aws_storagegateway_file_system_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5204 | CKV2_AWS_75 | resource | aws_storagegateway_file_system_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5205 | CKV2_AWS_75 | resource | aws_storagegateway_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5206 | CKV2_AWS_75 | resource | aws_storagegateway_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5207 | CKV2_AWS_75 | resource | aws_storagegateway_nfs_file_share | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5208 | CKV2_AWS_75 | resource | aws_storagegateway_nfs_file_share | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5209 | CKV2_AWS_75 | resource | aws_storagegateway_smb_file_share | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5210 | CKV2_AWS_75 | resource | aws_storagegateway_smb_file_share | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5211 | CKV2_AWS_75 | resource | aws_storagegateway_stored_iscsi_volume | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5212 | CKV2_AWS_75 | resource | aws_storagegateway_stored_iscsi_volume | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5213 | CKV2_AWS_75 | resource | aws_storagegateway_tape_pool | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5214 | CKV2_AWS_75 | resource | aws_storagegateway_tape_pool | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5215 | CKV2_AWS_75 | resource | aws_storagegateway_upload_buffer | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5216 | CKV2_AWS_75 | resource | aws_storagegateway_upload_buffer | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5217 | CKV2_AWS_75 | resource | aws_storagegateway_working_storage | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5218 | CKV2_AWS_75 | resource | aws_storagegateway_working_storage | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5219 | CKV2_AWS_75 | resource | aws_subnet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5220 | CKV2_AWS_75 | resource | aws_subnet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5221 | CKV2_AWS_75 | resource | aws_swf_domain | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5222 | CKV2_AWS_75 | resource | aws_swf_domain | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5223 | CKV2_AWS_75 | resource | aws_synthetics_canary | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5224 | CKV2_AWS_75 | resource | aws_synthetics_canary | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5225 | CKV2_AWS_75 | resource | aws_synthetics_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5226 | CKV2_AWS_75 | resource | aws_synthetics_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5227 | CKV2_AWS_75 | resource | aws_synthetics_group_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5228 | CKV2_AWS_75 | resource | aws_synthetics_group_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5229 | CKV2_AWS_75 | resource | aws_timestreaminfluxdb_db_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5230 | CKV2_AWS_75 | resource | aws_timestreaminfluxdb_db_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5231 | CKV2_AWS_75 | resource | aws_timestreamquery_scheduled_query | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5232 | CKV2_AWS_75 | resource | aws_timestreamquery_scheduled_query | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5233 | CKV2_AWS_75 | resource | aws_timestreamwrite_database | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5234 | CKV2_AWS_75 | resource | aws_timestreamwrite_database | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5235 | CKV2_AWS_75 | resource | aws_timestreamwrite_table | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5236 | CKV2_AWS_75 | resource | aws_timestreamwrite_table | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5237 | CKV2_AWS_75 | resource | aws_transcribe_language_model | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5238 | CKV2_AWS_75 | resource | aws_transcribe_language_model | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5239 | CKV2_AWS_75 | resource | aws_transcribe_medical_vocabulary | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5240 | CKV2_AWS_75 | resource | aws_transcribe_medical_vocabulary | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5241 | CKV2_AWS_75 | resource | aws_transcribe_vocabulary | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5242 | CKV2_AWS_75 | resource | aws_transcribe_vocabulary | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5243 | CKV2_AWS_75 | resource | aws_transcribe_vocabulary_filter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5244 | CKV2_AWS_75 | resource | aws_transcribe_vocabulary_filter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5245 | CKV2_AWS_75 | resource | aws_transfer_access | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5246 | CKV2_AWS_75 | resource | aws_transfer_access | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5247 | CKV2_AWS_75 | resource | aws_transfer_agreement | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5248 | CKV2_AWS_75 | resource | aws_transfer_agreement | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5249 | CKV2_AWS_75 | resource | aws_transfer_certificate | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5250 | CKV2_AWS_75 | resource | aws_transfer_certificate | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5251 | CKV2_AWS_75 | resource | aws_transfer_connector | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5252 | CKV2_AWS_75 | resource | aws_transfer_connector | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5253 | CKV2_AWS_75 | resource | aws_transfer_profile | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5254 | CKV2_AWS_75 | resource | aws_transfer_profile | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5255 | CKV2_AWS_75 | resource | aws_transfer_server | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5256 | CKV2_AWS_75 | resource | aws_transfer_server | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5257 | CKV2_AWS_75 | resource | aws_transfer_ssh_key | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5258 | CKV2_AWS_75 | resource | aws_transfer_ssh_key | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5259 | CKV2_AWS_75 | resource | aws_transfer_tag | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5260 | CKV2_AWS_75 | resource | aws_transfer_tag | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5261 | CKV2_AWS_75 | resource | aws_transfer_user | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5262 | CKV2_AWS_75 | resource | aws_transfer_user | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5263 | CKV2_AWS_75 | resource | aws_transfer_workflow | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5264 | CKV2_AWS_75 | resource | aws_transfer_workflow | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5265 | CKV2_AWS_75 | resource | aws_verifiedaccess_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5266 | CKV2_AWS_75 | resource | aws_verifiedaccess_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5267 | CKV2_AWS_75 | resource | aws_verifiedaccess_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5268 | CKV2_AWS_75 | resource | aws_verifiedaccess_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5269 | CKV2_AWS_75 | resource | aws_verifiedaccess_instance | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5270 | CKV2_AWS_75 | resource | aws_verifiedaccess_instance | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5271 | CKV2_AWS_75 | resource | aws_verifiedaccess_instance_logging_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5272 | CKV2_AWS_75 | resource | aws_verifiedaccess_instance_logging_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5273 | CKV2_AWS_75 | resource | aws_verifiedaccess_instance_trust_provider_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5274 | CKV2_AWS_75 | resource | aws_verifiedaccess_instance_trust_provider_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5275 | CKV2_AWS_75 | resource | aws_verifiedaccess_trust_provider | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5276 | CKV2_AWS_75 | resource | aws_verifiedaccess_trust_provider | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5277 | CKV2_AWS_75 | resource | aws_verifiedpermissions_identity_source | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5278 | CKV2_AWS_75 | resource | aws_verifiedpermissions_identity_source | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5279 | CKV2_AWS_75 | resource | aws_verifiedpermissions_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5280 | CKV2_AWS_75 | resource | aws_verifiedpermissions_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5281 | CKV2_AWS_75 | resource | aws_verifiedpermissions_policy_store | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5282 | CKV2_AWS_75 | resource | aws_verifiedpermissions_policy_store | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5283 | CKV2_AWS_75 | resource | aws_verifiedpermissions_policy_template | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5284 | CKV2_AWS_75 | resource | aws_verifiedpermissions_policy_template | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5285 | CKV2_AWS_75 | resource | aws_verifiedpermissions_schema | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5286 | CKV2_AWS_75 | resource | aws_verifiedpermissions_schema | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5287 | CKV2_AWS_75 | resource | aws_volume_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5288 | CKV2_AWS_75 | resource | aws_volume_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5289 | CKV2_AWS_75 | resource | aws_vpc | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5290 | CKV2_AWS_75 | resource | aws_vpc | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5291 | CKV2_AWS_75 | resource | aws_vpc_block_public_access_exclusion | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5292 | CKV2_AWS_75 | resource | aws_vpc_block_public_access_exclusion | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5293 | CKV2_AWS_75 | resource | aws_vpc_block_public_access_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5294 | CKV2_AWS_75 | resource | aws_vpc_block_public_access_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5295 | CKV2_AWS_75 | resource | aws_vpc_dhcp_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5296 | CKV2_AWS_75 | resource | aws_vpc_dhcp_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5297 | CKV2_AWS_75 | resource | aws_vpc_dhcp_options_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5298 | CKV2_AWS_75 | resource | aws_vpc_dhcp_options_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5299 | CKV2_AWS_75 | resource | aws_vpc_endpoint | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5300 | CKV2_AWS_75 | resource | aws_vpc_endpoint | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5301 | CKV2_AWS_75 | resource | aws_vpc_endpoint_connection_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5302 | CKV2_AWS_75 | resource | aws_vpc_endpoint_connection_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5303 | CKV2_AWS_75 | resource | aws_vpc_endpoint_connection_notification | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5304 | CKV2_AWS_75 | resource | aws_vpc_endpoint_connection_notification | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5305 | CKV2_AWS_75 | resource | aws_vpc_endpoint_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5306 | CKV2_AWS_75 | resource | aws_vpc_endpoint_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5307 | CKV2_AWS_75 | resource | aws_vpc_endpoint_private_dns | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5308 | CKV2_AWS_75 | resource | aws_vpc_endpoint_private_dns | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5309 | CKV2_AWS_75 | resource | aws_vpc_endpoint_route_table_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5310 | CKV2_AWS_75 | resource | aws_vpc_endpoint_route_table_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5311 | CKV2_AWS_75 | resource | aws_vpc_endpoint_security_group_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5312 | CKV2_AWS_75 | resource | aws_vpc_endpoint_security_group_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5313 | CKV2_AWS_75 | resource | aws_vpc_endpoint_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5314 | CKV2_AWS_75 | resource | aws_vpc_endpoint_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5315 | CKV2_AWS_75 | resource | aws_vpc_endpoint_service_allowed_principal | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5316 | CKV2_AWS_75 | resource | aws_vpc_endpoint_service_allowed_principal | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5317 | CKV2_AWS_75 | resource | aws_vpc_endpoint_service_private_dns_verification | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5318 | CKV2_AWS_75 | resource | aws_vpc_endpoint_service_private_dns_verification | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5319 | CKV2_AWS_75 | resource | aws_vpc_endpoint_subnet_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5320 | CKV2_AWS_75 | resource | aws_vpc_endpoint_subnet_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5321 | CKV2_AWS_75 | resource | aws_vpc_ipam | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5322 | CKV2_AWS_75 | resource | aws_vpc_ipam | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5323 | CKV2_AWS_75 | resource | aws_vpc_ipam_organization_admin_account | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5324 | CKV2_AWS_75 | resource | aws_vpc_ipam_organization_admin_account | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5325 | CKV2_AWS_75 | resource | aws_vpc_ipam_pool | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5326 | CKV2_AWS_75 | resource | aws_vpc_ipam_pool | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5327 | CKV2_AWS_75 | resource | aws_vpc_ipam_pool_cidr | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5328 | CKV2_AWS_75 | resource | aws_vpc_ipam_pool_cidr | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5329 | CKV2_AWS_75 | resource | aws_vpc_ipam_pool_cidr_allocation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5330 | CKV2_AWS_75 | resource | aws_vpc_ipam_pool_cidr_allocation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5331 | CKV2_AWS_75 | resource | aws_vpc_ipam_preview_next_cidr | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5332 | CKV2_AWS_75 | resource | aws_vpc_ipam_preview_next_cidr | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5333 | CKV2_AWS_75 | resource | aws_vpc_ipam_resource_discovery | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5334 | CKV2_AWS_75 | resource | aws_vpc_ipam_resource_discovery | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5335 | CKV2_AWS_75 | resource | aws_vpc_ipam_resource_discovery_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5336 | CKV2_AWS_75 | resource | aws_vpc_ipam_resource_discovery_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5337 | CKV2_AWS_75 | resource | aws_vpc_ipam_scope | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5338 | CKV2_AWS_75 | resource | aws_vpc_ipam_scope | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5339 | CKV2_AWS_75 | resource | aws_vpc_ipv4_cidr_block_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5340 | CKV2_AWS_75 | resource | aws_vpc_ipv4_cidr_block_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5341 | CKV2_AWS_75 | resource | aws_vpc_ipv6_cidr_block_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5342 | CKV2_AWS_75 | resource | aws_vpc_ipv6_cidr_block_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5343 | CKV2_AWS_75 | resource | aws_vpc_network_performance_metric_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5344 | CKV2_AWS_75 | resource | aws_vpc_network_performance_metric_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5345 | CKV2_AWS_75 | resource | aws_vpc_peering_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5346 | CKV2_AWS_75 | resource | aws_vpc_peering_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5347 | CKV2_AWS_75 | resource | aws_vpc_peering_connection_accepter | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5348 | CKV2_AWS_75 | resource | aws_vpc_peering_connection_accepter | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5349 | CKV2_AWS_75 | resource | aws_vpc_peering_connection_options | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5350 | CKV2_AWS_75 | resource | aws_vpc_peering_connection_options | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5351 | CKV2_AWS_75 | resource | aws_vpc_security_group_egress_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5352 | CKV2_AWS_75 | resource | aws_vpc_security_group_egress_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5353 | CKV2_AWS_75 | resource | aws_vpc_security_group_ingress_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5354 | CKV2_AWS_75 | resource | aws_vpc_security_group_ingress_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5355 | CKV2_AWS_75 | resource | aws_vpc_security_group_vpc_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5356 | CKV2_AWS_75 | resource | aws_vpc_security_group_vpc_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5357 | CKV2_AWS_75 | resource | aws_vpclattice_access_log_subscription | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5358 | CKV2_AWS_75 | resource | aws_vpclattice_access_log_subscription | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5359 | CKV2_AWS_75 | resource | aws_vpclattice_auth_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5360 | CKV2_AWS_75 | resource | aws_vpclattice_auth_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5361 | CKV2_AWS_75 | resource | aws_vpclattice_listener | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5362 | CKV2_AWS_75 | resource | aws_vpclattice_listener | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5363 | CKV2_AWS_75 | resource | aws_vpclattice_listener_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5364 | CKV2_AWS_75 | resource | aws_vpclattice_listener_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5365 | CKV2_AWS_75 | resource | aws_vpclattice_resource_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5366 | CKV2_AWS_75 | resource | aws_vpclattice_resource_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5367 | CKV2_AWS_75 | resource | aws_vpclattice_resource_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5368 | CKV2_AWS_75 | resource | aws_vpclattice_resource_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5369 | CKV2_AWS_75 | resource | aws_vpclattice_resource_policy | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5370 | CKV2_AWS_75 | resource | aws_vpclattice_resource_policy | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5371 | CKV2_AWS_75 | resource | aws_vpclattice_service | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5372 | CKV2_AWS_75 | resource | aws_vpclattice_service | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5373 | CKV2_AWS_75 | resource | aws_vpclattice_service_network | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5374 | CKV2_AWS_75 | resource | aws_vpclattice_service_network | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5375 | CKV2_AWS_75 | resource | aws_vpclattice_service_network_resource_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5376 | CKV2_AWS_75 | resource | aws_vpclattice_service_network_resource_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5377 | CKV2_AWS_75 | resource | aws_vpclattice_service_network_service_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5378 | CKV2_AWS_75 | resource | aws_vpclattice_service_network_service_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5379 | CKV2_AWS_75 | resource | aws_vpclattice_service_network_vpc_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5380 | CKV2_AWS_75 | resource | aws_vpclattice_service_network_vpc_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5381 | CKV2_AWS_75 | resource | aws_vpclattice_target_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5382 | CKV2_AWS_75 | resource | aws_vpclattice_target_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5383 | CKV2_AWS_75 | resource | aws_vpclattice_target_group_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5384 | CKV2_AWS_75 | resource | aws_vpclattice_target_group_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5385 | CKV2_AWS_75 | resource | aws_vpn_connection | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5386 | CKV2_AWS_75 | resource | aws_vpn_connection | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5387 | CKV2_AWS_75 | resource | aws_vpn_connection_route | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5388 | CKV2_AWS_75 | resource | aws_vpn_connection_route | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5389 | CKV2_AWS_75 | resource | aws_vpn_gateway | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5390 | CKV2_AWS_75 | resource | aws_vpn_gateway | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5391 | CKV2_AWS_75 | resource | aws_vpn_gateway_attachment | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5392 | CKV2_AWS_75 | resource | aws_vpn_gateway_attachment | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5393 | CKV2_AWS_75 | resource | aws_vpn_gateway_route_propagation | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5394 | CKV2_AWS_75 | resource | aws_vpn_gateway_route_propagation | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5395 | CKV2_AWS_75 | resource | aws_waf_byte_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5396 | CKV2_AWS_75 | resource | aws_waf_byte_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5397 | CKV2_AWS_75 | resource | aws_waf_geo_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5398 | CKV2_AWS_75 | resource | aws_waf_geo_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5399 | CKV2_AWS_75 | resource | aws_waf_ipset | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5400 | CKV2_AWS_75 | resource | aws_waf_ipset | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5401 | CKV2_AWS_75 | resource | aws_waf_rate_based_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5402 | CKV2_AWS_75 | resource | aws_waf_rate_based_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5403 | CKV2_AWS_75 | resource | aws_waf_regex_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5404 | CKV2_AWS_75 | resource | aws_waf_regex_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5405 | CKV2_AWS_75 | resource | aws_waf_regex_pattern_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5406 | CKV2_AWS_75 | resource | aws_waf_regex_pattern_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5407 | CKV2_AWS_75 | resource | aws_waf_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5408 | CKV2_AWS_75 | resource | aws_waf_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5409 | CKV2_AWS_75 | resource | aws_waf_rule_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5410 | CKV2_AWS_75 | resource | aws_waf_rule_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5411 | CKV2_AWS_75 | resource | aws_waf_size_constraint_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5412 | CKV2_AWS_75 | resource | aws_waf_size_constraint_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5413 | CKV2_AWS_75 | resource | aws_waf_sql_injection_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5414 | CKV2_AWS_75 | resource | aws_waf_sql_injection_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5415 | CKV2_AWS_75 | resource | aws_waf_web_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5416 | CKV2_AWS_75 | resource | aws_waf_web_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5417 | CKV2_AWS_75 | resource | aws_waf_xss_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5418 | CKV2_AWS_75 | resource | aws_waf_xss_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5419 | CKV2_AWS_75 | resource | aws_wafregional_byte_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5420 | CKV2_AWS_75 | resource | aws_wafregional_byte_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5421 | CKV2_AWS_75 | resource | aws_wafregional_geo_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5422 | CKV2_AWS_75 | resource | aws_wafregional_geo_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5423 | CKV2_AWS_75 | resource | aws_wafregional_ipset | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5424 | CKV2_AWS_75 | resource | aws_wafregional_ipset | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5425 | CKV2_AWS_75 | resource | aws_wafregional_rate_based_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5426 | CKV2_AWS_75 | resource | aws_wafregional_rate_based_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5427 | CKV2_AWS_75 | resource | aws_wafregional_regex_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5428 | CKV2_AWS_75 | resource | aws_wafregional_regex_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5429 | CKV2_AWS_75 | resource | aws_wafregional_regex_pattern_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5430 | CKV2_AWS_75 | resource | aws_wafregional_regex_pattern_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5431 | CKV2_AWS_75 | resource | aws_wafregional_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5432 | CKV2_AWS_75 | resource | aws_wafregional_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5433 | CKV2_AWS_75 | resource | aws_wafregional_rule_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5434 | CKV2_AWS_75 | resource | aws_wafregional_rule_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5435 | CKV2_AWS_75 | resource | aws_wafregional_size_constraint_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5436 | CKV2_AWS_75 | resource | aws_wafregional_size_constraint_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5437 | CKV2_AWS_75 | resource | aws_wafregional_sql_injection_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5438 | CKV2_AWS_75 | resource | aws_wafregional_sql_injection_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5439 | CKV2_AWS_75 | resource | aws_wafregional_web_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5440 | CKV2_AWS_75 | resource | aws_wafregional_web_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5441 | CKV2_AWS_75 | resource | aws_wafregional_web_acl_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5442 | CKV2_AWS_75 | resource | aws_wafregional_web_acl_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5443 | CKV2_AWS_75 | resource | aws_wafregional_xss_match_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5444 | CKV2_AWS_75 | resource | aws_wafregional_xss_match_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5445 | CKV2_AWS_75 | resource | aws_wafv2_ip_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5446 | CKV2_AWS_75 | resource | aws_wafv2_ip_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5447 | CKV2_AWS_75 | resource | aws_wafv2_regex_pattern_set | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5448 | CKV2_AWS_75 | resource | aws_wafv2_regex_pattern_set | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5449 | CKV2_AWS_75 | resource | aws_wafv2_rule_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5450 | CKV2_AWS_75 | resource | aws_wafv2_rule_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5451 | CKV2_AWS_75 | resource | aws_wafv2_web_acl | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5452 | CKV2_AWS_75 | resource | aws_wafv2_web_acl | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5453 | CKV2_AWS_75 | resource | aws_wafv2_web_acl_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5454 | CKV2_AWS_75 | resource | aws_wafv2_web_acl_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5455 | CKV2_AWS_75 | resource | aws_wafv2_web_acl_logging_configuration | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5456 | CKV2_AWS_75 | resource | aws_wafv2_web_acl_logging_configuration | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5457 | CKV2_AWS_75 | resource | aws_worklink_fleet | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5458 | CKV2_AWS_75 | resource | aws_worklink_fleet | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5459 | CKV2_AWS_75 | resource | aws_worklink_website_certificate_authority_association | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5460 | CKV2_AWS_75 | resource | aws_worklink_website_certificate_authority_association | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5461 | CKV2_AWS_75 | resource | aws_workspaces_connection_alias | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5462 | CKV2_AWS_75 | resource | aws_workspaces_connection_alias | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5463 | CKV2_AWS_75 | resource | aws_workspaces_directory | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5464 | CKV2_AWS_75 | resource | aws_workspaces_directory | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5465 | CKV2_AWS_75 | resource | aws_workspaces_ip_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5466 | CKV2_AWS_75 | resource | aws_workspaces_ip_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5467 | CKV2_AWS_75 | resource | aws_workspaces_workspace | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5468 | CKV2_AWS_75 | resource | aws_workspaces_workspace | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5469 | CKV2_AWS_75 | resource | aws_xray_encryption_config | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5470 | CKV2_AWS_75 | resource | aws_xray_encryption_config | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5471 | CKV2_AWS_75 | resource | aws_xray_group | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5472 | CKV2_AWS_75 | resource | aws_xray_group | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5473 | CKV2_AWS_75 | resource | aws_xray_sampling_rule | Ensure no open CORS policy | Terraform | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/LambdaOpenCorsPolicy.yaml) | | 5474 | CKV2_AWS_75 | resource | aws_xray_sampling_rule | Ensure no open CORS policy | Cloudformation | [LambdaOpenCorsPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/cloudformation/checks/graph_checks/LambdaOpenCorsPolicy.yaml) | | 5475 | CKV2_AWS_76 | resource | aws_alb | Ensure AWS ALB attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [ALBWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5476 | CKV2_AWS_76 | resource | aws_lb | Ensure AWS ALB attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [ALBWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5477 | CKV2_AWS_76 | resource | aws_wafv2_web_acl | Ensure AWS ALB attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [ALBWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ALBWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5478 | CKV2_AWS_77 | resource | aws_api_gateway_stage | Ensure AWS API Gateway Rest API attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [APIGatewayWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5479 | CKV2_AWS_77 | resource | aws_apigatewayv2_api | Ensure AWS API Gateway Rest API attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [APIGatewayWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5480 | CKV2_AWS_77 | resource | aws_wafv2_web_acl | Ensure AWS API Gateway Rest API attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [APIGatewayWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5481 | CKV2_AWS_78 | resource | aws_appsync_graphql_api | Ensure AWS AppSync attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [AppsyncWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AppsyncWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5482 | CKV2_AWS_78 | resource | aws_wafv2_web_acl | Ensure AWS AppSync attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability | Terraform | [AppsyncWebACLConfiguredWIthLog4jVulnerability.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/AppsyncWebACLConfiguredWIthLog4jVulnerability.yaml) | | 5483 | CKV_AZURE_1 | resource | Microsoft.Compute/virtualMachines | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | arm | [AzureInstancePassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureInstancePassword.py) | | 5484 | CKV_AZURE_1 | resource | Microsoft.Compute/virtualMachines | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | Bicep | [AzureInstancePassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureInstancePassword.py) | | 5485 | CKV_AZURE_1 | resource | azurerm_linux_virtual_machine | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | Terraform | [AzureInstancePassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureInstancePassword.py) | | 5486 | CKV_AZURE_1 | resource | azurerm_virtual_machine | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | Terraform | [AzureInstancePassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureInstancePassword.py) | | 5487 | CKV_AZURE_2 | resource | Microsoft.Compute/disks | Ensure Azure managed disk have encryption enabled | arm | [AzureManagedDiscEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureManagedDiscEncryption.py) | | 5488 | CKV_AZURE_2 | resource | Microsoft.Compute/disks | Ensure Azure managed disk have encryption enabled | Bicep | [AzureManagedDiscEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureManagedDiscEncryption.py) | | 5489 | CKV_AZURE_2 | resource | azurerm_managed_disk | Ensure Azure managed disk has encryption enabled | Terraform | [AzureManagedDiskEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureManagedDiskEncryption.py) | | 5490 | CKV_AZURE_3 | resource | Microsoft.Storage/storageAccounts | Ensure that 'supportsHttpsTrafficOnly' is set to 'true' | arm | [StorageAccountsTransportEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountsTransportEncryption.py) | | 5491 | CKV_AZURE_3 | resource | Microsoft.Storage/storageAccounts | Ensure that 'supportsHttpsTrafficOnly' is set to 'true' | Bicep | [StorageAccountsTransportEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/resource/azure/StorageAccountsTransportEncryption.py) | | 5492 | CKV_AZURE_3 | resource | azurerm_storage_account | Ensure that 'enable_https_traffic_only' is enabled | Terraform | [StorageAccountsTransportEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountsTransportEncryption.py) | | 5493 | CKV_AZURE_4 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS logging to Azure Monitoring is Configured | arm | [AKSLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSLoggingEnabled.py) | | 5494 | CKV_AZURE_4 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS logging to Azure Monitoring is Configured | Bicep | [AKSLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSLoggingEnabled.py) | | 5495 | CKV_AZURE_4 | resource | azurerm_kubernetes_cluster | Ensure AKS logging to Azure Monitoring is Configured | Terraform | [AKSLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSLoggingEnabled.py) | | 5496 | CKV_AZURE_5 | resource | Microsoft.ContainerService/managedClusters | Ensure RBAC is enabled on AKS clusters | arm | [AKSRbacEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSRbacEnabled.py) | | 5497 | CKV_AZURE_5 | resource | Microsoft.ContainerService/managedClusters | Ensure RBAC is enabled on AKS clusters | Bicep | [AKSRbacEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSRbacEnabled.py) | | 5498 | CKV_AZURE_5 | resource | azurerm_kubernetes_cluster | Ensure RBAC is enabled on AKS clusters | Terraform | [AKSRbacEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSRbacEnabled.py) | | 5499 | CKV_AZURE_6 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS has an API Server Authorized IP Ranges enabled | arm | [AKSApiServerAuthorizedIpRanges.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSApiServerAuthorizedIpRanges.py) | | 5500 | CKV_AZURE_6 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS has an API Server Authorized IP Ranges enabled | Bicep | [AKSApiServerAuthorizedIpRanges.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSApiServerAuthorizedIpRanges.py) | | 5501 | CKV_AZURE_6 | resource | azurerm_kubernetes_cluster | Ensure AKS has an API Server Authorized IP Ranges enabled | Terraform | [AKSApiServerAuthorizedIpRanges.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSApiServerAuthorizedIpRanges.py) | | 5502 | CKV_AZURE_7 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS cluster has Network Policy configured | arm | [AKSNetworkPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSNetworkPolicy.py) | | 5503 | CKV_AZURE_7 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS cluster has Network Policy configured | Bicep | [AKSNetworkPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSNetworkPolicy.py) | | 5504 | CKV_AZURE_7 | resource | azurerm_kubernetes_cluster | Ensure AKS cluster has Network Policy configured | Terraform | [AKSNetworkPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSNetworkPolicy.py) | | 5505 | CKV_AZURE_8 | resource | Microsoft.ContainerService/managedClusters | Ensure Kubernetes Dashboard is disabled | arm | [AKSDashboardDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSDashboardDisabled.py) | | 5506 | CKV_AZURE_8 | resource | Microsoft.ContainerService/managedClusters | Ensure Kubernetes Dashboard is disabled | Bicep | [AKSDashboardDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSDashboardDisabled.py) | | 5507 | CKV_AZURE_8 | resource | azurerm_kubernetes_cluster | Ensure Kubernetes Dashboard is disabled | Terraform | [AKSDashboardDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSDashboardDisabled.py) | | 5508 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups | Ensure that RDP access is restricted from the internet | arm | [NSGRuleRDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleRDPAccessRestricted.py) | | 5509 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups | Ensure that RDP access is restricted from the internet | Bicep | [NSGRuleRDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleRDPAccessRestricted.py) | | 5510 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that RDP access is restricted from the internet | arm | [NSGRuleRDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleRDPAccessRestricted.py) | | 5511 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that RDP access is restricted from the internet | Bicep | [NSGRuleRDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleRDPAccessRestricted.py) | | 5512 | CKV_AZURE_9 | resource | azurerm_network_security_group | Ensure that RDP access is restricted from the internet | Terraform | [NSGRuleRDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleRDPAccessRestricted.py) | | 5513 | CKV_AZURE_9 | resource | azurerm_network_security_rule | Ensure that RDP access is restricted from the internet | Terraform | [NSGRuleRDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleRDPAccessRestricted.py) | | 5514 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups | Ensure that SSH access is restricted from the internet | arm | [NSGRuleSSHAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleSSHAccessRestricted.py) | | 5515 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups | Ensure that SSH access is restricted from the internet | Bicep | [NSGRuleSSHAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleSSHAccessRestricted.py) | | 5516 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that SSH access is restricted from the internet | arm | [NSGRuleSSHAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleSSHAccessRestricted.py) | | 5517 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that SSH access is restricted from the internet | Bicep | [NSGRuleSSHAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleSSHAccessRestricted.py) | | 5518 | CKV_AZURE_10 | resource | azurerm_network_security_group | Ensure that SSH access is restricted from the internet | Terraform | [NSGRuleSSHAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleSSHAccessRestricted.py) | | 5519 | CKV_AZURE_10 | resource | azurerm_network_security_rule | Ensure that SSH access is restricted from the internet | Terraform | [NSGRuleSSHAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleSSHAccessRestricted.py) | | 5520 | CKV_AZURE_11 | resource | Microsoft.Sql/servers | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | arm | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerNoPublicAccess.py) | | 5521 | CKV_AZURE_11 | resource | Microsoft.Sql/servers | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Bicep | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerNoPublicAccess.py) | | 5522 | CKV_AZURE_11 | resource | azurerm_mariadb_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py) | | 5523 | CKV_AZURE_11 | resource | azurerm_mssql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py) | | 5524 | CKV_AZURE_11 | resource | azurerm_mysql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py) | | 5525 | CKV_AZURE_11 | resource | azurerm_mysql_flexible_server_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py) | | 5526 | CKV_AZURE_11 | resource | azurerm_postgresql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py) | | 5527 | CKV_AZURE_11 | resource | azurerm_sql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform | [SQLServerNoPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerNoPublicAccess.py) | | 5528 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5529 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5530 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5531 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5532 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5533 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5534 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5535 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NetworkWatcherFlowLogPeriod.py) | | 5536 | CKV_AZURE_12 | resource | azurerm_network_watcher_flow_log | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Terraform | [NetworkWatcherFlowLogPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NetworkWatcherFlowLogPeriod.py) | | 5537 | CKV_AZURE_13 | resource | Microsoft.Web/sites/config | Ensure App Service Authentication is set on Azure App Service | arm | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceAuthentication.py) | | 5538 | CKV_AZURE_13 | resource | Microsoft.Web/sites/config | Ensure App Service Authentication is set on Azure App Service | Bicep | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceAuthentication.py) | | 5539 | CKV_AZURE_13 | resource | azurerm_app_service | Ensure App Service Authentication is set on Azure App Service | Terraform | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceAuthentication.py) | | 5540 | CKV_AZURE_13 | resource | azurerm_linux_web_app | Ensure App Service Authentication is set on Azure App Service | Terraform | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceAuthentication.py) | | 5541 | CKV_AZURE_13 | resource | azurerm_windows_web_app | Ensure App Service Authentication is set on Azure App Service | Terraform | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceAuthentication.py) | | 5542 | CKV_AZURE_13 | resource | config | Ensure App Service Authentication is set on Azure App Service | arm | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceAuthentication.py) | | 5543 | CKV_AZURE_13 | resource | config | Ensure App Service Authentication is set on Azure App Service | Bicep | [AppServiceAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceAuthentication.py) | | 5544 | CKV_AZURE_14 | resource | Microsoft.Web/sites | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | arm | [AppServiceHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceHTTPSOnly.py) | | 5545 | CKV_AZURE_14 | resource | Microsoft.Web/sites | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | Bicep | [AppServiceHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceHTTPSOnly.py) | | 5546 | CKV_AZURE_14 | resource | azurerm_app_service | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | Terraform | [AppServiceHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHTTPSOnly.py) | | 5547 | CKV_AZURE_14 | resource | azurerm_linux_web_app | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | Terraform | [AppServiceHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHTTPSOnly.py) | | 5548 | CKV_AZURE_14 | resource | azurerm_windows_web_app | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | Terraform | [AppServiceHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHTTPSOnly.py) | | 5549 | CKV_AZURE_15 | resource | Microsoft.Web/sites | Ensure web app is using the latest version of TLS encryption | arm | [AppServiceMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceMinTLSVersion.py) | | 5550 | CKV_AZURE_15 | resource | Microsoft.Web/sites | Ensure web app is using the latest version of TLS encryption | Bicep | [AppServiceMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceMinTLSVersion.py) | | 5551 | CKV_AZURE_15 | resource | azurerm_app_service | Ensure web app is using the latest version of TLS encryption | Terraform | [AppServiceMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py) | | 5552 | CKV_AZURE_15 | resource | azurerm_linux_web_app | Ensure web app is using the latest version of TLS encryption | Terraform | [AppServiceMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py) | | 5553 | CKV_AZURE_15 | resource | azurerm_windows_web_app | Ensure web app is using the latest version of TLS encryption | Terraform | [AppServiceMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py) | | 5554 | CKV_AZURE_16 | resource | Microsoft.Web/sites | Ensure that Register with Azure Active Directory is enabled on App Service | arm | [AppServiceIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceIdentity.py) | | 5555 | CKV_AZURE_16 | resource | Microsoft.Web/sites | Ensure that Register with Azure Active Directory is enabled on App Service | Bicep | [AppServiceIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceIdentity.py) | | 5556 | CKV_AZURE_16 | resource | azurerm_app_service | Ensure that Register with Azure Active Directory is enabled on App Service | Terraform | [AppServiceIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceIdentity.py) | | 5557 | CKV_AZURE_16 | resource | azurerm_linux_web_app | Ensure that Register with Azure Active Directory is enabled on App Service | Terraform | [AppServiceIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceIdentity.py) | | 5558 | CKV_AZURE_16 | resource | azurerm_windows_web_app | Ensure that Register with Azure Active Directory is enabled on App Service | Terraform | [AppServiceIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceIdentity.py) | | 5559 | CKV_AZURE_17 | resource | Microsoft.Web/sites | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | arm | [AppServiceClientCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceClientCertificate.py) | | 5560 | CKV_AZURE_17 | resource | Microsoft.Web/sites | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | Bicep | [AppServiceClientCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceClientCertificate.py) | | 5561 | CKV_AZURE_17 | resource | azurerm_app_service | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | Terraform | [AppServiceClientCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceClientCertificate.py) | | 5562 | CKV_AZURE_17 | resource | azurerm_linux_web_app | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | Terraform | [AppServiceClientCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceClientCertificate.py) | | 5563 | CKV_AZURE_17 | resource | azurerm_windows_web_app | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | Terraform | [AppServiceClientCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceClientCertificate.py) | | 5564 | CKV_AZURE_18 | resource | Microsoft.Web/sites | Ensure that 'HTTP Version' is the latest if used to run the web app | arm | [AppServiceHttps20Enabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceHttps20Enabled.py) | | 5565 | CKV_AZURE_18 | resource | Microsoft.Web/sites | Ensure that 'HTTP Version' is the latest if used to run the web app | Bicep | [AppServiceHttps20Enabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceHttps20Enabled.py) | | 5566 | CKV_AZURE_18 | resource | azurerm_app_service | Ensure that 'HTTP Version' is the latest if used to run the web app | Terraform | [AppServiceHttps20Enabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHttps20Enabled.py) | | 5567 | CKV_AZURE_18 | resource | azurerm_linux_web_app | Ensure that 'HTTP Version' is the latest if used to run the web app | Terraform | [AppServiceHttps20Enabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHttps20Enabled.py) | | 5568 | CKV_AZURE_18 | resource | azurerm_windows_web_app | Ensure that 'HTTP Version' is the latest if used to run the web app | Terraform | [AppServiceHttps20Enabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHttps20Enabled.py) | | 5569 | CKV_AZURE_19 | resource | Microsoft.Security/pricings | Ensure that standard pricing tier is selected | arm | [SecurityCenterStandardPricing.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterStandardPricing.py) | | 5570 | CKV_AZURE_19 | resource | Microsoft.Security/pricings | Ensure that standard pricing tier is selected | Bicep | [SecurityCenterStandardPricing.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterStandardPricing.py) | | 5571 | CKV_AZURE_19 | resource | azurerm_security_center_subscription_pricing | Ensure that standard pricing tier is selected | Terraform | [SecurityCenterStandardPricing.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecurityCenterStandardPricing.py) | | 5572 | CKV_AZURE_20 | resource | Microsoft.Security/securityContacts | Ensure that security contact 'Phone number' is set | arm | [SecurityCenterContactPhone.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterContactPhone.py) | | 5573 | CKV_AZURE_20 | resource | Microsoft.Security/securityContacts | Ensure that security contact 'Phone number' is set | Bicep | [SecurityCenterContactPhone.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterContactPhone.py) | | 5574 | CKV_AZURE_20 | resource | azurerm_security_center_contact | Ensure that security contact 'Phone number' is set | Terraform | [SecurityCenterContactPhone.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecurityCenterContactPhone.py) | | 5575 | CKV_AZURE_21 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | arm | [SecurityCenterContactEmailAlert.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterContactEmailAlert.py) | | 5576 | CKV_AZURE_21 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Bicep | [SecurityCenterContactEmailAlert.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterContactEmailAlert.py) | | 5577 | CKV_AZURE_21 | resource | azurerm_security_center_contact | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Terraform | [SecurityCenterContactEmailAlert.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecurityCenterContactEmailAlert.py) | | 5578 | CKV_AZURE_22 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | arm | [SecurityCenterContactEmailAlertAdmins.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterContactEmailAlertAdmins.py) | | 5579 | CKV_AZURE_22 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Bicep | [SecurityCenterContactEmailAlertAdmins.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecurityCenterContactEmailAlertAdmins.py) | | 5580 | CKV_AZURE_22 | resource | azurerm_security_center_contact | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Terraform | [SecurityCenterContactEmailAlertAdmins.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecurityCenterContactEmailAlertAdmins.py) | | 5581 | CKV_AZURE_23 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' is set to 'Enabled' for SQL servers | arm | [SQLServerAuditingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerAuditingEnabled.py) | | 5582 | CKV_AZURE_23 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' is set to 'On' for SQL servers | Bicep | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerAuditingEnabled.yaml) | | 5583 | CKV_AZURE_23 | resource | Microsoft.Sql/servers/auditingSettings | Ensure that 'Auditing' is set to 'On' for SQL servers | Bicep | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerAuditingEnabled.yaml) | | 5584 | CKV_AZURE_23 | resource | Microsoft.Sql/servers/databases | Ensure that 'Auditing' is set to 'Enabled' for SQL servers | arm | [SQLServerAuditingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerAuditingEnabled.py) | | 5585 | CKV_AZURE_23 | resource | Microsoft.Sql/servers/databases | Ensure that 'Auditing' is set to 'On' for SQL servers | Bicep | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerAuditingEnabled.yaml) | | 5586 | CKV_AZURE_23 | resource | Microsoft.Sql/servers/databases/auditingSettings | Ensure that 'Auditing' is set to 'On' for SQL servers | Bicep | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerAuditingEnabled.yaml) | | 5587 | CKV_AZURE_23 | resource | azurerm_mssql_server | Ensure that 'Auditing' is set to 'On' for SQL servers | Terraform | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SQLServerAuditingEnabled.yaml) | | 5588 | CKV_AZURE_23 | resource | azurerm_mssql_server_extended_auditing_policy | Ensure that 'Auditing' is set to 'On' for SQL servers | Terraform | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SQLServerAuditingEnabled.yaml) | | 5589 | CKV_AZURE_23 | resource | azurerm_sql_server | Ensure that 'Auditing' is set to 'On' for SQL servers | Terraform | [SQLServerAuditingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SQLServerAuditingEnabled.yaml) | | 5590 | CKV_AZURE_24 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | arm | [SQLServerAuditingRetention90Days.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerAuditingRetention90Days.py) | | 5591 | CKV_AZURE_24 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Bicep | [SQLServerAuditingRetention90Days.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerAuditingRetention90Days.yaml) | | 5592 | CKV_AZURE_24 | resource | Microsoft.Sql/servers/auditingSettings | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Bicep | [SQLServerAuditingRetention90Days.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerAuditingRetention90Days.yaml) | | 5593 | CKV_AZURE_24 | resource | azurerm_mssql_server | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Terraform | [SQLServerAuditingRetention90Days.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SQLServerAuditingRetention90Days.yaml) | | 5594 | CKV_AZURE_24 | resource | azurerm_mssql_server_extended_auditing_policy | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Terraform | [SQLServerAuditingRetention90Days.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SQLServerAuditingRetention90Days.yaml) | | 5595 | CKV_AZURE_24 | resource | azurerm_sql_server | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Terraform | [SQLServerAuditingRetention90Days.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SQLServerAuditingRetention90Days.yaml) | | 5596 | CKV_AZURE_25 | resource | Microsoft.Sql/servers | Azure SQL Server threat detection alerts are enabled for all threat types | Bicep | [SQLServerThreatDetectionTypes.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerThreatDetectionTypes.yaml) | | 5597 | CKV_AZURE_25 | resource | Microsoft.Sql/servers/databases | Ensure that 'Threat Detection types' is set to 'All' | arm | [SQLServerThreatDetectionTypes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerThreatDetectionTypes.py) | | 5598 | CKV_AZURE_25 | resource | Microsoft.Sql/servers/databases | Azure SQL Server threat detection alerts are enabled for all threat types | Bicep | [SQLServerThreatDetectionTypes.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerThreatDetectionTypes.yaml) | | 5599 | CKV_AZURE_25 | resource | Microsoft.Sql/servers/databases/securityAlertPolicies | Azure SQL Server threat detection alerts are enabled for all threat types | Bicep | [SQLServerThreatDetectionTypes.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerThreatDetectionTypes.yaml) | | 5600 | CKV_AZURE_25 | resource | Microsoft.Sql/servers/securityAlertPolicies | Azure SQL Server threat detection alerts are enabled for all threat types | Bicep | [SQLServerThreatDetectionTypes.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/graph_checks/SQLServerThreatDetectionTypes.yaml) | | 5601 | CKV_AZURE_25 | resource | azurerm_mssql_server_security_alert_policy | Ensure that 'Threat Detection types' is set to 'All' | Terraform | [SQLServerThreatDetectionTypes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerThreatDetectionTypes.py) | | 5602 | CKV_AZURE_26 | resource | Microsoft.Sql/servers/databases | Ensure that 'Send Alerts To' is enabled for MSSQL servers | arm | [SQLServerEmailAlertsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerEmailAlertsEnabled.py) | | 5603 | CKV_AZURE_26 | resource | Microsoft.Sql/servers/databases | Ensure that 'Send Alerts To' is enabled for MSSQL servers | Bicep | [SQLServerEmailAlertsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerEmailAlertsEnabled.py) | | 5604 | CKV_AZURE_26 | resource | azurerm_mssql_server_security_alert_policy | Ensure that 'Send Alerts To' is enabled for MSSQL servers | Terraform | [SQLServerEmailAlertsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerEmailAlertsEnabled.py) | | 5605 | CKV_AZURE_27 | resource | Microsoft.Sql/servers/databases | Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers | arm | [SQLServerEmailAlertsToAdminsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerEmailAlertsToAdminsEnabled.py) | | 5606 | CKV_AZURE_27 | resource | Microsoft.Sql/servers/databases | Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers | Bicep | [SQLServerEmailAlertsToAdminsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerEmailAlertsToAdminsEnabled.py) | | 5607 | CKV_AZURE_27 | resource | azurerm_mssql_server_security_alert_policy | Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers | Terraform | [SQLServerEmailAlertsToAdminsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerEmailAlertsToAdminsEnabled.py) | | 5608 | CKV_AZURE_28 | resource | Microsoft.DBforMySQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server | arm | [MySQLServerSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLServerSSLEnforcementEnabled.py) | | 5609 | CKV_AZURE_28 | resource | Microsoft.DBforMySQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server | Bicep | [MySQLServerSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLServerSSLEnforcementEnabled.py) | | 5610 | CKV_AZURE_28 | resource | azurerm_mysql_server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server | Terraform | [MySQLServerSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLServerSSLEnforcementEnabled.py) | | 5611 | CKV_AZURE_29 | resource | Microsoft.DBforPostgreSQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | arm | [PostgreSQLServerSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerSSLEnforcementEnabled.py) | | 5612 | CKV_AZURE_29 | resource | Microsoft.DBforPostgreSQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Bicep | [PostgreSQLServerSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerSSLEnforcementEnabled.py) | | 5613 | CKV_AZURE_29 | resource | azurerm_postgresql_server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Terraform | [PostgreSQLServerSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLServerSSLEnforcementEnabled.py) | | 5614 | CKV_AZURE_30 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | arm | [PostgreSQLServerLogCheckpointsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogCheckpointsEnabled.py) | | 5615 | CKV_AZURE_30 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Bicep | [PostgreSQLServerLogCheckpointsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogCheckpointsEnabled.py) | | 5616 | CKV_AZURE_30 | resource | azurerm_postgresql_configuration | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Terraform | [PostgreSQLServerLogCheckpointsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLServerLogCheckpointsEnabled.py) | | 5617 | CKV_AZURE_30 | resource | configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | arm | [PostgreSQLServerLogCheckpointsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogCheckpointsEnabled.py) | | 5618 | CKV_AZURE_30 | resource | configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Bicep | [PostgreSQLServerLogCheckpointsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogCheckpointsEnabled.py) | | 5619 | CKV_AZURE_31 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | arm | [PostgreSQLServerLogConnectionsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogConnectionsEnabled.py) | | 5620 | CKV_AZURE_31 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | Bicep | [PostgreSQLServerLogConnectionsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogConnectionsEnabled.py) | | 5621 | CKV_AZURE_31 | resource | azurerm_postgresql_configuration | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Terraform | [PostgreSQLServerLogConnectionsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLServerLogConnectionsEnabled.py) | | 5622 | CKV_AZURE_31 | resource | configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | arm | [PostgreSQLServerLogConnectionsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogConnectionsEnabled.py) | | 5623 | CKV_AZURE_31 | resource | configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | Bicep | [PostgreSQLServerLogConnectionsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerLogConnectionsEnabled.py) | | 5624 | CKV_AZURE_32 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | arm | [PostgreSQLServerConnectionThrottlingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerConnectionThrottlingEnabled.py) | | 5625 | CKV_AZURE_32 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Bicep | [PostgreSQLServerConnectionThrottlingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerConnectionThrottlingEnabled.py) | | 5626 | CKV_AZURE_32 | resource | azurerm_postgresql_configuration | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Terraform | [PostgreSQLServerConnectionThrottlingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLServerConnectionThrottlingEnabled.py) | | 5627 | CKV_AZURE_32 | resource | configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | arm | [PostgreSQLServerConnectionThrottlingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerConnectionThrottlingEnabled.py) | | 5628 | CKV_AZURE_32 | resource | configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Bicep | [PostgreSQLServerConnectionThrottlingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerConnectionThrottlingEnabled.py) | | 5629 | CKV_AZURE_33 | resource | Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings | Ensure Storage logging is enabled for Queue service for read, write and delete requests | arm | [StorageAccountLoggingQueueServiceEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountLoggingQueueServiceEnabled.py) | | 5630 | CKV_AZURE_33 | resource | Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings | Ensure Storage logging is enabled for Queue service for read, write and delete requests | Bicep | [StorageAccountLoggingQueueServiceEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountLoggingQueueServiceEnabled.py) | | 5631 | CKV_AZURE_33 | resource | azurerm_storage_account | Ensure Storage logging is enabled for Queue service for read, write and delete requests | Terraform | [StorageAccountLoggingQueueServiceEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountLoggingQueueServiceEnabled.py) | | 5632 | CKV_AZURE_34 | resource | Microsoft.Storage/storageAccounts/blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | arm | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageBlobServiceContainerPrivateAccess.py) | | 5633 | CKV_AZURE_34 | resource | Microsoft.Storage/storageAccounts/blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | Bicep | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageBlobServiceContainerPrivateAccess.py) | | 5634 | CKV_AZURE_34 | resource | azurerm_storage_container | Ensure that 'Public access level' is set to Private for blob containers | Terraform | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageBlobServiceContainerPrivateAccess.py) | | 5635 | CKV_AZURE_34 | resource | blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | arm | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageBlobServiceContainerPrivateAccess.py) | | 5636 | CKV_AZURE_34 | resource | blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | Bicep | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageBlobServiceContainerPrivateAccess.py) | | 5637 | CKV_AZURE_34 | resource | containers | Ensure that 'Public access level' is set to Private for blob containers | arm | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageBlobServiceContainerPrivateAccess.py) | | 5638 | CKV_AZURE_34 | resource | containers | Ensure that 'Public access level' is set to Private for blob containers | Bicep | [StorageBlobServiceContainerPrivateAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageBlobServiceContainerPrivateAccess.py) | | 5639 | CKV_AZURE_35 | resource | Microsoft.Storage/storageAccounts | Ensure default network access rule for Storage Accounts is set to deny | arm | [StorageAccountDefaultNetworkAccessDeny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountDefaultNetworkAccessDeny.py) | | 5640 | CKV_AZURE_35 | resource | Microsoft.Storage/storageAccounts | Ensure default network access rule for Storage Accounts is set to deny | Bicep | [StorageAccountDefaultNetworkAccessDeny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/resource/azure/StorageAccountDefaultNetworkAccessDeny.py) | | 5641 | CKV_AZURE_35 | resource | azurerm_storage_account | Ensure default network access rule for Storage Accounts is set to deny | Terraform | [StorageAccountDefaultNetworkAccessDeny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountDefaultNetworkAccessDeny.py) | | 5642 | CKV_AZURE_35 | resource | azurerm_storage_account_network_rules | Ensure default network access rule for Storage Accounts is set to deny | Terraform | [StorageAccountDefaultNetworkAccessDeny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountDefaultNetworkAccessDeny.py) | | 5643 | CKV_AZURE_36 | resource | Microsoft.Storage/storageAccounts | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | arm | [StorageAccountAzureServicesAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountAzureServicesAccessEnabled.py) | | 5644 | CKV_AZURE_36 | resource | Microsoft.Storage/storageAccounts | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | Bicep | [StorageAccountAzureServicesAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/resource/azure/StorageAccountAzureServicesAccessEnabled.py) | | 5645 | CKV_AZURE_36 | resource | azurerm_storage_account | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | Terraform | [StorageAccountAzureServicesAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountAzureServicesAccessEnabled.py) | | 5646 | CKV_AZURE_36 | resource | azurerm_storage_account_network_rules | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | Terraform | [StorageAccountAzureServicesAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountAzureServicesAccessEnabled.py) | | 5647 | CKV_AZURE_37 | resource | Microsoft.Insights/logprofiles | Ensure that Activity Log Retention is set 365 days or greater | arm | [MonitorLogProfileRetentionDays.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MonitorLogProfileRetentionDays.py) | | 5648 | CKV_AZURE_37 | resource | Microsoft.Insights/logprofiles | Ensure that Activity Log Retention is set 365 days or greater | Bicep | [MonitorLogProfileRetentionDays.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MonitorLogProfileRetentionDays.py) | | 5649 | CKV_AZURE_37 | resource | azurerm_monitor_log_profile | Ensure that Activity Log Retention is set 365 days or greater | Terraform | [MonitorLogProfileRetentionDays.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MonitorLogProfileRetentionDays.py) | | 5650 | CKV_AZURE_38 | resource | Microsoft.Insights/logprofiles | Ensure audit profile captures all the activities | arm | [MonitorLogProfileCategories.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MonitorLogProfileCategories.py) | | 5651 | CKV_AZURE_38 | resource | Microsoft.Insights/logprofiles | Ensure audit profile captures all the activities | Bicep | [MonitorLogProfileCategories.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MonitorLogProfileCategories.py) | | 5652 | CKV_AZURE_38 | resource | azurerm_monitor_log_profile | Ensure audit profile captures all the activities | Terraform | [MonitorLogProfileCategories.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MonitorLogProfileCategories.py) | | 5653 | CKV_AZURE_39 | resource | Microsoft.Authorization/roleDefinitions | Ensure that no custom subscription owner roles are created | arm | [CustomRoleDefinitionSubscriptionOwner.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CustomRoleDefinitionSubscriptionOwner.py) | | 5654 | CKV_AZURE_39 | resource | Microsoft.Authorization/roleDefinitions | Ensure that no custom subscription owner roles are created | Bicep | [CustomRoleDefinitionSubscriptionOwner.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CustomRoleDefinitionSubscriptionOwner.py) | | 5655 | CKV_AZURE_39 | resource | azurerm_role_definition | Ensure that no custom subscription owner roles are created | Terraform | [CutsomRoleDefinitionSubscriptionOwner.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CutsomRoleDefinitionSubscriptionOwner.py) | | 5656 | CKV_AZURE_40 | resource | Microsoft.KeyVault/vaults/keys | Ensure that the expiration date is set on all keys | arm | [KeyExpirationDate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyExpirationDate.py) | | 5657 | CKV_AZURE_40 | resource | Microsoft.KeyVault/vaults/keys | Ensure that the expiration date is set on all keys | Bicep | [KeyExpirationDate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyExpirationDate.py) | | 5658 | CKV_AZURE_40 | resource | azurerm_key_vault_key | Ensure that the expiration date is set on all keys | Terraform | [KeyExpirationDate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyExpirationDate.py) | | 5659 | CKV_AZURE_41 | resource | Microsoft.KeyVault/vaults/secrets | Ensure that the expiration date is set on all secrets | arm | [SecretExpirationDate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecretExpirationDate.py) | | 5660 | CKV_AZURE_41 | resource | Microsoft.KeyVault/vaults/secrets | Ensure that the expiration date is set on all secrets | Bicep | [SecretExpirationDate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecretExpirationDate.py) | | 5661 | CKV_AZURE_41 | resource | azurerm_key_vault_secret | Ensure that the expiration date is set on all secrets | Terraform | [SecretExpirationDate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecretExpirationDate.py) | | 5662 | CKV_AZURE_42 | resource | Microsoft.KeyVault/vaults | Ensure the key vault is recoverable | arm | [KeyvaultRecoveryEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyvaultRecoveryEnabled.py) | | 5663 | CKV_AZURE_42 | resource | Microsoft.KeyVault/vaults | Ensure the key vault is recoverable | Bicep | [KeyvaultRecoveryEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyvaultRecoveryEnabled.py) | | 5664 | CKV_AZURE_42 | resource | azurerm_key_vault | Ensure the key vault is recoverable | Terraform | [KeyvaultRecoveryEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyvaultRecoveryEnabled.py) | | 5665 | CKV_AZURE_43 | resource | Microsoft.Storage/storageAccounts | Ensure Storage Accounts adhere to the naming rules | arm | [StorageAccountName.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountName.py) | | 5666 | CKV_AZURE_43 | resource | Microsoft.Storage/storageAccounts | Ensure Storage Accounts adhere to the naming rules | Bicep | [StorageAccountName.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountName.py) | | 5667 | CKV_AZURE_43 | resource | azurerm_storage_account | Ensure Storage Accounts adhere to the naming rules | Terraform | [StorageAccountName.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountName.py) | | 5668 | CKV_AZURE_44 | resource | Microsoft.Storage/storageAccounts | Ensure Storage Account is using the latest version of TLS encryption | arm | [StorageAccountMinimumTlsVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountMinimumTlsVersion.py) | | 5669 | CKV_AZURE_44 | resource | Microsoft.Storage/storageAccounts | Ensure Storage Account is using the latest version of TLS encryption | Bicep | [StorageAccountMinimumTlsVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountMinimumTlsVersion.py) | | 5670 | CKV_AZURE_44 | resource | azurerm_storage_account | Ensure Storage Account is using the latest version of TLS encryption | Terraform | [StorageAccountMinimumTlsVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountMinimumTlsVersion.py) | | 5671 | CKV_AZURE_45 | resource | Microsoft.Compute/virtualMachines | Ensure that no sensitive credentials are exposed in VM custom_data | arm | [VMCredsInCustomData.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMCredsInCustomData.py) | | 5672 | CKV_AZURE_45 | resource | Microsoft.Compute/virtualMachines | Ensure that no sensitive credentials are exposed in VM custom_data | Bicep | [VMCredsInCustomData.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMCredsInCustomData.py) | | 5673 | CKV_AZURE_45 | resource | azurerm_virtual_machine | Ensure that no sensitive credentials are exposed in VM custom_data | Terraform | [VMCredsInCustomData.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMCredsInCustomData.py) | | 5674 | CKV_AZURE_47 | resource | Microsoft.DBforMariaDB/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MariaDB servers | arm | [MariaDBSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MariaDBSSLEnforcementEnabled.py) | | 5675 | CKV_AZURE_47 | resource | Microsoft.DBforMariaDB/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MariaDB servers | Bicep | [MariaDBSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MariaDBSSLEnforcementEnabled.py) | | 5676 | CKV_AZURE_47 | resource | azurerm_mariadb_server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MariaDB servers | Terraform | [MariaDBSSLEnforcementEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MariaDBSSLEnforcementEnabled.py) | | 5677 | CKV_AZURE_48 | resource | Microsoft.DBforMariaDB/servers | Ensure 'public network access enabled' is set to 'False' for MariaDB servers | arm | [MariaDBPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MariaDBPublicAccessDisabled.py) | | 5678 | CKV_AZURE_48 | resource | Microsoft.DBforMariaDB/servers | Ensure 'public network access enabled' is set to 'False' for MariaDB servers | Bicep | [MariaDBPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MariaDBPublicAccessDisabled.py) | | 5679 | CKV_AZURE_48 | resource | azurerm_mariadb_server | Ensure 'public network access enabled' is set to 'False' for MariaDB servers | Terraform | [MariaDBPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MariaDBPublicAccessDisabled.py) | | 5680 | CKV_AZURE_49 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) | arm | [AzureScaleSetPassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureScaleSetPassword.py) | | 5681 | CKV_AZURE_49 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) | Bicep | [AzureScaleSetPassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureScaleSetPassword.py) | | 5682 | CKV_AZURE_49 | resource | azurerm_linux_virtual_machine_scale_set | Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) | Terraform | [AzureScaleSetPassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureScaleSetPassword.py) | | 5683 | CKV_AZURE_50 | resource | Microsoft.Compute/virtualMachines | Ensure Virtual Machine Extensions are not Installed | arm | [AzureInstanceExtensions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureInstanceExtensions.py) | | 5684 | CKV_AZURE_50 | resource | Microsoft.Compute/virtualMachines | Ensure Virtual Machine Extensions are not Installed | Bicep | [AzureInstanceExtensions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureInstanceExtensions.py) | | 5685 | CKV_AZURE_50 | resource | azurerm_linux_virtual_machine | Ensure Virtual Machine Extensions are not Installed | Terraform | [AzureInstanceExtensions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureInstanceExtensions.py) | | 5686 | CKV_AZURE_50 | resource | azurerm_windows_virtual_machine | Ensure Virtual Machine Extensions are not Installed | Terraform | [AzureInstanceExtensions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureInstanceExtensions.py) | | 5687 | CKV_AZURE_52 | resource | Microsoft.Sql/servers | Ensure MSSQL is using the latest version of TLS encryption | arm | [MSSQLServerMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MSSQLServerMinTLSVersion.py) | | 5688 | CKV_AZURE_52 | resource | Microsoft.Sql/servers | Ensure MSSQL is using the latest version of TLS encryption | Bicep | [MSSQLServerMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MSSQLServerMinTLSVersion.py) | | 5689 | CKV_AZURE_52 | resource | azurerm_mssql_server | Ensure MSSQL is using the latest version of TLS encryption | Terraform | [MSSQLServerMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MSSQLServerMinTLSVersion.py) | | 5690 | CKV_AZURE_53 | resource | Microsoft.DBforMySQL/flexibleServers | Ensure 'public network access enabled' is set to 'False' for mySQL servers | arm | [MySQLPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLPublicAccessDisabled.py) | | 5691 | CKV_AZURE_53 | resource | Microsoft.DBforMySQL/flexibleServers | Ensure 'public network access enabled' is set to 'False' for mySQL servers | Bicep | [MySQLPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLPublicAccessDisabled.py) | | 5692 | CKV_AZURE_53 | resource | Microsoft.DBforMySQL/servers | Ensure 'public network access enabled' is set to 'False' for mySQL servers | arm | [MySQLPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLPublicAccessDisabled.py) | | 5693 | CKV_AZURE_53 | resource | Microsoft.DBforMySQL/servers | Ensure 'public network access enabled' is set to 'False' for mySQL servers | Bicep | [MySQLPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLPublicAccessDisabled.py) | | 5694 | CKV_AZURE_53 | resource | azurerm_mysql_server | Ensure 'public network access enabled' is set to 'False' for mySQL servers | Terraform | [MySQLPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLPublicAccessDisabled.py) | | 5695 | CKV_AZURE_54 | resource | Microsoft.DBforMySQL/servers | Ensure MySQL is using the latest version of TLS encryption | arm | [MySQLServerMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLServerMinTLSVersion.py) | | 5696 | CKV_AZURE_54 | resource | Microsoft.DBforMySQL/servers | Ensure MySQL is using the latest version of TLS encryption | Bicep | [MySQLServerMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLServerMinTLSVersion.py) | | 5697 | CKV_AZURE_54 | resource | azurerm_mysql_server | Ensure MySQL is using the latest version of TLS encryption | Terraform | [MySQLServerMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLServerMinTLSVersion.py) | | 5698 | CKV_AZURE_55 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Servers | Terraform | [AzureDefenderOnServers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnServers.py) | | 5699 | CKV_AZURE_56 | resource | Microsoft.Web/sites/config | Ensure that function apps enables Authentication | arm | [FunctionAppsEnableAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsEnableAuthentication.py) | | 5700 | CKV_AZURE_56 | resource | Microsoft.Web/sites/config | Ensure that function apps enables Authentication | Bicep | [FunctionAppsEnableAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsEnableAuthentication.py) | | 5701 | CKV_AZURE_56 | resource | azurerm_function_app | Ensure that function apps enables Authentication | Terraform | [FunctionAppsEnableAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsEnableAuthentication.py) | | 5702 | CKV_AZURE_57 | resource | Microsoft.Web/sites | Ensure that CORS disallows every resource to access app services | arm | [AppServiceDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceDisallowCORS.py) | | 5703 | CKV_AZURE_57 | resource | Microsoft.Web/sites | Ensure that CORS disallows every resource to access app services | Bicep | [AppServiceDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceDisallowCORS.py) | | 5704 | CKV_AZURE_57 | resource | azurerm_app_service | Ensure that CORS disallows every resource to access app services | Terraform | [AppServiceDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDisallowCORS.py) | | 5705 | CKV_AZURE_57 | resource | azurerm_linux_web_app | Ensure that CORS disallows every resource to access app services | Terraform | [AppServiceDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDisallowCORS.py) | | 5706 | CKV_AZURE_57 | resource | azurerm_windows_web_app | Ensure that CORS disallows every resource to access app services | Terraform | [AppServiceDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDisallowCORS.py) | | 5707 | CKV_AZURE_58 | resource | Microsoft.Synapse/workspaces | Ensure that Azure Synapse workspaces enables managed virtual networks | arm | [SynapseWorkspaceEnablesManagedVirtualNetworks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceEnablesManagedVirtualNetworks.py) | | 5708 | CKV_AZURE_58 | resource | Microsoft.Synapse/workspaces | Ensure that Azure Synapse workspaces enables managed virtual networks | Bicep | [SynapseWorkspaceEnablesManagedVirtualNetworks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceEnablesManagedVirtualNetworks.py) | | 5709 | CKV_AZURE_58 | resource | azurerm_synapse_workspace | Ensure that Azure Synapse workspaces enables managed virtual networks | Terraform | [SynapseWorkspaceEnablesManagedVirtualNetworks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SynapseWorkspaceEnablesManagedVirtualNetworks.py) | | 5710 | CKV_AZURE_59 | resource | Microsoft.Storage/storageAccounts | Ensure that Storage accounts disallow public access | arm | [StorageAccountDisablePublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountDisablePublicAccess.py) | | 5711 | CKV_AZURE_59 | resource | Microsoft.Storage/storageAccounts | Ensure that Storage accounts disallow public access | Bicep | [StorageAccountDisablePublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountDisablePublicAccess.py) | | 5712 | CKV_AZURE_59 | resource | azurerm_storage_account | Ensure that Storage accounts disallow public access | Terraform | [StorageAccountDisablePublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountDisablePublicAccess.py) | | 5713 | CKV_AZURE_61 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for App Service | Terraform | [AzureDefenderOnAppServices.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnAppServices.py) | | 5714 | CKV_AZURE_62 | resource | Microsoft.Web/sites | Ensure function apps are not accessible from all regions | arm | [FunctionAppDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppDisallowCORS.py) | | 5715 | CKV_AZURE_62 | resource | Microsoft.Web/sites | Ensure function apps are not accessible from all regions | Bicep | [FunctionAppDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppDisallowCORS.py) | | 5716 | CKV_AZURE_62 | resource | azurerm_function_app | Ensure function apps are not accessible from all regions | Terraform | [FunctionAppDisallowCORS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppDisallowCORS.py) | | 5717 | CKV_AZURE_63 | resource | Microsoft.Web/sites/config | Ensure that App service enables HTTP logging | arm | [AppServiceHttpLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceHttpLoggingEnabled.py) | | 5718 | CKV_AZURE_63 | resource | Microsoft.Web/sites/config | Ensure that App service enables HTTP logging | Bicep | [AppServiceHttpLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceHttpLoggingEnabled.py) | | 5719 | CKV_AZURE_63 | resource | azurerm_app_service | Ensure that App service enables HTTP logging | Terraform | [AppServiceHttpLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHttpLoggingEnabled.py) | | 5720 | CKV_AZURE_63 | resource | azurerm_linux_web_app | Ensure that App service enables HTTP logging | Terraform | [AppServiceHttpLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHttpLoggingEnabled.py) | | 5721 | CKV_AZURE_63 | resource | azurerm_windows_web_app | Ensure that App service enables HTTP logging | Terraform | [AppServiceHttpLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceHttpLoggingEnabled.py) | | 5722 | CKV_AZURE_64 | resource | Microsoft.StorageSync/storageSyncServices | Ensure that Azure File Sync disables public network access | arm | [StorageSyncPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageSyncPublicAccessDisabled.py) | | 5723 | CKV_AZURE_64 | resource | Microsoft.StorageSync/storageSyncServices | Ensure that Azure File Sync disables public network access | Bicep | [StorageSyncPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageSyncPublicAccessDisabled.py) | | 5724 | CKV_AZURE_64 | resource | azurerm_storage_sync | Ensure that Azure File Sync disables public network access | Terraform | [StorageSyncPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageSyncPublicAccessDisabled.py) | | 5725 | CKV_AZURE_65 | resource | Microsoft.Web/sites/config | Ensure that App service enables detailed error messages | arm | [AppServiceDetailedErrorMessagesEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceDetailedErrorMessagesEnabled.py) | | 5726 | CKV_AZURE_65 | resource | Microsoft.Web/sites/config | Ensure that App service enables detailed error messages | Bicep | [AppServiceDetailedErrorMessagesEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceDetailedErrorMessagesEnabled.py) | | 5727 | CKV_AZURE_65 | resource | azurerm_app_service | Ensure that App service enables detailed error messages | Terraform | [AppServiceDetailedErrorMessagesEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDetailedErrorMessagesEnabled.py) | | 5728 | CKV_AZURE_65 | resource | azurerm_linux_web_app | Ensure that App service enables detailed error messages | Terraform | [AppServiceDetailedErrorMessagesEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDetailedErrorMessagesEnabled.py) | | 5729 | CKV_AZURE_65 | resource | azurerm_windows_web_app | Ensure that App service enables detailed error messages | Terraform | [AppServiceDetailedErrorMessagesEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDetailedErrorMessagesEnabled.py) | | 5730 | CKV_AZURE_66 | resource | Microsoft.Web/sites/config | Ensure that App service enables failed request tracing | arm | [AppServiceEnableFailedRequest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceEnableFailedRequest.py) | | 5731 | CKV_AZURE_66 | resource | Microsoft.Web/sites/config | Ensure that App service enables failed request tracing | Bicep | [AppServiceEnableFailedRequest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceEnableFailedRequest.py) | | 5732 | CKV_AZURE_66 | resource | azurerm_app_service | Ensure that App service enables failed request tracing | Terraform | [AppServiceEnableFailedRequest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceEnableFailedRequest.py) | | 5733 | CKV_AZURE_66 | resource | azurerm_linux_web_app | Ensure that App service enables failed request tracing | Terraform | [AppServiceEnableFailedRequest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceEnableFailedRequest.py) | | 5734 | CKV_AZURE_66 | resource | azurerm_windows_web_app | Ensure that App service enables failed request tracing | Terraform | [AppServiceEnableFailedRequest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceEnableFailedRequest.py) | | 5735 | CKV_AZURE_67 | resource | Microsoft.Web/sites | Ensure that 'HTTP Version' is the latest, if used to run the Function app | arm | [FunctionAppHttpVersionLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppHttpVersionLatest.py) | | 5736 | CKV_AZURE_67 | resource | Microsoft.Web/sites | Ensure that 'HTTP Version' is the latest, if used to run the Function app | Bicep | [FunctionAppHttpVersionLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppHttpVersionLatest.py) | | 5737 | CKV_AZURE_67 | resource | Microsoft.Web/sites/slots | Ensure that 'HTTP Version' is the latest, if used to run the Function app | arm | [FunctionAppHttpVersionLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppHttpVersionLatest.py) | | 5738 | CKV_AZURE_67 | resource | Microsoft.Web/sites/slots | Ensure that 'HTTP Version' is the latest, if used to run the Function app | Bicep | [FunctionAppHttpVersionLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppHttpVersionLatest.py) | | 5739 | CKV_AZURE_67 | resource | azurerm_function_app | Ensure that 'HTTP Version' is the latest, if used to run the Function app | Terraform | [FunctionAppHttpVersionLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppHttpVersionLatest.py) | | 5740 | CKV_AZURE_67 | resource | azurerm_function_app_slot | Ensure that 'HTTP Version' is the latest, if used to run the Function app | Terraform | [FunctionAppHttpVersionLatest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppHttpVersionLatest.py) | | 5741 | CKV_AZURE_68 | resource | Microsoft.DBforPostgreSQL/servers | Ensure that PostgreSQL server disables public network access | arm | [PostgreSQLServerPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerPublicAccessDisabled.py) | | 5742 | CKV_AZURE_68 | resource | Microsoft.DBforPostgreSQL/servers | Ensure that PostgreSQL server disables public network access | Bicep | [PostgreSQLServerPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLServerPublicAccessDisabled.py) | | 5743 | CKV_AZURE_68 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server disables public network access | Terraform | [PostgreSQLServerPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLServerPublicAccessDisabled.py) | | 5744 | CKV_AZURE_69 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Azure SQL database servers | Terraform | [AzureDefenderOnSqlServers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnSqlServers.py) | | 5745 | CKV_AZURE_70 | resource | Microsoft.Web/sites | Ensure that Function apps is only accessible over HTTPS | arm | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsAccessibleOverHttps.py) | | 5746 | CKV_AZURE_70 | resource | Microsoft.Web/sites | Ensure that Function apps is only accessible over HTTPS | Bicep | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsAccessibleOverHttps.py) | | 5747 | CKV_AZURE_70 | resource | Microsoft.Web/sites/config | Ensure that Function apps is only accessible over HTTPS | arm | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsAccessibleOverHttps.py) | | 5748 | CKV_AZURE_70 | resource | Microsoft.Web/sites/config | Ensure that Function apps is only accessible over HTTPS | Bicep | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsAccessibleOverHttps.py) | | 5749 | CKV_AZURE_70 | resource | Microsoft.Web/sites/slots | Ensure that Function apps is only accessible over HTTPS | arm | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsAccessibleOverHttps.py) | | 5750 | CKV_AZURE_70 | resource | Microsoft.Web/sites/slots | Ensure that Function apps is only accessible over HTTPS | Bicep | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppsAccessibleOverHttps.py) | | 5751 | CKV_AZURE_70 | resource | azurerm_function_app | Ensure that Function apps is only accessible over HTTPS | Terraform | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py) | | 5752 | CKV_AZURE_70 | resource | azurerm_function_app_slot | Ensure that Function apps is only accessible over HTTPS | Terraform | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py) | | 5753 | CKV_AZURE_70 | resource | azurerm_linux_function_app | Ensure that Function apps is only accessible over HTTPS | Terraform | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py) | | 5754 | CKV_AZURE_70 | resource | azurerm_linux_function_app_slot | Ensure that Function apps is only accessible over HTTPS | Terraform | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py) | | 5755 | CKV_AZURE_70 | resource | azurerm_windows_function_app | Ensure that Function apps is only accessible over HTTPS | Terraform | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py) | | 5756 | CKV_AZURE_70 | resource | azurerm_windows_function_app_slot | Ensure that Function apps is only accessible over HTTPS | Terraform | [FunctionAppsAccessibleOverHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py) | | 5757 | CKV_AZURE_71 | resource | Microsoft.Web/sites | Ensure that Managed identity provider is enabled for web apps | arm | [AppServiceIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceIdentityProviderEnabled.py) | | 5758 | CKV_AZURE_71 | resource | Microsoft.Web/sites | Ensure that Managed identity provider is enabled for web apps | Bicep | [AppServiceIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceIdentityProviderEnabled.py) | | 5759 | CKV_AZURE_71 | resource | azurerm_app_service | Ensure that Managed identity provider is enabled for app services | Terraform | [AppServiceIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceIdentityProviderEnabled.py) | | 5760 | CKV_AZURE_71 | resource | azurerm_linux_web_app | Ensure that Managed identity provider is enabled for app services | Terraform | [AppServiceIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceIdentityProviderEnabled.py) | | 5761 | CKV_AZURE_71 | resource | azurerm_windows_web_app | Ensure that Managed identity provider is enabled for app services | Terraform | [AppServiceIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceIdentityProviderEnabled.py) | | 5762 | CKV_AZURE_72 | resource | Microsoft.Web/sites | Ensure that remote debugging is not enabled for app services | arm | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceRemoteDebuggingNotEnabled.py) | | 5763 | CKV_AZURE_72 | resource | Microsoft.Web/sites | Ensure that remote debugging is not enabled for app services | Bicep | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceRemoteDebuggingNotEnabled.py) | | 5764 | CKV_AZURE_72 | resource | azurerm_app_service | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5765 | CKV_AZURE_72 | resource | azurerm_linux_function_app | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5766 | CKV_AZURE_72 | resource | azurerm_linux_function_app_slot | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5767 | CKV_AZURE_72 | resource | azurerm_linux_web_app | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5768 | CKV_AZURE_72 | resource | azurerm_linux_web_app_slot | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5769 | CKV_AZURE_72 | resource | azurerm_windows_function_app | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5770 | CKV_AZURE_72 | resource | azurerm_windows_function_app_slot | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5771 | CKV_AZURE_72 | resource | azurerm_windows_web_app | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5772 | CKV_AZURE_72 | resource | azurerm_windows_web_app_slot | Ensure that remote debugging is not enabled for app services | Terraform | [AppServiceRemoteDebuggingNotEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceRemoteDebuggingNotEnabled.py) | | 5773 | CKV_AZURE_73 | resource | Microsoft.Automation/automationAccounts/variables | Ensure that Automation account variables are encrypted | arm | [AutomationEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AutomationEncrypted.py) | | 5774 | CKV_AZURE_73 | resource | Microsoft.Automation/automationAccounts/variables | Ensure that Automation account variables are encrypted | Bicep | [AutomationEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AutomationEncrypted.py) | | 5775 | CKV_AZURE_73 | resource | azurerm_automation_variable_bool | Ensure that Automation account variables are encrypted | Terraform | [AutomationEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AutomationEncrypted.py) | | 5776 | CKV_AZURE_73 | resource | azurerm_automation_variable_datetime | Ensure that Automation account variables are encrypted | Terraform | [AutomationEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AutomationEncrypted.py) | | 5777 | CKV_AZURE_73 | resource | azurerm_automation_variable_int | Ensure that Automation account variables are encrypted | Terraform | [AutomationEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AutomationEncrypted.py) | | 5778 | CKV_AZURE_73 | resource | azurerm_automation_variable_string | Ensure that Automation account variables are encrypted | Terraform | [AutomationEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AutomationEncrypted.py) | | 5779 | CKV_AZURE_74 | resource | Microsoft.Kusto/clusters | Ensure that Azure Data Explorer (Kusto) uses disk encryption | arm | [DataExplorerUsesDiskEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataExplorerUsesDiskEncryption.py) | | 5780 | CKV_AZURE_74 | resource | Microsoft.Kusto/clusters | Ensure that Azure Data Explorer (Kusto) uses disk encryption | Bicep | [DataExplorerUsesDiskEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataExplorerUsesDiskEncryption.py) | | 5781 | CKV_AZURE_74 | resource | azurerm_kusto_cluster | Ensure that Azure Data Explorer (Kusto) uses disk encryption | Terraform | [DataExplorerUsesDiskEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DataExplorerUsesDiskEncryption.py) | | 5782 | CKV_AZURE_75 | resource | Microsoft.Kusto/clusters | Ensure that Azure Data Explorer uses double encryption | arm | [AzureDataExplorerDoubleEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDataExplorerDoubleEncryptionEnabled.py) | | 5783 | CKV_AZURE_75 | resource | Microsoft.Kusto/clusters | Ensure that Azure Data Explorer uses double encryption | Bicep | [AzureDataExplorerDoubleEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDataExplorerDoubleEncryptionEnabled.py) | | 5784 | CKV_AZURE_75 | resource | azurerm_kusto_cluster | Ensure that Azure Data Explorer uses double encryption | Terraform | [AzureDataExplorerDoubleEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDataExplorerDoubleEncryptionEnabled.py) | | 5785 | CKV_AZURE_76 | resource | Microsoft.Batch/batchAccounts | Ensure that Azure Batch account uses key vault to encrypt data | arm | [AzureBatchAccountUsesKeyVaultEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureBatchAccountUsesKeyVaultEncryption.py) | | 5786 | CKV_AZURE_76 | resource | Microsoft.Batch/batchAccounts | Ensure that Azure Batch account uses key vault to encrypt data | Bicep | [AzureBatchAccountUsesKeyVaultEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureBatchAccountUsesKeyVaultEncryption.py) | | 5787 | CKV_AZURE_76 | resource | azurerm_batch_account | Ensure that Azure Batch account uses key vault to encrypt data | Terraform | [AzureBatchAccountUsesKeyVaultEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureBatchAccountUsesKeyVaultEncryption.py) | | 5788 | CKV_AZURE_77 | resource | azurerm_network_security_group | Ensure that UDP Services are restricted from the Internet | Terraform | [NSGRuleUDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleUDPAccessRestricted.py) | | 5789 | CKV_AZURE_77 | resource | azurerm_network_security_rule | Ensure that UDP Services are restricted from the Internet | Terraform | [NSGRuleUDPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleUDPAccessRestricted.py) | | 5790 | CKV_AZURE_78 | resource | Microsoft.Web/sites | Ensure FTP deployments are disabled | arm | [AppServiceFTPSState.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceFTPSState.py) | | 5791 | CKV_AZURE_78 | resource | Microsoft.Web/sites | Ensure FTP deployments are disabled | Bicep | [AppServiceFTPSState.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceFTPSState.py) | | 5792 | CKV_AZURE_78 | resource | azurerm_app_service | Ensure FTP deployments are disabled | Terraform | [AppServiceFTPSState.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceFTPSState.py) | | 5793 | CKV_AZURE_78 | resource | azurerm_linux_web_app | Ensure FTP deployments are disabled | Terraform | [AppServiceFTPSState.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceFTPSState.py) | | 5794 | CKV_AZURE_78 | resource | azurerm_windows_web_app | Ensure FTP deployments are disabled | Terraform | [AppServiceFTPSState.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceFTPSState.py) | | 5795 | CKV_AZURE_79 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for SQL servers on machines | arm | [AzureDefenderOnSqlServersVMS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnSqlServersVMS.py) | | 5796 | CKV_AZURE_79 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for SQL servers on machines | Bicep | [AzureDefenderOnSqlServersVMS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnSqlServersVMS.py) | | 5797 | CKV_AZURE_79 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for SQL servers on machines | Terraform | [AzureDefenderOnSqlServerVMS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnSqlServerVMS.py) | | 5798 | CKV_AZURE_80 | resource | Microsoft.Web/sites/config | Ensure that 'Net Framework' version is the latest, if used as a part of the web app | arm | [AppServiceDotnetFrameworkVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceDotnetFrameworkVersion.py) | | 5799 | CKV_AZURE_80 | resource | Microsoft.Web/sites/config | Ensure that 'Net Framework' version is the latest, if used as a part of the web app | Bicep | [AppServiceDotnetFrameworkVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceDotnetFrameworkVersion.py) | | 5800 | CKV_AZURE_80 | resource | azurerm_app_service | Ensure that 'Net Framework' version is the latest, if used as a part of the web app | Terraform | [AppServiceDotnetFrameworkVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDotnetFrameworkVersion.py) | | 5801 | CKV_AZURE_80 | resource | azurerm_windows_web_app | Ensure that 'Net Framework' version is the latest, if used as a part of the web app | Terraform | [AppServiceDotnetFrameworkVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceDotnetFrameworkVersion.py) | | 5802 | CKV_AZURE_81 | resource | Microsoft.Web/sites | Ensure that 'PHP version' is the latest, if used to run the web app | arm | [AppServicePHPVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePHPVersion.py) | | 5803 | CKV_AZURE_81 | resource | Microsoft.Web/sites | Ensure that 'PHP version' is the latest, if used to run the web app | Bicep | [AppServicePHPVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePHPVersion.py) | | 5804 | CKV_AZURE_81 | resource | azurerm_app_service | Ensure that 'PHP version' is the latest, if used to run the web app | Terraform | [AppServicePHPVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServicePHPVersion.py) | | 5805 | CKV_AZURE_82 | resource | Microsoft.Web/sites | Ensure that 'Python version' is the latest, if used to run the web app | arm | [AppServicePythonVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePythonVersion.py) | | 5806 | CKV_AZURE_82 | resource | Microsoft.Web/sites | Ensure that 'Python version' is the latest, if used to run the web app | Bicep | [AppServicePythonVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePythonVersion.py) | | 5807 | CKV_AZURE_82 | resource | azurerm_app_service | Ensure that 'Python version' is the latest, if used to run the web app | Terraform | [AppServicePythonVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServicePythonVersion.py) | | 5808 | CKV_AZURE_83 | resource | Microsoft.Web/sites | Ensure that 'Java version' is the latest, if used to run the web app | arm | [AppServiceJavaVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceJavaVersion.py) | | 5809 | CKV_AZURE_83 | resource | Microsoft.Web/sites | Ensure that 'Java version' is the latest, if used to run the web app | Bicep | [AppServiceJavaVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceJavaVersion.py) | | 5810 | CKV_AZURE_83 | resource | azurerm_app_service | Ensure that 'Java version' is the latest, if used to run the web app | Terraform | [AppServiceJavaVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceJavaVersion.py) | | 5811 | CKV_AZURE_84 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for Storage | arm | [AzureDefenderOnStorage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnStorage.py) | | 5812 | CKV_AZURE_84 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for Storage | Bicep | [AzureDefenderOnStorage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnStorage.py) | | 5813 | CKV_AZURE_84 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Storage | Terraform | [AzureDefenderOnStorage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnStorage.py) | | 5814 | CKV_AZURE_85 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for Kubernetes | arm | [AzureDefenderOnKubernetes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnKubernetes.py) | | 5815 | CKV_AZURE_85 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for Kubernetes | Bicep | [AzureDefenderOnKubernetes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnKubernetes.py) | | 5816 | CKV_AZURE_85 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Kubernetes | Terraform | [AzureDefenderOnKubernetes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnKubernetes.py) | | 5817 | CKV_AZURE_86 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Container Registries | Terraform | [AzureDefenderOnContainerRegistry.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnContainerRegistry.py) | | 5818 | CKV_AZURE_87 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for Key Vault | arm | [AzureDefenderOnKeyVaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnKeyVaults.py) | | 5819 | CKV_AZURE_87 | resource | Microsoft.Security/pricings | Ensure that Azure Defender is set to On for Key Vault | Bicep | [AzureDefenderOnKeyVaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureDefenderOnKeyVaults.py) | | 5820 | CKV_AZURE_87 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Key Vault | Terraform | [AzureDefenderOnKeyVaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderOnKeyVaults.py) | | 5821 | CKV_AZURE_88 | resource | Microsoft.Web/sites/config | Ensure that app services use Azure Files | arm | [AppServiceUsedAzureFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceUsedAzureFiles.py) | | 5822 | CKV_AZURE_88 | resource | Microsoft.Web/sites/config | Ensure that app services use Azure Files | Bicep | [AppServiceUsedAzureFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceUsedAzureFiles.py) | | 5823 | CKV_AZURE_88 | resource | azurerm_app_service | Ensure that app services use Azure Files | Terraform | [AppServiceUsedAzureFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceUsedAzureFiles.py) | | 5824 | CKV_AZURE_88 | resource | azurerm_linux_web_app | Ensure that app services use Azure Files | Terraform | [AppServiceUsedAzureFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceUsedAzureFiles.py) | | 5825 | CKV_AZURE_88 | resource | azurerm_windows_web_app | Ensure that app services use Azure Files | Terraform | [AppServiceUsedAzureFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceUsedAzureFiles.py) | | 5826 | CKV_AZURE_89 | resource | Microsoft.Cache/redis | Ensure that Azure Cache for Redis disables public network access | arm | [RedisCachePublicNetworkAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/RedisCachePublicNetworkAccessEnabled.py) | | 5827 | CKV_AZURE_89 | resource | Microsoft.Cache/redis | Ensure that Azure Cache for Redis disables public network access | Bicep | [RedisCachePublicNetworkAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/RedisCachePublicNetworkAccessEnabled.py) | | 5828 | CKV_AZURE_89 | resource | azurerm_redis_cache | Ensure that Azure Cache for Redis disables public network access | Terraform | [RedisCachePublicNetworkAccessEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/RedisCachePublicNetworkAccessEnabled.py) | | 5829 | CKV_AZURE_91 | resource | azurerm_redis_cache | Ensure that only SSL are enabled for Cache for Redis | Terraform | [RedisCacheEnableNonSSLPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/RedisCacheEnableNonSSLPort.py) | | 5830 | CKV_AZURE_92 | resource | Microsoft.Compute/virtualMachines | Ensure that Virtual Machines use managed disks | arm | [VMStorageOsDisk.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMStorageOsDisk.py) | | 5831 | CKV_AZURE_92 | resource | Microsoft.Compute/virtualMachines | Ensure that Virtual Machines use managed disks | Bicep | [VMStorageOsDisk.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMStorageOsDisk.py) | | 5832 | CKV_AZURE_92 | resource | azurerm_linux_virtual_machine | Ensure that Virtual Machines use managed disks | Terraform | [VMStorageOsDisk.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMStorageOsDisk.py) | | 5833 | CKV_AZURE_92 | resource | azurerm_windows_virtual_machine | Ensure that Virtual Machines use managed disks | Terraform | [VMStorageOsDisk.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMStorageOsDisk.py) | | 5834 | CKV_AZURE_93 | resource | Microsoft.Compute/disks | Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption | arm | [AzureManagedDiskEncryptionSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureManagedDiskEncryptionSet.py) | | 5835 | CKV_AZURE_93 | resource | Microsoft.Compute/disks | Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption | Bicep | [AzureManagedDiskEncryptionSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureManagedDiskEncryptionSet.py) | | 5836 | CKV_AZURE_93 | resource | azurerm_managed_disk | Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption | Terraform | [AzureManagedDiskEncryptionSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureManagedDiskEncryptionSet.py) | | 5837 | CKV_AZURE_94 | resource | Microsoft.DBforMySQL/flexibleServers | Ensure that My SQL server enables geo-redundant backups | arm | [MySQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLGeoBackupEnabled.py) | | 5838 | CKV_AZURE_94 | resource | Microsoft.DBforMySQL/flexibleServers | Ensure that My SQL server enables geo-redundant backups | Bicep | [MySQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLGeoBackupEnabled.py) | | 5839 | CKV_AZURE_94 | resource | azurerm_mysql_flexible_server | Ensure that My SQL server enables geo-redundant backups | Terraform | [MySQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLGeoBackupEnabled.py) | | 5840 | CKV_AZURE_94 | resource | azurerm_mysql_server | Ensure that My SQL server enables geo-redundant backups | Terraform | [MySQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLGeoBackupEnabled.py) | | 5841 | CKV_AZURE_95 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets | arm | [VMScaleSetsAutoOSImagePatchingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMScaleSetsAutoOSImagePatchingEnabled.py) | | 5842 | CKV_AZURE_95 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets | Bicep | [VMScaleSetsAutoOSImagePatchingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMScaleSetsAutoOSImagePatchingEnabled.py) | | 5843 | CKV_AZURE_95 | resource | azurerm_virtual_machine_scale_set | Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets | Terraform | [VMScaleSetsAutoOSImagePatchingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMScaleSetsAutoOSImagePatchingEnabled.py) | | 5844 | CKV_AZURE_96 | resource | Microsoft.DBforMySQL/flexibleServers | Ensure that MySQL server enables infrastructure encryption | arm | [MySQLEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLEncryptionEnabled.py) | | 5845 | CKV_AZURE_96 | resource | Microsoft.DBforMySQL/flexibleServers | Ensure that MySQL server enables infrastructure encryption | Bicep | [MySQLEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MySQLEncryptionEnabled.py) | | 5846 | CKV_AZURE_96 | resource | azurerm_mysql_server | Ensure that MySQL server enables infrastructure encryption | Terraform | [MySQLEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLEncryptionEnabled.py) | | 5847 | CKV_AZURE_97 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure that Virtual machine scale sets have encryption at host enabled | arm | [VMEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMEncryptionAtHostEnabled.py) | | 5848 | CKV_AZURE_97 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure that Virtual machine scale sets have encryption at host enabled | Bicep | [VMEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMEncryptionAtHostEnabled.py) | | 5849 | CKV_AZURE_97 | resource | Microsoft.Compute/virtualMachines | Ensure that Virtual machine scale sets have encryption at host enabled | arm | [VMEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMEncryptionAtHostEnabled.py) | | 5850 | CKV_AZURE_97 | resource | Microsoft.Compute/virtualMachines | Ensure that Virtual machine scale sets have encryption at host enabled | Bicep | [VMEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMEncryptionAtHostEnabled.py) | | 5851 | CKV_AZURE_97 | resource | azurerm_linux_virtual_machine_scale_set | Ensure that Virtual machine scale sets have encryption at host enabled | Terraform | [VMEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMEncryptionAtHostEnabled.py) | | 5852 | CKV_AZURE_97 | resource | azurerm_windows_virtual_machine_scale_set | Ensure that Virtual machine scale sets have encryption at host enabled | Terraform | [VMEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMEncryptionAtHostEnabled.py) | | 5853 | CKV_AZURE_98 | resource | azurerm_container_group | Ensure that Azure Container group is deployed into virtual network | Terraform | [AzureContainerGroupDeployedIntoVirtualNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureContainerGroupDeployedIntoVirtualNetwork.py) | | 5854 | CKV_AZURE_99 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure Cosmos DB accounts have restricted access | arm | [CosmosDBAccountsRestrictedAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBAccountsRestrictedAccess.py) | | 5855 | CKV_AZURE_99 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure Cosmos DB accounts have restricted access | Bicep | [CosmosDBAccountsRestrictedAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBAccountsRestrictedAccess.py) | | 5856 | CKV_AZURE_99 | resource | azurerm_cosmosdb_account | Ensure Cosmos DB accounts have restricted access | Terraform | [CosmosDBAccountsRestrictedAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CosmosDBAccountsRestrictedAccess.py) | | 5857 | CKV_AZURE_100 | resource | Microsoft.DocumentDb/databaseAccounts | Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest | arm | [CosmosDBHaveCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBHaveCMK.py) | | 5858 | CKV_AZURE_100 | resource | Microsoft.DocumentDb/databaseAccounts | Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest | Bicep | [CosmosDBHaveCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBHaveCMK.py) | | 5859 | CKV_AZURE_100 | resource | azurerm_cosmosdb_account | Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest | Terraform | [CosmosDBHaveCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CosmosDBHaveCMK.py) | | 5860 | CKV_AZURE_101 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure that Azure Cosmos DB disables public network access | arm | [CosmosDBDisablesPublicNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBDisablesPublicNetwork.py) | | 5861 | CKV_AZURE_101 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure that Azure Cosmos DB disables public network access | Bicep | [CosmosDBDisablesPublicNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBDisablesPublicNetwork.py) | | 5862 | CKV_AZURE_101 | resource | azurerm_cosmosdb_account | Ensure that Azure Cosmos DB disables public network access | Terraform | [CosmosDBDisablesPublicNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CosmosDBDisablesPublicNetwork.py) | | 5863 | CKV_AZURE_102 | resource | Microsoft.DBforPostgreSQL/servers | Ensure that PostgreSQL server enables geo-redundant backups | arm | [PostgressSQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgressSQLGeoBackupEnabled.py) | | 5864 | CKV_AZURE_102 | resource | Microsoft.DBforPostgreSQL/servers | Ensure that PostgreSQL server enables geo-redundant backups | Bicep | [PostgressSQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgressSQLGeoBackupEnabled.py) | | 5865 | CKV_AZURE_102 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables geo-redundant backups | Terraform | [PostgressSQLGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgressSQLGeoBackupEnabled.py) | | 5866 | CKV_AZURE_103 | resource | Microsoft.DataFactory/factories | Ensure that Azure Data Factory uses Git repository for source control | arm | [DataFactoryUsesGitRepository.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataFactoryUsesGitRepository.py) | | 5867 | CKV_AZURE_103 | resource | Microsoft.DataFactory/factories | Ensure that Azure Data Factory uses Git repository for source control | Bicep | [DataFactoryUsesGitRepository.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataFactoryUsesGitRepository.py) | | 5868 | CKV_AZURE_103 | resource | azurerm_data_factory | Ensure that Azure Data Factory uses Git repository for source control | Terraform | [DataFactoryUsesGitRepository.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DataFactoryUsesGitRepository.py) | | 5869 | CKV_AZURE_104 | resource | Microsoft.DataFactory/factories | Ensure that Azure Data factory public network access is disabled | arm | [DataFactoryNoPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataFactoryNoPublicNetworkAccess.py) | | 5870 | CKV_AZURE_104 | resource | Microsoft.DataFactory/factories | Ensure that Azure Data factory public network access is disabled | Bicep | [DataFactoryNoPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataFactoryNoPublicNetworkAccess.py) | | 5871 | CKV_AZURE_104 | resource | azurerm_data_factory | Ensure that Azure Data factory public network access is disabled | Terraform | [DataFactoryNoPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DataFactoryNoPublicNetworkAccess.py) | | 5872 | CKV_AZURE_105 | resource | Microsoft.DataLakeStore/accounts | Ensure that Data Lake Store accounts enables encryption | arm | [DataLakeStoreEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataLakeStoreEncryption.py) | | 5873 | CKV_AZURE_105 | resource | Microsoft.DataLakeStore/accounts | Ensure that Data Lake Store accounts enables encryption | Bicep | [DataLakeStoreEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DataLakeStoreEncryption.py) | | 5874 | CKV_AZURE_105 | resource | azurerm_data_lake_store | Ensure that Data Lake Store accounts enables encryption | Terraform | [DataLakeStoreEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DataLakeStoreEncryption.py) | | 5875 | CKV_AZURE_106 | resource | azurerm_eventgrid_domain | Ensure that Azure Event Grid Domain public network access is disabled | Terraform | [EventgridDomainNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventgridDomainNetworkAccess.py) | | 5876 | CKV_AZURE_107 | resource | Microsoft.ApiManagement/service | Ensure that API management services use virtual networks | arm | [APIServicesUseVirtualNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/APIServicesUseVirtualNetwork.py) | | 5877 | CKV_AZURE_107 | resource | Microsoft.ApiManagement/service | Ensure that API management services use virtual networks | Bicep | [APIServicesUseVirtualNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/APIServicesUseVirtualNetwork.py) | | 5878 | CKV_AZURE_107 | resource | azurerm_api_management | Ensure that API management services use virtual networks | Terraform | [APIServicesUseVirtualNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/APIServicesUseVirtualNetwork.py) | | 5879 | CKV_AZURE_108 | resource | azurerm_iothub | Ensure that Azure IoT Hub disables public network access | Terraform | [IoTNoPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/IoTNoPublicNetworkAccess.py) | | 5880 | CKV_AZURE_109 | resource | Microsoft.KeyVault/vaults | Ensure that key vault allows firewall rules settings | arm | [KeyVaultEnablesFirewallRulesSettings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultEnablesFirewallRulesSettings.py) | | 5881 | CKV_AZURE_109 | resource | Microsoft.KeyVault/vaults | Ensure that key vault allows firewall rules settings | Bicep | [KeyVaultEnablesFirewallRulesSettings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultEnablesFirewallRulesSettings.py) | | 5882 | CKV_AZURE_109 | resource | azurerm_key_vault | Ensure that key vault allows firewall rules settings | Terraform | [KeyVaultEnablesFirewallRulesSettings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyVaultEnablesFirewallRulesSettings.py) | | 5883 | CKV_AZURE_110 | resource | Microsoft.KeyVault/vaults | Ensure that key vault enables purge protection | arm | [KeyVaultEnablesPurgeProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultEnablesPurgeProtection.py) | | 5884 | CKV_AZURE_110 | resource | Microsoft.KeyVault/vaults | Ensure that key vault enables purge protection | Bicep | [KeyVaultEnablesPurgeProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultEnablesPurgeProtection.py) | | 5885 | CKV_AZURE_110 | resource | azurerm_key_vault | Ensure that key vault enables purge protection | Terraform | [KeyVaultEnablesPurgeProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyVaultEnablesPurgeProtection.py) | | 5886 | CKV_AZURE_111 | resource | Microsoft.KeyVault/vaults | Ensure that key vault enables soft delete | arm | [KeyVaultEnablesSoftDelete.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultEnablesSoftDelete.py) | | 5887 | CKV_AZURE_111 | resource | Microsoft.KeyVault/vaults | Ensure that key vault enables soft delete | Bicep | [KeyVaultEnablesSoftDelete.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultEnablesSoftDelete.py) | | 5888 | CKV_AZURE_111 | resource | azurerm_key_vault | Ensure that key vault enables soft delete | Terraform | [KeyVaultEnablesSoftDelete.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyVaultEnablesSoftDelete.py) | | 5889 | CKV_AZURE_112 | resource | Microsoft.KeyVault/vaults/keys | Ensure that key vault key is backed by HSM | arm | [KeyBackedByHSM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyBackedByHSM.py) | | 5890 | CKV_AZURE_112 | resource | Microsoft.KeyVault/vaults/keys | Ensure that key vault key is backed by HSM | Bicep | [KeyBackedByHSM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyBackedByHSM.py) | | 5891 | CKV_AZURE_112 | resource | azurerm_key_vault_key | Ensure that key vault key is backed by HSM | Terraform | [KeyBackedByHSM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyBackedByHSM.py) | | 5892 | CKV_AZURE_113 | resource | Microsoft.Sql/servers | Ensure that SQL server disables public network access | arm | [SQLServerHasPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerHasPublicAccessDisabled.py) | | 5893 | CKV_AZURE_113 | resource | Microsoft.Sql/servers | Ensure that SQL server disables public network access | Bicep | [SQLServerHasPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerHasPublicAccessDisabled.py) | | 5894 | CKV_AZURE_113 | resource | azurerm_mssql_server | Ensure that SQL server disables public network access | Terraform | [SQLServerPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLServerPublicAccessDisabled.py) | | 5895 | CKV_AZURE_114 | resource | Microsoft.KeyVault/vaults/secrets | Ensure that key vault secrets have "content_type" set | arm | [SecretContentType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecretContentType.py) | | 5896 | CKV_AZURE_114 | resource | Microsoft.KeyVault/vaults/secrets | Ensure that key vault secrets have "content_type" set | Bicep | [SecretContentType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SecretContentType.py) | | 5897 | CKV_AZURE_114 | resource | azurerm_key_vault_secret | Ensure that key vault secrets have "content_type" set | Terraform | [SecretContentType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecretContentType.py) | | 5898 | CKV_AZURE_115 | resource | azurerm_kubernetes_cluster | Ensure that AKS enables private clusters | Terraform | [AKSEnablesPrivateClusters.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSEnablesPrivateClusters.py) | | 5899 | CKV_AZURE_116 | resource | azurerm_kubernetes_cluster | Ensure that AKS uses Azure Policies Add-on | Terraform | [AKSUsesAzurePoliciesAddon.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSUsesAzurePoliciesAddon.py) | | 5900 | CKV_AZURE_117 | resource | azurerm_kubernetes_cluster | Ensure that AKS uses disk encryption set | Terraform | [AKSUsesDiskEncryptionSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSUsesDiskEncryptionSet.py) | | 5901 | CKV_AZURE_118 | resource | azurerm_network_interface | Ensure that Network Interfaces disable IP forwarding | Terraform | [NetworkInterfaceEnableIPForwarding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NetworkInterfaceEnableIPForwarding.py) | | 5902 | CKV_AZURE_119 | resource | azurerm_network_interface | Ensure that Network Interfaces don't use public IPs | Terraform | [AzureNetworkInterfacePublicIPAddressId.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureNetworkInterfacePublicIPAddressId.yaml) | | 5903 | CKV_AZURE_120 | resource | azurerm_application_gateway | Ensure that Application Gateway enables WAF | Terraform | [ApplicationGatewayEnablesWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/ApplicationGatewayEnablesWAF.yaml) | | 5904 | CKV_AZURE_120 | resource | azurerm_web_application_firewall_policy | Ensure that Application Gateway enables WAF | Terraform | [ApplicationGatewayEnablesWAF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/ApplicationGatewayEnablesWAF.yaml) | | 5905 | CKV_AZURE_121 | resource | Microsoft.Network/frontDoors | Ensure that Azure Front Door enables WAF | arm | [AzureFrontDoorEnablesWAF.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureFrontDoorEnablesWAF.py) | | 5906 | CKV_AZURE_121 | resource | Microsoft.Network/frontDoors | Ensure that Azure Front Door enables WAF | Bicep | [AzureFrontDoorEnablesWAF.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureFrontDoorEnablesWAF.py) | | 5907 | CKV_AZURE_121 | resource | azurerm_frontdoor | Ensure that Azure Front Door enables WAF | Terraform | [AzureFrontDoorEnablesWAF.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureFrontDoorEnablesWAF.py) | | 5908 | CKV_AZURE_122 | resource | azurerm_web_application_firewall_policy | Ensure that Application Gateway uses WAF in "Detection" or "Prevention" modes | Terraform | [AppGWUseWAFMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppGWUseWAFMode.py) | | 5909 | CKV_AZURE_123 | resource | Microsoft.Network/FrontDoorWebApplicationFirewallPolicies | Ensure that Azure Front Door uses WAF in "Detection" or "Prevention" modes | arm | [FrontdoorUseWAFMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FrontdoorUseWAFMode.py) | | 5910 | CKV_AZURE_123 | resource | Microsoft.Network/FrontDoorWebApplicationFirewallPolicies | Ensure that Azure Front Door uses WAF in "Detection" or "Prevention" modes | Bicep | [FrontdoorUseWAFMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FrontdoorUseWAFMode.py) | | 5911 | CKV_AZURE_123 | resource | azurerm_frontdoor_firewall_policy | Ensure that Azure Front Door uses WAF in "Detection" or "Prevention" modes | Terraform | [FrontdoorUseWAFMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FrontdoorUseWAFMode.py) | | 5912 | CKV_AZURE_124 | resource | azurerm_search_service | Ensure that Azure Cognitive Search disables public network access | Terraform | [AzureSearchPublicNetworkAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureSearchPublicNetworkAccessDisabled.py) | | 5913 | CKV_AZURE_125 | resource | Microsoft.ServiceFabric/clusters | Ensures that Service Fabric use three levels of protection available | arm | [AzureServiceFabricClusterProtectionLevel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureServiceFabricClusterProtectionLevel.py) | | 5914 | CKV_AZURE_125 | resource | Microsoft.ServiceFabric/clusters | Ensures that Service Fabric use three levels of protection available | Bicep | [AzureServiceFabricClusterProtectionLevel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureServiceFabricClusterProtectionLevel.py) | | 5915 | CKV_AZURE_125 | resource | azurerm_service_fabric_cluster | Ensures that Service Fabric use three levels of protection available | Terraform | [AzureServiceFabricClusterProtectionLevel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServiceFabricClusterProtectionLevel.py) | | 5916 | CKV_AZURE_126 | resource | azurerm_service_fabric_cluster | Ensures that Active Directory is used for authentication for Service Fabric | Terraform | [ActiveDirectoryUsedAuthenticationServiceFabric.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ActiveDirectoryUsedAuthenticationServiceFabric.py) | | 5917 | CKV_AZURE_127 | resource | azurerm_mysql_server | Ensure that My SQL server enables Threat detection policy | Terraform | [MySQLTreatDetectionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MySQLTreatDetectionEnabled.py) | | 5918 | CKV_AZURE_128 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables Threat detection policy | Terraform | [PostgresSQLTreatDetectionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgresSQLTreatDetectionEnabled.py) | | 5919 | CKV_AZURE_129 | resource | Microsoft.DBforMariaDB/servers | Ensure that MariaDB server enables geo-redundant backups | arm | [MariaDBGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MariaDBGeoBackupEnabled.py) | | 5920 | CKV_AZURE_129 | resource | Microsoft.DBforMariaDB/servers | Ensure that MariaDB server enables geo-redundant backups | Bicep | [MariaDBGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/MariaDBGeoBackupEnabled.py) | | 5921 | CKV_AZURE_129 | resource | azurerm_mariadb_server | Ensure that MariaDB server enables geo-redundant backups | Terraform | [MariaDBGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MariaDBGeoBackupEnabled.py) | | 5922 | CKV_AZURE_130 | resource | Microsoft.DBforPostgreSQL/servers | Ensure that PostgreSQL server enables infrastructure encryption | arm | [PostgreSQLEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLEncryptionEnabled.py) | | 5923 | CKV_AZURE_130 | resource | Microsoft.DBforPostgreSQL/servers | Ensure that PostgreSQL server enables infrastructure encryption | Bicep | [PostgreSQLEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PostgreSQLEncryptionEnabled.py) | | 5924 | CKV_AZURE_130 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables infrastructure encryption | Terraform | [PostgreSQLEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLEncryptionEnabled.py) | | 5925 | CKV_AZURE_131 | resource | azurerm_security_center_contact | Ensure that 'Security contact emails' is set | Terraform | [SecurityCenterContactEmails.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SecurityCenterContactEmails.py) | | 5926 | CKV_AZURE_131 | parameter | secureString | SecureString parameter should not have hardcoded default values | arm | [SecureStringParameterNoHardcodedValue.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/parameter/SecureStringParameterNoHardcodedValue.py) | | 5927 | CKV_AZURE_131 | parameter | string | SecureString parameter should not have hardcoded default values | Bicep | [SecureStringParameterNoHardcodedValue.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bicep/checks/param/azure/SecureStringParameterNoHardcodedValue.py) | | 5928 | CKV_AZURE_132 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure cosmosdb does not allow privileged escalation by restricting management plane changes | arm | [CosmosDBDisableAccessKeyWrite.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBDisableAccessKeyWrite.py) | | 5929 | CKV_AZURE_132 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure cosmosdb does not allow privileged escalation by restricting management plane changes | Bicep | [CosmosDBDisableAccessKeyWrite.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBDisableAccessKeyWrite.py) | | 5930 | CKV_AZURE_132 | resource | azurerm_cosmosdb_account | Ensure cosmosdb does not allow privileged escalation by restricting management plane changes | Terraform | [CosmosDBDisableAccessKeyWrite.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CosmosDBDisableAccessKeyWrite.py) | | 5931 | CKV_AZURE_133 | resource | Microsoft.Network/frontdoorWebApplicationFirewallPolicies | Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | arm | [FrontDoorWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FrontDoorWAFACLCVE202144228.py) | | 5932 | CKV_AZURE_133 | resource | Microsoft.Network/frontdoorWebApplicationFirewallPolicies | Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Bicep | [FrontDoorWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FrontDoorWAFACLCVE202144228.py) | | 5933 | CKV_AZURE_133 | resource | azurerm_frontdoor_firewall_policy | Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform | [FrontDoorWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FrontDoorWAFACLCVE202144228.py) | | 5934 | CKV_AZURE_134 | resource | Microsoft.CognitiveServices/accounts | Ensure that Cognitive Services accounts disable public network access | arm | [CognitiveServicesDisablesPublicNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesDisablesPublicNetwork.py) | | 5935 | CKV_AZURE_134 | resource | Microsoft.CognitiveServices/accounts | Ensure that Cognitive Services accounts disable public network access | Bicep | [CognitiveServicesDisablesPublicNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesDisablesPublicNetwork.py) | | 5936 | CKV_AZURE_134 | resource | azurerm_cognitive_account | Ensure that Cognitive Services accounts disable public network access | Terraform | [CognitiveServicesDisablesPublicNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CognitiveServicesDisablesPublicNetwork.py) | | 5937 | CKV_AZURE_135 | resource | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies | Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | arm | [AppGatewayWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppGatewayWAFACLCVE202144228.py) | | 5938 | CKV_AZURE_135 | resource | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies | Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Bicep | [AppGatewayWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppGatewayWAFACLCVE202144228.py) | | 5939 | CKV_AZURE_135 | resource | azurerm_web_application_firewall_policy | Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform | [AppGatewayWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppGatewayWAFACLCVE202144228.py) | | 5940 | CKV_AZURE_136 | resource | azurerm_postgresql_flexible_server | Ensure that PostgreSQL Flexible server enables geo-redundant backups | Terraform | [PostgreSQLFlexiServerGeoBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLFlexiServerGeoBackupEnabled.py) | | 5941 | CKV_AZURE_137 | resource | Microsoft.ContainerRegistry/registries | Ensure ACR admin account is disabled | arm | [ACRAdminAccountDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRAdminAccountDisabled.py) | | 5942 | CKV_AZURE_137 | resource | Microsoft.ContainerRegistry/registries | Ensure ACR admin account is disabled | Bicep | [ACRAdminAccountDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRAdminAccountDisabled.py) | | 5943 | CKV_AZURE_137 | resource | azurerm_container_registry | Ensure ACR admin account is disabled | Terraform | [ACRAdminAccountDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAdminAccountDisabled.py) | | 5944 | CKV_AZURE_138 | resource | Microsoft.ContainerRegistry/registries | Ensures that ACR disables anonymous pulling of images | arm | [ACRAnonymousPullDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRAnonymousPullDisabled.py) | | 5945 | CKV_AZURE_138 | resource | Microsoft.ContainerRegistry/registries | Ensures that ACR disables anonymous pulling of images | Bicep | [ACRAnonymousPullDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRAnonymousPullDisabled.py) | | 5946 | CKV_AZURE_138 | resource | azurerm_container_registry | Ensures that ACR disables anonymous pulling of images | Terraform | [ACRAnonymousPullDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAnonymousPullDisabled.py) | | 5947 | CKV_AZURE_139 | resource | Microsoft.ContainerRegistry/registries | Ensure ACR set to disable public networking | arm | [ACRPublicNetworkAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRPublicNetworkAccessDisabled.py) | | 5948 | CKV_AZURE_139 | resource | Microsoft.ContainerRegistry/registries | Ensure ACR set to disable public networking | Bicep | [ACRPublicNetworkAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRPublicNetworkAccessDisabled.py) | | 5949 | CKV_AZURE_139 | resource | azurerm_container_registry | Ensure ACR set to disable public networking | Terraform | [ACRPublicNetworkAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRPublicNetworkAccessDisabled.py) | | 5950 | CKV_AZURE_140 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure that Local Authentication is disabled on CosmosDB | arm | [CosmosDBLocalAuthDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBLocalAuthDisabled.py) | | 5951 | CKV_AZURE_140 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure that Local Authentication is disabled on CosmosDB | Bicep | [CosmosDBLocalAuthDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CosmosDBLocalAuthDisabled.py) | | 5952 | CKV_AZURE_140 | resource | azurerm_cosmosdb_account | Ensure that Local Authentication is disabled on CosmosDB | Terraform | [CosmosDBLocalAuthDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CosmosDBLocalAuthDisabled.py) | | 5953 | CKV_AZURE_141 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS local admin account is disabled | arm | [AKSLocalAdminDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSLocalAdminDisabled.py) | | 5954 | CKV_AZURE_141 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS local admin account is disabled | Bicep | [AKSLocalAdminDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSLocalAdminDisabled.py) | | 5955 | CKV_AZURE_141 | resource | azurerm_kubernetes_cluster | Ensure AKS local admin account is disabled | Terraform | [AKSLocalAdminDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSLocalAdminDisabled.py) | | 5956 | CKV_AZURE_142 | resource | azurerm_machine_learning_compute_cluster | Ensure Machine Learning Compute Cluster Local Authentication is disabled | Terraform | [MLCCLADisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MLCCLADisabled.py) | | 5957 | CKV_AZURE_143 | resource | azurerm_kubernetes_cluster | Ensure AKS cluster nodes do not have public IP addresses | Terraform | [AKSNodePublicIpDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSNodePublicIpDisabled.py) | | 5958 | CKV_AZURE_144 | resource | azurerm_machine_learning_workspace | Ensure that Public Access is disabled for Machine Learning Workspace | Terraform | [MLPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MLPublicAccess.py) | | 5959 | CKV_AZURE_145 | resource | Microsoft.Web/sites | Ensure Function app is using the latest version of TLS encryption | arm | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppMinTLSVersion.py) | | 5960 | CKV_AZURE_145 | resource | Microsoft.Web/sites | Ensure Function app is using the latest version of TLS encryption | Bicep | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppMinTLSVersion.py) | | 5961 | CKV_AZURE_145 | resource | Microsoft.Web/sites/slots | Ensure Function app is using the latest version of TLS encryption | arm | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppMinTLSVersion.py) | | 5962 | CKV_AZURE_145 | resource | Microsoft.Web/sites/slots | Ensure Function app is using the latest version of TLS encryption | Bicep | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/FunctionAppMinTLSVersion.py) | | 5963 | CKV_AZURE_145 | resource | azurerm_function_app | Ensure Function app is using the latest version of TLS encryption | Terraform | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py) | | 5964 | CKV_AZURE_145 | resource | azurerm_function_app_slot | Ensure Function app is using the latest version of TLS encryption | Terraform | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py) | | 5965 | CKV_AZURE_145 | resource | azurerm_linux_function_app | Ensure Function app is using the latest version of TLS encryption | Terraform | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py) | | 5966 | CKV_AZURE_145 | resource | azurerm_linux_function_app_slot | Ensure Function app is using the latest version of TLS encryption | Terraform | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py) | | 5967 | CKV_AZURE_145 | resource | azurerm_windows_function_app | Ensure Function app is using the latest version of TLS encryption | Terraform | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py) | | 5968 | CKV_AZURE_145 | resource | azurerm_windows_function_app_slot | Ensure Function app is using the latest version of TLS encryption | Terraform | [FunctionAppMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppMinTLSVersion.py) | | 5969 | CKV_AZURE_146 | resource | azurerm_postgresql_configuration | Ensure server parameter 'log_retention' is set to 'ON' for PostgreSQL Database Server | Terraform | [PostgreSQLServerLogRetentionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLServerLogRetentionEnabled.py) | | 5970 | CKV_AZURE_147 | resource | azurerm_postgresql_server | Ensure PostgreSQL is using the latest version of TLS encryption | Terraform | [PostgreSQLMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PostgreSQLMinTLSVersion.py) | | 5971 | CKV_AZURE_148 | resource | azurerm_redis_cache | Ensure Redis Cache is using the latest version of TLS encryption | Terraform | [RedisCacheMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/RedisCacheMinTLSVersion.py) | | 5972 | CKV_AZURE_149 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure that Virtual machine does not enable password authentication | arm | [VMDisablePasswordAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMDisablePasswordAuthentication.py) | | 5973 | CKV_AZURE_149 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure that Virtual machine does not enable password authentication | Bicep | [VMDisablePasswordAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMDisablePasswordAuthentication.py) | | 5974 | CKV_AZURE_149 | resource | Microsoft.Compute/virtualMachines | Ensure that Virtual machine does not enable password authentication | arm | [VMDisablePasswordAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMDisablePasswordAuthentication.py) | | 5975 | CKV_AZURE_149 | resource | Microsoft.Compute/virtualMachines | Ensure that Virtual machine does not enable password authentication | Bicep | [VMDisablePasswordAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VMDisablePasswordAuthentication.py) | | 5976 | CKV_AZURE_149 | resource | azurerm_linux_virtual_machine | Ensure that Virtual machine does not enable password authentication | Terraform | [VMDisablePasswordAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMDisablePasswordAuthentication.py) | | 5977 | CKV_AZURE_149 | resource | azurerm_linux_virtual_machine_scale_set | Ensure that Virtual machine does not enable password authentication | Terraform | [VMDisablePasswordAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMDisablePasswordAuthentication.py) | | 5978 | CKV_AZURE_150 | resource | azurerm_machine_learning_compute_cluster | Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0 | Terraform | [MLComputeClusterMinNodes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MLComputeClusterMinNodes.py) | | 5979 | CKV_AZURE_151 | resource | Microsoft.Compute/virtualMachines | Ensure Windows VM enables encryption | arm | [WinVMEncryptionAtHost.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/WinVMEncryptionAtHost.py) | | 5980 | CKV_AZURE_151 | resource | Microsoft.Compute/virtualMachines | Ensure Windows VM enables encryption | Bicep | [WinVMEncryptionAtHost.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/WinVMEncryptionAtHost.py) | | 5981 | CKV_AZURE_151 | resource | azurerm_windows_virtual_machine | Ensure Windows VM enables encryption | Terraform | [WinVMEncryptionAtHost.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/WinVMEncryptionAtHost.py) | | 5982 | CKV_AZURE_152 | resource | azurerm_api_management | Ensure Client Certificates are enforced for API management | Terraform | [APIManagementCertsEnforced.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/APIManagementCertsEnforced.py) | | 5983 | CKV_AZURE_153 | resource | Microsoft.Web/sites | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | arm | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotHTTPSOnly.py) | | 5984 | CKV_AZURE_153 | resource | Microsoft.Web/sites | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | Bicep | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotHTTPSOnly.py) | | 5985 | CKV_AZURE_153 | resource | Microsoft.Web/sites/slots | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | arm | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotHTTPSOnly.py) | | 5986 | CKV_AZURE_153 | resource | Microsoft.Web/sites/slots | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | Bicep | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotHTTPSOnly.py) | | 5987 | CKV_AZURE_153 | resource | azurerm_app_service_slot | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | Terraform | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSlotHTTPSOnly.py) | | 5988 | CKV_AZURE_153 | resource | azurerm_linux_web_app_slot | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | Terraform | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSlotHTTPSOnly.py) | | 5989 | CKV_AZURE_153 | resource | azurerm_windows_web_app_slot | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | Terraform | [AppServiceSlotHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSlotHTTPSOnly.py) | | 5990 | CKV_AZURE_154 | resource | azurerm_app_service_slot | Ensure the App service slot is using the latest version of TLS encryption | Terraform | [AppServiceSlotMinTLS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSlotMinTLS.py) | | 5991 | CKV_AZURE_155 | resource | Microsoft.Web/sites | Ensure debugging is disabled for the App service slot | arm | [AppServiceSlotDebugDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotDebugDisabled.py) | | 5992 | CKV_AZURE_155 | resource | Microsoft.Web/sites | Ensure debugging is disabled for the App service slot | Bicep | [AppServiceSlotDebugDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotDebugDisabled.py) | | 5993 | CKV_AZURE_155 | resource | Microsoft.Web/sites/slots | Ensure debugging is disabled for the App service slot | arm | [AppServiceSlotDebugDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotDebugDisabled.py) | | 5994 | CKV_AZURE_155 | resource | Microsoft.Web/sites/slots | Ensure debugging is disabled for the App service slot | Bicep | [AppServiceSlotDebugDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSlotDebugDisabled.py) | | 5995 | CKV_AZURE_155 | resource | azurerm_app_service_slot | Ensure debugging is disabled for the App service slot | Terraform | [AppServiceSlotDebugDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSlotDebugDisabled.py) | | 5996 | CKV_AZURE_156 | resource | azurerm_mssql_database_extended_auditing_policy | Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs | Terraform | [MSSQLServerAuditPolicyLogMonitor.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/MSSQLServerAuditPolicyLogMonitor.py) | | 5997 | CKV_AZURE_157 | resource | Microsoft.Synapse/workspaces | Ensure that Synapse workspace has data_exfiltration_protection_enabled | arm | [SynapseWorkspaceEnablesDataExfilProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceEnablesDataExfilProtection.py) | | 5998 | CKV_AZURE_157 | resource | Microsoft.Synapse/workspaces | Ensure that Synapse workspace has data_exfiltration_protection_enabled | Bicep | [SynapseWorkspaceEnablesDataExfilProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceEnablesDataExfilProtection.py) | | 5999 | CKV_AZURE_157 | resource | azurerm_synapse_workspace | Ensure that Synapse workspace has data_exfiltration_protection_enabled | Terraform | [SynapseWorkspaceEnablesDataExfilProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SynapseWorkspaceEnablesDataExfilProtection.py) | | 6000 | CKV_AZURE_158 | resource | Microsoft.Databricks/workspaces | Ensure Databricks Workspace data plane to control plane communication happens over private link | arm | [DatabricksWorkspaceIsNotPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceIsNotPublic.py) | | 6001 | CKV_AZURE_158 | resource | Microsoft.Databricks/workspaces | Ensure Databricks Workspace data plane to control plane communication happens over private link | Bicep | [DatabricksWorkspaceIsNotPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceIsNotPublic.py) | | 6002 | CKV_AZURE_158 | resource | azurerm_databricks_workspace | Ensure Databricks Workspace data plane to control plane communication happens over private link | Terraform | [DatabricksWorkspaceIsNotPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DatabricksWorkspaceIsNotPublic.py) | | 6003 | CKV_AZURE_159 | resource | azurerm_function_app | Ensure function app builtin logging is enabled | Terraform | [FunctionAppEnableLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppEnableLogging.py) | | 6004 | CKV_AZURE_159 | resource | azurerm_function_app_slot | Ensure function app builtin logging is enabled | Terraform | [FunctionAppEnableLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppEnableLogging.py) | | 6005 | CKV_AZURE_160 | resource | Microsoft.Network/networkSecurityGroups | Ensure that HTTP (port 80) access is restricted from the internet | arm | [NSGRuleHTTPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleHTTPAccessRestricted.py) | | 6006 | CKV_AZURE_160 | resource | Microsoft.Network/networkSecurityGroups | Ensure that HTTP (port 80) access is restricted from the internet | Bicep | [NSGRuleHTTPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleHTTPAccessRestricted.py) | | 6007 | CKV_AZURE_160 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that HTTP (port 80) access is restricted from the internet | arm | [NSGRuleHTTPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleHTTPAccessRestricted.py) | | 6008 | CKV_AZURE_160 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that HTTP (port 80) access is restricted from the internet | Bicep | [NSGRuleHTTPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/NSGRuleHTTPAccessRestricted.py) | | 6009 | CKV_AZURE_160 | resource | azurerm_network_security_group | Ensure that HTTP (port 80) access is restricted from the internet | Terraform | [NSGRuleHTTPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleHTTPAccessRestricted.py) | | 6010 | CKV_AZURE_160 | resource | azurerm_network_security_rule | Ensure that HTTP (port 80) access is restricted from the internet | Terraform | [NSGRuleHTTPAccessRestricted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/NSGRuleHTTPAccessRestricted.py) | | 6011 | CKV_AZURE_161 | resource | azurerm_spring_cloud_api_portal | Ensures Spring Cloud API Portal is enabled on for HTTPS | Terraform | [SpringCloudAPIPortalHTTPSOnly.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SpringCloudAPIPortalHTTPSOnly.py) | | 6012 | CKV_AZURE_162 | resource | azurerm_spring_cloud_api_portal | Ensures Spring Cloud API Portal Public Access Is Disabled | Terraform | [SpringCloudAPIPortalPublicAccessIsDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SpringCloudAPIPortalPublicAccessIsDisabled.py) | | 6013 | CKV_AZURE_163 | resource | Microsoft.ContainerRegistry/registries | Enable vulnerability scanning for container images. | arm | [ACRContainerScanEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRContainerScanEnabled.py) | | 6014 | CKV_AZURE_163 | resource | Microsoft.ContainerRegistry/registries | Enable vulnerability scanning for container images. | Bicep | [ACRContainerScanEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACRContainerScanEnabled.py) | | 6015 | CKV_AZURE_163 | resource | azurerm_container_registry | Enable vulnerability scanning for container images. | Terraform | [ACRContainerScanEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRContainerScanEnabled.py) | | 6016 | CKV_AZURE_164 | resource | azurerm_container_registry | Ensures that ACR uses signed/trusted images | Terraform | [ACRUseSignedImages.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRUseSignedImages.py) | | 6017 | CKV_AZURE_165 | resource | azurerm_container_registry | Ensure geo-replicated container registries to match multi-region container deployments. | Terraform | [ACRGeoreplicated.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRGeoreplicated.py) | | 6018 | CKV_AZURE_166 | resource | Microsoft.ContainerRegistry/registries | Ensure container image quarantine, scan, and mark images verified | arm | [ACREnableImageQuarantine.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACREnableImageQuarantine.py) | | 6019 | CKV_AZURE_166 | resource | Microsoft.ContainerRegistry/registries | Ensure container image quarantine, scan, and mark images verified | Bicep | [ACREnableImageQuarantine.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACREnableImageQuarantine.py) | | 6020 | CKV_AZURE_166 | resource | azurerm_container_registry | Ensure container image quarantine, scan, and mark images verified | Terraform | [ACREnableImageQuarantine.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACREnableImageQuarantine.py) | | 6021 | CKV_AZURE_167 | resource | azurerm_container_registry | Ensure a retention policy is set to cleanup untagged manifests. | Terraform | [ACREnableRetentionPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACREnableRetentionPolicy.py) | | 6022 | CKV_AZURE_168 | resource | Microsoft.ContainerService/managedClusters | Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. | arm | [AKSMaxPodsMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSMaxPodsMinimum.py) | | 6023 | CKV_AZURE_168 | resource | Microsoft.ContainerService/managedClusters | Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. | Bicep | [AKSMaxPodsMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSMaxPodsMinimum.py) | | 6024 | CKV_AZURE_168 | resource | Microsoft.ContainerService/managedClusters/agentPools | Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. | arm | [AKSMaxPodsMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSMaxPodsMinimum.py) | | 6025 | CKV_AZURE_168 | resource | Microsoft.ContainerService/managedClusters/agentPools | Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. | Bicep | [AKSMaxPodsMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSMaxPodsMinimum.py) | | 6026 | CKV_AZURE_168 | resource | azurerm_kubernetes_cluster | Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. | Terraform | [AKSMaxPodsMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSMaxPodsMinimum.py) | | 6027 | CKV_AZURE_168 | resource | azurerm_kubernetes_cluster_node_pool | Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods. | Terraform | [AKSMaxPodsMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSMaxPodsMinimum.py) | | 6028 | CKV_AZURE_169 | resource | Microsoft.ContainerService/managedClusters | Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets | arm | [AKSPoolTypeIsScaleSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSPoolTypeIsScaleSet.py) | | 6029 | CKV_AZURE_169 | resource | Microsoft.ContainerService/managedClusters | Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets | Bicep | [AKSPoolTypeIsScaleSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSPoolTypeIsScaleSet.py) | | 6030 | CKV_AZURE_169 | resource | azurerm_kubernetes_cluster | Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets | Terraform | [AKSPoolTypeIsScaleSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSPoolTypeIsScaleSet.py) | | 6031 | CKV_AZURE_170 | resource | azurerm_kubernetes_cluster | Ensure that AKS use the Paid Sku for its SLA | Terraform | [AKSIsPaidSku.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSIsPaidSku.py) | | 6032 | CKV_AZURE_171 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS cluster upgrade channel is chosen | arm | [AKSUpgradeChannel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSUpgradeChannel.py) | | 6033 | CKV_AZURE_171 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS cluster upgrade channel is chosen | Bicep | [AKSUpgradeChannel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSUpgradeChannel.py) | | 6034 | CKV_AZURE_171 | resource | azurerm_kubernetes_cluster | Ensure AKS cluster upgrade channel is chosen | Terraform | [AKSUpgradeChannel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSUpgradeChannel.py) | | 6035 | CKV_AZURE_172 | resource | Microsoft.ContainerService/managedClusters | Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters | arm | [AkSSecretStoreRotation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AkSSecretStoreRotation.py) | | 6036 | CKV_AZURE_172 | resource | Microsoft.ContainerService/managedClusters | Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters | Bicep | [AkSSecretStoreRotation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AkSSecretStoreRotation.py) | | 6037 | CKV_AZURE_172 | resource | azurerm_kubernetes_cluster | Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters | Terraform | [AKSSecretStoreRotation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSSecretStoreRotation.py) | | 6038 | CKV_AZURE_173 | resource | Microsoft.ApiManagement/service | Ensure API management uses at least TLS 1.2 | arm | [APIManagementMinTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/APIManagementMinTLS12.py) | | 6039 | CKV_AZURE_173 | resource | Microsoft.ApiManagement/service | Ensure API management uses at least TLS 1.2 | Bicep | [APIManagementMinTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/APIManagementMinTLS12.py) | | 6040 | CKV_AZURE_173 | resource | azurerm_api_management | Ensure API management uses at least TLS 1.2 | Terraform | [APIManagementMinTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/APIManagementMinTLS12.py) | | 6041 | CKV_AZURE_174 | resource | Microsoft.ApiManagement/service | Ensure API management public access is disabled | arm | [APIManagementPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/APIManagementPublicAccess.py) | | 6042 | CKV_AZURE_174 | resource | Microsoft.ApiManagement/service | Ensure API management public access is disabled | Bicep | [APIManagementPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/APIManagementPublicAccess.py) | | 6043 | CKV_AZURE_174 | resource | azurerm_api_management | Ensure API management public access is disabled | Terraform | [APIManagementPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/APIManagementPublicAccess.py) | | 6044 | CKV_AZURE_175 | resource | Microsoft.SignalRService/webPubSub | Ensure Web PubSub uses a SKU with an SLA | arm | [PubsubSKUSLA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PubsubSKUSLA.py) | | 6045 | CKV_AZURE_175 | resource | Microsoft.SignalRService/webPubSub | Ensure Web PubSub uses a SKU with an SLA | Bicep | [PubsubSKUSLA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PubsubSKUSLA.py) | | 6046 | CKV_AZURE_175 | resource | azurerm_web_pubsub | Ensure Web PubSub uses a SKU with an SLA | Terraform | [PubsubSKUSLA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PubsubSKUSLA.py) | | 6047 | CKV_AZURE_176 | resource | Microsoft.SignalRService/webPubSub | Ensure Web PubSub uses managed identities to access Azure resources | arm | [PubsubSpecifyIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PubsubSpecifyIdentity.py) | | 6048 | CKV_AZURE_176 | resource | Microsoft.SignalRService/webPubSub | Ensure Web PubSub uses managed identities to access Azure resources | Bicep | [PubsubSpecifyIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/PubsubSpecifyIdentity.py) | | 6049 | CKV_AZURE_176 | resource | azurerm_web_pubsub | Ensure Web PubSub uses managed identities to access Azure resources | Terraform | [PubsubSpecifyIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/PubsubSpecifyIdentity.py) | | 6050 | CKV_AZURE_177 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure Windows VM enables automatic updates | arm | [WinVMAutomaticUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/WinVMAutomaticUpdates.py) | | 6051 | CKV_AZURE_177 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure Windows VM enables automatic updates | Bicep | [WinVMAutomaticUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/WinVMAutomaticUpdates.py) | | 6052 | CKV_AZURE_177 | resource | Microsoft.Compute/virtualMachines | Ensure Windows VM enables automatic updates | arm | [WinVMAutomaticUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/WinVMAutomaticUpdates.py) | | 6053 | CKV_AZURE_177 | resource | Microsoft.Compute/virtualMachines | Ensure Windows VM enables automatic updates | Bicep | [WinVMAutomaticUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/WinVMAutomaticUpdates.py) | | 6054 | CKV_AZURE_177 | resource | azurerm_windows_virtual_machine | Ensure Windows VM enables automatic updates | Terraform | [WinVMAutomaticUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/WinVMAutomaticUpdates.py) | | 6055 | CKV_AZURE_177 | resource | azurerm_windows_virtual_machine_scale_set | Ensure Windows VM enables automatic updates | Terraform | [WinVMAutomaticUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/WinVMAutomaticUpdates.py) | | 6056 | CKV_AZURE_178 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure linux VM enables SSH with keys for secure communication | arm | [LinuxVMUsesSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/LinuxVMUsesSSH.py) | | 6057 | CKV_AZURE_178 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure linux VM enables SSH with keys for secure communication | Bicep | [LinuxVMUsesSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/LinuxVMUsesSSH.py) | | 6058 | CKV_AZURE_178 | resource | Microsoft.Compute/virtualMachines | Ensure linux VM enables SSH with keys for secure communication | arm | [LinuxVMUsesSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/LinuxVMUsesSSH.py) | | 6059 | CKV_AZURE_178 | resource | Microsoft.Compute/virtualMachines | Ensure linux VM enables SSH with keys for secure communication | Bicep | [LinuxVMUsesSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/LinuxVMUsesSSH.py) | | 6060 | CKV_AZURE_178 | resource | azurerm_linux_virtual_machine | Ensure linux VM enables SSH with keys for secure communication | Terraform | [LinuxVMUsesSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/LinuxVMUsesSSH.py) | | 6061 | CKV_AZURE_178 | resource | azurerm_linux_virtual_machine_scale_set | Ensure linux VM enables SSH with keys for secure communication | Terraform | [LinuxVMUsesSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/LinuxVMUsesSSH.py) | | 6062 | CKV_AZURE_179 | resource | azurerm_linux_virtual_machine | Ensure VM agent is installed | Terraform | [VMAgentIsInstalled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMAgentIsInstalled.py) | | 6063 | CKV_AZURE_179 | resource | azurerm_linux_virtual_machine_scale_set | Ensure VM agent is installed | Terraform | [VMAgentIsInstalled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMAgentIsInstalled.py) | | 6064 | CKV_AZURE_179 | resource | azurerm_windows_virtual_machine | Ensure VM agent is installed | Terraform | [VMAgentIsInstalled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMAgentIsInstalled.py) | | 6065 | CKV_AZURE_179 | resource | azurerm_windows_virtual_machine_scale_set | Ensure VM agent is installed | Terraform | [VMAgentIsInstalled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMAgentIsInstalled.py) | | 6066 | CKV_AZURE_180 | resource | azurerm_kusto_cluster | Ensure that data explorer uses Sku with an SLA | Terraform | [DataExplorerSKUHasSLA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DataExplorerSKUHasSLA.py) | | 6067 | CKV_AZURE_181 | resource | azurerm_kusto_cluster | Ensure that data explorer/Kusto uses managed identities to access Azure resources securely. | Terraform | [DataExplorerServiceIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/DataExplorerServiceIdentity.py) | | 6068 | CKV_AZURE_182 | resource | Microsoft.Network/networkInterfaces | Ensure that VNET has at least 2 connected DNS Endpoints | arm | [VnetSingleDNSServer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VnetSingleDNSServer.py) | | 6069 | CKV_AZURE_182 | resource | Microsoft.Network/networkInterfaces | Ensure that VNET has at least 2 connected DNS Endpoints | Bicep | [VnetSingleDNSServer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VnetSingleDNSServer.py) | | 6070 | CKV_AZURE_182 | resource | Microsoft.Network/virtualNetworks | Ensure that VNET has at least 2 connected DNS Endpoints | arm | [VnetSingleDNSServer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VnetSingleDNSServer.py) | | 6071 | CKV_AZURE_182 | resource | Microsoft.Network/virtualNetworks | Ensure that VNET has at least 2 connected DNS Endpoints | Bicep | [VnetSingleDNSServer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VnetSingleDNSServer.py) | | 6072 | CKV_AZURE_182 | resource | azurerm_virtual_network | Ensure that VNET has at least 2 connected DNS Endpoints | Terraform | [VnetSingleDNSServer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VnetSingleDNSServer.py) | | 6073 | CKV_AZURE_182 | resource | azurerm_virtual_network_dns_servers | Ensure that VNET has at least 2 connected DNS Endpoints | Terraform | [VnetSingleDNSServer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VnetSingleDNSServer.py) | | 6074 | CKV_AZURE_183 | resource | Microsoft.Network/virtualNetworks | Ensure that VNET uses local DNS addresses | arm | [VnetLocalDNS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VnetLocalDNS.py) | | 6075 | CKV_AZURE_183 | resource | Microsoft.Network/virtualNetworks | Ensure that VNET uses local DNS addresses | Bicep | [VnetLocalDNS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/VnetLocalDNS.py) | | 6076 | CKV_AZURE_183 | resource | azurerm_virtual_network | Ensure that VNET uses local DNS addresses | Terraform | [VnetLocalDNS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VnetLocalDNS.py) | | 6077 | CKV_AZURE_184 | resource | azurerm_app_configuration | Ensure 'local_auth_enabled' is set to 'False' | Terraform | [AppConfigLocalAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppConfigLocalAuth.py) | | 6078 | CKV_AZURE_185 | resource | azurerm_app_configuration | Ensure 'Public Access' is not Enabled for App configuration | Terraform | [AppConfigPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppConfigPublicAccess.py) | | 6079 | CKV_AZURE_186 | resource | azurerm_app_configuration | Ensure App configuration encryption block is set. | Terraform | [AppConfigEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppConfigEncryption.py) | | 6080 | CKV_AZURE_187 | resource | azurerm_app_configuration | Ensure App configuration purge protection is enabled | Terraform | [AppConfigPurgeProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppConfigPurgeProtection.py) | | 6081 | CKV_AZURE_188 | resource | azurerm_app_configuration | Ensure App configuration Sku is standard | Terraform | [AppConfigSku.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppConfigSku.py) | | 6082 | CKV_AZURE_189 | resource | Microsoft.KeyVault/vaults | Ensure that Azure Key Vault disables public network access | arm | [KeyVaultDisablesPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultDisablesPublicNetworkAccess.py) | | 6083 | CKV_AZURE_189 | resource | Microsoft.KeyVault/vaults | Ensure that Azure Key Vault disables public network access | Bicep | [KeyVaultDisablesPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/KeyVaultDisablesPublicNetworkAccess.py) | | 6084 | CKV_AZURE_189 | resource | azurerm_key_vault | Ensure that Azure Key Vault disables public network access | Terraform | [KeyVaultDisablesPublicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KeyVaultDisablesPublicNetworkAccess.py) | | 6085 | CKV_AZURE_190 | resource | azurerm_storage_account | Ensure that Storage blobs restrict public access | Terraform | [StorageBlobRestrictPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageBlobRestrictPublicAccess.py) | | 6086 | CKV_AZURE_191 | resource | Microsoft.EventGrid/topics | Ensure that Managed identity provider is enabled for Azure Event Grid Topic | arm | [EventgridTopicIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventgridTopicIdentityProviderEnabled.py) | | 6087 | CKV_AZURE_191 | resource | Microsoft.EventGrid/topics | Ensure that Managed identity provider is enabled for Azure Event Grid Topic | Bicep | [EventgridTopicIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventgridTopicIdentityProviderEnabled.py) | | 6088 | CKV_AZURE_191 | resource | azurerm_eventgrid_topic | Ensure that Managed identity provider is enabled for Azure Event Grid Topic | Terraform | [EventgridTopicIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventgridTopicIdentityProviderEnabled.py) | | 6089 | CKV_AZURE_192 | resource | Microsoft.EventGrid/topics | Ensure that Azure Event Grid Topic local Authentication is disabled | arm | [EventgridTopicLocalAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventgridTopicLocalAuthentication.py) | | 6090 | CKV_AZURE_192 | resource | Microsoft.EventGrid/topics | Ensure that Azure Event Grid Topic local Authentication is disabled | Bicep | [EventgridTopicLocalAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventgridTopicLocalAuthentication.py) | | 6091 | CKV_AZURE_192 | resource | azurerm_eventgrid_topic | Ensure that Azure Event Grid Topic local Authentication is disabled | Terraform | [EventgridTopicLocalAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventgridTopicLocalAuthentication.py) | | 6092 | CKV_AZURE_193 | resource | Microsoft.EventGrid/topics | Ensure public network access is disabled for Azure Event Grid Topic | arm | [EventgridTopicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventgridTopicNetworkAccess.py) | | 6093 | CKV_AZURE_193 | resource | Microsoft.EventGrid/topics | Ensure public network access is disabled for Azure Event Grid Topic | Bicep | [EventgridTopicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventgridTopicNetworkAccess.py) | | 6094 | CKV_AZURE_193 | resource | azurerm_eventgrid_topic | Ensure public network access is disabled for Azure Event Grid Topic | Terraform | [EventgridTopicNetworkAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventgridTopicNetworkAccess.py) | | 6095 | CKV_AZURE_194 | resource | azurerm_eventgrid_domain | Ensure that Managed identity provider is enabled for Azure Event Grid Domain | Terraform | [EventgridDomainIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventgridDomainIdentityProviderEnabled.py) | | 6096 | CKV_AZURE_195 | resource | azurerm_eventgrid_domain | Ensure that Azure Event Grid Domain local Authentication is disabled | Terraform | [EventgridDomainLocalAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventgridDomainLocalAuthentication.py) | | 6097 | CKV_AZURE_196 | resource | azurerm_signalr_service | Ensure that SignalR uses a Paid Sku for its SLA | Terraform | [SignalRSKUSLA.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SignalRSKUSLA.py) | | 6098 | CKV_AZURE_197 | resource | azurerm_cdn_endpoint | Ensure the Azure CDN disables the HTTP endpoint | Terraform | [CDNDisableHttpEndpoints.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CDNDisableHttpEndpoints.py) | | 6099 | CKV_AZURE_198 | resource | azurerm_cdn_endpoint | Ensure the Azure CDN enables the HTTPS endpoint | Terraform | [CDNEnableHttpsEndpoints.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CDNEnableHttpsEndpoints.py) | | 6100 | CKV_AZURE_199 | resource | azurerm_servicebus_namespace | Ensure that Azure Service Bus uses double encryption | Terraform | [AzureServicebusDoubleEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServicebusDoubleEncryptionEnabled.py) | | 6101 | CKV_AZURE_200 | resource | azurerm_cdn_endpoint_custom_domain | Ensure the Azure CDN endpoint is using the latest version of TLS encryption | Terraform | [CDNTLSProtocol12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CDNTLSProtocol12.py) | | 6102 | CKV_AZURE_201 | resource | azurerm_servicebus_namespace | Ensure that Azure Service Bus uses a customer-managed key to encrypt data | Terraform | [AzureServicebusHasCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServicebusHasCMK.py) | | 6103 | CKV_AZURE_202 | resource | azurerm_servicebus_namespace | Ensure that Managed identity provider is enabled for Azure Service Bus | Terraform | [AzureServicebusIdentityProviderEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServicebusIdentityProviderEnabled.py) | | 6104 | CKV_AZURE_203 | resource | azurerm_servicebus_namespace | Ensure Azure Service Bus Local Authentication is disabled | Terraform | [AzureServicebusLocalAuthDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServicebusLocalAuthDisabled.py) | | 6105 | CKV_AZURE_204 | resource | azurerm_servicebus_namespace | Ensure 'public network access enabled' is set to 'False' for Azure Service Bus | Terraform | [AzureServicebusPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServicebusPublicAccessDisabled.py) | | 6106 | CKV_AZURE_205 | resource | azurerm_servicebus_namespace | Ensure Azure Service Bus is using the latest version of TLS encryption | Terraform | [AzureServicebusMinTLSVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureServicebusMinTLSVersion.py) | | 6107 | CKV_AZURE_206 | resource | Microsoft.Storage/storageAccounts | Ensure that Storage Accounts use replication | arm | [StorageAccountsUseReplication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountsUseReplication.py) | | 6108 | CKV_AZURE_206 | resource | Microsoft.Storage/storageAccounts | Ensure that Storage Accounts use replication | Bicep | [StorageAccountsUseReplication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/StorageAccountsUseReplication.py) | | 6109 | CKV_AZURE_206 | resource | azurerm_storage_account | Ensure that Storage Accounts use replication | Terraform | [StorageAccountsUseReplication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageAccountsUseReplication.py) | | 6110 | CKV_AZURE_207 | resource | azurerm_search_service | Ensure Azure Cognitive Search service uses managed identities to access Azure resources | Terraform | [AzureSearchManagedIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureSearchManagedIdentity.py) | | 6111 | CKV_AZURE_208 | resource | Microsoft.Search/searchServices | Ensure that Azure Cognitive Search maintains SLA for index updates | arm | [AzureSearchSLAIndex.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSearchSLAIndex.py) | | 6112 | CKV_AZURE_208 | resource | Microsoft.Search/searchServices | Ensure that Azure Cognitive Search maintains SLA for index updates | Bicep | [AzureSearchSLAIndex.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSearchSLAIndex.py) | | 6113 | CKV_AZURE_208 | resource | azurerm_search_service | Ensure that Azure Cognitive Search maintains SLA for index updates | Terraform | [AzureSearchSLAIndex.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureSearchSLAIndex.py) | | 6114 | CKV_AZURE_209 | resource | Microsoft.Search/searchServices | Ensure that Azure Cognitive Search maintains SLA for search index queries | arm | [AzureSearchSLAQueryUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSearchSLAQueryUpdates.py) | | 6115 | CKV_AZURE_209 | resource | Microsoft.Search/searchServices | Ensure that Azure Cognitive Search maintains SLA for search index queries | Bicep | [AzureSearchSLAQueryUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSearchSLAQueryUpdates.py) | | 6116 | CKV_AZURE_209 | resource | azurerm_search_service | Ensure that Azure Cognitive Search maintains SLA for search index queries | Terraform | [AzureSearchSLAQueryUpdates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureSearchSLAQueryUpdates.py) | | 6117 | CKV_AZURE_210 | resource | azurerm_search_service | Ensure Azure Cognitive Search service allowed IPS does not give public Access | Terraform | [AzureSearchAllowedIPsNotGlobal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureSearchAllowedIPsNotGlobal.py) | | 6118 | CKV_AZURE_211 | resource | azurerm_service_plan | Ensure App Service plan suitable for production use | Terraform | [AppServiceSkuMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSkuMinimum.py) | | 6119 | CKV_AZURE_212 | resource | Microsoft.Web/sites | Ensure App Service has a minimum number of instances for failover | arm | [AppServiceInstanceMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceInstanceMinimum.py) | | 6120 | CKV_AZURE_212 | resource | Microsoft.Web/sites | Ensure App Service has a minimum number of instances for failover | Bicep | [AppServiceInstanceMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceInstanceMinimum.py) | | 6121 | CKV_AZURE_212 | resource | Microsoft.Web/sites/slots | Ensure App Service has a minimum number of instances for failover | arm | [AppServiceInstanceMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceInstanceMinimum.py) | | 6122 | CKV_AZURE_212 | resource | Microsoft.Web/sites/slots | Ensure App Service has a minimum number of instances for failover | Bicep | [AppServiceInstanceMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceInstanceMinimum.py) | | 6123 | CKV_AZURE_212 | resource | azurerm_service_plan | Ensure App Service has a minimum number of instances for failover | Terraform | [AppServiceInstanceMinimum.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceInstanceMinimum.py) | | 6124 | CKV_AZURE_213 | resource | Microsoft.Web/sites | Ensure that App Service configures health check | arm | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSetHealthCheck.py) | | 6125 | CKV_AZURE_213 | resource | Microsoft.Web/sites | Ensure that App Service configures health check | Bicep | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSetHealthCheck.py) | | 6126 | CKV_AZURE_213 | resource | Microsoft.Web/sites/slots | Ensure that App Service configures health check | arm | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSetHealthCheck.py) | | 6127 | CKV_AZURE_213 | resource | Microsoft.Web/sites/slots | Ensure that App Service configures health check | Bicep | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceSetHealthCheck.py) | | 6128 | CKV_AZURE_213 | resource | azurerm_app_service | Ensure that App Service configures health check | Terraform | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSetHealthCheck.py) | | 6129 | CKV_AZURE_213 | resource | azurerm_linux_web_app | Ensure that App Service configures health check | Terraform | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSetHealthCheck.py) | | 6130 | CKV_AZURE_213 | resource | azurerm_windows_web_app | Ensure that App Service configures health check | Terraform | [AppServiceSetHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceSetHealthCheck.py) | | 6131 | CKV_AZURE_214 | resource | azurerm_linux_web_app | Ensure App Service is set to be always on | Terraform | [AppServiceAlwaysOn.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceAlwaysOn.py) | | 6132 | CKV_AZURE_214 | resource | azurerm_windows_web_app | Ensure App Service is set to be always on | Terraform | [AppServiceAlwaysOn.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceAlwaysOn.py) | | 6133 | CKV_AZURE_215 | resource | azurerm_api_management_backend | Ensure API management backend uses https | Terraform | [APIManagementBackendHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/APIManagementBackendHTTPS.py) | | 6134 | CKV_AZURE_216 | resource | Microsoft.Network/azureFirewalls | Ensure DenyIntelMode is set to Deny for Azure Firewalls | arm | [AzureFirewallDenyThreatIntelMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureFirewallDenyThreatIntelMode.py) | | 6135 | CKV_AZURE_216 | resource | Microsoft.Network/azureFirewalls | Ensure DenyIntelMode is set to Deny for Azure Firewalls | Bicep | [AzureFirewallDenyThreatIntelMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureFirewallDenyThreatIntelMode.py) | | 6136 | CKV_AZURE_216 | resource | azurerm_firewall | Ensure DenyIntelMode is set to Deny for Azure Firewalls | Terraform | [AzureFirewallDenyThreatIntelMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureFirewallDenyThreatIntelMode.py) | | 6137 | CKV_AZURE_217 | resource | azurerm_application_gateway | Ensure Azure Application gateways listener that allow connection requests over HTTP | Terraform | [AppGWUsesHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppGWUsesHttps.py) | | 6138 | CKV_AZURE_218 | resource | Microsoft.Network/applicationGateways | Ensure Application Gateway defines secure protocols for in transit communication | arm | [AppGWDefinesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppGWDefinesSecureProtocols.py) | | 6139 | CKV_AZURE_218 | resource | Microsoft.Network/applicationGateways | Ensure Application Gateway defines secure protocols for in transit communication | Bicep | [AppGWDefinesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppGWDefinesSecureProtocols.py) | | 6140 | CKV_AZURE_218 | resource | azurerm_application_gateway | Ensure Application Gateway defines secure protocols for in transit communication | Terraform | [AppGWDefinesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppGWDefinesSecureProtocols.py) | | 6141 | CKV_AZURE_219 | resource | azurerm_firewall | Ensure Firewall defines a firewall policy | Terraform | [AzureFirewallDefinesPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureFirewallDefinesPolicy.py) | | 6142 | CKV_AZURE_220 | resource | azurerm_firewall_policy | Ensure Firewall policy has IDPS mode as deny | Terraform | [AzureFirewallPolicyIDPSDeny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureFirewallPolicyIDPSDeny.py) | | 6143 | CKV_AZURE_221 | resource | azurerm_linux_function_app | Ensure that Azure Function App public network access is disabled | Terraform | [FunctionAppPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppPublicAccessDisabled.py) | | 6144 | CKV_AZURE_221 | resource | azurerm_linux_function_app_slot | Ensure that Azure Function App public network access is disabled | Terraform | [FunctionAppPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppPublicAccessDisabled.py) | | 6145 | CKV_AZURE_221 | resource | azurerm_windows_function_app | Ensure that Azure Function App public network access is disabled | Terraform | [FunctionAppPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppPublicAccessDisabled.py) | | 6146 | CKV_AZURE_221 | resource | azurerm_windows_function_app_slot | Ensure that Azure Function App public network access is disabled | Terraform | [FunctionAppPublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/FunctionAppPublicAccessDisabled.py) | | 6147 | CKV_AZURE_222 | resource | Microsoft.Web/sites | Ensure that Azure Web App public network access is disabled | arm | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePublicAccessDisabled.py) | | 6148 | CKV_AZURE_222 | resource | Microsoft.Web/sites | Ensure that Azure Web App public network access is disabled | Bicep | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePublicAccessDisabled.py) | | 6149 | CKV_AZURE_222 | resource | Microsoft.Web/sites/config | Ensure that Azure Web App public network access is disabled | arm | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePublicAccessDisabled.py) | | 6150 | CKV_AZURE_222 | resource | Microsoft.Web/sites/config | Ensure that Azure Web App public network access is disabled | Bicep | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePublicAccessDisabled.py) | | 6151 | CKV_AZURE_222 | resource | Microsoft.Web/sites/slots | Ensure that Azure Web App public network access is disabled | arm | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePublicAccessDisabled.py) | | 6152 | CKV_AZURE_222 | resource | Microsoft.Web/sites/slots | Ensure that Azure Web App public network access is disabled | Bicep | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePublicAccessDisabled.py) | | 6153 | CKV_AZURE_222 | resource | azurerm_linux_web_app | Ensure that Azure Web App public network access is disabled | Terraform | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServicePublicAccessDisabled.py) | | 6154 | CKV_AZURE_222 | resource | azurerm_windows_web_app | Ensure that Azure Web App public network access is disabled | Terraform | [AppServicePublicAccessDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServicePublicAccessDisabled.py) | | 6155 | CKV_AZURE_223 | resource | Microsoft.EventHub/namespaces | Ensure Event Hub Namespace uses at least TLS 1.2 | arm | [EventHubNamespaceMinTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventHubNamespaceMinTLS12.py) | | 6156 | CKV_AZURE_223 | resource | Microsoft.EventHub/namespaces | Ensure Event Hub Namespace uses at least TLS 1.2 | Bicep | [EventHubNamespaceMinTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/EventHubNamespaceMinTLS12.py) | | 6157 | CKV_AZURE_223 | resource | azurerm_eventhub_namespace | Ensure Event Hub Namespace uses at least TLS 1.2 | Terraform | [EventHubNamespaceMinTLS12.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventHubNamespaceMinTLS12.py) | | 6158 | CKV_AZURE_224 | resource | azurerm_mssql_database | Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity | Terraform | [SQLDatabaseLedgerEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLDatabaseLedgerEnabled.py) | | 6159 | CKV_AZURE_225 | resource | Microsoft.Web/serverfarms | Ensure the App Service Plan is zone redundant | arm | [AppServicePlanZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePlanZoneRedundant.py) | | 6160 | CKV_AZURE_225 | resource | Microsoft.Web/serverfarms | Ensure the App Service Plan is zone redundant | Bicep | [AppServicePlanZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServicePlanZoneRedundant.py) | | 6161 | CKV_AZURE_225 | resource | azurerm_service_plan | Ensure the App Service Plan is zone redundant | Terraform | [AppServicePlanZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServicePlanZoneRedundant.py) | | 6162 | CKV_AZURE_226 | resource | Microsoft.ContainerService/managedClusters | Ensure ephemeral disks are used for OS disks | arm | [AKSEphemeralOSDisks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSEphemeralOSDisks.py) | | 6163 | CKV_AZURE_226 | resource | Microsoft.ContainerService/managedClusters | Ensure ephemeral disks are used for OS disks | Bicep | [AKSEphemeralOSDisks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSEphemeralOSDisks.py) | | 6164 | CKV_AZURE_226 | resource | azurerm_kubernetes_cluster | Ensure ephemeral disks are used for OS disks | Terraform | [AKSEphemeralOSDisks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSEphemeralOSDisks.py) | | 6165 | CKV_AZURE_227 | resource | Microsoft.ContainerService/managedClusters | Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources | arm | [AKSEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSEncryptionAtHostEnabled.py) | | 6166 | CKV_AZURE_227 | resource | Microsoft.ContainerService/managedClusters | Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources | Bicep | [AKSEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSEncryptionAtHostEnabled.py) | | 6167 | CKV_AZURE_227 | resource | Microsoft.ContainerService/managedClusters/agentPools | Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources | arm | [AKSEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSEncryptionAtHostEnabled.py) | | 6168 | CKV_AZURE_227 | resource | Microsoft.ContainerService/managedClusters/agentPools | Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources | Bicep | [AKSEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AKSEncryptionAtHostEnabled.py) | | 6169 | CKV_AZURE_227 | resource | azurerm_kubernetes_cluster | Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources | Terraform | [AKSEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSEncryptionAtHostEnabled.py) | | 6170 | CKV_AZURE_227 | resource | azurerm_kubernetes_cluster_node_pool | Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources | Terraform | [AKSEncryptionAtHostEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSEncryptionAtHostEnabled.py) | | 6171 | CKV_AZURE_228 | resource | azurerm_eventhub_namespace | Ensure the Azure Event Hub Namespace is zone redundant | Terraform | [EventHubNamespaceZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/EventHubNamespaceZoneRedundant.py) | | 6172 | CKV_AZURE_229 | resource | Microsoft.Sql/servers/databases | Ensure the Azure SQL Database Namespace is zone redundant | arm | [SQLDatabaseZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLDatabaseZoneRedundant.py) | | 6173 | CKV_AZURE_229 | resource | Microsoft.Sql/servers/databases | Ensure the Azure SQL Database Namespace is zone redundant | Bicep | [SQLDatabaseZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLDatabaseZoneRedundant.py) | | 6174 | CKV_AZURE_229 | resource | azurerm_mssql_database | Ensure the Azure SQL Database Namespace is zone redundant | Terraform | [SQLDatabaseZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SQLDatabaseZoneRedundant.py) | | 6175 | CKV_AZURE_230 | resource | azurerm_redis_cache | Standard Replication should be enabled | Terraform | [RedisCacheStandardReplicationEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/RedisCacheStandardReplicationEnabled.py) | | 6176 | CKV_AZURE_231 | resource | azurerm_app_service_environment_v3 | Ensure App Service Environment is zone redundant | Terraform | [AppServiceEnvironmentZoneRedundant.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AppServiceEnvironmentZoneRedundant.py) | | 6177 | CKV_AZURE_232 | resource | azurerm_kubernetes_cluster | Ensure that only critical system pods run on system nodes | Terraform | [AKSOnlyCriticalPodsOnSystemNodes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AKSOnlyCriticalPodsOnSystemNodes.py) | | 6178 | CKV_AZURE_233 | resource | Microsoft.ContainerRegistry/registries | Ensure Azure Container Registry (ACR) is zone redundant | arm | [ACREnableZoneRedundancy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACREnableZoneRedundancy.py) | | 6179 | CKV_AZURE_233 | resource | Microsoft.ContainerRegistry/registries | Ensure Azure Container Registry (ACR) is zone redundant | Bicep | [ACREnableZoneRedundancy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACREnableZoneRedundancy.py) | | 6180 | CKV_AZURE_233 | resource | Microsoft.ContainerRegistry/registries/replications | Ensure Azure Container Registry (ACR) is zone redundant | arm | [ACREnableZoneRedundancy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACREnableZoneRedundancy.py) | | 6181 | CKV_AZURE_233 | resource | Microsoft.ContainerRegistry/registries/replications | Ensure Azure Container Registry (ACR) is zone redundant | Bicep | [ACREnableZoneRedundancy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/ACREnableZoneRedundancy.py) | | 6182 | CKV_AZURE_233 | resource | azurerm_container_registry | Ensure Azure Container Registry (ACR) is zone redundant | Terraform | [ACREnableZoneRedundancy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACREnableZoneRedundancy.py) | | 6183 | CKV_AZURE_234 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender for cloud is set to On for Resource Manager | Terraform | [AzureDefenderDisabledForResManager.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureDefenderDisabledForResManager.py) | | 6184 | CKV_AZURE_235 | resource | azurerm_container_group | Ensure that Azure container environment variables are configured with secure values only | Terraform | [AzureContainerInstanceEnvVarSecureValueType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureContainerInstanceEnvVarSecureValueType.py) | | 6185 | CKV_AZURE_236 | resource | Microsoft.CognitiveServices/accounts | Ensure that Cognitive Services accounts disable local authentication | arm | [CognitiveServicesEnableLocalAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesEnableLocalAuth.py) | | 6186 | CKV_AZURE_236 | resource | Microsoft.CognitiveServices/accounts | Ensure that Cognitive Services accounts disable local authentication | Bicep | [CognitiveServicesEnableLocalAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesEnableLocalAuth.py) | | 6187 | CKV_AZURE_236 | resource | azurerm_cognitive_account | Ensure that Cognitive Services accounts disable local authentication | Terraform | [CognitiveServicesEnableLocalAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CognitiveServicesEnableLocalAuth.py) | | 6188 | CKV_AZURE_237 | resource | azurerm_container_registry | Ensure dedicated data endpoints are enabled. | Terraform | [ACRDedicatedDataEndpointEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRDedicatedDataEndpointEnabled.py) | | 6189 | CKV_AZURE_238 | resource | Microsoft.CognitiveServices/accounts | Ensure that all Azure Cognitive Services accounts are configured with a managed identity | arm | [CognitiveServicesConfigureIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesConfigureIdentity.py) | | 6190 | CKV_AZURE_238 | resource | Microsoft.CognitiveServices/accounts | Ensure that all Azure Cognitive Services accounts are configured with a managed identity | Bicep | [CognitiveServicesConfigureIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesConfigureIdentity.py) | | 6191 | CKV_AZURE_238 | resource | azurerm_cognitive_account | Ensure that all Azure Cognitive Services accounts are configured with a managed identity | Terraform | [CognitiveServicesConfigureIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CognitiveServicesConfigureIdentity.py) | | 6192 | CKV_AZURE_239 | resource | Microsoft.Synapse/workspaces | Ensure Azure Synapse Workspace administrator login password is not exposed | arm | [SynapseWorkspaceAdministratorLoginPasswordHidden.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceAdministratorLoginPasswordHidden.py) | | 6193 | CKV_AZURE_239 | resource | Microsoft.Synapse/workspaces | Ensure Azure Synapse Workspace administrator login password is not exposed | Bicep | [SynapseWorkspaceAdministratorLoginPasswordHidden.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceAdministratorLoginPasswordHidden.py) | | 6194 | CKV_AZURE_239 | resource | azurerm_synapse_workspace | Ensure Azure Synapse Workspace administrator login password is not exposed | Terraform | [SynapseWorkspaceAdministratorLoginPasswordHidden.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SynapseWorkspaceAdministratorLoginPasswordHidden.py) | | 6195 | CKV_AZURE_240 | resource | Microsoft.Synapse/workspaces | Ensure Azure Synapse Workspace is encrypted with a CMK | arm | [SynapseWorkspaceCMKEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceCMKEncryption.py) | | 6196 | CKV_AZURE_240 | resource | Microsoft.Synapse/workspaces | Ensure Azure Synapse Workspace is encrypted with a CMK | Bicep | [SynapseWorkspaceCMKEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SynapseWorkspaceCMKEncryption.py) | | 6197 | CKV_AZURE_240 | resource | azurerm_synapse_workspace | Ensure Azure Synapse Workspace is encrypted with a CMK | Terraform | [SynapseWorkspaceCMKEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SynapseWorkspaceCMKEncryption.py) | | 6198 | CKV_AZURE_241 | resource | azurerm_synapse_sql_pool | Ensure Synapse SQL pools are encrypted | Terraform | [SynapseSQLPoolDataEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/SynapseSQLPoolDataEncryption.py) | | 6199 | CKV_AZURE_242 | resource | Microsoft.Synapse/workspaces/bigDataPools | Ensure isolated compute is enabled for Synapse Spark pools | arm | [AzureSparkPoolIsolatedComputeEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSparkPoolIsolatedComputeEnabled.py) | | 6200 | CKV_AZURE_242 | resource | Microsoft.Synapse/workspaces/bigDataPools | Ensure isolated compute is enabled for Synapse Spark pools | Bicep | [AzureSparkPoolIsolatedComputeEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSparkPoolIsolatedComputeEnabled.py) | | 6201 | CKV_AZURE_242 | resource | azurerm_synapse_spark_pool | Ensure isolated compute is enabled for Synapse Spark pools | Terraform | [AzureSparkPoolIsolatedComputeEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureSparkPoolIsolatedComputeEnabled.py) | | 6202 | CKV_AZURE_243 | resource | Microsoft.MachineLearningServices/workspaces | Ensure Azure Machine learning workspace is configured with private endpoint | arm | [AzureMLWorkspacePrivateEndpoint.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureMLWorkspacePrivateEndpoint.py) | | 6203 | CKV_AZURE_243 | resource | Microsoft.MachineLearningServices/workspaces | Ensure Azure Machine learning workspace is configured with private endpoint | Bicep | [AzureMLWorkspacePrivateEndpoint.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureMLWorkspacePrivateEndpoint.py) | | 6204 | CKV_AZURE_244 | resource | azurerm_storage_account | Avoid the use of local users for Azure Storage unless necessary | Terraform | [StorageLocalUsers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageLocalUsers.py) | | 6205 | CKV_AZURE_245 | resource | azurerm_container_group | Ensure that Azure Container group is deployed into virtual network | Terraform | [AzureContainerInstancePublicIPAddressType.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureContainerInstancePublicIPAddressType.py) | | 6206 | CKV_AZURE_246 | resource | azurerm_kubernetes_cluster | Ensure Azure AKS cluster HTTP application routing is disabled | Terraform | [KubernetesClusterHTTPApplicationRouting.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/KubernetesClusterHTTPApplicationRouting.py) | | 6207 | CKV_AZURE_247 | resource | azurerm_cognitive_account | Ensure that Azure Cognitive Services account hosted with OpenAI is configured with data loss prevention | Terraform | [OpenAICognitiveServicesRestrictOutboundNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/OpenAICognitiveServicesRestrictOutboundNetwork.py) | | 6208 | CKV_AZURE_248 | resource | Microsoft.Batch/batchAccounts | Ensure that if Azure Batch account public network access in case 'enabled' then its account access must be 'deny' | arm | [AzureBatchAccountEndpointAccessDefaultAction.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureBatchAccountEndpointAccessDefaultAction.py) | | 6209 | CKV_AZURE_248 | resource | Microsoft.Batch/batchAccounts | Ensure that if Azure Batch account public network access in case 'enabled' then its account access must be 'deny' | Bicep | [AzureBatchAccountEndpointAccessDefaultAction.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureBatchAccountEndpointAccessDefaultAction.py) | | 6210 | CKV_AZURE_248 | resource | azurerm_batch_account | Ensure that if Azure Batch account public network access in case 'enabled' then its account access must be 'deny' | Terraform | [AzureBatchAccountEndpointAccessDefaultAction.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/AzureBatchAccountEndpointAccessDefaultAction.py) | | 6211 | CKV_AZURE_249 | resource | azuread_application_federated_identity_credential | Ensure Azure GitHub Actions OIDC trust policy is configured securely | Terraform | [GithubActionsOIDCTrustPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/GithubActionsOIDCTrustPolicy.py) | | 6212 | CKV_AZURE_250 | resource | azurerm_storage_sync | Ensure Storage Sync Service is not configured with overly permissive network access | Terraform | [StorageSyncServicePermissiveAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/StorageSyncServicePermissiveAccess.py) | | 6213 | CKV_AZURE_251 | resource | azurerm_managed_disk | Ensure Azure Virtual Machine disks are configured without public network access | Terraform | [VMDiskWithPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/VMDiskWithPublicAccess.py) | | 6214 | CKV2_AZURE_1 | resource | azurerm_storage_account | Ensure storage for critical data are encrypted with Customer Managed Key | Terraform | [StorageCriticalDataEncryptedCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageCriticalDataEncryptedCMK.yaml) | | 6215 | CKV2_AZURE_2 | resource | azurerm_mssql_server | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Terraform | [VAisEnabledInStorageAccount.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAisEnabledInStorageAccount.yaml) | | 6216 | CKV2_AZURE_2 | resource | azurerm_mssql_server_security_alert_policy | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Terraform | [VAisEnabledInStorageAccount.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAisEnabledInStorageAccount.yaml) | | 6217 | CKV2_AZURE_2 | resource | azurerm_sql_server | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Terraform | [VAisEnabledInStorageAccount.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAisEnabledInStorageAccount.yaml) | | 6218 | CKV2_AZURE_3 | resource | azurerm_mssql_server | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform | [VAsetPeriodicScansOnSQL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAsetPeriodicScansOnSQL.yaml) | | 6219 | CKV2_AZURE_3 | resource | azurerm_mssql_server_security_alert_policy | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform | [VAsetPeriodicScansOnSQL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAsetPeriodicScansOnSQL.yaml) | | 6220 | CKV2_AZURE_3 | resource | azurerm_mssql_server_vulnerability_assessment | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform | [VAsetPeriodicScansOnSQL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAsetPeriodicScansOnSQL.yaml) | | 6221 | CKV2_AZURE_3 | resource | azurerm_sql_server | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform | [VAsetPeriodicScansOnSQL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAsetPeriodicScansOnSQL.yaml) | | 6222 | CKV2_AZURE_4 | resource | azurerm_mssql_server | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform | [VAconfiguredToSendReports.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReports.yaml) | | 6223 | CKV2_AZURE_4 | resource | azurerm_mssql_server_security_alert_policy | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform | [VAconfiguredToSendReports.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReports.yaml) | | 6224 | CKV2_AZURE_4 | resource | azurerm_mssql_server_vulnerability_assessment | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform | [VAconfiguredToSendReports.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReports.yaml) | | 6225 | CKV2_AZURE_4 | resource | azurerm_sql_server | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform | [VAconfiguredToSendReports.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReports.yaml) | | 6226 | CKV2_AZURE_5 | resource | azurerm_mssql_server | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform | [VAconfiguredToSendReportsToAdmins.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReportsToAdmins.yaml) | | 6227 | CKV2_AZURE_5 | resource | azurerm_mssql_server_security_alert_policy | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform | [VAconfiguredToSendReportsToAdmins.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReportsToAdmins.yaml) | | 6228 | CKV2_AZURE_5 | resource | azurerm_mssql_server_vulnerability_assessment | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform | [VAconfiguredToSendReportsToAdmins.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReportsToAdmins.yaml) | | 6229 | CKV2_AZURE_5 | resource | azurerm_sql_server | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform | [VAconfiguredToSendReportsToAdmins.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VAconfiguredToSendReportsToAdmins.yaml) | | 6230 | CKV2_AZURE_6 | resource | azurerm_sql_firewall_rule | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Terraform | [AccessToPostgreSQLFromAzureServicesIsDisabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AccessToPostgreSQLFromAzureServicesIsDisabled.yaml) | | 6231 | CKV2_AZURE_6 | resource | azurerm_sql_server | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Terraform | [AccessToPostgreSQLFromAzureServicesIsDisabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AccessToPostgreSQLFromAzureServicesIsDisabled.yaml) | | 6232 | CKV2_AZURE_7 | resource | azurerm_sql_server | Ensure that Azure Active Directory Admin is configured | Terraform | [AzureActiveDirectoryAdminIsConfigured.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureActiveDirectoryAdminIsConfigured.yaml) | | 6233 | CKV2_AZURE_8 | resource | azurerm_monitor_activity_log_alert | Ensure the storage container storing the activity logs is not publicly accessible | Terraform | [StorageContainerActivityLogsNotPublic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageContainerActivityLogsNotPublic.yaml) | | 6234 | CKV2_AZURE_8 | resource | azurerm_storage_account | Ensure the storage container storing the activity logs is not publicly accessible | Terraform | [StorageContainerActivityLogsNotPublic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageContainerActivityLogsNotPublic.yaml) | | 6235 | CKV2_AZURE_8 | resource | azurerm_storage_container | Ensure the storage container storing the activity logs is not publicly accessible | Terraform | [StorageContainerActivityLogsNotPublic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageContainerActivityLogsNotPublic.yaml) | | 6236 | CKV2_AZURE_9 | resource | azurerm_virtual_machine | Ensure Virtual Machines are utilizing Managed Disks | Terraform | [VirtualMachinesUtilizingManagedDisks.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VirtualMachinesUtilizingManagedDisks.yaml) | | 6237 | CKV2_AZURE_10 | resource | azurerm_virtual_machine | Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines | Terraform | [AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml) | | 6238 | CKV2_AZURE_10 | resource | azurerm_virtual_machine_extension | Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines | Terraform | [AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml) | | 6239 | CKV2_AZURE_11 | resource | azurerm_kusto_cluster | Ensure that Azure Data Explorer encryption at rest uses a customer-managed key | Terraform | [DataExplorerEncryptionUsesCustomKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/DataExplorerEncryptionUsesCustomKey.yaml) | | 6240 | CKV2_AZURE_12 | resource | azurerm_virtual_machine | Ensure that virtual machines are backed up using Azure Backup | Terraform | [VMHasBackUpMachine.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/VMHasBackUpMachine.yaml) | | 6241 | CKV2_AZURE_13 | resource | azurerm_mssql_server_security_alert_policy | Ensure that sql servers enables data security policy | Terraform | [AzureMSSQLServerHasSecurityAlertPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMSSQLServerHasSecurityAlertPolicy.yaml) | | 6242 | CKV2_AZURE_13 | resource | azurerm_sql_server | Ensure that sql servers enables data security policy | Terraform | [AzureMSSQLServerHasSecurityAlertPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMSSQLServerHasSecurityAlertPolicy.yaml) | | 6243 | CKV2_AZURE_14 | resource | azurerm_managed_disk | Ensure that Unattached disks are encrypted | Terraform | [AzureUnattachedDisksAreEncrypted.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureUnattachedDisksAreEncrypted.yaml) | | 6244 | CKV2_AZURE_14 | resource | azurerm_virtual_machine | Ensure that Unattached disks are encrypted | Terraform | [AzureUnattachedDisksAreEncrypted.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureUnattachedDisksAreEncrypted.yaml) | | 6245 | CKV2_AZURE_15 | resource | azurerm_data_factory | Ensure that Azure data factories are encrypted with a customer-managed key | Terraform | [AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml) | | 6246 | CKV2_AZURE_16 | resource | azurerm_mysql_server | Ensure that MySQL server enables customer-managed key for encryption | Terraform | [MSQLenablesCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/MSQLenablesCustomerManagedKey.yaml) | | 6247 | CKV2_AZURE_16 | resource | azurerm_mysql_server_key | Ensure that MySQL server enables customer-managed key for encryption | Terraform | [MSQLenablesCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/MSQLenablesCustomerManagedKey.yaml) | | 6248 | CKV2_AZURE_17 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables customer-managed key for encryption | Terraform | [PGSQLenablesCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/PGSQLenablesCustomerManagedKey.yaml) | | 6249 | CKV2_AZURE_17 | resource | azurerm_postgresql_server_key | Ensure that PostgreSQL server enables customer-managed key for encryption | Terraform | [PGSQLenablesCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/PGSQLenablesCustomerManagedKey.yaml) | | 6250 | CKV2_AZURE_19 | resource | Microsoft.Synapse/workspaces | Ensure that Azure Synapse workspaces have no IP firewall rules attached | arm | [AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.py) | | 6251 | CKV2_AZURE_19 | resource | Microsoft.Synapse/workspaces | Ensure that Azure Synapse workspaces have no IP firewall rules attached | Bicep | [AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.py) | | 6252 | CKV2_AZURE_19 | resource | azurerm_synapse_workspace | Ensure that Azure Synapse workspaces have no IP firewall rules attached | Terraform | [AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml) | | 6253 | CKV2_AZURE_20 | resource | azurerm_log_analytics_storage_insights | Ensure Storage logging is enabled for Table service for read requests | Terraform | [StorageLoggingIsEnabledForTableService.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageLoggingIsEnabledForTableService.yaml) | | 6254 | CKV2_AZURE_20 | resource | azurerm_storage_account | Ensure Storage logging is enabled for Table service for read requests | Terraform | [StorageLoggingIsEnabledForTableService.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageLoggingIsEnabledForTableService.yaml) | | 6255 | CKV2_AZURE_20 | resource | azurerm_storage_table | Ensure Storage logging is enabled for Table service for read requests | Terraform | [StorageLoggingIsEnabledForTableService.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageLoggingIsEnabledForTableService.yaml) | | 6256 | CKV2_AZURE_21 | resource | azurerm_log_analytics_storage_insights | Ensure Storage logging is enabled for Blob service for read requests | Terraform | [StorageLoggingIsEnabledForBlobService.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageLoggingIsEnabledForBlobService.yaml) | | 6257 | CKV2_AZURE_21 | resource | azurerm_storage_account | Ensure Storage logging is enabled for Blob service for read requests | Terraform | [StorageLoggingIsEnabledForBlobService.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageLoggingIsEnabledForBlobService.yaml) | | 6258 | CKV2_AZURE_21 | resource | azurerm_storage_container | Ensure Storage logging is enabled for Blob service for read requests | Terraform | [StorageLoggingIsEnabledForBlobService.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/StorageLoggingIsEnabledForBlobService.yaml) | | 6259 | CKV2_AZURE_22 | resource | azurerm_cognitive_account | Ensure that Cognitive Services enables customer-managed key for encryption | Terraform | [CognitiveServicesCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/CognitiveServicesCustomerManagedKey.yaml) | | 6260 | CKV2_AZURE_22 | resource | azurerm_cognitive_account_customer_managed_key | Ensure that Cognitive Services enables customer-managed key for encryption | Terraform | [CognitiveServicesCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/CognitiveServicesCustomerManagedKey.yaml) | | 6261 | CKV2_AZURE_23 | resource | Microsoft.AppPlatform/Spring | Ensure Azure spring cloud is configured with Virtual network (Vnet) | arm | [AzureSpringCloudConfigWithVnet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/AzureSpringCloudConfigWithVnet.yaml) | | 6262 | CKV2_AZURE_23 | resource | azurerm_spring_cloud_service | Ensure Azure spring cloud is configured with Virtual network (Vnet) | Terraform | [AzureSpringCloudConfigWithVnet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSpringCloudConfigWithVnet.yaml) | | 6263 | CKV2_AZURE_24 | resource | azurerm_automation_account | Ensure Azure automation account does NOT have overly permissive network access | Terraform | [AzureAutomationAccNotOverlyPermissiveNetAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureAutomationAccNotOverlyPermissiveNetAccess.yaml) | | 6264 | CKV2_AZURE_25 | resource | azurerm_mssql_database | Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled | Terraform | [AzureSqlDbEnableTransparentDataEncryption.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSqlDbEnableTransparentDataEncryption.yaml) | | 6265 | CKV2_AZURE_26 | resource | azurerm_postgresql_flexible_server_firewall_rule | Ensure Azure PostgreSQL Flexible server is not configured with overly permissive network access | Terraform | [AzurePostgreSQLFlexServerNotOverlyPermissive.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzurePostgreSQLFlexServerNotOverlyPermissive.yaml) | | 6266 | CKV2_AZURE_27 | resource | Microsoft.Sql/servers | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL) | arm | [SQLServerUsesADAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerUsesADAuth.py) | | 6267 | CKV2_AZURE_27 | resource | Microsoft.Sql/servers | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL) | Bicep | [SQLServerUsesADAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerUsesADAuth.py) | | 6268 | CKV2_AZURE_27 | resource | azurerm_mssql_server | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL) | Terraform | [AzureConfigMSSQLwithAD.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureConfigMSSQLwithAD.yaml) | | 6269 | CKV2_AZURE_28 | resource | azurerm_container_group | Ensure Container Instance is configured with managed identity | Terraform | [AzureContainerInstanceconfigManagedIdentity.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureContainerInstanceconfigManagedIdentity.yaml) | | 6270 | CKV2_AZURE_29 | resource | azurerm_kubernetes_cluster | Ensure AKS cluster has Azure CNI networking enabled | Terraform | [AzureAKSclusterAzureCNIEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureAKSclusterAzureCNIEnabled.yaml) | | 6271 | CKV2_AZURE_30 | resource | azurerm_container_registry_webhook | Ensure Azure Container Registry (ACR) has HTTPS enabled for webhook | Terraform | [AzureACR_HTTPSwebhook.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureACR_HTTPSwebhook.yaml) | | 6272 | CKV2_AZURE_31 | resource | azurerm_subnet | Ensure VNET subnet is configured with a Network Security Group (NSG) | Terraform | [AzureSubnetConfigWithNSG.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSubnetConfigWithNSG.yaml) | | 6273 | CKV2_AZURE_32 | resource | azurerm_key_vault | Ensure private endpoint is configured to key vault | Terraform | [AzureKeyVaultConfigPrivateEndpoint.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureKeyVaultConfigPrivateEndpoint.yaml) | | 6274 | CKV2_AZURE_33 | resource | azurerm_storage_account | Ensure storage account is configured with private endpoint | Terraform | [AzureStorageAccConfigWithPrivateEndpoint.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureStorageAccConfigWithPrivateEndpoint.yaml) | | 6275 | CKV2_AZURE_34 | resource | azurerm_mssql_firewall_rule | Ensure Azure SQL server firewall is not overly permissive | Terraform | [AzureSQLserverNotOverlyPermissive.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSQLserverNotOverlyPermissive.yaml) | | 6276 | CKV2_AZURE_34 | resource | azurerm_sql_firewall_rule | Ensure Azure SQL server firewall is not overly permissive | Terraform | [AzureSQLserverNotOverlyPermissive.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSQLserverNotOverlyPermissive.yaml) | | 6277 | CKV2_AZURE_35 | resource | azurerm_recovery_services_vault | Ensure Azure recovery services vault is configured with managed identity | Terraform | [AzureRecoveryServicesvaultConfigManagedIdentity.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureRecoveryServicesvaultConfigManagedIdentity.yaml) | | 6278 | CKV2_AZURE_36 | resource | azurerm_automation_account | Ensure Azure automation account is configured with managed identity | Terraform | [AzureAutomationAccConfigManagedIdentity.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureAutomationAccConfigManagedIdentity.yaml) | | 6279 | CKV2_AZURE_37 | resource | azurerm_mariadb_server | Ensure Azure MariaDB server is using latest TLS (1.2) | Terraform | [AzureMariaDBserverUsingTLS_1_2.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMariaDBserverUsingTLS_1_2.yaml) | | 6280 | CKV2_AZURE_38 | resource | azurerm_storage_account | Ensure soft-delete is enabled on Azure storage account | Terraform | [AzureStorageAccountEnableSoftDelete.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureStorageAccountEnableSoftDelete.yaml) | | 6281 | CKV2_AZURE_39 | resource | azurerm_linux_virtual_machine | Ensure Azure VM is not configured with public IP and serial console access | Terraform | [AzureVMconfigPublicIP_SerialConsoleAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureVMconfigPublicIP_SerialConsoleAccess.yaml) | | 6282 | CKV2_AZURE_39 | resource | azurerm_network_interface | Ensure Azure VM is not configured with public IP and serial console access | Terraform | [AzureVMconfigPublicIP_SerialConsoleAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureVMconfigPublicIP_SerialConsoleAccess.yaml) | | 6283 | CKV2_AZURE_39 | resource | azurerm_virtual_machine | Ensure Azure VM is not configured with public IP and serial console access | Terraform | [AzureVMconfigPublicIP_SerialConsoleAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureVMconfigPublicIP_SerialConsoleAccess.yaml) | | 6284 | CKV2_AZURE_39 | resource | azurerm_windows_virtual_machine | Ensure Azure VM is not configured with public IP and serial console access | Terraform | [AzureVMconfigPublicIP_SerialConsoleAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureVMconfigPublicIP_SerialConsoleAccess.yaml) | | 6285 | CKV2_AZURE_40 | resource | azurerm_storage_account | Ensure storage account is not configured with Shared Key authorization | Terraform | [AzureStorageAccConfigSharedKeyAuth.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureStorageAccConfigSharedKeyAuth.yaml) | | 6286 | CKV2_AZURE_41 | resource | azurerm_storage_account | Ensure storage account is configured with SAS expiration policy | Terraform | [AzureStorageAccConfig_SAS_expirePolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureStorageAccConfig_SAS_expirePolicy.yaml) | | 6287 | CKV2_AZURE_42 | resource | azurerm_postgresql_server | Ensure Azure PostgreSQL server is configured with private endpoint | Terraform | [AzurePostgreSQLserverConfigPrivEndpt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzurePostgreSQLserverConfigPrivEndpt.yaml) | | 6288 | CKV2_AZURE_43 | resource | azurerm_mariadb_server | Ensure Azure MariaDB server is configured with private endpoint | Terraform | [AzureMariaDBserverConfigPrivEndpt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMariaDBserverConfigPrivEndpt.yaml) | | 6289 | CKV2_AZURE_44 | resource | azurerm_mysql_server | Ensure Azure MySQL server is configured with private endpoint | Terraform | [AzureMySQLserverConfigPrivEndpt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMySQLserverConfigPrivEndpt.yaml) | | 6290 | CKV2_AZURE_45 | resource | azurerm_mssql_server | Ensure Microsoft SQL server is configured with private endpoint | Terraform | [AzureMSSQLserverConfigPrivEndpt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMSSQLserverConfigPrivEndpt.yaml) | | 6291 | CKV2_AZURE_46 | resource | Microsoft.Synapse/workspaces/vulnerabilityAssessments | Ensure that Azure Synapse Workspace vulnerability assessment is enabled | arm | [AzureSynapseWorkspaceVAisEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSynapseWorkspaceVAisEnabled.py) | | 6292 | CKV2_AZURE_46 | resource | Microsoft.Synapse/workspaces/vulnerabilityAssessments | Ensure that Azure Synapse Workspace vulnerability assessment is enabled | Bicep | [AzureSynapseWorkspaceVAisEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureSynapseWorkspaceVAisEnabled.py) | | 6293 | CKV2_AZURE_46 | resource | azurerm_synapse_workspace_security_alert_policy | Ensure that Azure Synapse Workspace vulnerability assessment is enabled | Terraform | [AzureSynapseWorkspaceVAisEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSynapseWorkspaceVAisEnabled.yaml) | | 6294 | CKV2_AZURE_46 | resource | azurerm_synapse_workspace_vulnerability_assessment | Ensure that Azure Synapse Workspace vulnerability assessment is enabled | Terraform | [AzureSynapseWorkspaceVAisEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSynapseWorkspaceVAisEnabled.yaml) | | 6295 | CKV2_AZURE_47 | resource | azurerm_storage_account | Ensure storage account is configured without blob anonymous access | Terraform | [AzureStorageAccConfigWithoutBlobAnonymousAccess.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureStorageAccConfigWithoutBlobAnonymousAccess.yaml) | | 6296 | CKV2_AZURE_48 | resource | Microsoft.Databricks/workspaces | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption | arm | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py) | | 6297 | CKV2_AZURE_48 | resource | Microsoft.Databricks/workspaces | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption | Bicep | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py) | | 6298 | CKV2_AZURE_48 | resource | azurerm_databricks_workspace | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption | Terraform | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.yaml) | | 6299 | CKV2_AZURE_49 | resource | Microsoft.MachineLearningServices/workspaces | Ensure that Azure Machine learning workspace is not configured with overly permissive network access | arm | [AzureMLWorkspacePublicNetwork.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/AzureMLWorkspacePublicNetwork.yaml) | | 6300 | CKV2_AZURE_49 | resource | azurerm_machine_learning_workspace | Ensure that Azure Machine learning workspace is not configured with overly permissive network access | Terraform | [AzureMLWorkspacePublicNetwork.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMLWorkspacePublicNetwork.yaml) | | 6301 | CKV2_AZURE_50 | resource | azurerm_machine_learning_workspace | Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible | Terraform | [AzureMLWorkspaceHBIPublicNetwork.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMLWorkspaceHBIPublicNetwork.yaml) | | 6302 | CKV2_AZURE_50 | resource | azurerm_storage_account | Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible | Terraform | [AzureMLWorkspaceHBIPublicNetwork.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMLWorkspaceHBIPublicNetwork.yaml) | | 6303 | CKV2_AZURE_51 | resource | Microsoft.Sql/servers/securityAlertPolicies | Ensure Synapse SQL Pool has a security alert policy | arm | [SynapseSQLPoolHasSecurityAlertPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseSQLPoolHasSecurityAlertPolicy.yaml) | | 6304 | CKV2_AZURE_51 | resource | Microsoft.Synapse/workspaces/sqlPools | Ensure Synapse SQL Pool has a security alert policy | arm | [SynapseSQLPoolHasSecurityAlertPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseSQLPoolHasSecurityAlertPolicy.yaml) | | 6305 | CKV2_AZURE_51 | resource | azurerm_synapse_sql_pool | Ensure Synapse SQL Pool has a security alert policy | Terraform | [SynapseSQLPoolHasSecurityAlertPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseSQLPoolHasSecurityAlertPolicy.yaml) | | 6306 | CKV2_AZURE_51 | resource | azurerm_synapse_sql_pool_security_alert_policy | Ensure Synapse SQL Pool has a security alert policy | Terraform | [SynapseSQLPoolHasSecurityAlertPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseSQLPoolHasSecurityAlertPolicy.yaml) | | 6307 | CKV2_AZURE_52 | resource | Microsoft.Sql/servers/securityAlertPolicies | Ensure Synapse SQL Pool has vulnerability assessment attached | arm | [SynapseSQLPoolHasVulnerabilityAssessment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseSQLPoolHasVulnerabilityAssessment.yaml) | | 6308 | CKV2_AZURE_52 | resource | Microsoft.Sql/servers/vulnerabilityAssessments | Ensure Synapse SQL Pool has vulnerability assessment attached | arm | [SynapseSQLPoolHasVulnerabilityAssessment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseSQLPoolHasVulnerabilityAssessment.yaml) | | 6309 | CKV2_AZURE_52 | resource | Microsoft.Synapse/workspaces/sqlPools | Ensure Synapse SQL Pool has vulnerability assessment attached | arm | [SynapseSQLPoolHasVulnerabilityAssessment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseSQLPoolHasVulnerabilityAssessment.yaml) | | 6310 | CKV2_AZURE_52 | resource | azurerm_synapse_sql_pool | Ensure Synapse SQL Pool has vulnerability assessment attached | Terraform | [SynapseSQLPoolHasVulnerabilityAssessment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseSQLPoolHasVulnerabilityAssessment.yaml) | | 6311 | CKV2_AZURE_52 | resource | azurerm_synapse_sql_pool_security_alert_policy | Ensure Synapse SQL Pool has vulnerability assessment attached | Terraform | [SynapseSQLPoolHasVulnerabilityAssessment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseSQLPoolHasVulnerabilityAssessment.yaml) | | 6312 | CKV2_AZURE_52 | resource | azurerm_synapse_sql_pool_vulnerability_assessment | Ensure Synapse SQL Pool has vulnerability assessment attached | Terraform | [SynapseSQLPoolHasVulnerabilityAssessment.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseSQLPoolHasVulnerabilityAssessment.yaml) | | 6313 | CKV2_AZURE_53 | resource | Microsoft.Synapse/workspaces | Ensure Azure Synapse Workspace has extended audit logs | arm | [SynapseWorkspaceHasExtendedAuditLogs.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseWorkspaceHasExtendedAuditLogs.yaml) | | 6314 | CKV2_AZURE_53 | resource | Microsoft.Synapse/workspaces/extendedAuditingPolicies | Ensure Azure Synapse Workspace has extended audit logs | arm | [SynapseWorkspaceHasExtendedAuditLogs.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseWorkspaceHasExtendedAuditLogs.yaml) | | 6315 | CKV2_AZURE_53 | resource | azurerm_synapse_workspace | Ensure Azure Synapse Workspace has extended audit logs | Terraform | [SynapseWorkspaceHasExtendedAuditLogs.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseWorkspaceHasExtendedAuditLogs.yaml) | | 6316 | CKV2_AZURE_54 | resource | Microsoft.Synapse/workspaces/sqlPools | Ensure log monitoring is enabled for Synapse SQL Pool | arm | [SynapseLogMonitoringEnabledForSQLPool.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseLogMonitoringEnabledForSQLPool.yaml) | | 6317 | CKV2_AZURE_54 | resource | Microsoft.Synapse/workspaces/sqlPools/auditingSettings | Ensure log monitoring is enabled for Synapse SQL Pool | arm | [SynapseLogMonitoringEnabledForSQLPool.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/SynapseLogMonitoringEnabledForSQLPool.yaml) | | 6318 | CKV2_AZURE_54 | resource | azurerm_synapse_sql_pool | Ensure log monitoring is enabled for Synapse SQL Pool | Terraform | [SynapseLogMonitoringEnabledForSQLPool.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseLogMonitoringEnabledForSQLPool.yaml) | | 6319 | CKV2_AZURE_54 | resource | azurerm_synapse_sql_pool_extended_auditing_policy | Ensure log monitoring is enabled for Synapse SQL Pool | Terraform | [SynapseLogMonitoringEnabledForSQLPool.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/SynapseLogMonitoringEnabledForSQLPool.yaml) | | 6320 | CKV2_AZURE_55 | resource | azurerm_spring_cloud_app | Ensure Azure Spring Cloud app end-to-end TLS is enabled | Terraform | [AzureSpringCloudTLSDisabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSpringCloudTLSDisabled.yaml) | | 6321 | CKV2_AZURE_55 | resource | azurerm_spring_cloud_service | Ensure Azure Spring Cloud app end-to-end TLS is enabled | Terraform | [AzureSpringCloudTLSDisabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureSpringCloudTLSDisabled.yaml) | | 6322 | CKV2_AZURE_56 | resource | azurerm_mysql_flexible_server | Ensure Azure MySQL Flexible Server is configured with private endpoint | Terraform | [AzureMySQLFlexibleServerConfigPrivEndpt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzureMySQLFlexibleServerConfigPrivEndpt.yaml) | | 6323 | CKV2_AZURE_57 | resource | azurerm_postgresql_flexible_server | Ensure PostgreSQL Flexible Server is configured with private endpoint | Terraform | [AzurePostgreSQLFlexibleServerConfigPrivEndpt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/azure/AzurePostgreSQLFlexibleServerConfigPrivEndpt.yaml) | | 6324 | CKV_AZUREPIPELINES_1 | azure_pipelines | jobs | Ensure container job uses a non latest version tag | Azure Pipelines | [ContainerLatestTag.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/ContainerLatestTag.py) | | 6325 | CKV_AZUREPIPELINES_1 | azure_pipelines | stages[].jobs[] | Ensure container job uses a non latest version tag | Azure Pipelines | [ContainerLatestTag.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/ContainerLatestTag.py) | | 6326 | CKV_AZUREPIPELINES_2 | azure_pipelines | jobs | Ensure container job uses a version digest | Azure Pipelines | [ContainerDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/ContainerDigest.py) | | 6327 | CKV_AZUREPIPELINES_2 | azure_pipelines | stages[].jobs[] | Ensure container job uses a version digest | Azure Pipelines | [ContainerDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/ContainerDigest.py) | | 6328 | CKV_AZUREPIPELINES_3 | azure_pipelines | jobs[].steps[] | Ensure set variable is not marked as a secret | Azure Pipelines | [SetSecretVariable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/SetSecretVariable.py) | | 6329 | CKV_AZUREPIPELINES_3 | azure_pipelines | stages[].jobs[].steps[] | Ensure set variable is not marked as a secret | Azure Pipelines | [SetSecretVariable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/SetSecretVariable.py) | | 6330 | CKV_AZUREPIPELINES_5 | azure_pipelines | *.container[] | Detecting image usages in azure pipelines workflows | Azure Pipelines | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/DetectImagesUsage.py) | | 6331 | CKV_AZUREPIPELINES_5 | azure_pipelines | jobs[] | Detecting image usages in azure pipelines workflows | Azure Pipelines | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/DetectImagesUsage.py) | | 6332 | CKV_AZUREPIPELINES_5 | azure_pipelines | stages[].jobs[] | Detecting image usages in azure pipelines workflows | Azure Pipelines | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/azure_pipelines/checks/job/DetectImagesUsage.py) | | 6333 | CKV_BCW_1 | provider | bridgecrew | Ensure no hard coded API token exist in the provider | Terraform | [credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/provider/bridgecrew/credentials.py) | | 6334 | CKV_BITBUCKET_1 | bitbucket_configuration | * | Merge requests should require at least 2 approvals | bitbucket_configuration | [merge_requests_approvals.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bitbucket/checks/merge_requests_approvals.py) | | 6335 | CKV_BITBUCKETPIPELINES_1 | bitbucket_pipelines | [{image:image,__startline__:__startline__,__endline__:__endline__}] | Ensure the pipeline image uses a non latest version tag | bitbucket_pipelines | [latest_image.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bitbucket_pipelines/checks/latest_image.py) | | 6336 | CKV_BITBUCKETPIPELINES_1 | bitbucket_pipelines | pipelines.*.[*][][][].step.{image: image, __startline__: __startline__, __endline__:__endline__} | Ensure the pipeline image uses a non latest version tag | bitbucket_pipelines | [latest_image.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bitbucket_pipelines/checks/latest_image.py) | | 6337 | CKV_BITBUCKETPIPELINES_1 | bitbucket_pipelines | pipelines.default[].step.{image: image, __startline__: __startline__, __endline__:__endline__} | Ensure the pipeline image uses a non latest version tag | bitbucket_pipelines | [latest_image.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/bitbucket_pipelines/checks/latest_image.py) | | 6338 | CKV_CIRCLECIPIPELINES_1 | circleci_pipelines | jobs.*.docker[].{image: image, __startline__: __startline__, __endline__:__endline__} | Ensure the pipeline image uses a non latest version tag | circleci_pipelines | [latest_image.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/latest_image.py) | | 6339 | CKV_CIRCLECIPIPELINES_2 | circleci_pipelines | jobs.*.docker[].{image: image, __startline__: __startline__, __endline__:__endline__} | Ensure the pipeline image version is referenced via hash not arbitrary tag. | circleci_pipelines | [image_version_not_hash.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/image_version_not_hash.py) | | 6340 | CKV_CIRCLECIPIPELINES_3 | circleci_pipelines | orbs.{orbs: @} | Ensure mutable development orbs are not used. | circleci_pipelines | [prevent_development_orbs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/prevent_development_orbs.py) | | 6341 | CKV_CIRCLECIPIPELINES_4 | circleci_pipelines | orbs.{orbs: @} | Ensure unversioned volatile orbs are not used. | circleci_pipelines | [prevent_volatile_orbs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/prevent_volatile_orbs.py) | | 6342 | CKV_CIRCLECIPIPELINES_5 | circleci_pipelines | jobs.*.steps[] | Suspicious use of netcat with IP address | circleci_pipelines | [ReverseShellNetcat.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/ReverseShellNetcat.py) | | 6343 | CKV_CIRCLECIPIPELINES_6 | circleci_pipelines | jobs.*.steps[] | Ensure run commands are not vulnerable to shell injection | circleci_pipelines | [ShellInjection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/ShellInjection.py) | | 6344 | CKV_CIRCLECIPIPELINES_7 | circleci_pipelines | jobs.*.steps[] | Suspicious use of curl in run task | circleci_pipelines | [SuspectCurlInScript.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/SuspectCurlInScript.py) | | 6345 | CKV_CIRCLECIPIPELINES_8 | circleci_pipelines | executors.*.docker[].{image: image, __startline__: __startline__, __endline__:__endline__} | Detecting image usages in circleci pipelines | circleci_pipelines | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/DetectImagesUsage.py) | | 6346 | CKV_CIRCLECIPIPELINES_8 | circleci_pipelines | jobs.*.docker[].{image: image, __startline__: __startline__, __endline__:__endline__} | Detecting image usages in circleci pipelines | circleci_pipelines | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/circleci_pipelines/checks/DetectImagesUsage.py) | | 6347 | CKV_DIO_1 | resource | digitalocean_spaces_bucket | Ensure the Spaces bucket has versioning enabled | Terraform | [SpacesBucketVersioning.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/digitalocean/SpacesBucketVersioning.py) | | 6348 | CKV_DIO_2 | resource | digitalocean_droplet | Ensure the droplet specifies an SSH key | Terraform | [DropletSSHKeys.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/digitalocean/DropletSSHKeys.py) | | 6349 | CKV_DIO_3 | resource | digitalocean_spaces_bucket | Ensure the Spaces bucket is private | Terraform | [SpacesBucketPublicRead.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/digitalocean/SpacesBucketPublicRead.py) | | 6350 | CKV_DIO_4 | resource | digitalocean_firewall | Ensure the firewall ingress is not wide open | Terraform | [FirewallIngressOpen.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/digitalocean/FirewallIngressOpen.py) | | 6351 | CKV_DOCKER_1 | dockerfile | EXPOSE | Ensure port 22 is not exposed | dockerfile | [ExposePort22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/ExposePort22.py) | | 6352 | CKV_DOCKER_2 | dockerfile | * | Ensure that HEALTHCHECK instructions have been added to container images | dockerfile | [HealthcheckExists.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/HealthcheckExists.py) | | 6353 | CKV_DOCKER_3 | dockerfile | * | Ensure that a user for the container has been created | dockerfile | [UserExists.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/UserExists.py) | | 6354 | CKV_DOCKER_4 | dockerfile | ADD | Ensure that COPY is used instead of ADD in Dockerfiles | dockerfile | [AddExists.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/AddExists.py) | | 6355 | CKV_DOCKER_5 | dockerfile | RUN | Ensure update instructions are not use alone in the Dockerfile | dockerfile | [UpdateNotAlone.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/UpdateNotAlone.py) | | 6356 | CKV_DOCKER_6 | dockerfile | MAINTAINER | Ensure that LABEL maintainer is used instead of MAINTAINER (deprecated) | dockerfile | [MaintainerExists.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/MaintainerExists.py) | | 6357 | CKV_DOCKER_7 | dockerfile | FROM | Ensure the base image uses a non latest version tag | dockerfile | [ReferenceLatestTag.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/ReferenceLatestTag.py) | | 6358 | CKV_DOCKER_8 | dockerfile | USER | Ensure the last USER is not root | dockerfile | [RootUser.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/RootUser.py) | | 6359 | CKV_DOCKER_9 | dockerfile | RUN | Ensure that APT isn't used | dockerfile | [RunUsingAPT.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/RunUsingAPT.py) | | 6360 | CKV_DOCKER_10 | dockerfile | WORKDIR | Ensure that WORKDIR values are absolute paths | dockerfile | [WorkdirIsAbsolute.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/WorkdirIsAbsolute.py) | | 6361 | CKV_DOCKER_11 | dockerfile | FROM | Ensure From Alias are unique for multistage builds. | dockerfile | [AliasIsUnique.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/AliasIsUnique.py) | | 6362 | CKV2_DOCKER_1 | resource | RUN | Ensure that sudo isn't used | dockerfile | [RunUsingSudo.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunUsingSudo.yaml) | | 6363 | CKV2_DOCKER_2 | resource | RUN | Ensure that certificate validation isn't disabled with curl | dockerfile | [RunUnsafeCurl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunUnsafeCurl.yaml) | | 6364 | CKV2_DOCKER_3 | resource | RUN | Ensure that certificate validation isn't disabled with wget | dockerfile | [RunUnsafeWget.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunUnsafeWget.yaml) | | 6365 | CKV2_DOCKER_4 | resource | RUN | Ensure that certificate validation isn't disabled with the pip '--trusted-host' option | dockerfile | [RunPipTrustedHost.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunPipTrustedHost.yaml) | | 6366 | CKV2_DOCKER_5 | resource | ARG | Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable | dockerfile | [EnvPythonHttpsVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvPythonHttpsVerify.yaml) | | 6367 | CKV2_DOCKER_5 | resource | ENV | Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable | dockerfile | [EnvPythonHttpsVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvPythonHttpsVerify.yaml) | | 6368 | CKV2_DOCKER_5 | resource | RUN | Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable | dockerfile | [EnvPythonHttpsVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvPythonHttpsVerify.yaml) | | 6369 | CKV2_DOCKER_6 | resource | ARG | Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable | dockerfile | [EnvNodeTlsRejectUnauthorized.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvNodeTlsRejectUnauthorized.yaml) | | 6370 | CKV2_DOCKER_6 | resource | ENV | Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable | dockerfile | [EnvNodeTlsRejectUnauthorized.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvNodeTlsRejectUnauthorized.yaml) | | 6371 | CKV2_DOCKER_6 | resource | RUN | Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable | dockerfile | [EnvNodeTlsRejectUnauthorized.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvNodeTlsRejectUnauthorized.yaml) | | 6372 | CKV2_DOCKER_7 | resource | RUN | Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option | dockerfile | [RunApkAllowUntrusted.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunApkAllowUntrusted.yaml) | | 6373 | CKV2_DOCKER_8 | resource | RUN | Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option | dockerfile | [RunAptGetAllowUnauthenticated.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunAptGetAllowUnauthenticated.yaml) | | 6374 | CKV2_DOCKER_9 | resource | RUN | Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option | dockerfile | [RunYumNoGpgCheck.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunYumNoGpgCheck.yaml) | | 6375 | CKV2_DOCKER_10 | resource | RUN | Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options | dockerfile | [RunRpmNoSignature.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunRpmNoSignature.yaml) | | 6376 | CKV2_DOCKER_11 | resource | RUN | Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state | dockerfile | [RunAptGetForceYes.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunAptGetForceYes.yaml) | | 6377 | CKV2_DOCKER_12 | resource | ARG | Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable | dockerfile | [EnvNpmConfigStrictSsl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvNpmConfigStrictSsl.yaml) | | 6378 | CKV2_DOCKER_12 | resource | ENV | Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable | dockerfile | [EnvNpmConfigStrictSsl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvNpmConfigStrictSsl.yaml) | | 6379 | CKV2_DOCKER_12 | resource | RUN | Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable | dockerfile | [EnvNpmConfigStrictSsl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvNpmConfigStrictSsl.yaml) | | 6380 | CKV2_DOCKER_13 | resource | RUN | Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false | dockerfile | [RunNpmConfigSetStrictSsl.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunNpmConfigSetStrictSsl.yaml) | | 6381 | CKV2_DOCKER_14 | resource | ARG | Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value | dockerfile | [EnvGitSslNoVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvGitSslNoVerify.yaml) | | 6382 | CKV2_DOCKER_14 | resource | ENV | Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value | dockerfile | [EnvGitSslNoVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvGitSslNoVerify.yaml) | | 6383 | CKV2_DOCKER_14 | resource | RUN | Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value | dockerfile | [EnvGitSslNoVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvGitSslNoVerify.yaml) | | 6384 | CKV2_DOCKER_15 | resource | RUN | Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option | dockerfile | [RunYumConfigManagerSslVerify.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunYumConfigManagerSslVerify.yaml) | | 6385 | CKV2_DOCKER_16 | resource | ARG | Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable | dockerfile | [EnvPipTrustedHost.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvPipTrustedHost.yaml) | | 6386 | CKV2_DOCKER_16 | resource | ENV | Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable | dockerfile | [EnvPipTrustedHost.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvPipTrustedHost.yaml) | | 6387 | CKV2_DOCKER_16 | resource | RUN | Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable | dockerfile | [EnvPipTrustedHost.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/EnvPipTrustedHost.yaml) | | 6388 | CKV2_DOCKER_17 | resource | RUN | Ensure that 'chpasswd' is not used to set or remove passwords | dockerfile | [RunChpasswd.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunChpasswd.yaml) | | 6389 | CKV_GCP_1 | resource | google_container_cluster | Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters | Terraform | [GKEClusterLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEClusterLogging.py) | | 6390 | CKV_GCP_2 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted ssh access | Terraform | [GoogleComputeFirewallUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress22.py) | | 6391 | CKV_GCP_3 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted rdp access | Terraform | [GoogleComputeFirewallUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress3389.py) | | 6392 | CKV_GCP_4 | resource | google_compute_ssl_policy | Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites | Terraform | [GoogleComputeSSLPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeSSLPolicy.py) | | 6393 | CKV_GCP_6 | resource | google_sql_database_instance | Ensure all Cloud SQL database instance requires all incoming connections to use SSL | Terraform | [GoogleCloudSqlDatabaseRequireSsl.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudSqlDatabaseRequireSsl.py) | | 6394 | CKV_GCP_7 | resource | google_container_cluster | Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters | Terraform | [GKEDisableLegacyAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEDisableLegacyAuth.py) | | 6395 | CKV_GCP_8 | resource | google_container_cluster | Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters | Terraform | [GKEMonitoringEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEMonitoringEnabled.py) | | 6396 | CKV_GCP_9 | resource | google_container_node_pool | Ensure 'Automatic node repair' is enabled for Kubernetes Clusters | Terraform | [GKENodePoolAutoRepairEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKENodePoolAutoRepairEnabled.py) | | 6397 | CKV_GCP_10 | resource | google_container_node_pool | Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters | Terraform | [GKENodePoolAutoUpgradeEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKENodePoolAutoUpgradeEnabled.py) | | 6398 | CKV_GCP_11 | resource | google_sql_database_instance | Ensure that Cloud SQL database Instances are not open to the world | Terraform | [GoogleCloudSqlDatabasePubliclyAccessible.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudSqlDatabasePubliclyAccessible.py) | | 6399 | CKV_GCP_12 | resource | google_container_cluster | Ensure Network Policy is enabled on Kubernetes Engine Clusters | Terraform | [GKENetworkPolicyEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKENetworkPolicyEnabled.py) | | 6400 | CKV_GCP_13 | resource | google_container_cluster | Ensure client certificate authentication to Kubernetes Engine Clusters is disabled | Terraform | [GKEClientCertificateDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEClientCertificateDisabled.py) | | 6401 | CKV_GCP_14 | resource | google_sql_database_instance | Ensure all Cloud SQL database instance have backup configuration enabled | Terraform | [GoogleCloudSqlBackupConfiguration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudSqlBackupConfiguration.py) | | 6402 | CKV_GCP_15 | resource | google_bigquery_dataset | Ensure that BigQuery datasets are not anonymously or publicly accessible | Terraform | [GoogleBigQueryDatasetPublicACL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleBigQueryDatasetPublicACL.py) | | 6403 | CKV_GCP_16 | resource | google_dns_managed_zone | Ensure that DNSSEC is enabled for Cloud DNS | Terraform | [GoogleCloudDNSSECEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudDNSSECEnabled.py) | | 6404 | CKV_GCP_17 | resource | google_dns_managed_zone | Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC | Terraform | [GoogleCloudDNSKeySpecsRSASHA1.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudDNSKeySpecsRSASHA1.py) | | 6405 | CKV_GCP_18 | resource | google_container_cluster | Ensure GKE Control Plane is not public | Terraform | [GKEPublicControlPlane.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEPublicControlPlane.py) | | 6406 | CKV_GCP_20 | resource | google_container_cluster | Ensure master authorized networks is set to enabled in GKE clusters | Terraform | [GKEMasterAuthorizedNetworksEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEMasterAuthorizedNetworksEnabled.py) | | 6407 | CKV_GCP_21 | resource | google_container_cluster | Ensure Kubernetes Clusters are configured with Labels | Terraform | [GKEHasLabels.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEHasLabels.py) | | 6408 | CKV_GCP_22 | resource | google_container_node_pool | Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image | Terraform | [GKEUseCosImage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEUseCosImage.py) | | 6409 | CKV_GCP_23 | resource | google_container_cluster | Ensure Kubernetes Cluster is created with Alias IP ranges enabled | Terraform | [GKEAliasIpEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEAliasIpEnabled.py) | | 6410 | CKV_GCP_24 | resource | google_container_cluster | Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters | Terraform | [GKEPodSecurityPolicyEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEPodSecurityPolicyEnabled.py) | | 6411 | CKV_GCP_25 | resource | google_container_cluster | Ensure Kubernetes Cluster is created with Private cluster enabled | Terraform | [GKEPrivateClusterConfig.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEPrivateClusterConfig.py) | | 6412 | CKV_GCP_26 | resource | google_compute_subnetwork | Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network | Terraform | [GoogleSubnetworkLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleSubnetworkLoggingEnabled.py) | | 6413 | CKV_GCP_27 | resource | google_project | Ensure that the default network does not exist in a project | Terraform | [GoogleProjectDefaultNetwork.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectDefaultNetwork.py) | | 6414 | CKV_GCP_28 | resource | google_storage_bucket_iam_binding | Ensure that Cloud Storage bucket is not anonymously or publicly accessible | Terraform | [GoogleStorageBucketNotPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleStorageBucketNotPublic.py) | | 6415 | CKV_GCP_28 | resource | google_storage_bucket_iam_member | Ensure that Cloud Storage bucket is not anonymously or publicly accessible | Terraform | [GoogleStorageBucketNotPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleStorageBucketNotPublic.py) | | 6416 | CKV_GCP_29 | resource | google_storage_bucket | Ensure that Cloud Storage buckets have uniform bucket-level access enabled | Terraform | [GoogleStorageBucketUniformAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleStorageBucketUniformAccess.py) | | 6417 | CKV_GCP_30 | resource | google_compute_instance | Ensure that instances are not configured to use the default service account | Terraform | [GoogleComputeDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccount.py) | | 6418 | CKV_GCP_30 | resource | google_compute_instance_from_template | Ensure that instances are not configured to use the default service account | Terraform | [GoogleComputeDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccount.py) | | 6419 | CKV_GCP_30 | resource | google_compute_instance_template | Ensure that instances are not configured to use the default service account | Terraform | [GoogleComputeDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccount.py) | | 6420 | CKV_GCP_31 | resource | google_compute_instance | Ensure that instances are not configured to use the default service account with full access to all Cloud APIs | Terraform | [GoogleComputeDefaultServiceAccountFullAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccountFullAccess.py) | | 6421 | CKV_GCP_31 | resource | google_compute_instance_from_template | Ensure that instances are not configured to use the default service account with full access to all Cloud APIs | Terraform | [GoogleComputeDefaultServiceAccountFullAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccountFullAccess.py) | | 6422 | CKV_GCP_31 | resource | google_compute_instance_template | Ensure that instances are not configured to use the default service account with full access to all Cloud APIs | Terraform | [GoogleComputeDefaultServiceAccountFullAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDefaultServiceAccountFullAccess.py) | | 6423 | CKV_GCP_32 | resource | google_compute_instance | Ensure 'Block Project-wide SSH keys' is enabled for VM instances | Terraform | [GoogleComputeBlockProjectSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py) | | 6424 | CKV_GCP_32 | resource | google_compute_instance_from_template | Ensure 'Block Project-wide SSH keys' is enabled for VM instances | Terraform | [GoogleComputeBlockProjectSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py) | | 6425 | CKV_GCP_32 | resource | google_compute_instance_template | Ensure 'Block Project-wide SSH keys' is enabled for VM instances | Terraform | [GoogleComputeBlockProjectSSH.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py) | | 6426 | CKV_GCP_33 | resource | google_compute_project_metadata | Ensure oslogin is enabled for a Project | Terraform | [GoogleComputeProjectOSLogin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeProjectOSLogin.py) | | 6427 | CKV_GCP_34 | resource | google_compute_instance | Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) | Terraform | [GoogleComputeInstanceOSLogin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeInstanceOSLogin.py) | | 6428 | CKV_GCP_34 | resource | google_compute_instance_from_template | Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) | Terraform | [GoogleComputeInstanceOSLogin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeInstanceOSLogin.py) | | 6429 | CKV_GCP_34 | resource | google_compute_instance_template | Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) | Terraform | [GoogleComputeInstanceOSLogin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeInstanceOSLogin.py) | | 6430 | CKV_GCP_35 | resource | google_compute_instance | Ensure 'Enable connecting to serial ports' is not enabled for VM Instance | Terraform | [GoogleComputeSerialPorts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeSerialPorts.py) | | 6431 | CKV_GCP_35 | resource | google_compute_instance_from_template | Ensure 'Enable connecting to serial ports' is not enabled for VM Instance | Terraform | [GoogleComputeSerialPorts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeSerialPorts.py) | | 6432 | CKV_GCP_35 | resource | google_compute_instance_template | Ensure 'Enable connecting to serial ports' is not enabled for VM Instance | Terraform | [GoogleComputeSerialPorts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeSerialPorts.py) | | 6433 | CKV_GCP_36 | resource | google_compute_instance | Ensure that IP forwarding is not enabled on Instances | Terraform | [GoogleComputeIPForward.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeIPForward.py) | | 6434 | CKV_GCP_36 | resource | google_compute_instance_from_template | Ensure that IP forwarding is not enabled on Instances | Terraform | [GoogleComputeIPForward.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeIPForward.py) | | 6435 | CKV_GCP_36 | resource | google_compute_instance_template | Ensure that IP forwarding is not enabled on Instances | Terraform | [GoogleComputeIPForward.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeIPForward.py) | | 6436 | CKV_GCP_37 | resource | google_compute_disk | Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [GoogleComputeDiskEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeDiskEncryption.py) | | 6437 | CKV_GCP_38 | resource | google_compute_instance | Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [GoogleComputeBootDiskEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeBootDiskEncryption.py) | | 6438 | CKV_GCP_39 | resource | google_compute_instance | Ensure Compute instances are launched with Shielded VM enabled | Terraform | [GoogleComputeShieldedVM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeShieldedVM.py) | | 6439 | CKV_GCP_39 | resource | google_compute_instance_from_template | Ensure Compute instances are launched with Shielded VM enabled | Terraform | [GoogleComputeShieldedVM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeShieldedVM.py) | | 6440 | CKV_GCP_39 | resource | google_compute_instance_template | Ensure Compute instances are launched with Shielded VM enabled | Terraform | [GoogleComputeShieldedVM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeShieldedVM.py) | | 6441 | CKV_GCP_40 | resource | google_compute_instance | Ensure that Compute instances do not have public IP addresses | Terraform | [GoogleComputeExternalIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeExternalIP.py) | | 6442 | CKV_GCP_40 | resource | google_compute_instance_from_template | Ensure that Compute instances do not have public IP addresses | Terraform | [GoogleComputeExternalIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeExternalIP.py) | | 6443 | CKV_GCP_40 | resource | google_compute_instance_template | Ensure that Compute instances do not have public IP addresses | Terraform | [GoogleComputeExternalIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeExternalIP.py) | | 6444 | CKV_GCP_41 | resource | google_project_iam_binding | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level | Terraform | [GoogleRoleServiceAccountUser.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleRoleServiceAccountUser.py) | | 6445 | CKV_GCP_41 | resource | google_project_iam_member | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level | Terraform | [GoogleRoleServiceAccountUser.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleRoleServiceAccountUser.py) | | 6446 | CKV_GCP_42 | resource | google_project_iam_member | Ensure that Service Account has no Admin privileges | Terraform | [GoogleProjectAdminServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectAdminServiceAccount.py) | | 6447 | CKV_GCP_43 | resource | google_kms_crypto_key | Ensure KMS encryption keys are rotated within a period of 90 days | Terraform | [GoogleKMSRotationPeriod.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleKMSRotationPeriod.py) | | 6448 | CKV_GCP_44 | resource | google_folder_iam_binding | Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level | Terraform | [GoogleFolderImpersonationRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderImpersonationRole.py) | | 6449 | CKV_GCP_44 | resource | google_folder_iam_member | Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level | Terraform | [GoogleFolderImpersonationRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderImpersonationRole.py) | | 6450 | CKV_GCP_45 | resource | google_organization_iam_binding | Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level | Terraform | [GoogleOrgImpersonationRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgImpersonationRole.py) | | 6451 | CKV_GCP_45 | resource | google_organization_iam_member | Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level | Terraform | [GoogleOrgImpersonationRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgImpersonationRole.py) | | 6452 | CKV_GCP_46 | resource | google_project_iam_binding | Ensure Default Service account is not used at a project level | Terraform | [GoogleProjectMemberDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectMemberDefaultServiceAccount.py) | | 6453 | CKV_GCP_46 | resource | google_project_iam_member | Ensure Default Service account is not used at a project level | Terraform | [GoogleProjectMemberDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectMemberDefaultServiceAccount.py) | | 6454 | CKV_GCP_47 | resource | google_organization_iam_binding | Ensure default service account is not used at an organization level | Terraform | [GoogleOrgMemberDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgMemberDefaultServiceAccount.py) | | 6455 | CKV_GCP_47 | resource | google_organization_iam_member | Ensure default service account is not used at an organization level | Terraform | [GoogleOrgMemberDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgMemberDefaultServiceAccount.py) | | 6456 | CKV_GCP_48 | resource | google_folder_iam_binding | Ensure Default Service account is not used at a folder level | Terraform | [GoogleFolderMemberDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderMemberDefaultServiceAccount.py) | | 6457 | CKV_GCP_48 | resource | google_folder_iam_member | Ensure Default Service account is not used at a folder level | Terraform | [GoogleFolderMemberDefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderMemberDefaultServiceAccount.py) | | 6458 | CKV_GCP_49 | resource | google_project_iam_binding | Ensure roles do not impersonate or manage Service Accounts used at project level | Terraform | [GoogleProjectImpersonationRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectImpersonationRole.py) | | 6459 | CKV_GCP_49 | resource | google_project_iam_member | Ensure roles do not impersonate or manage Service Accounts used at project level | Terraform | [GoogleProjectImpersonationRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectImpersonationRole.py) | | 6460 | CKV_GCP_50 | resource | google_sql_database_instance | Ensure MySQL database 'local_infile' flag is set to 'off' | Terraform | [GoogleCloudMySqlLocalInfileOff.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudMySqlLocalInfileOff.py) | | 6461 | CKV_GCP_51 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_checkpoints' flag is set to 'on' | Terraform | [GoogleCloudPostgreSqlLogCheckpoints.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogCheckpoints.py) | | 6462 | CKV_GCP_52 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_connections' flag is set to 'on' | Terraform | [GoogleCloudPostgreSqlLogConnection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogConnection.py) | | 6463 | CKV_GCP_53 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_disconnections' flag is set to 'on' | Terraform | [GoogleCloudPostgreSqlLogDisconnection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogDisconnection.py) | | 6464 | CKV_GCP_54 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_lock_waits' flag is set to 'on' | Terraform | [GoogleCloudPostgreSqlLogLockWaits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogLockWaits.py) | | 6465 | CKV_GCP_55 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_min_messages' flag is set to a valid value | Terraform | [GoogleCloudPostgreSqlLogMinMessage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinMessage.py) | | 6466 | CKV_GCP_56 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_temp_files flag is set to '0' | Terraform | [GoogleCloudPostgreSqlLogTemp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogTemp.py) | | 6467 | CKV_GCP_57 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_min_duration_statement' flag is set to '-1' | Terraform | [GoogleCloudPostgreSqlLogMinDuration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinDuration.py) | | 6468 | CKV_GCP_58 | resource | google_sql_database_instance | Ensure SQL database 'cross db ownership chaining' flag is set to 'off' | Terraform | [GoogleCloudSqlServerCrossDBOwnershipChaining.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudSqlServerCrossDBOwnershipChaining.py) | | 6469 | CKV_GCP_59 | resource | google_sql_database_instance | Ensure SQL database 'contained database authentication' flag is set to 'off' | Terraform | [GoogleCloudSqlServerContainedDBAuthentication.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudSqlServerContainedDBAuthentication.py) | | 6470 | CKV_GCP_60 | resource | google_sql_database_instance | Ensure Cloud SQL database does not have public IP | Terraform | [GoogleCloudSqlServerNoPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudSqlServerNoPublicIP.py) | | 6471 | CKV_GCP_61 | resource | google_container_cluster | Enable VPC Flow Logs and Intranode Visibility | Terraform | [GKEEnableVPCFlowLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEEnableVPCFlowLogs.py) | | 6472 | CKV_GCP_62 | resource | google_storage_bucket | Bucket should log access | Terraform | [CloudStorageLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudStorageLogging.py) | | 6473 | CKV_GCP_63 | resource | google_storage_bucket | Bucket should not log to itself | Terraform | [CloudStorageSelfLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudStorageSelfLogging.py) | | 6474 | CKV_GCP_64 | resource | google_container_cluster | Ensure clusters are created with Private Nodes | Terraform | [GKEPrivateNodes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEPrivateNodes.py) | | 6475 | CKV_GCP_65 | resource | google_container_cluster | Manage Kubernetes RBAC users with Google Groups for GKE | Terraform | [GKEKubernetesRBACGoogleGroups.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEKubernetesRBACGoogleGroups.py) | | 6476 | CKV_GCP_66 | resource | google_container_cluster | Ensure use of Binary Authorization | Terraform | [GKEBinaryAuthorization.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEBinaryAuthorization.py) | | 6477 | CKV_GCP_68 | resource | google_container_cluster | Ensure Secure Boot for Shielded GKE Nodes is Enabled | Terraform | [GKESecureBootforShieldedNodes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKESecureBootforShieldedNodes.py) | | 6478 | CKV_GCP_68 | resource | google_container_node_pool | Ensure Secure Boot for Shielded GKE Nodes is Enabled | Terraform | [GKESecureBootforShieldedNodes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKESecureBootforShieldedNodes.py) | | 6479 | CKV_GCP_69 | resource | google_container_cluster | Ensure the GKE Metadata Server is Enabled | Terraform | [GKEMetadataServerIsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEMetadataServerIsEnabled.py) | | 6480 | CKV_GCP_69 | resource | google_container_node_pool | Ensure the GKE Metadata Server is Enabled | Terraform | [GKEMetadataServerIsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEMetadataServerIsEnabled.py) | | 6481 | CKV_GCP_70 | resource | google_container_cluster | Ensure the GKE Release Channel is set | Terraform | [GKEReleaseChannel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEReleaseChannel.py) | | 6482 | CKV_GCP_71 | resource | google_container_cluster | Ensure Shielded GKE Nodes are Enabled | Terraform | [GKEEnableShieldedNodes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEEnableShieldedNodes.py) | | 6483 | CKV_GCP_72 | resource | google_container_cluster | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | Terraform | [GKEEnsureIntegrityMonitoring.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEEnsureIntegrityMonitoring.py) | | 6484 | CKV_GCP_72 | resource | google_container_node_pool | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | Terraform | [GKEEnsureIntegrityMonitoring.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEEnsureIntegrityMonitoring.py) | | 6485 | CKV_GCP_73 | resource | google_compute_security_policy | Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform | [CloudArmorWAFACLCVE202144228.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudArmorWAFACLCVE202144228.py) | | 6486 | CKV_GCP_74 | resource | google_compute_subnetwork | Ensure that private_ip_google_access is enabled for Subnet | Terraform | [GoogleSubnetworkPrivateGoogleEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleSubnetworkPrivateGoogleEnabled.py) | | 6487 | CKV_GCP_75 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted FTP access | Terraform | [GoogleComputeFirewallUnrestrictedIngress21.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress21.py) | | 6488 | CKV_GCP_76 | resource | google_compute_subnetwork | Ensure that Private google access is enabled for IPV6 | Terraform | [GoogleSubnetworkIPV6PrivateGoogleEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleSubnetworkIPV6PrivateGoogleEnabled.py) | | 6489 | CKV_GCP_77 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow on ftp port | Terraform | [GoogleComputeFirewallUnrestrictedIngress20.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress20.py) | | 6490 | CKV_GCP_78 | resource | google_storage_bucket | Ensure Cloud storage has versioning enabled | Terraform | [CloudStorageVersioningEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudStorageVersioningEnabled.py) | | 6491 | CKV_GCP_79 | resource | google_sql_database_instance | Ensure SQL database is using latest Major version | Terraform | [CloudSqlMajorVersion.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudSqlMajorVersion.py) | | 6492 | CKV_GCP_80 | resource | google_bigquery_table | Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [BigQueryTableEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigQueryTableEncryptedWithCMK.py) | | 6493 | CKV_GCP_81 | resource | google_bigquery_dataset | Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [BigQueryDatasetEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigQueryDatasetEncryptedWithCMK.py) | | 6494 | CKV_GCP_82 | resource | google_kms_crypto_key | Ensure KMS keys are protected from deletion | Terraform | [GoogleKMSPreventDestroy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleKMSPreventDestroy.py) | | 6495 | CKV_GCP_83 | resource | google_pubsub_topic | Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [CloudPubSubEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudPubSubEncryptedWithCMK.py) | | 6496 | CKV_GCP_84 | resource | google_artifact_registry_repository | Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [ArtifactRegsitryEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/ArtifactRegsitryEncryptedWithCMK.py) | | 6497 | CKV_GCP_85 | resource | google_bigtable_instance | Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [BigTableInstanceEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigTableInstanceEncryptedWithCMK.py) | | 6498 | CKV_GCP_86 | resource | google_cloudbuild_worker_pool | Ensure Cloud build workers are private | Terraform | [CloudBuildWorkersArePrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudBuildWorkersArePrivate.py) | | 6499 | CKV_GCP_87 | resource | google_data_fusion_instance | Ensure Data fusion instances are private | Terraform | [DataFusionPrivateInstance.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataFusionPrivateInstance.py) | | 6500 | CKV_GCP_88 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted mysql access | Terraform | [GoogleComputeFirewallUnrestrictedIngress3306.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress3306.py) | | 6501 | CKV_GCP_89 | resource | google_notebooks_instance | Ensure Vertex AI instances are private | Terraform | [VertexAIPrivateInstance.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/VertexAIPrivateInstance.py) | | 6502 | CKV_GCP_90 | resource | google_dataflow_job | Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [DataflowJobEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataflowJobEncryptedWithCMK.py) | | 6503 | CKV_GCP_91 | resource | google_dataproc_cluster | Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [DataprocClusterEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataprocClusterEncryptedWithCMK.py) | | 6504 | CKV_GCP_92 | resource | google_vertex_ai_dataset | Ensure Vertex AI datasets uses a CMK (Customer Managed Key) | Terraform | [VertexAIDatasetEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/VertexAIDatasetEncryptedWithCMK.py) | | 6505 | CKV_GCP_93 | resource | google_spanner_database | Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform | [SpannerDatabaseEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/SpannerDatabaseEncryptedWithCMK.py) | | 6506 | CKV_GCP_94 | resource | google_dataflow_job | Ensure Dataflow jobs are private | Terraform | [DataflowPrivateJob.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataflowPrivateJob.py) | | 6507 | CKV_GCP_95 | resource | google_redis_instance | Ensure Memorystore for Redis has AUTH enabled | Terraform | [MemorystoreForRedisAuthEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/MemorystoreForRedisAuthEnabled.py) | | 6508 | CKV_GCP_96 | resource | google_vertex_ai_metadata_store | Ensure Vertex AI Metadata Store uses a CMK (Customer Managed Key) | Terraform | [VertexAIMetadataStoreEncryptedWithCMK.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/VertexAIMetadataStoreEncryptedWithCMK.py) | | 6509 | CKV_GCP_97 | resource | google_redis_instance | Ensure Memorystore for Redis uses intransit encryption | Terraform | [MemorystoreForRedisInTransitEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/MemorystoreForRedisInTransitEncryption.py) | | 6510 | CKV_GCP_98 | resource | google_dataproc_cluster_iam_binding | Ensure that Dataproc clusters are not anonymously or publicly accessible | Terraform | [DataprocPrivateCluster.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataprocPrivateCluster.py) | | 6511 | CKV_GCP_98 | resource | google_dataproc_cluster_iam_member | Ensure that Dataproc clusters are not anonymously or publicly accessible | Terraform | [DataprocPrivateCluster.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataprocPrivateCluster.py) | | 6512 | CKV_GCP_99 | resource | google_pubsub_topic_iam_binding | Ensure that Pub/Sub Topics are not anonymously or publicly accessible | Terraform | [PubSubPrivateTopic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/PubSubPrivateTopic.py) | | 6513 | CKV_GCP_99 | resource | google_pubsub_topic_iam_member | Ensure that Pub/Sub Topics are not anonymously or publicly accessible | Terraform | [PubSubPrivateTopic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/PubSubPrivateTopic.py) | | 6514 | CKV_GCP_100 | resource | google_bigquery_table_iam_binding | Ensure that BigQuery Tables are not anonymously or publicly accessible | Terraform | [BigQueryPrivateTable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigQueryPrivateTable.py) | | 6515 | CKV_GCP_100 | resource | google_bigquery_table_iam_member | Ensure that BigQuery Tables are not anonymously or publicly accessible | Terraform | [BigQueryPrivateTable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigQueryPrivateTable.py) | | 6516 | CKV_GCP_101 | resource | google_artifact_registry_repository_iam_binding | Ensure that Artifact Registry repositories are not anonymously or publicly accessible | Terraform | [ArtifactRegistryPrivateRepo.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/ArtifactRegistryPrivateRepo.py) | | 6517 | CKV_GCP_101 | resource | google_artifact_registry_repository_iam_member | Ensure that Artifact Registry repositories are not anonymously or publicly accessible | Terraform | [ArtifactRegistryPrivateRepo.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/ArtifactRegistryPrivateRepo.py) | | 6518 | CKV_GCP_102 | resource | google_cloud_run_service_iam_binding | Ensure that GCP Cloud Run services are not anonymously or publicly accessible | Terraform | [GCPCloudRunPrivateService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GCPCloudRunPrivateService.py) | | 6519 | CKV_GCP_102 | resource | google_cloud_run_service_iam_member | Ensure that GCP Cloud Run services are not anonymously or publicly accessible | Terraform | [GCPCloudRunPrivateService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GCPCloudRunPrivateService.py) | | 6520 | CKV_GCP_103 | resource | google_dataproc_cluster | Ensure Dataproc Clusters do not have public IPs | Terraform | [DataprocPublicIpCluster.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataprocPublicIpCluster.py) | | 6521 | CKV_GCP_104 | resource | google_data_fusion_instance | Ensure Datafusion has stack driver logging enabled | Terraform | [DataFusionStackdriverLogs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataFusionStackdriverLogs.py) | | 6522 | CKV_GCP_105 | resource | google_data_fusion_instance | Ensure Datafusion has stack driver monitoring enabled | Terraform | [DataFusionStackdriverMonitoring.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/DataFusionStackdriverMonitoring.py) | | 6523 | CKV_GCP_106 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted http port 80 access | Terraform | [GoogleComputeFirewallUnrestrictedIngress80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress80.py) | | 6524 | CKV_GCP_107 | resource | google_cloudfunctions2_function_iam_binding | Cloud functions should not be public | Terraform | [CloudFunctionsShouldNotBePublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py) | | 6525 | CKV_GCP_107 | resource | google_cloudfunctions2_function_iam_member | Cloud functions should not be public | Terraform | [CloudFunctionsShouldNotBePublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py) | | 6526 | CKV_GCP_107 | resource | google_cloudfunctions_function_iam_binding | Cloud functions should not be public | Terraform | [CloudFunctionsShouldNotBePublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py) | | 6527 | CKV_GCP_107 | resource | google_cloudfunctions_function_iam_member | Cloud functions should not be public | Terraform | [CloudFunctionsShouldNotBePublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py) | | 6528 | CKV_GCP_108 | resource | google_sql_database_instance | Ensure hostnames are logged for GCP PostgreSQL databases | Terraform | [GoogleCloudPostgreSqlLogHostname.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogHostname.py) | | 6529 | CKV_GCP_109 | resource | google_sql_database_instance | Ensure the GCP PostgreSQL database log levels are set to ERROR or lower | Terraform | [GoogleCloudPostgreSqlLogMinErrorStatement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinErrorStatement.py) | | 6530 | CKV_GCP_110 | resource | google_sql_database_instance | Ensure pgAudit is enabled for your GCP PostgreSQL database | Terraform | [GoogleCloudPostgreSqlEnablePgaudit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlEnablePgaudit.py) | | 6531 | CKV_GCP_111 | resource | google_sql_database_instance | Ensure GCP PostgreSQL logs SQL statements | Terraform | [GoogleCloudPostgreSqlLogStatement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogStatement.py) | | 6532 | CKV_GCP_112 | resource | google_kms_crypto_key_iam_binding | Ensure KMS policy should not allow public access | Terraform | [GoogleKMSKeyIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleKMSKeyIsPublic.py) | | 6533 | CKV_GCP_112 | resource | google_kms_crypto_key_iam_member | Ensure KMS policy should not allow public access | Terraform | [GoogleKMSKeyIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleKMSKeyIsPublic.py) | | 6534 | CKV_GCP_112 | resource | google_kms_crypto_key_iam_policy | Ensure KMS policy should not allow public access | Terraform | [GoogleKMSKeyIsPublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleKMSKeyIsPublic.py) | | 6535 | CKV_GCP_113 | data | google_iam_policy | Ensure IAM policy should not define public access | Terraform | [GooglePolicyIsPrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/gcp/GooglePolicyIsPrivate.py) | | 6536 | CKV_GCP_114 | resource | google_storage_bucket | Ensure public access prevention is enforced on Cloud Storage bucket | Terraform | [GoogleStoragePublicAccessPrevention.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleStoragePublicAccessPrevention.py) | | 6537 | CKV_GCP_115 | resource | google_organization_iam_binding | Ensure basic roles are not used at organization level. | Terraform | [GoogleOrgBasicRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgBasicRole.py) | | 6538 | CKV_GCP_115 | resource | google_organization_iam_member | Ensure basic roles are not used at organization level. | Terraform | [GoogleOrgBasicRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgBasicRole.py) | | 6539 | CKV_GCP_116 | resource | google_folder_iam_binding | Ensure basic roles are not used at folder level. | Terraform | [GoogleFolderBasicRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderBasicRole.py) | | 6540 | CKV_GCP_116 | resource | google_folder_iam_member | Ensure basic roles are not used at folder level. | Terraform | [GoogleFolderBasicRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderBasicRole.py) | | 6541 | CKV_GCP_117 | resource | google_project_iam_binding | Ensure basic roles are not used at project level. | Terraform | [GoogleProjectBasicRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectBasicRole.py) | | 6542 | CKV_GCP_117 | resource | google_project_iam_member | Ensure basic roles are not used at project level. | Terraform | [GoogleProjectBasicRole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectBasicRole.py) | | 6543 | CKV_GCP_118 | resource | google_iam_workload_identity_pool_provider | Ensure IAM workload identity pool provider is restricted | Terraform | [GoogleIAMWorkloadIdentityConditional.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleIAMWorkloadIdentityConditional.py) | | 6544 | CKV_GCP_119 | resource | google_spanner_database | Ensure Spanner Database has deletion protection enabled | Terraform | [SpannerDatabaseDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/SpannerDatabaseDeletionProtection.py) | | 6545 | CKV_GCP_120 | resource | google_spanner_database | Ensure Spanner Database has drop protection enabled | Terraform | [SpannerDatabaseDropProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/SpannerDatabaseDropProtection.py) | | 6546 | CKV_GCP_121 | resource | google_bigquery_table | Ensure BigQuery tables have deletion protection enabled | Terraform | [BigQueryTableDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigQueryTableDeletionProtection.py) | | 6547 | CKV_GCP_122 | resource | google_bigtable_instance | Ensure Big Table Instances have deletion protection enabled | Terraform | [BigTableInstanceDeletionProtection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigTableInstanceDeletionProtection.py) | | 6548 | CKV_GCP_123 | resource | google_container_cluster | GKE Don't Use NodePools in the Cluster configuration | Terraform | [GKEDontUseNodePools.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GKEDontUseNodePools.py) | | 6549 | CKV_GCP_124 | resource | google_cloudfunctions2_function | Ensure GCP Cloud Function is not configured with overly permissive Ingress setting | Terraform | [CloudFunctionPermissiveIngress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionPermissiveIngress.py) | | 6550 | CKV_GCP_124 | resource | google_cloudfunctions_function | Ensure GCP Cloud Function is not configured with overly permissive Ingress setting | Terraform | [CloudFunctionPermissiveIngress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionPermissiveIngress.py) | | 6551 | CKV_GCP_125 | resource | google_iam_workload_identity_pool_provider | Ensure GCP GitHub Actions OIDC trust policy is configured securely | Terraform | [GithubActionsOIDCTrustPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GithubActionsOIDCTrustPolicy.py) | | 6552 | CKV_GCP_126 | resource | google_notebooks_instance | Ensure Vertex AI Notebook instances are launched with Shielded VM enabled | Terraform | [GoogleVertexAINotebookShieldedVM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleVertexAINotebookShieldedVM.py) | | 6553 | CKV_GCP_127 | resource | google_notebooks_instance | Ensure Integrity Monitoring for Shielded Vertex AI Notebook Instances is Enabled | Terraform | [VertexAINotebookEnsureIntegrityMonitoring.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/VertexAINotebookEnsureIntegrityMonitoring.py) | | 6554 | CKV2_GCP_1 | resource | google_project_default_service_accounts | Ensure GKE clusters are not running using the Compute Engine default service account | Terraform | [GKEClustersAreNotUsingDefaultServiceAccount.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GKEClustersAreNotUsingDefaultServiceAccount.yaml) | | 6555 | CKV2_GCP_2 | resource | google_compute_network | Ensure legacy networks do not exist for a project | Terraform | [GCPProjectHasNoLegacyNetworks.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPProjectHasNoLegacyNetworks.yaml) | | 6556 | CKV2_GCP_3 | resource | google_service_account_key | Ensure that there are only GCP-managed service account keys for each service account | Terraform | [ServiceAccountHasGCPmanagedKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/ServiceAccountHasGCPmanagedKey.yaml) | | 6557 | CKV2_GCP_4 | resource | google_logging_folder_sink | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform | [GCPLogBucketsConfiguredUsingLock.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPLogBucketsConfiguredUsingLock.yaml) | | 6558 | CKV2_GCP_4 | resource | google_logging_organization_sink | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform | [GCPLogBucketsConfiguredUsingLock.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPLogBucketsConfiguredUsingLock.yaml) | | 6559 | CKV2_GCP_4 | resource | google_logging_project_sink | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform | [GCPLogBucketsConfiguredUsingLock.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPLogBucketsConfiguredUsingLock.yaml) | | 6560 | CKV2_GCP_4 | resource | google_storage_bucket | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform | [GCPLogBucketsConfiguredUsingLock.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPLogBucketsConfiguredUsingLock.yaml) | | 6561 | CKV2_GCP_5 | resource | google_project | Ensure that Cloud Audit Logging is configured properly across all services and all users from a project | Terraform | [GCPAuditLogsConfiguredForAllServicesAndUsers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPAuditLogsConfiguredForAllServicesAndUsers.yaml) | | 6562 | CKV2_GCP_5 | resource | google_project_iam_audit_config | Ensure that Cloud Audit Logging is configured properly across all services and all users from a project | Terraform | [GCPAuditLogsConfiguredForAllServicesAndUsers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPAuditLogsConfiguredForAllServicesAndUsers.yaml) | | 6563 | CKV2_GCP_6 | resource | google_kms_crypto_key | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | Terraform | [GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml) | | 6564 | CKV2_GCP_6 | resource | google_kms_crypto_key_iam_binding | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | Terraform | [GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml) | | 6565 | CKV2_GCP_6 | resource | google_kms_crypto_key_iam_member | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | Terraform | [GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml) | | 6566 | CKV2_GCP_7 | resource | google_sql_database_instance | Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges | Terraform | [DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml) | | 6567 | CKV2_GCP_7 | resource | google_sql_user | Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges | Terraform | [DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml) | | 6568 | CKV2_GCP_8 | resource | google_kms_key_ring | Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible | Terraform | [GCPKMSKeyRingsAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPKMSKeyRingsAreNotPubliclyAccessible.yaml) | | 6569 | CKV2_GCP_8 | resource | google_kms_key_ring_iam_binding | Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible | Terraform | [GCPKMSKeyRingsAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPKMSKeyRingsAreNotPubliclyAccessible.yaml) | | 6570 | CKV2_GCP_8 | resource | google_kms_key_ring_iam_member | Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible | Terraform | [GCPKMSKeyRingsAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPKMSKeyRingsAreNotPubliclyAccessible.yaml) | | 6571 | CKV2_GCP_9 | resource | google_container_registry | Ensure that Container Registry repositories are not anonymously or publicly accessible | Terraform | [GCPContainerRegistryReposAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPContainerRegistryReposAreNotPubliclyAccessible.yaml) | | 6572 | CKV2_GCP_9 | resource | google_storage_bucket_iam_binding | Ensure that Container Registry repositories are not anonymously or publicly accessible | Terraform | [GCPContainerRegistryReposAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPContainerRegistryReposAreNotPubliclyAccessible.yaml) | | 6573 | CKV2_GCP_9 | resource | google_storage_bucket_iam_member | Ensure that Container Registry repositories are not anonymously or publicly accessible | Terraform | [GCPContainerRegistryReposAreNotPubliclyAccessible.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPContainerRegistryReposAreNotPubliclyAccessible.yaml) | | 6574 | CKV2_GCP_10 | resource | google_cloudfunctions_function | Ensure GCP Cloud Function HTTP trigger is secured | Terraform | [CloudFunctionSecureHTTPTrigger.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/CloudFunctionSecureHTTPTrigger.yaml) | | 6575 | CKV2_GCP_11 | resource | google_project_services | Ensure GCP GCR Container Vulnerability Scanning is enabled | Terraform | [GCRContainerVulnerabilityScanningEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCRContainerVulnerabilityScanningEnabled.yaml) | | 6576 | CKV2_GCP_12 | resource | google_compute_firewall | Ensure GCP compute firewall ingress does not allow unrestricted access to all ports | Terraform | [GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml) | | 6577 | CKV2_GCP_13 | resource | google_sql_database_instance | Ensure PostgreSQL database flag 'log_duration' is set to 'on' | Terraform | [GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml) | | 6578 | CKV2_GCP_14 | resource | google_sql_database_instance | Ensure PostgreSQL database flag 'log_executor_stats' is set to 'off' | Terraform | [GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml) | | 6579 | CKV2_GCP_15 | resource | google_sql_database_instance | Ensure PostgreSQL database flag 'log_parser_stats' is set to 'off' | Terraform | [GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml) | | 6580 | CKV2_GCP_16 | resource | google_sql_database_instance | Ensure PostgreSQL database flag 'log_planner_stats' is set to 'off' | Terraform | [GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml) | | 6581 | CKV2_GCP_17 | resource | google_sql_database_instance | Ensure PostgreSQL database flag 'log_statement_stats' is set to 'off' | Terraform | [GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml) | | 6582 | CKV2_GCP_18 | resource | google_compute_network | Ensure GCP network defines a firewall and does not use the default firewall | Terraform | [GCPNetworkDoesNotUseDefaultFirewall.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPNetworkDoesNotUseDefaultFirewall.yaml) | | 6583 | CKV2_GCP_19 | resource | google_container_cluster | Ensure GCP Kubernetes engine clusters have 'alpha cluster' feature disabled | Terraform | [GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml) | | 6584 | CKV2_GCP_20 | resource | google_sql_database_instance | Ensure MySQL DB instance has point-in-time recovery backup configured | Terraform | [GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml) | | 6585 | CKV2_GCP_21 | resource | google_notebooks_instance | Ensure Vertex AI instance disks are encrypted with a Customer Managed Key (CMK) | Terraform | [GCPVertexInstanceEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexInstanceEncryptedWithCMK.yaml) | | 6586 | CKV2_GCP_22 | resource | google_document_ai_processor | Ensure Document AI Processors are encrypted with a Customer Managed Key (CMK) | Terraform | [GCPDocumentAIProcessorEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPDocumentAIProcessorEncryptedWithCMK.yaml) | | 6587 | CKV2_GCP_23 | resource | google_document_ai_warehouse_location | Ensure Document AI Warehouse Location is configured to use a Customer Managed Key (CMK) | Terraform | [GCPDocumentAIWarehouseLocationEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPDocumentAIWarehouseLocationEncryptedWithCMK.yaml) | | 6588 | CKV2_GCP_24 | resource | google_vertex_ai_endpoint | Ensure Vertex AI endpoint uses a Customer Managed Key (CMK) | Terraform | [GCPVertexAIEndpointEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexAIEndpointEncryptedWithCMK.yaml) | | 6589 | CKV2_GCP_25 | resource | google_vertex_ai_featurestore | Ensure Vertex AI featurestore uses a Customer Managed Key (CMK) | Terraform | [GCPVertexAIFeaturestoreEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexAIFeaturestoreEncryptedWithCMK.yaml) | | 6590 | CKV2_GCP_26 | resource | google_vertex_ai_tensorboard | Ensure Vertex AI tensorboard uses a Customer Managed Key (CMK) | Terraform | [GCPVertexAITensorboardEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexAITensorboardEncryptedWithCMK.yaml) | | 6591 | CKV2_GCP_27 | resource | google_workbench_instance | Ensure Vertex AI workbench instance disks are encrypted with a Customer Managed Key (CMK) | Terraform | [GCPVertexWorkbenchInstanceEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexWorkbenchInstanceEncryptedWithCMK.yaml) | | 6592 | CKV2_GCP_28 | resource | google_workbench_instance | Ensure Vertex AI workbench instances are private | Terraform | [GCPVertexWorkbenchInstanceNoPublicIp.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexWorkbenchInstanceNoPublicIp.yaml) | | 6593 | CKV2_GCP_29 | resource | google_dialogflow_agent | Ensure logging is enabled for Dialogflow agents | Terraform | [GCPDialogFlowAgentLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPDialogFlowAgentLoggingEnabled.yaml) | | 6594 | CKV2_GCP_30 | resource | google_dialogflow_cx_agent | Ensure logging is enabled for Dialogflow CX agents | Terraform | [GCPDialogFlowCxAgentLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPDialogFlowCxAgentLoggingEnabled.yaml) | | 6595 | CKV2_GCP_31 | resource | google_dialogflow_cx_webhook | Ensure logging is enabled for Dialogflow CX webhooks | Terraform | [GCPDialogFlowCxWebhookLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPDialogFlowCxWebhookLoggingEnabled.yaml) | | 6596 | CKV2_GCP_32 | resource | google_tpu_v2_vm | Ensure TPU v2 is private | Terraform | [GCPTpuV2VmPrivateEndpoint.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPTpuV2VmPrivateEndpoint.yaml) | | 6597 | CKV2_GCP_33 | resource | google_vertex_ai_endpoint | Ensure Vertex AI endpoint is private | Terraform | [GCPVertexAIPrivateEndpoint.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexAIPrivateEndpoint.yaml) | | 6598 | CKV2_GCP_34 | resource | google_vertex_ai_index_endpoint | Ensure Vertex AI index endpoint is private | Terraform | [GCPVertexAIPrivateIndexEndpoint.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexAIPrivateIndexEndpoint.yaml) | | 6599 | CKV2_GCP_35 | resource | google_notebooks_runtime | Ensure Vertex AI runtime is encrypted with a Customer Managed Key (CMK) | Terraform | [GCPVertexRuntimeEncryptedWithCMK.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexRuntimeEncryptedWithCMK.yaml) | | 6600 | CKV2_GCP_36 | resource | google_notebooks_runtime | Ensure Vertex AI runtime is private | Terraform | [GCPVertexRuntimePrivate.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPVertexRuntimePrivate.yaml) | | 6601 | CKV2_GCP_37 | resource | google_compute_forwarding_rule | Ensure GCP compute regional forwarding rule does not use HTTP proxies with EXTERNAL load balancing scheme | Terraform | [GCPComputeRegionalForwardingRuleCheck.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPComputeRegionalForwardingRuleCheck.yaml) | | 6602 | CKV2_GCP_38 | resource | google_compute_global_forwarding_rule | Ensure GCP compute global forwarding rule does not use HTTP proxies with EXTERNAL load balancing scheme | Terraform | [GCPComputeGlobalForwardingRuleCheck.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPComputeGlobalForwardingRuleCheck.yaml) | | 6603 | CKV_GHA_1 | jobs | jobs | Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables | github_actions | [AllowUnsecureCommandsOnJob.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/AllowUnsecureCommandsOnJob.py) | | 6604 | CKV_GHA_1 | jobs | jobs.*.steps[] | Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables | github_actions | [AllowUnsecureCommandsOnJob.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/AllowUnsecureCommandsOnJob.py) | | 6605 | CKV_GHA_2 | jobs | jobs | Ensure run commands are not vulnerable to shell injection | github_actions | [ShellInjection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/ShellInjection.py) | | 6606 | CKV_GHA_2 | jobs | jobs.*.steps[] | Ensure run commands are not vulnerable to shell injection | github_actions | [ShellInjection.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/ShellInjection.py) | | 6607 | CKV_GHA_3 | jobs | jobs | Suspicious use of curl with secrets | github_actions | [SuspectCurlInScript.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/SuspectCurlInScript.py) | | 6608 | CKV_GHA_3 | jobs | jobs.*.steps[] | Suspicious use of curl with secrets | github_actions | [SuspectCurlInScript.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/SuspectCurlInScript.py) | | 6609 | CKV_GHA_4 | jobs | jobs | Suspicious use of netcat with IP address | github_actions | [ReverseShellNetcat.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/ReverseShellNetcat.py) | | 6610 | CKV_GHA_4 | jobs | jobs.*.steps[] | Suspicious use of netcat with IP address | github_actions | [ReverseShellNetcat.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/ReverseShellNetcat.py) | | 6611 | CKV_GHA_5 | jobs | jobs | Found artifact build without evidence of cosign sign execution in pipeline | github_actions | [CosignArtifacts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/CosignArtifacts.py) | | 6612 | CKV_GHA_6 | jobs | jobs | Found artifact build without evidence of cosign sbom attestation in pipeline | github_actions | [CosignSBOM.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/CosignSBOM.py) | | 6613 | CKV_GHA_7 | jobs | on | The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. | github_actions | [EmptyWorkflowDispatch.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/job/EmptyWorkflowDispatch.py) | | 6614 | CKV2_GHA_1 | resource | permissions | Ensure top-level permissions are not set to write-all | github_actions | [ReadOnlyTopLevelPermissions.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/github_actions/checks/graph_checks/ReadOnlyTopLevelPermissions.yaml) | | 6615 | CKV_GIT_1 | resource | github_repository | Ensure GitHub repository is Private | Terraform | [PrivateRepo.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/PrivateRepo.py) | | 6616 | CKV_GIT_2 | resource | github_repository_webhook | Ensure GitHub repository webhooks are using HTTPS | Terraform | [WebhookInsecureSsl.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/WebhookInsecureSsl.py) | | 6617 | CKV_GIT_3 | resource | github_repository | Ensure GitHub repository has vulnerability alerts enabled | Terraform | [RepositoryEnableVulnerabilityAlerts.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/RepositoryEnableVulnerabilityAlerts.py) | | 6618 | CKV_GIT_4 | resource | github_actions_environment_secret | Ensure GitHub Actions secrets are encrypted | Terraform | [SecretsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/SecretsEncrypted.py) | | 6619 | CKV_GIT_4 | resource | github_actions_organization_secret | Ensure GitHub Actions secrets are encrypted | Terraform | [SecretsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/SecretsEncrypted.py) | | 6620 | CKV_GIT_4 | resource | github_actions_secret | Ensure GitHub Actions secrets are encrypted | Terraform | [SecretsEncrypted.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/SecretsEncrypted.py) | | 6621 | CKV_GIT_5 | resource | github_branch_protection | GitHub pull requests should require at least 2 approvals | Terraform | [BranchProtectionReviewNumTwo.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/BranchProtectionReviewNumTwo.py) | | 6622 | CKV_GIT_5 | resource | github_branch_protection_v3 | GitHub pull requests should require at least 2 approvals | Terraform | [BranchProtectionReviewNumTwo.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/BranchProtectionReviewNumTwo.py) | | 6623 | CKV_GIT_6 | resource | github_branch_protection | Ensure GitHub branch protection rules requires signed commits | Terraform | [BranchProtectionRequireSignedCommits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/BranchProtectionRequireSignedCommits.py) | | 6624 | CKV_GIT_6 | resource | github_branch_protection_v3 | Ensure GitHub branch protection rules requires signed commits | Terraform | [BranchProtectionRequireSignedCommits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/github/BranchProtectionRequireSignedCommits.py) | | 6625 | CKV2_GIT_1 | resource | github_repository | Ensure each Repository has branch protection associated | Terraform | [RepositoryHasBranchProtection.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/github/RepositoryHasBranchProtection.yaml) | | 6626 | CKV_GITHUB_1 | github_configuration | * | Ensure GitHub organization security settings require 2FA | github_configuration | [2fa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/2fa.py) | | 6627 | CKV_GITHUB_2 | github_configuration | * | Ensure GitHub organization security settings require SSO | github_configuration | [sso.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/sso.py) | | 6628 | CKV_GITHUB_3 | github_configuration | * | Ensure GitHub organization security settings has IP allow list enabled | github_configuration | [ipallowlist.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/ipallowlist.py) | | 6629 | CKV_GITHUB_4 | github_configuration | * | Ensure GitHub branch protection rules requires signed commits | github_configuration | [require_signatures.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_signatures.py) | | 6630 | CKV_GITHUB_5 | github_configuration | * | Ensure GitHub branch protection rules does not allow force pushes | github_configuration | [disallow_force_pushes.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/disallow_force_pushes.py) | | 6631 | CKV_GITHUB_6 | github_configuration | * | Ensure GitHub organization webhooks are using HTTPS | github_configuration | [webhooks_https_orgs.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/webhooks_https_orgs.py) | | 6632 | CKV_GITHUB_7 | github_configuration | * | Ensure GitHub repository webhooks are using HTTPS | github_configuration | [webhooks_https_repos.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/webhooks_https_repos.py) | | 6633 | CKV_GITHUB_8 | github_configuration | * | Ensure GitHub branch protection rules requires linear history | github_configuration | [require_linear_history.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_linear_history.py) | | 6634 | CKV_GITHUB_9 | github_configuration | * | Ensure 2 admins are set for each repository | github_configuration | [repository_collaborators.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/repository_collaborators.py) | | 6635 | CKV_GITHUB_10 | github_configuration | * | Ensure branch protection rules are enforced on administrators | github_configuration | [enforce_branch_protection_admins.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/enforce_branch_protection_admins.py) | | 6636 | CKV_GITHUB_11 | github_configuration | * | Ensure GitHub branch protection dismisses stale review on new commit | github_configuration | [dismiss_stale_reviews.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/dismiss_stale_reviews.py) | | 6637 | CKV_GITHUB_12 | github_configuration | * | Ensure GitHub branch protection restricts who can dismiss PR reviews | github_configuration | [restrict_pr_review_dismissal.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/restrict_pr_review_dismissal.py) | | 6638 | CKV_GITHUB_13 | github_configuration | * | Ensure GitHub branch protection requires CODEOWNER reviews | github_configuration | [require_code_owner_reviews.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_code_owner_reviews.py) | | 6639 | CKV_GITHUB_14 | github_configuration | * | Ensure all checks have passed before the merge of new code | github_configuration | [require_status_checks_pr.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_status_checks_pr.py) | | 6640 | CKV_GITHUB_15 | github_configuration | * | Ensure inactive branches are reviewed and removed periodically | github_configuration | [disallow_inactive_branch_60days.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/disallow_inactive_branch_60days.py) | | 6641 | CKV_GITHUB_16 | github_configuration | * | Ensure GitHub branch protection requires conversation resolution | github_configuration | [require_conversation_resolution.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_conversation_resolution.py) | | 6642 | CKV_GITHUB_17 | github_configuration | * | Ensure GitHub branch protection requires push restrictions | github_configuration | [require_push_restrictions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_push_restrictions.py) | | 6643 | CKV_GITHUB_18 | github_configuration | * | Ensure GitHub branch protection rules does not allow deletions | github_configuration | [disallow_branch_deletions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/disallow_branch_deletions.py) | | 6644 | CKV_GITHUB_19 | github_configuration | * | Ensure any change to code receives approval of two strongly authenticated users | github_configuration | [require_2approvals.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_2approvals.py) | | 6645 | CKV_GITHUB_20 | github_configuration | * | Ensure open git branches are up to date before they can be merged into codebase | github_configuration | [require_updated_branch_pr.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_updated_branch_pr.py) | | 6646 | CKV_GITHUB_21 | github_configuration | * | Ensure public repository creation is limited to specific members | github_configuration | [public_repository_creation_is_limited.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/public_repository_creation_is_limited.py) | | 6647 | CKV_GITHUB_22 | github_configuration | * | Ensure private repository creation is limited to specific members | github_configuration | [private_repository_creation_is_limited.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/private_repository_creation_is_limited.py) | | 6648 | CKV_GITHUB_23 | github_configuration | * | Ensure internal repository creation is limited to specific members | github_configuration | [internal_repository_creation_is_limited.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/internal_repository_creation_is_limited.py) | | 6649 | CKV_GITHUB_26 | github_configuration | * | Ensure minimum admins are set for the organization | github_configuration | [minimum_admins_in_org.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/minimum_admins_in_org.py) | | 6650 | CKV_GITHUB_27 | github_configuration | * | Ensure strict base permissions are set for repositories | github_configuration | [require_strict_base_permissions_repository.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_strict_base_permissions_repository.py) | | 6651 | CKV_GITHUB_28 | github_configuration | * | Ensure an organization's identity is confirmed with a Verified badge Passed | github_configuration | [require_verified_organization.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/github/checks/require_verified_organization.py) | | 6652 | CKV_GITLAB_1 | gitlab_configuration | * | Merge requests should require at least 2 approvals | gitlab_configuration | [merge_requests_approvals.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/gitlab/checks/merge_requests_approvals.py) | | 6653 | CKV_GITLABCI_1 | jobs | *.script[] | Suspicious use of curl with CI environment variables in script | gitlab_ci | [SuspectCurlInScript.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/gitlab_ci/checks/job/SuspectCurlInScript.py) | | 6654 | CKV_GITLABCI_2 | jobs | *.rules | Avoid creating rules that generate double pipelines | gitlab_ci | [AvoidDoublePipelines.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/gitlab_ci/checks/job/AvoidDoublePipelines.py) | | 6655 | CKV_GITLABCI_3 | jobs | *.image[] | Detecting image usages in gitlab workflows | gitlab_ci | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/gitlab_ci/checks/job/DetectImagesUsage.py) | | 6656 | CKV_GITLABCI_3 | jobs | *.services[] | Detecting image usages in gitlab workflows | gitlab_ci | [DetectImagesUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/gitlab_ci/checks/job/DetectImagesUsage.py) | | 6657 | CKV_GLB_1 | resource | gitlab_project | Ensure at least two approving reviews are required to merge a GitLab MR | Terraform | [RequireTwoApprovalsToMerge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gitlab/RequireTwoApprovalsToMerge.py) | | 6658 | CKV_GLB_2 | resource | gitlab_branch_protection | Ensure GitLab branch protection rules does not allow force pushes | Terraform | [ForcePushDisabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gitlab/ForcePushDisabled.py) | | 6659 | CKV_GLB_3 | resource | gitlab_project | Ensure GitLab prevent secrets is enabled | Terraform | [PreventSecretsEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gitlab/PreventSecretsEnabled.py) | | 6660 | CKV_GLB_4 | resource | gitlab_project | Ensure GitLab commits are signed | Terraform | [RejectUnsignedCommits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gitlab/RejectUnsignedCommits.py) | | 6661 | CKV2_IBM_1 | resource | ibm_is_lb | Ensure load balancer for VPC is private (disable public access) | Terraform | [IBM_LoadBalancerforVPCisPrivate.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ibm/IBM_LoadBalancerforVPCisPrivate.yaml) | | 6662 | CKV2_IBM_2 | resource | ibm_is_vpc | Ensure VPC classic access is disabled | Terraform | [IBM_VPCclassicAccessIsDisabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ibm/IBM_VPCclassicAccessIsDisabled.yaml) | | 6663 | CKV2_IBM_3 | resource | ibm_iam_account_settings | Ensure API key creation is restricted in account settings | Terraform | [IBM_RestrictAPIkeyCreationInAccountSettings.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ibm/IBM_RestrictAPIkeyCreationInAccountSettings.yaml) | | 6664 | CKV2_IBM_4 | resource | ibm_iam_account_settings | Ensure Multi-Factor Authentication (MFA) is enabled at the account level | Terraform | [IBM_EnableMFAatAccountLevel.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ibm/IBM_EnableMFAatAccountLevel.yaml) | | 6665 | CKV2_IBM_5 | resource | ibm_iam_account_settings | Ensure Service ID creation is restricted in account settings | Terraform | [IBM_RestrictServiceIDCreationInAccountSettings.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ibm/IBM_RestrictServiceIDCreationInAccountSettings.yaml) | | 6666 | CKV2_IBM_7 | resource | ibm_container_cluster | Ensure Kubernetes clusters are accessible by using private endpoint and NOT public endpoint | Terraform | [IBM_K8sClustersAccessibleViaPrivateEndPt.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ibm/IBM_K8sClustersAccessibleViaPrivateEndPt.yaml) | | 6667 | CKV_K8S_1 | resource | PodSecurityPolicy | Do not admit containers wishing to share the host process ID namespace | Kubernetes | [ShareHostPIDPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPIDPSP.py) | | 6668 | CKV_K8S_1 | resource | kubernetes_pod_security_policy | Do not admit containers wishing to share the host process ID namespace | Terraform | [ShareHostPIDPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostPIDPSP.py) | | 6669 | CKV_K8S_2 | resource | PodSecurityPolicy | Do not admit privileged containers | Kubernetes | [PrivilegedContainersPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainersPSP.py) | | 6670 | CKV_K8S_2 | resource | kubernetes_pod_security_policy | Do not admit privileged containers | Terraform | [PrivilegedContainerPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PrivilegedContainerPSP.py) | | 6671 | CKV_K8S_3 | resource | PodSecurityPolicy | Do not admit containers wishing to share the host IPC namespace | Kubernetes | [ShareHostIPCPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPCPSP.py) | | 6672 | CKV_K8S_3 | resource | kubernetes_pod_security_policy | Do not admit containers wishing to share the host IPC namespace | Terraform | [ShareHostIPCPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostIPCPSP.py) | | 6673 | CKV_K8S_4 | resource | PodSecurityPolicy | Do not admit containers wishing to share the host network namespace | Kubernetes | [SharedHostNetworkNamespacePSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespacePSP.py) | | 6674 | CKV_K8S_4 | resource | kubernetes_pod_security_policy | Do not admit containers wishing to share the host network namespace | Terraform | [SharedHostNetworkNamespacePSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespacePSP.py) | | 6675 | CKV_K8S_5 | resource | PodSecurityPolicy | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalationPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalationPSP.py) | | 6676 | CKV_K8S_5 | resource | kubernetes_pod_security_policy | Containers should not run with allowPrivilegeEscalation | Terraform | [AllowPrivilegeEscalationPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalationPSP.py) | | 6677 | CKV_K8S_6 | resource | PodSecurityPolicy | Do not admit root containers | Kubernetes | [RootContainersPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersPSP.py) | | 6678 | CKV_K8S_6 | resource | kubernetes_pod_security_policy | Do not admit root containers | Terraform | [RootContainerPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/RootContainerPSP.py) | | 6679 | CKV_K8S_7 | resource | PodSecurityPolicy | Do not admit containers with the NET_RAW capability | Kubernetes | [DropCapabilitiesPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilitiesPSP.py) | | 6680 | CKV_K8S_7 | resource | kubernetes_pod_security_policy | Do not admit containers with the NET_RAW capability | Terraform | [DropCapabilitiesPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DropCapabilitiesPSP.py) | | 6681 | CKV_K8S_8 | resource | DaemonSet | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6682 | CKV_K8S_8 | resource | Deployment | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6683 | CKV_K8S_8 | resource | DeploymentConfig | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6684 | CKV_K8S_8 | resource | Pod | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6685 | CKV_K8S_8 | resource | PodTemplate | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6686 | CKV_K8S_8 | resource | ReplicaSet | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6687 | CKV_K8S_8 | resource | ReplicationController | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6688 | CKV_K8S_8 | resource | StatefulSet | Liveness Probe Should be Configured | Kubernetes | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/LivenessProbe.py) | | 6689 | CKV_K8S_8 | resource | kubernetes_deployment | Liveness Probe Should be Configured | Terraform | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py) | | 6690 | CKV_K8S_8 | resource | kubernetes_deployment_v1 | Liveness Probe Should be Configured | Terraform | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py) | | 6691 | CKV_K8S_8 | resource | kubernetes_pod | Liveness Probe Should be Configured | Terraform | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py) | | 6692 | CKV_K8S_8 | resource | kubernetes_pod_v1 | Liveness Probe Should be Configured | Terraform | [LivenessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/LivenessProbe.py) | | 6693 | CKV_K8S_9 | resource | DaemonSet | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6694 | CKV_K8S_9 | resource | Deployment | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6695 | CKV_K8S_9 | resource | DeploymentConfig | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6696 | CKV_K8S_9 | resource | Pod | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6697 | CKV_K8S_9 | resource | PodTemplate | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6698 | CKV_K8S_9 | resource | ReplicaSet | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6699 | CKV_K8S_9 | resource | ReplicationController | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6700 | CKV_K8S_9 | resource | StatefulSet | Readiness Probe Should be Configured | Kubernetes | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadinessProbe.py) | | 6701 | CKV_K8S_9 | resource | kubernetes_deployment | Readiness Probe Should be Configured | Terraform | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py) | | 6702 | CKV_K8S_9 | resource | kubernetes_deployment_v1 | Readiness Probe Should be Configured | Terraform | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py) | | 6703 | CKV_K8S_9 | resource | kubernetes_pod | Readiness Probe Should be Configured | Terraform | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py) | | 6704 | CKV_K8S_9 | resource | kubernetes_pod_v1 | Readiness Probe Should be Configured | Terraform | [ReadinessProbe.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadinessProbe.py) | | 6705 | CKV_K8S_10 | resource | CronJob | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6706 | CKV_K8S_10 | resource | DaemonSet | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6707 | CKV_K8S_10 | resource | Deployment | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6708 | CKV_K8S_10 | resource | DeploymentConfig | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6709 | CKV_K8S_10 | resource | Job | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6710 | CKV_K8S_10 | resource | Pod | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6711 | CKV_K8S_10 | resource | PodTemplate | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6712 | CKV_K8S_10 | resource | ReplicaSet | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6713 | CKV_K8S_10 | resource | ReplicationController | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6714 | CKV_K8S_10 | resource | StatefulSet | CPU requests should be set | Kubernetes | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPURequests.py) | | 6715 | CKV_K8S_10 | resource | kubernetes_deployment | CPU requests should be set | Terraform | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPURequests.py) | | 6716 | CKV_K8S_10 | resource | kubernetes_deployment_v1 | CPU requests should be set | Terraform | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPURequests.py) | | 6717 | CKV_K8S_10 | resource | kubernetes_pod | CPU requests should be set | Terraform | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPURequests.py) | | 6718 | CKV_K8S_10 | resource | kubernetes_pod_v1 | CPU requests should be set | Terraform | [CPURequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPURequests.py) | | 6719 | CKV_K8S_11 | resource | CronJob | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6720 | CKV_K8S_11 | resource | DaemonSet | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6721 | CKV_K8S_11 | resource | Deployment | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6722 | CKV_K8S_11 | resource | DeploymentConfig | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6723 | CKV_K8S_11 | resource | Job | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6724 | CKV_K8S_11 | resource | Pod | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6725 | CKV_K8S_11 | resource | PodTemplate | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6726 | CKV_K8S_11 | resource | ReplicaSet | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6727 | CKV_K8S_11 | resource | ReplicationController | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6728 | CKV_K8S_11 | resource | StatefulSet | CPU limits should be set | Kubernetes | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py) | | 6729 | CKV_K8S_11 | resource | kubernetes_deployment | CPU Limits should be set | Terraform | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPULimits.py) | | 6730 | CKV_K8S_11 | resource | kubernetes_deployment_v1 | CPU Limits should be set | Terraform | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPULimits.py) | | 6731 | CKV_K8S_11 | resource | kubernetes_pod | CPU Limits should be set | Terraform | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPULimits.py) | | 6732 | CKV_K8S_11 | resource | kubernetes_pod_v1 | CPU Limits should be set | Terraform | [CPULimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/CPULimits.py) | | 6733 | CKV_K8S_12 | resource | CronJob | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6734 | CKV_K8S_12 | resource | DaemonSet | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6735 | CKV_K8S_12 | resource | Deployment | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6736 | CKV_K8S_12 | resource | DeploymentConfig | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6737 | CKV_K8S_12 | resource | Job | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6738 | CKV_K8S_12 | resource | Pod | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6739 | CKV_K8S_12 | resource | PodTemplate | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6740 | CKV_K8S_12 | resource | ReplicaSet | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6741 | CKV_K8S_12 | resource | ReplicationController | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6742 | CKV_K8S_12 | resource | StatefulSet | Memory requests should be set | Kubernetes | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryRequests.py) | | 6743 | CKV_K8S_12 | resource | kubernetes_deployment | Memory Limits should be set | Terraform | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py) | | 6744 | CKV_K8S_12 | resource | kubernetes_deployment_v1 | Memory Limits should be set | Terraform | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py) | | 6745 | CKV_K8S_12 | resource | kubernetes_pod | Memory Limits should be set | Terraform | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py) | | 6746 | CKV_K8S_12 | resource | kubernetes_pod_v1 | Memory Limits should be set | Terraform | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryLimits.py) | | 6747 | CKV_K8S_13 | resource | CronJob | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6748 | CKV_K8S_13 | resource | DaemonSet | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6749 | CKV_K8S_13 | resource | Deployment | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6750 | CKV_K8S_13 | resource | DeploymentConfig | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6751 | CKV_K8S_13 | resource | Job | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6752 | CKV_K8S_13 | resource | Pod | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6753 | CKV_K8S_13 | resource | PodTemplate | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6754 | CKV_K8S_13 | resource | ReplicaSet | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6755 | CKV_K8S_13 | resource | ReplicationController | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6756 | CKV_K8S_13 | resource | StatefulSet | Memory limits should be set | Kubernetes | [MemoryLimits.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MemoryLimits.py) | | 6757 | CKV_K8S_13 | resource | kubernetes_deployment | Memory requests should be set | Terraform | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py) | | 6758 | CKV_K8S_13 | resource | kubernetes_deployment_v1 | Memory requests should be set | Terraform | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py) | | 6759 | CKV_K8S_13 | resource | kubernetes_pod | Memory requests should be set | Terraform | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py) | | 6760 | CKV_K8S_13 | resource | kubernetes_pod_v1 | Memory requests should be set | Terraform | [MemoryRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MemoryRequests.py) | | 6761 | CKV_K8S_14 | resource | CronJob | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6762 | CKV_K8S_14 | resource | DaemonSet | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6763 | CKV_K8S_14 | resource | Deployment | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6764 | CKV_K8S_14 | resource | DeploymentConfig | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6765 | CKV_K8S_14 | resource | Job | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6766 | CKV_K8S_14 | resource | Pod | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6767 | CKV_K8S_14 | resource | PodTemplate | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6768 | CKV_K8S_14 | resource | ReplicaSet | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6769 | CKV_K8S_14 | resource | ReplicationController | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6770 | CKV_K8S_14 | resource | StatefulSet | Image Tag should be fixed - not latest or blank | Kubernetes | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageTagFixed.py) | | 6771 | CKV_K8S_14 | resource | kubernetes_deployment | Image Tag should be fixed - not latest or blank | Terraform | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py) | | 6772 | CKV_K8S_14 | resource | kubernetes_deployment_v1 | Image Tag should be fixed - not latest or blank | Terraform | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py) | | 6773 | CKV_K8S_14 | resource | kubernetes_pod | Image Tag should be fixed - not latest or blank | Terraform | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py) | | 6774 | CKV_K8S_14 | resource | kubernetes_pod_v1 | Image Tag should be fixed - not latest or blank | Terraform | [ImageTagFixed.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageTagFixed.py) | | 6775 | CKV_K8S_15 | resource | CronJob | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6776 | CKV_K8S_15 | resource | DaemonSet | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6777 | CKV_K8S_15 | resource | Deployment | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6778 | CKV_K8S_15 | resource | DeploymentConfig | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6779 | CKV_K8S_15 | resource | Job | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6780 | CKV_K8S_15 | resource | Pod | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6781 | CKV_K8S_15 | resource | PodTemplate | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6782 | CKV_K8S_15 | resource | ReplicaSet | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6783 | CKV_K8S_15 | resource | ReplicationController | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6784 | CKV_K8S_15 | resource | StatefulSet | Image Pull Policy should be Always | Kubernetes | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImagePullPolicyAlways.py) | | 6785 | CKV_K8S_15 | resource | kubernetes_deployment | Image Pull Policy should be Always | Terraform | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py) | | 6786 | CKV_K8S_15 | resource | kubernetes_deployment_v1 | Image Pull Policy should be Always | Terraform | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py) | | 6787 | CKV_K8S_15 | resource | kubernetes_pod | Image Pull Policy should be Always | Terraform | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py) | | 6788 | CKV_K8S_15 | resource | kubernetes_pod_v1 | Image Pull Policy should be Always | Terraform | [ImagePullPolicyAlways.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImagePullPolicyAlways.py) | | 6789 | CKV_K8S_16 | resource | CronJob | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6790 | CKV_K8S_16 | resource | DaemonSet | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6791 | CKV_K8S_16 | resource | Deployment | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6792 | CKV_K8S_16 | resource | DeploymentConfig | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6793 | CKV_K8S_16 | resource | Job | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6794 | CKV_K8S_16 | resource | Pod | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6795 | CKV_K8S_16 | resource | PodTemplate | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6796 | CKV_K8S_16 | resource | ReplicaSet | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6797 | CKV_K8S_16 | resource | ReplicationController | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6798 | CKV_K8S_16 | resource | StatefulSet | Container should not be privileged | Kubernetes | [PrivilegedContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PrivilegedContainers.py) | | 6799 | CKV_K8S_16 | resource | kubernetes_deployment | Do not admit privileged containers | Terraform | [PrivilegedContainer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py) | | 6800 | CKV_K8S_16 | resource | kubernetes_deployment_v1 | Do not admit privileged containers | Terraform | [PrivilegedContainer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py) | | 6801 | CKV_K8S_16 | resource | kubernetes_pod | Do not admit privileged containers | Terraform | [PrivilegedContainer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py) | | 6802 | CKV_K8S_16 | resource | kubernetes_pod_v1 | Do not admit privileged containers | Terraform | [PrivilegedContainer.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PrivilegedContainer.py) | | 6803 | CKV_K8S_17 | resource | CronJob | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6804 | CKV_K8S_17 | resource | DaemonSet | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6805 | CKV_K8S_17 | resource | Deployment | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6806 | CKV_K8S_17 | resource | Job | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6807 | CKV_K8S_17 | resource | Pod | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6808 | CKV_K8S_17 | resource | ReplicaSet | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6809 | CKV_K8S_17 | resource | ReplicationController | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6810 | CKV_K8S_17 | resource | StatefulSet | Containers should not share the host process ID namespace | Kubernetes | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostPID.py) | | 6811 | CKV_K8S_17 | resource | kubernetes_deployment | Do not admit containers wishing to share the host process ID namespace | Terraform | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py) | | 6812 | CKV_K8S_17 | resource | kubernetes_deployment_v1 | Do not admit containers wishing to share the host process ID namespace | Terraform | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py) | | 6813 | CKV_K8S_17 | resource | kubernetes_pod | Do not admit containers wishing to share the host process ID namespace | Terraform | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py) | | 6814 | CKV_K8S_17 | resource | kubernetes_pod_v1 | Do not admit containers wishing to share the host process ID namespace | Terraform | [ShareHostPID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostPID.py) | | 6815 | CKV_K8S_18 | resource | CronJob | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6816 | CKV_K8S_18 | resource | DaemonSet | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6817 | CKV_K8S_18 | resource | Deployment | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6818 | CKV_K8S_18 | resource | Job | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6819 | CKV_K8S_18 | resource | Pod | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6820 | CKV_K8S_18 | resource | ReplicaSet | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6821 | CKV_K8S_18 | resource | ReplicationController | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6822 | CKV_K8S_18 | resource | StatefulSet | Containers should not share the host IPC namespace | Kubernetes | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ShareHostIPC.py) | | 6823 | CKV_K8S_18 | resource | kubernetes_deployment | Do not admit containers wishing to share the host IPC namespace | Terraform | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py) | | 6824 | CKV_K8S_18 | resource | kubernetes_deployment_v1 | Do not admit containers wishing to share the host IPC namespace | Terraform | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py) | | 6825 | CKV_K8S_18 | resource | kubernetes_pod | Do not admit containers wishing to share the host IPC namespace | Terraform | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py) | | 6826 | CKV_K8S_18 | resource | kubernetes_pod_v1 | Do not admit containers wishing to share the host IPC namespace | Terraform | [ShareHostIPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ShareHostIPC.py) | | 6827 | CKV_K8S_19 | resource | CronJob | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6828 | CKV_K8S_19 | resource | DaemonSet | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6829 | CKV_K8S_19 | resource | Deployment | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6830 | CKV_K8S_19 | resource | Job | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6831 | CKV_K8S_19 | resource | Pod | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6832 | CKV_K8S_19 | resource | ReplicaSet | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6833 | CKV_K8S_19 | resource | ReplicationController | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6834 | CKV_K8S_19 | resource | StatefulSet | Containers should not share the host network namespace | Kubernetes | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SharedHostNetworkNamespace.py) | | 6835 | CKV_K8S_19 | resource | kubernetes_deployment | Do not admit containers wishing to share the host network namespace | Terraform | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py) | | 6836 | CKV_K8S_19 | resource | kubernetes_deployment_v1 | Do not admit containers wishing to share the host network namespace | Terraform | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py) | | 6837 | CKV_K8S_19 | resource | kubernetes_pod | Do not admit containers wishing to share the host network namespace | Terraform | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py) | | 6838 | CKV_K8S_19 | resource | kubernetes_pod_v1 | Do not admit containers wishing to share the host network namespace | Terraform | [SharedHostNetworkNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/SharedHostNetworkNamespace.py) | | 6839 | CKV_K8S_20 | resource | CronJob | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6840 | CKV_K8S_20 | resource | DaemonSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6841 | CKV_K8S_20 | resource | Deployment | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6842 | CKV_K8S_20 | resource | DeploymentConfig | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6843 | CKV_K8S_20 | resource | Job | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6844 | CKV_K8S_20 | resource | Pod | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6845 | CKV_K8S_20 | resource | PodTemplate | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6846 | CKV_K8S_20 | resource | ReplicaSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6847 | CKV_K8S_20 | resource | ReplicationController | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6848 | CKV_K8S_20 | resource | StatefulSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowPrivilegeEscalation.py) | | 6849 | CKV_K8S_20 | resource | kubernetes_deployment | Containers should not run with allowPrivilegeEscalation | Terraform | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py) | | 6850 | CKV_K8S_20 | resource | kubernetes_deployment_v1 | Containers should not run with allowPrivilegeEscalation | Terraform | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py) | | 6851 | CKV_K8S_20 | resource | kubernetes_pod | Containers should not run with allowPrivilegeEscalation | Terraform | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py) | | 6852 | CKV_K8S_20 | resource | kubernetes_pod_v1 | Containers should not run with allowPrivilegeEscalation | Terraform | [AllowPrivilegeEscalation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py) | | 6853 | CKV_K8S_21 | resource | ConfigMap | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6854 | CKV_K8S_21 | resource | CronJob | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6855 | CKV_K8S_21 | resource | DaemonSet | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6856 | CKV_K8S_21 | resource | Deployment | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6857 | CKV_K8S_21 | resource | Ingress | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6858 | CKV_K8S_21 | resource | Job | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6859 | CKV_K8S_21 | resource | Pod | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6860 | CKV_K8S_21 | resource | ReplicaSet | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6861 | CKV_K8S_21 | resource | ReplicationController | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6862 | CKV_K8S_21 | resource | Role | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6863 | CKV_K8S_21 | resource | RoleBinding | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6864 | CKV_K8S_21 | resource | Secret | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6865 | CKV_K8S_21 | resource | Service | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6866 | CKV_K8S_21 | resource | ServiceAccount | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6867 | CKV_K8S_21 | resource | StatefulSet | The default namespace should not be used | Kubernetes | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultNamespace.py) | | 6868 | CKV_K8S_21 | resource | kubernetes_config_map | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6869 | CKV_K8S_21 | resource | kubernetes_config_map_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6870 | CKV_K8S_21 | resource | kubernetes_cron_job | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6871 | CKV_K8S_21 | resource | kubernetes_cron_job_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6872 | CKV_K8S_21 | resource | kubernetes_daemon_set_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6873 | CKV_K8S_21 | resource | kubernetes_daemonset | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6874 | CKV_K8S_21 | resource | kubernetes_deployment | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6875 | CKV_K8S_21 | resource | kubernetes_deployment_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6876 | CKV_K8S_21 | resource | kubernetes_ingress | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6877 | CKV_K8S_21 | resource | kubernetes_ingress_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6878 | CKV_K8S_21 | resource | kubernetes_job | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6879 | CKV_K8S_21 | resource | kubernetes_job_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6880 | CKV_K8S_21 | resource | kubernetes_pod | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6881 | CKV_K8S_21 | resource | kubernetes_pod_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6882 | CKV_K8S_21 | resource | kubernetes_replication_controller | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6883 | CKV_K8S_21 | resource | kubernetes_replication_controller_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6884 | CKV_K8S_21 | resource | kubernetes_role_binding | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6885 | CKV_K8S_21 | resource | kubernetes_role_binding_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6886 | CKV_K8S_21 | resource | kubernetes_secret | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6887 | CKV_K8S_21 | resource | kubernetes_secret_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6888 | CKV_K8S_21 | resource | kubernetes_service | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6889 | CKV_K8S_21 | resource | kubernetes_service_account | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6890 | CKV_K8S_21 | resource | kubernetes_service_account_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6891 | CKV_K8S_21 | resource | kubernetes_service_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6892 | CKV_K8S_21 | resource | kubernetes_stateful_set | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6893 | CKV_K8S_21 | resource | kubernetes_stateful_set_v1 | The default namespace should not be used | Terraform | [DefaultNamespace.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultNamespace.py) | | 6894 | CKV_K8S_22 | resource | CronJob | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6895 | CKV_K8S_22 | resource | DaemonSet | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6896 | CKV_K8S_22 | resource | Deployment | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6897 | CKV_K8S_22 | resource | DeploymentConfig | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6898 | CKV_K8S_22 | resource | Job | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6899 | CKV_K8S_22 | resource | Pod | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6900 | CKV_K8S_22 | resource | PodTemplate | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6901 | CKV_K8S_22 | resource | ReplicaSet | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6902 | CKV_K8S_22 | resource | ReplicationController | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6903 | CKV_K8S_22 | resource | StatefulSet | Use read-only filesystem for containers where possible | Kubernetes | [ReadOnlyFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ReadOnlyFilesystem.py) | | 6904 | CKV_K8S_22 | resource | kubernetes_deployment | Use read-only filesystem for containers where possible | Terraform | [ReadonlyRootFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py) | | 6905 | CKV_K8S_22 | resource | kubernetes_deployment_v1 | Use read-only filesystem for containers where possible | Terraform | [ReadonlyRootFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py) | | 6906 | CKV_K8S_22 | resource | kubernetes_pod | Use read-only filesystem for containers where possible | Terraform | [ReadonlyRootFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py) | | 6907 | CKV_K8S_22 | resource | kubernetes_pod_v1 | Use read-only filesystem for containers where possible | Terraform | [ReadonlyRootFilesystem.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ReadonlyRootFilesystem.py) | | 6908 | CKV_K8S_23 | resource | CronJob | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6909 | CKV_K8S_23 | resource | DaemonSet | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6910 | CKV_K8S_23 | resource | Deployment | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6911 | CKV_K8S_23 | resource | Job | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6912 | CKV_K8S_23 | resource | Pod | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6913 | CKV_K8S_23 | resource | ReplicaSet | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6914 | CKV_K8S_23 | resource | ReplicationController | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6915 | CKV_K8S_23 | resource | StatefulSet | Minimize the admission of root containers | Kubernetes | [RootContainers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainers.py) | | 6916 | CKV_K8S_24 | resource | PodSecurityPolicy | Do not allow containers with added capability | Kubernetes | [AllowedCapabilitiesPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesPSP.py) | | 6917 | CKV_K8S_24 | resource | kubernetes_pod_security_policy | Do not allow containers with added capability | Terraform | [AllowedCapabilitiesPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesPSP.py) | | 6918 | CKV_K8S_25 | resource | CronJob | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6919 | CKV_K8S_25 | resource | DaemonSet | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6920 | CKV_K8S_25 | resource | Deployment | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6921 | CKV_K8S_25 | resource | DeploymentConfig | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6922 | CKV_K8S_25 | resource | Job | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6923 | CKV_K8S_25 | resource | Pod | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6924 | CKV_K8S_25 | resource | PodTemplate | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6925 | CKV_K8S_25 | resource | ReplicaSet | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6926 | CKV_K8S_25 | resource | ReplicationController | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6927 | CKV_K8S_25 | resource | StatefulSet | Minimize the admission of containers with added capability | Kubernetes | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilities.py) | | 6928 | CKV_K8S_25 | resource | kubernetes_deployment | Minimize the admission of containers with added capability | Terraform | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py) | | 6929 | CKV_K8S_25 | resource | kubernetes_deployment_v1 | Minimize the admission of containers with added capability | Terraform | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py) | | 6930 | CKV_K8S_25 | resource | kubernetes_pod | Minimize the admission of containers with added capability | Terraform | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py) | | 6931 | CKV_K8S_25 | resource | kubernetes_pod_v1 | Minimize the admission of containers with added capability | Terraform | [AllowedCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py) | | 6932 | CKV_K8S_26 | resource | CronJob | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6933 | CKV_K8S_26 | resource | DaemonSet | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6934 | CKV_K8S_26 | resource | Deployment | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6935 | CKV_K8S_26 | resource | DeploymentConfig | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6936 | CKV_K8S_26 | resource | Job | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6937 | CKV_K8S_26 | resource | Pod | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6938 | CKV_K8S_26 | resource | PodTemplate | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6939 | CKV_K8S_26 | resource | ReplicaSet | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6940 | CKV_K8S_26 | resource | ReplicationController | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6941 | CKV_K8S_26 | resource | StatefulSet | Do not specify hostPort unless absolutely necessary | Kubernetes | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/HostPort.py) | | 6942 | CKV_K8S_26 | resource | kubernetes_deployment | Do not specify hostPort unless absolutely necessary | Terraform | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/HostPort.py) | | 6943 | CKV_K8S_26 | resource | kubernetes_deployment_v1 | Do not specify hostPort unless absolutely necessary | Terraform | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/HostPort.py) | | 6944 | CKV_K8S_26 | resource | kubernetes_pod | Do not specify hostPort unless absolutely necessary | Terraform | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/HostPort.py) | | 6945 | CKV_K8S_26 | resource | kubernetes_pod_v1 | Do not specify hostPort unless absolutely necessary | Terraform | [HostPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/HostPort.py) | | 6946 | CKV_K8S_27 | resource | CronJob | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6947 | CKV_K8S_27 | resource | DaemonSet | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6948 | CKV_K8S_27 | resource | Deployment | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6949 | CKV_K8S_27 | resource | Job | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6950 | CKV_K8S_27 | resource | Pod | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6951 | CKV_K8S_27 | resource | ReplicaSet | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6952 | CKV_K8S_27 | resource | ReplicationController | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6953 | CKV_K8S_27 | resource | StatefulSet | Do not expose the docker daemon socket to containers | Kubernetes | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DockerSocketVolume.py) | | 6954 | CKV_K8S_27 | resource | kubernetes_daemon_set_v1 | Do not expose the docker daemon socket to containers | Terraform | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py) | | 6955 | CKV_K8S_27 | resource | kubernetes_daemonset | Do not expose the docker daemon socket to containers | Terraform | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py) | | 6956 | CKV_K8S_27 | resource | kubernetes_deployment | Do not expose the docker daemon socket to containers | Terraform | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py) | | 6957 | CKV_K8S_27 | resource | kubernetes_deployment_v1 | Do not expose the docker daemon socket to containers | Terraform | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py) | | 6958 | CKV_K8S_27 | resource | kubernetes_pod | Do not expose the docker daemon socket to containers | Terraform | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py) | | 6959 | CKV_K8S_27 | resource | kubernetes_pod_v1 | Do not expose the docker daemon socket to containers | Terraform | [DockerSocketVolume.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py) | | 6960 | CKV_K8S_28 | resource | CronJob | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6961 | CKV_K8S_28 | resource | DaemonSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6962 | CKV_K8S_28 | resource | Deployment | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6963 | CKV_K8S_28 | resource | DeploymentConfig | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6964 | CKV_K8S_28 | resource | Job | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6965 | CKV_K8S_28 | resource | Pod | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6966 | CKV_K8S_28 | resource | PodTemplate | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6967 | CKV_K8S_28 | resource | ReplicaSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6968 | CKV_K8S_28 | resource | ReplicationController | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6969 | CKV_K8S_28 | resource | StatefulSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DropCapabilities.py) | | 6970 | CKV_K8S_28 | resource | kubernetes_deployment | Minimize the admission of containers with the NET_RAW capability | Terraform | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py) | | 6971 | CKV_K8S_28 | resource | kubernetes_deployment_v1 | Minimize the admission of containers with the NET_RAW capability | Terraform | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py) | | 6972 | CKV_K8S_28 | resource | kubernetes_pod | Minimize the admission of containers with the NET_RAW capability | Terraform | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py) | | 6973 | CKV_K8S_28 | resource | kubernetes_pod_v1 | Minimize the admission of containers with the NET_RAW capability | Terraform | [DropCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DropCapabilities.py) | | 6974 | CKV_K8S_29 | resource | CronJob | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6975 | CKV_K8S_29 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6976 | CKV_K8S_29 | resource | Deployment | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6977 | CKV_K8S_29 | resource | Job | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6978 | CKV_K8S_29 | resource | Pod | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6979 | CKV_K8S_29 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6980 | CKV_K8S_29 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6981 | CKV_K8S_29 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PodSecurityContext.py) | | 6982 | CKV_K8S_29 | resource | kubernetes_daemon_set_v1 | Apply security context to your pods, deployments and daemon_sets | Terraform | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py) | | 6983 | CKV_K8S_29 | resource | kubernetes_daemonset | Apply security context to your pods, deployments and daemon_sets | Terraform | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py) | | 6984 | CKV_K8S_29 | resource | kubernetes_deployment | Apply security context to your pods, deployments and daemon_sets | Terraform | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py) | | 6985 | CKV_K8S_29 | resource | kubernetes_deployment_v1 | Apply security context to your pods, deployments and daemon_sets | Terraform | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py) | | 6986 | CKV_K8S_29 | resource | kubernetes_pod | Apply security context to your pods, deployments and daemon_sets | Terraform | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py) | | 6987 | CKV_K8S_29 | resource | kubernetes_pod_v1 | Apply security context to your pods, deployments and daemon_sets | Terraform | [PodSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/PodSecurityContext.py) | | 6988 | CKV_K8S_30 | resource | CronJob | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6989 | CKV_K8S_30 | resource | DaemonSet | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6990 | CKV_K8S_30 | resource | Deployment | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6991 | CKV_K8S_30 | resource | DeploymentConfig | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6992 | CKV_K8S_30 | resource | Job | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6993 | CKV_K8S_30 | resource | Pod | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6994 | CKV_K8S_30 | resource | PodTemplate | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6995 | CKV_K8S_30 | resource | ReplicaSet | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6996 | CKV_K8S_30 | resource | ReplicationController | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6997 | CKV_K8S_30 | resource | StatefulSet | Apply security context to your containers | Kubernetes | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ContainerSecurityContext.py) | | 6998 | CKV_K8S_30 | resource | kubernetes_deployment | Apply security context to your pods and containers | Terraform | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py) | | 6999 | CKV_K8S_30 | resource | kubernetes_deployment_v1 | Apply security context to your pods and containers | Terraform | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py) | | 7000 | CKV_K8S_30 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py) | | 7001 | CKV_K8S_30 | resource | kubernetes_pod_v1 | Apply security context to your pods and containers | Terraform | [ContainerSecurityContext.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py) | | 7002 | CKV_K8S_31 | resource | CronJob | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7003 | CKV_K8S_31 | resource | DaemonSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7004 | CKV_K8S_31 | resource | Deployment | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7005 | CKV_K8S_31 | resource | Job | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7006 | CKV_K8S_31 | resource | Pod | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7007 | CKV_K8S_31 | resource | ReplicaSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7008 | CKV_K8S_31 | resource | ReplicationController | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7009 | CKV_K8S_31 | resource | StatefulSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | [Seccomp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Seccomp.py) | | 7010 | CKV_K8S_32 | resource | PodSecurityPolicy | Ensure default seccomp profile set to docker/default or runtime/default | Kubernetes | [SeccompPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SeccompPSP.py) | | 7011 | CKV_K8S_32 | resource | kubernetes_pod_security_policy | Ensure default seccomp profile set to docker/default or runtime/default | Terraform | [SeccompPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/SeccompPSP.py) | | 7012 | CKV_K8S_33 | resource | CronJob | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7013 | CKV_K8S_33 | resource | DaemonSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7014 | CKV_K8S_33 | resource | Deployment | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7015 | CKV_K8S_33 | resource | DeploymentConfig | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7016 | CKV_K8S_33 | resource | Job | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7017 | CKV_K8S_33 | resource | Pod | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7018 | CKV_K8S_33 | resource | PodTemplate | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7019 | CKV_K8S_33 | resource | ReplicaSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7020 | CKV_K8S_33 | resource | ReplicationController | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7021 | CKV_K8S_33 | resource | StatefulSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | [KubernetesDashboard.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubernetesDashboard.py) | | 7022 | CKV_K8S_34 | resource | CronJob | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7023 | CKV_K8S_34 | resource | DaemonSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7024 | CKV_K8S_34 | resource | Deployment | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7025 | CKV_K8S_34 | resource | DeploymentConfig | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7026 | CKV_K8S_34 | resource | Job | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7027 | CKV_K8S_34 | resource | Pod | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7028 | CKV_K8S_34 | resource | PodTemplate | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7029 | CKV_K8S_34 | resource | ReplicaSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7030 | CKV_K8S_34 | resource | ReplicationController | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7031 | CKV_K8S_34 | resource | StatefulSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Tiller.py) | | 7032 | CKV_K8S_34 | resource | kubernetes_deployment | Ensure that Tiller (Helm v2) is not deployed | Terraform | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Tiller.py) | | 7033 | CKV_K8S_34 | resource | kubernetes_deployment_v1 | Ensure that Tiller (Helm v2) is not deployed | Terraform | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Tiller.py) | | 7034 | CKV_K8S_34 | resource | kubernetes_pod | Ensure that Tiller (Helm v2) is not deployed | Terraform | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Tiller.py) | | 7035 | CKV_K8S_34 | resource | kubernetes_pod_v1 | Ensure that Tiller (Helm v2) is not deployed | Terraform | [Tiller.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Tiller.py) | | 7036 | CKV_K8S_35 | resource | CronJob | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7037 | CKV_K8S_35 | resource | DaemonSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7038 | CKV_K8S_35 | resource | Deployment | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7039 | CKV_K8S_35 | resource | DeploymentConfig | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7040 | CKV_K8S_35 | resource | Job | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7041 | CKV_K8S_35 | resource | Pod | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7042 | CKV_K8S_35 | resource | PodTemplate | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7043 | CKV_K8S_35 | resource | ReplicaSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7044 | CKV_K8S_35 | resource | ReplicationController | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7045 | CKV_K8S_35 | resource | StatefulSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/Secrets.py) | | 7046 | CKV_K8S_35 | resource | kubernetes_deployment | Prefer using secrets as files over secrets as environment variables | Terraform | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Secrets.py) | | 7047 | CKV_K8S_35 | resource | kubernetes_deployment_v1 | Prefer using secrets as files over secrets as environment variables | Terraform | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Secrets.py) | | 7048 | CKV_K8S_35 | resource | kubernetes_pod | Prefer using secrets as files over secrets as environment variables | Terraform | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Secrets.py) | | 7049 | CKV_K8S_35 | resource | kubernetes_pod_v1 | Prefer using secrets as files over secrets as environment variables | Terraform | [Secrets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/Secrets.py) | | 7050 | CKV_K8S_36 | resource | PodSecurityPolicy | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilitiesPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilitiesPSP.py) | | 7051 | CKV_K8S_36 | resource | kubernetes_pod_security_policy | Minimise the admission of containers with capabilities assigned | Terraform | [MinimiseCapabilitiesPSP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilitiesPSP.py) | | 7052 | CKV_K8S_37 | resource | CronJob | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7053 | CKV_K8S_37 | resource | DaemonSet | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7054 | CKV_K8S_37 | resource | Deployment | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7055 | CKV_K8S_37 | resource | DeploymentConfig | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7056 | CKV_K8S_37 | resource | Job | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7057 | CKV_K8S_37 | resource | Pod | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7058 | CKV_K8S_37 | resource | PodTemplate | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7059 | CKV_K8S_37 | resource | ReplicaSet | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7060 | CKV_K8S_37 | resource | ReplicationController | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7061 | CKV_K8S_37 | resource | StatefulSet | Minimize the admission of containers with capabilities assigned | Kubernetes | [MinimizeCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/MinimizeCapabilities.py) | | 7062 | CKV_K8S_37 | resource | kubernetes_deployment | Minimise the admission of containers with capabilities assigned | Terraform | [MinimiseCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py) | | 7063 | CKV_K8S_37 | resource | kubernetes_deployment_v1 | Minimise the admission of containers with capabilities assigned | Terraform | [MinimiseCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py) | | 7064 | CKV_K8S_37 | resource | kubernetes_pod | Minimise the admission of containers with capabilities assigned | Terraform | [MinimiseCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py) | | 7065 | CKV_K8S_37 | resource | kubernetes_pod_v1 | Minimise the admission of containers with capabilities assigned | Terraform | [MinimiseCapabilities.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/MinimiseCapabilities.py) | | 7066 | CKV_K8S_38 | resource | CronJob | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7067 | CKV_K8S_38 | resource | DaemonSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7068 | CKV_K8S_38 | resource | Deployment | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7069 | CKV_K8S_38 | resource | Job | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7070 | CKV_K8S_38 | resource | Pod | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7071 | CKV_K8S_38 | resource | ReplicaSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7072 | CKV_K8S_38 | resource | ReplicationController | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7073 | CKV_K8S_38 | resource | StatefulSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | [ServiceAccountTokens.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py) | | 7074 | CKV_K8S_39 | resource | CronJob | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7075 | CKV_K8S_39 | resource | DaemonSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7076 | CKV_K8S_39 | resource | Deployment | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7077 | CKV_K8S_39 | resource | DeploymentConfig | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7078 | CKV_K8S_39 | resource | Job | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7079 | CKV_K8S_39 | resource | Pod | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7080 | CKV_K8S_39 | resource | PodTemplate | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7081 | CKV_K8S_39 | resource | ReplicaSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7082 | CKV_K8S_39 | resource | ReplicationController | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7083 | CKV_K8S_39 | resource | StatefulSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/AllowedCapabilitiesSysAdmin.py) | | 7084 | CKV_K8S_39 | resource | kubernetes_deployment | Do not use the CAP_SYS_ADMIN linux capability | Terraform | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py) | | 7085 | CKV_K8S_39 | resource | kubernetes_deployment_v1 | Do not use the CAP_SYS_ADMIN linux capability | Terraform | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py) | | 7086 | CKV_K8S_39 | resource | kubernetes_pod | Do not use the CAP_SYS_ADMIN linux capability | Terraform | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py) | | 7087 | CKV_K8S_39 | resource | kubernetes_pod_v1 | Do not use the CAP_SYS_ADMIN linux capability | Terraform | [AllowedCapabilitiesSysAdmin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py) | | 7088 | CKV_K8S_40 | resource | CronJob | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7089 | CKV_K8S_40 | resource | DaemonSet | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7090 | CKV_K8S_40 | resource | Deployment | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7091 | CKV_K8S_40 | resource | Job | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7092 | CKV_K8S_40 | resource | Pod | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7093 | CKV_K8S_40 | resource | ReplicaSet | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7094 | CKV_K8S_40 | resource | ReplicationController | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7095 | CKV_K8S_40 | resource | StatefulSet | Containers should run as a high UID to avoid host conflict | Kubernetes | [RootContainersHighUID.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RootContainersHighUID.py) | | 7096 | CKV_K8S_41 | resource | ServiceAccount | Ensure that default service accounts are not actively used | Kubernetes | [DefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultServiceAccount.py) | | 7097 | CKV_K8S_41 | resource | kubernetes_service_account | Ensure that default service accounts are not actively used | Terraform | [DefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccount.py) | | 7098 | CKV_K8S_41 | resource | kubernetes_service_account_v1 | Ensure that default service accounts are not actively used | Terraform | [DefaultServiceAccount.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccount.py) | | 7099 | CKV_K8S_42 | resource | ClusterRoleBinding | Ensure that default service accounts are not actively used | Kubernetes | [DefaultServiceAccountBinding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultServiceAccountBinding.py) | | 7100 | CKV_K8S_42 | resource | RoleBinding | Ensure that default service accounts are not actively used | Kubernetes | [DefaultServiceAccountBinding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DefaultServiceAccountBinding.py) | | 7101 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding | Ensure that default service accounts are not actively used | Terraform | [DefaultServiceAccountBinding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py) | | 7102 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding_v1 | Ensure that default service accounts are not actively used | Terraform | [DefaultServiceAccountBinding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py) | | 7103 | CKV_K8S_42 | resource | kubernetes_role_binding | Ensure that default service accounts are not actively used | Terraform | [DefaultServiceAccountBinding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py) | | 7104 | CKV_K8S_42 | resource | kubernetes_role_binding_v1 | Ensure that default service accounts are not actively used | Terraform | [DefaultServiceAccountBinding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DefaultServiceAccountBinding.py) | | 7105 | CKV_K8S_43 | resource | CronJob | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7106 | CKV_K8S_43 | resource | DaemonSet | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7107 | CKV_K8S_43 | resource | Deployment | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7108 | CKV_K8S_43 | resource | DeploymentConfig | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7109 | CKV_K8S_43 | resource | Job | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7110 | CKV_K8S_43 | resource | Pod | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7111 | CKV_K8S_43 | resource | PodTemplate | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7112 | CKV_K8S_43 | resource | ReplicaSet | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7113 | CKV_K8S_43 | resource | ReplicationController | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7114 | CKV_K8S_43 | resource | StatefulSet | Image should use digest | Kubernetes | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ImageDigest.py) | | 7115 | CKV_K8S_43 | resource | kubernetes_deployment | Image should use digest | Terraform | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageDigest.py) | | 7116 | CKV_K8S_43 | resource | kubernetes_deployment_v1 | Image should use digest | Terraform | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageDigest.py) | | 7117 | CKV_K8S_43 | resource | kubernetes_pod | Image should use digest | Terraform | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageDigest.py) | | 7118 | CKV_K8S_43 | resource | kubernetes_pod_v1 | Image should use digest | Terraform | [ImageDigest.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/ImageDigest.py) | | 7119 | CKV_K8S_44 | resource | Service | Ensure that the Tiller Service (Helm v2) is deleted | Kubernetes | [TillerService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerService.py) | | 7120 | CKV_K8S_44 | resource | kubernetes_service | Ensure that the Tiller Service (Helm v2) is deleted | Terraform | [TillerService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/TillerService.py) | | 7121 | CKV_K8S_44 | resource | kubernetes_service_v1 | Ensure that the Tiller Service (Helm v2) is deleted | Terraform | [TillerService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/TillerService.py) | | 7122 | CKV_K8S_45 | resource | CronJob | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7123 | CKV_K8S_45 | resource | DaemonSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7124 | CKV_K8S_45 | resource | Deployment | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7125 | CKV_K8S_45 | resource | DeploymentConfig | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7126 | CKV_K8S_45 | resource | Job | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7127 | CKV_K8S_45 | resource | Pod | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7128 | CKV_K8S_45 | resource | PodTemplate | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7129 | CKV_K8S_45 | resource | ReplicaSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7130 | CKV_K8S_45 | resource | ReplicationController | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7131 | CKV_K8S_45 | resource | StatefulSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | [TillerDeploymentListener.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/TillerDeploymentListener.py) | | 7132 | CKV_K8S_49 | resource | ClusterRole | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | [WildcardRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/WildcardRoles.py) | | 7133 | CKV_K8S_49 | resource | Role | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | [WildcardRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/WildcardRoles.py) | | 7134 | CKV_K8S_49 | resource | kubernetes_cluster_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | [WildcardRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py) | | 7135 | CKV_K8S_49 | resource | kubernetes_cluster_role_v1 | Minimize wildcard use in Roles and ClusterRoles | Terraform | [WildcardRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py) | | 7136 | CKV_K8S_49 | resource | kubernetes_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | [WildcardRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py) | | 7137 | CKV_K8S_49 | resource | kubernetes_role_v1 | Minimize wildcard use in Roles and ClusterRoles | Terraform | [WildcardRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/WildcardRoles.py) | | 7138 | CKV_K8S_68 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7139 | CKV_K8S_68 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7140 | CKV_K8S_68 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7141 | CKV_K8S_68 | resource | DeploymentConfig | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7142 | CKV_K8S_68 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7143 | CKV_K8S_68 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7144 | CKV_K8S_68 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7145 | CKV_K8S_68 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7146 | CKV_K8S_68 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7147 | CKV_K8S_68 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [ApiServerAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAnonymousAuth.py) | | 7148 | CKV_K8S_69 | resource | CronJob | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7149 | CKV_K8S_69 | resource | DaemonSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7150 | CKV_K8S_69 | resource | Deployment | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7151 | CKV_K8S_69 | resource | DeploymentConfig | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7152 | CKV_K8S_69 | resource | Job | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7153 | CKV_K8S_69 | resource | Pod | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7154 | CKV_K8S_69 | resource | PodTemplate | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7155 | CKV_K8S_69 | resource | ReplicaSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7156 | CKV_K8S_69 | resource | ReplicationController | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7157 | CKV_K8S_69 | resource | StatefulSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | [ApiServerBasicAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerBasicAuthFile.py) | | 7158 | CKV_K8S_70 | resource | CronJob | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7159 | CKV_K8S_70 | resource | DaemonSet | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7160 | CKV_K8S_70 | resource | Deployment | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7161 | CKV_K8S_70 | resource | DeploymentConfig | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7162 | CKV_K8S_70 | resource | Job | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7163 | CKV_K8S_70 | resource | Pod | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7164 | CKV_K8S_70 | resource | PodTemplate | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7165 | CKV_K8S_70 | resource | ReplicaSet | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7166 | CKV_K8S_70 | resource | ReplicationController | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7167 | CKV_K8S_70 | resource | StatefulSet | Ensure that the --token-auth-file argument is not set | Kubernetes | [ApiServerTokenAuthFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTokenAuthFile.py) | | 7168 | CKV_K8S_71 | resource | CronJob | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7169 | CKV_K8S_71 | resource | DaemonSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7170 | CKV_K8S_71 | resource | Deployment | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7171 | CKV_K8S_71 | resource | DeploymentConfig | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7172 | CKV_K8S_71 | resource | Job | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7173 | CKV_K8S_71 | resource | Pod | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7174 | CKV_K8S_71 | resource | PodTemplate | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7175 | CKV_K8S_71 | resource | ReplicaSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7176 | CKV_K8S_71 | resource | ReplicationController | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7177 | CKV_K8S_71 | resource | StatefulSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | [ApiServerKubeletHttps.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletHttps.py) | | 7178 | CKV_K8S_72 | resource | CronJob | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7179 | CKV_K8S_72 | resource | DaemonSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7180 | CKV_K8S_72 | resource | Deployment | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7181 | CKV_K8S_72 | resource | DeploymentConfig | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7182 | CKV_K8S_72 | resource | Job | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7183 | CKV_K8S_72 | resource | Pod | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7184 | CKV_K8S_72 | resource | PodTemplate | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7185 | CKV_K8S_72 | resource | ReplicaSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7186 | CKV_K8S_72 | resource | ReplicationController | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7187 | CKV_K8S_72 | resource | StatefulSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | [ApiServerKubeletClientCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerKubeletClientCertAndKey.py) | | 7188 | CKV_K8S_73 | resource | CronJob | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7189 | CKV_K8S_73 | resource | DaemonSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7190 | CKV_K8S_73 | resource | Deployment | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7191 | CKV_K8S_73 | resource | DeploymentConfig | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7192 | CKV_K8S_73 | resource | Job | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7193 | CKV_K8S_73 | resource | Pod | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7194 | CKV_K8S_73 | resource | PodTemplate | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7195 | CKV_K8S_73 | resource | ReplicaSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7196 | CKV_K8S_73 | resource | ReplicationController | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7197 | CKV_K8S_73 | resource | StatefulSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | [ApiServerkubeletCertificateAuthority.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerkubeletCertificateAuthority.py) | | 7198 | CKV_K8S_74 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7199 | CKV_K8S_74 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7200 | CKV_K8S_74 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7201 | CKV_K8S_74 | resource | DeploymentConfig | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7202 | CKV_K8S_74 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7203 | CKV_K8S_74 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7204 | CKV_K8S_74 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7205 | CKV_K8S_74 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7206 | CKV_K8S_74 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7207 | CKV_K8S_74 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [ApiServerAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNotAlwaysAllow.py) | | 7208 | CKV_K8S_75 | resource | CronJob | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7209 | CKV_K8S_75 | resource | DaemonSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7210 | CKV_K8S_75 | resource | Deployment | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7211 | CKV_K8S_75 | resource | DeploymentConfig | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7212 | CKV_K8S_75 | resource | Job | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7213 | CKV_K8S_75 | resource | Pod | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7214 | CKV_K8S_75 | resource | PodTemplate | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7215 | CKV_K8S_75 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7216 | CKV_K8S_75 | resource | ReplicationController | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7217 | CKV_K8S_75 | resource | StatefulSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | [ApiServerAuthorizationModeNode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeNode.py) | | 7218 | CKV_K8S_77 | resource | CronJob | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7219 | CKV_K8S_77 | resource | DaemonSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7220 | CKV_K8S_77 | resource | Deployment | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7221 | CKV_K8S_77 | resource | DeploymentConfig | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7222 | CKV_K8S_77 | resource | Job | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7223 | CKV_K8S_77 | resource | Pod | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7224 | CKV_K8S_77 | resource | PodTemplate | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7225 | CKV_K8S_77 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7226 | CKV_K8S_77 | resource | ReplicationController | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7227 | CKV_K8S_77 | resource | StatefulSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | [ApiServerAuthorizationModeRBAC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuthorizationModeRBAC.py) | | 7228 | CKV_K8S_78 | resource | AdmissionConfiguration | Ensure that the admission control plugin EventRateLimit is set | Kubernetes | [ApiServerAdmissionControlEventRateLimit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlEventRateLimit.py) | | 7229 | CKV_K8S_79 | resource | CronJob | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7230 | CKV_K8S_79 | resource | DaemonSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7231 | CKV_K8S_79 | resource | Deployment | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7232 | CKV_K8S_79 | resource | DeploymentConfig | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7233 | CKV_K8S_79 | resource | Job | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7234 | CKV_K8S_79 | resource | Pod | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7235 | CKV_K8S_79 | resource | PodTemplate | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7236 | CKV_K8S_79 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7237 | CKV_K8S_79 | resource | ReplicationController | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7238 | CKV_K8S_79 | resource | StatefulSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | [ApiServerAdmissionControlAlwaysAdmit.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAdmissionControlAlwaysAdmit.py) | | 7239 | CKV_K8S_80 | resource | CronJob | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7240 | CKV_K8S_80 | resource | DaemonSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7241 | CKV_K8S_80 | resource | Deployment | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7242 | CKV_K8S_80 | resource | DeploymentConfig | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7243 | CKV_K8S_80 | resource | Job | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7244 | CKV_K8S_80 | resource | Pod | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7245 | CKV_K8S_80 | resource | PodTemplate | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7246 | CKV_K8S_80 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7247 | CKV_K8S_80 | resource | ReplicationController | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7248 | CKV_K8S_80 | resource | StatefulSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | [ApiServerAlwaysPullImagesPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAlwaysPullImagesPlugin.py) | | 7249 | CKV_K8S_81 | resource | CronJob | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7250 | CKV_K8S_81 | resource | DaemonSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7251 | CKV_K8S_81 | resource | Deployment | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7252 | CKV_K8S_81 | resource | DeploymentConfig | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7253 | CKV_K8S_81 | resource | Job | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7254 | CKV_K8S_81 | resource | Pod | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7255 | CKV_K8S_81 | resource | PodTemplate | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7256 | CKV_K8S_81 | resource | ReplicaSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7257 | CKV_K8S_81 | resource | ReplicationController | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7258 | CKV_K8S_81 | resource | StatefulSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | [ApiServerSecurityContextDenyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurityContextDenyPlugin.py) | | 7259 | CKV_K8S_82 | resource | CronJob | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7260 | CKV_K8S_82 | resource | DaemonSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7261 | CKV_K8S_82 | resource | Deployment | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7262 | CKV_K8S_82 | resource | DeploymentConfig | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7263 | CKV_K8S_82 | resource | Job | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7264 | CKV_K8S_82 | resource | Pod | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7265 | CKV_K8S_82 | resource | PodTemplate | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7266 | CKV_K8S_82 | resource | ReplicaSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7267 | CKV_K8S_82 | resource | ReplicationController | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7268 | CKV_K8S_82 | resource | StatefulSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | [ApiServerServiceAccountPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountPlugin.py) | | 7269 | CKV_K8S_83 | resource | CronJob | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7270 | CKV_K8S_83 | resource | DaemonSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7271 | CKV_K8S_83 | resource | Deployment | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7272 | CKV_K8S_83 | resource | DeploymentConfig | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7273 | CKV_K8S_83 | resource | Job | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7274 | CKV_K8S_83 | resource | Pod | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7275 | CKV_K8S_83 | resource | PodTemplate | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7276 | CKV_K8S_83 | resource | ReplicaSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7277 | CKV_K8S_83 | resource | ReplicationController | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7278 | CKV_K8S_83 | resource | StatefulSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | [ApiServerNamespaceLifecyclePlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNamespaceLifecyclePlugin.py) | | 7279 | CKV_K8S_84 | resource | CronJob | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7280 | CKV_K8S_84 | resource | DaemonSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7281 | CKV_K8S_84 | resource | Deployment | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7282 | CKV_K8S_84 | resource | DeploymentConfig | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7283 | CKV_K8S_84 | resource | Job | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7284 | CKV_K8S_84 | resource | Pod | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7285 | CKV_K8S_84 | resource | PodTemplate | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7286 | CKV_K8S_84 | resource | ReplicaSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7287 | CKV_K8S_84 | resource | ReplicationController | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7288 | CKV_K8S_84 | resource | StatefulSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | [ApiServerPodSecurityPolicyPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerPodSecurityPolicyPlugin.py) | | 7289 | CKV_K8S_85 | resource | CronJob | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7290 | CKV_K8S_85 | resource | DaemonSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7291 | CKV_K8S_85 | resource | Deployment | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7292 | CKV_K8S_85 | resource | DeploymentConfig | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7293 | CKV_K8S_85 | resource | Job | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7294 | CKV_K8S_85 | resource | Pod | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7295 | CKV_K8S_85 | resource | PodTemplate | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7296 | CKV_K8S_85 | resource | ReplicaSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7297 | CKV_K8S_85 | resource | ReplicationController | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7298 | CKV_K8S_85 | resource | StatefulSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | [ApiServerNodeRestrictionPlugin.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerNodeRestrictionPlugin.py) | | 7299 | CKV_K8S_86 | resource | CronJob | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7300 | CKV_K8S_86 | resource | DaemonSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7301 | CKV_K8S_86 | resource | Deployment | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7302 | CKV_K8S_86 | resource | DeploymentConfig | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7303 | CKV_K8S_86 | resource | Job | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7304 | CKV_K8S_86 | resource | Pod | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7305 | CKV_K8S_86 | resource | PodTemplate | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7306 | CKV_K8S_86 | resource | ReplicaSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7307 | CKV_K8S_86 | resource | ReplicationController | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7308 | CKV_K8S_86 | resource | StatefulSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | [ApiServerInsecureBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecureBindAddress.py) | | 7309 | CKV_K8S_88 | resource | CronJob | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7310 | CKV_K8S_88 | resource | DaemonSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7311 | CKV_K8S_88 | resource | Deployment | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7312 | CKV_K8S_88 | resource | DeploymentConfig | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7313 | CKV_K8S_88 | resource | Job | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7314 | CKV_K8S_88 | resource | Pod | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7315 | CKV_K8S_88 | resource | PodTemplate | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7316 | CKV_K8S_88 | resource | ReplicaSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7317 | CKV_K8S_88 | resource | ReplicationController | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7318 | CKV_K8S_88 | resource | StatefulSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | [ApiServerInsecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerInsecurePort.py) | | 7319 | CKV_K8S_89 | resource | CronJob | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7320 | CKV_K8S_89 | resource | DaemonSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7321 | CKV_K8S_89 | resource | Deployment | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7322 | CKV_K8S_89 | resource | DeploymentConfig | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7323 | CKV_K8S_89 | resource | Job | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7324 | CKV_K8S_89 | resource | Pod | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7325 | CKV_K8S_89 | resource | PodTemplate | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7326 | CKV_K8S_89 | resource | ReplicaSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7327 | CKV_K8S_89 | resource | ReplicationController | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7328 | CKV_K8S_89 | resource | StatefulSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | [ApiServerSecurePort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerSecurePort.py) | | 7329 | CKV_K8S_90 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7330 | CKV_K8S_90 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7331 | CKV_K8S_90 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7332 | CKV_K8S_90 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7333 | CKV_K8S_90 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7334 | CKV_K8S_90 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7335 | CKV_K8S_90 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7336 | CKV_K8S_90 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7337 | CKV_K8S_90 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7338 | CKV_K8S_90 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | [ApiServerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerProfiling.py) | | 7339 | CKV_K8S_91 | resource | CronJob | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7340 | CKV_K8S_91 | resource | DaemonSet | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7341 | CKV_K8S_91 | resource | Deployment | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7342 | CKV_K8S_91 | resource | DeploymentConfig | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7343 | CKV_K8S_91 | resource | Job | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7344 | CKV_K8S_91 | resource | Pod | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7345 | CKV_K8S_91 | resource | PodTemplate | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7346 | CKV_K8S_91 | resource | ReplicaSet | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7347 | CKV_K8S_91 | resource | ReplicationController | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7348 | CKV_K8S_91 | resource | StatefulSet | Ensure that the --audit-log-path argument is set | Kubernetes | [ApiServerAuditLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLog.py) | | 7349 | CKV_K8S_92 | resource | CronJob | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7350 | CKV_K8S_92 | resource | DaemonSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7351 | CKV_K8S_92 | resource | Deployment | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7352 | CKV_K8S_92 | resource | DeploymentConfig | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7353 | CKV_K8S_92 | resource | Job | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7354 | CKV_K8S_92 | resource | Pod | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7355 | CKV_K8S_92 | resource | PodTemplate | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7356 | CKV_K8S_92 | resource | ReplicaSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7357 | CKV_K8S_92 | resource | ReplicationController | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7358 | CKV_K8S_92 | resource | StatefulSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | [ApiServerAuditLogMaxAge.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxAge.py) | | 7359 | CKV_K8S_93 | resource | CronJob | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7360 | CKV_K8S_93 | resource | DaemonSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7361 | CKV_K8S_93 | resource | Deployment | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7362 | CKV_K8S_93 | resource | DeploymentConfig | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7363 | CKV_K8S_93 | resource | Job | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7364 | CKV_K8S_93 | resource | Pod | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7365 | CKV_K8S_93 | resource | PodTemplate | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7366 | CKV_K8S_93 | resource | ReplicaSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7367 | CKV_K8S_93 | resource | ReplicationController | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7368 | CKV_K8S_93 | resource | StatefulSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | [ApiServerAuditLogMaxBackup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxBackup.py) | | 7369 | CKV_K8S_94 | resource | CronJob | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7370 | CKV_K8S_94 | resource | DaemonSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7371 | CKV_K8S_94 | resource | Deployment | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7372 | CKV_K8S_94 | resource | DeploymentConfig | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7373 | CKV_K8S_94 | resource | Job | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7374 | CKV_K8S_94 | resource | Pod | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7375 | CKV_K8S_94 | resource | PodTemplate | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7376 | CKV_K8S_94 | resource | ReplicaSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7377 | CKV_K8S_94 | resource | ReplicationController | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7378 | CKV_K8S_94 | resource | StatefulSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | [ApiServerAuditLogMaxSize.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerAuditLogMaxSize.py) | | 7379 | CKV_K8S_95 | resource | CronJob | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7380 | CKV_K8S_95 | resource | DaemonSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7381 | CKV_K8S_95 | resource | Deployment | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7382 | CKV_K8S_95 | resource | DeploymentConfig | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7383 | CKV_K8S_95 | resource | Job | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7384 | CKV_K8S_95 | resource | Pod | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7385 | CKV_K8S_95 | resource | PodTemplate | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7386 | CKV_K8S_95 | resource | ReplicaSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7387 | CKV_K8S_95 | resource | ReplicationController | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7388 | CKV_K8S_95 | resource | StatefulSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | [ApiServerRequestTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerRequestTimeout.py) | | 7389 | CKV_K8S_96 | resource | CronJob | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7390 | CKV_K8S_96 | resource | DaemonSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7391 | CKV_K8S_96 | resource | Deployment | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7392 | CKV_K8S_96 | resource | DeploymentConfig | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7393 | CKV_K8S_96 | resource | Job | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7394 | CKV_K8S_96 | resource | Pod | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7395 | CKV_K8S_96 | resource | PodTemplate | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7396 | CKV_K8S_96 | resource | ReplicaSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7397 | CKV_K8S_96 | resource | ReplicationController | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7398 | CKV_K8S_96 | resource | StatefulSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | [ApiServerServiceAccountLookup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountLookup.py) | | 7399 | CKV_K8S_97 | resource | CronJob | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7400 | CKV_K8S_97 | resource | DaemonSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7401 | CKV_K8S_97 | resource | Deployment | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7402 | CKV_K8S_97 | resource | DeploymentConfig | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7403 | CKV_K8S_97 | resource | Job | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7404 | CKV_K8S_97 | resource | Pod | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7405 | CKV_K8S_97 | resource | PodTemplate | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7406 | CKV_K8S_97 | resource | ReplicaSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7407 | CKV_K8S_97 | resource | ReplicationController | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7408 | CKV_K8S_97 | resource | StatefulSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | [ApiServerServiceAccountKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerServiceAccountKeyFile.py) | | 7409 | CKV_K8S_99 | resource | CronJob | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7410 | CKV_K8S_99 | resource | DaemonSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7411 | CKV_K8S_99 | resource | Deployment | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7412 | CKV_K8S_99 | resource | DeploymentConfig | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7413 | CKV_K8S_99 | resource | Job | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7414 | CKV_K8S_99 | resource | Pod | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7415 | CKV_K8S_99 | resource | PodTemplate | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7416 | CKV_K8S_99 | resource | ReplicaSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7417 | CKV_K8S_99 | resource | ReplicationController | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7418 | CKV_K8S_99 | resource | StatefulSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | [ApiServerEtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCertAndKey.py) | | 7419 | CKV_K8S_100 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7420 | CKV_K8S_100 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7421 | CKV_K8S_100 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7422 | CKV_K8S_100 | resource | DeploymentConfig | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7423 | CKV_K8S_100 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7424 | CKV_K8S_100 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7425 | CKV_K8S_100 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7426 | CKV_K8S_100 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7427 | CKV_K8S_100 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7428 | CKV_K8S_100 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [ApiServerTlsCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerTlsCertAndKey.py) | | 7429 | CKV_K8S_102 | resource | CronJob | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7430 | CKV_K8S_102 | resource | DaemonSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7431 | CKV_K8S_102 | resource | Deployment | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7432 | CKV_K8S_102 | resource | DeploymentConfig | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7433 | CKV_K8S_102 | resource | Job | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7434 | CKV_K8S_102 | resource | Pod | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7435 | CKV_K8S_102 | resource | PodTemplate | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7436 | CKV_K8S_102 | resource | ReplicaSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7437 | CKV_K8S_102 | resource | ReplicationController | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7438 | CKV_K8S_102 | resource | StatefulSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | [ApiServerEtcdCaFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEtcdCaFile.py) | | 7439 | CKV_K8S_104 | resource | CronJob | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7440 | CKV_K8S_104 | resource | DaemonSet | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7441 | CKV_K8S_104 | resource | Deployment | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7442 | CKV_K8S_104 | resource | DeploymentConfig | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7443 | CKV_K8S_104 | resource | Job | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7444 | CKV_K8S_104 | resource | Pod | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7445 | CKV_K8S_104 | resource | PodTemplate | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7446 | CKV_K8S_104 | resource | ReplicaSet | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7447 | CKV_K8S_104 | resource | ReplicationController | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7448 | CKV_K8S_104 | resource | StatefulSet | Ensure that encryption providers are appropriately configured | Kubernetes | [ApiServerEncryptionProviders.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerEncryptionProviders.py) | | 7449 | CKV_K8S_105 | resource | CronJob | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7450 | CKV_K8S_105 | resource | DaemonSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7451 | CKV_K8S_105 | resource | Deployment | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7452 | CKV_K8S_105 | resource | DeploymentConfig | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7453 | CKV_K8S_105 | resource | Job | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7454 | CKV_K8S_105 | resource | Pod | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7455 | CKV_K8S_105 | resource | PodTemplate | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7456 | CKV_K8S_105 | resource | ReplicaSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7457 | CKV_K8S_105 | resource | ReplicationController | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7458 | CKV_K8S_105 | resource | StatefulSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | [ApiServerStrongCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ApiServerStrongCryptographicCiphers.py) | | 7459 | CKV_K8S_106 | resource | CronJob | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7460 | CKV_K8S_106 | resource | DaemonSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7461 | CKV_K8S_106 | resource | Deployment | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7462 | CKV_K8S_106 | resource | DeploymentConfig | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7463 | CKV_K8S_106 | resource | Job | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7464 | CKV_K8S_106 | resource | Pod | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7465 | CKV_K8S_106 | resource | PodTemplate | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7466 | CKV_K8S_106 | resource | ReplicaSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7467 | CKV_K8S_106 | resource | ReplicationController | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7468 | CKV_K8S_106 | resource | StatefulSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | [KubeControllerManagerTerminatedPods.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerTerminatedPods.py) | | 7469 | CKV_K8S_107 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7470 | CKV_K8S_107 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7471 | CKV_K8S_107 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7472 | CKV_K8S_107 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7473 | CKV_K8S_107 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7474 | CKV_K8S_107 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7475 | CKV_K8S_107 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7476 | CKV_K8S_107 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7477 | CKV_K8S_107 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7478 | CKV_K8S_107 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | [KubeControllerManagerBlockProfiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerBlockProfiles.py) | | 7479 | CKV_K8S_108 | resource | CronJob | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7480 | CKV_K8S_108 | resource | DaemonSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7481 | CKV_K8S_108 | resource | Deployment | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7482 | CKV_K8S_108 | resource | DeploymentConfig | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7483 | CKV_K8S_108 | resource | Job | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7484 | CKV_K8S_108 | resource | Pod | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7485 | CKV_K8S_108 | resource | PodTemplate | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7486 | CKV_K8S_108 | resource | ReplicaSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7487 | CKV_K8S_108 | resource | ReplicationController | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7488 | CKV_K8S_108 | resource | StatefulSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | [KubeControllerManagerServiceAccountCredentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountCredentials.py) | | 7489 | CKV_K8S_110 | resource | CronJob | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7490 | CKV_K8S_110 | resource | DaemonSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7491 | CKV_K8S_110 | resource | Deployment | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7492 | CKV_K8S_110 | resource | DeploymentConfig | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7493 | CKV_K8S_110 | resource | Job | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7494 | CKV_K8S_110 | resource | Pod | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7495 | CKV_K8S_110 | resource | PodTemplate | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7496 | CKV_K8S_110 | resource | ReplicaSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7497 | CKV_K8S_110 | resource | ReplicationController | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7498 | CKV_K8S_110 | resource | StatefulSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | [KubeControllerManagerServiceAccountPrivateKeyFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerServiceAccountPrivateKeyFile.py) | | 7499 | CKV_K8S_111 | resource | CronJob | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7500 | CKV_K8S_111 | resource | DaemonSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7501 | CKV_K8S_111 | resource | Deployment | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7502 | CKV_K8S_111 | resource | DeploymentConfig | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7503 | CKV_K8S_111 | resource | Job | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7504 | CKV_K8S_111 | resource | Pod | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7505 | CKV_K8S_111 | resource | PodTemplate | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7506 | CKV_K8S_111 | resource | ReplicaSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7507 | CKV_K8S_111 | resource | ReplicationController | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7508 | CKV_K8S_111 | resource | StatefulSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | [KubeControllerManagerRootCAFile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeControllerManagerRootCAFile.py) | | 7509 | CKV_K8S_112 | resource | CronJob | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7510 | CKV_K8S_112 | resource | DaemonSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7511 | CKV_K8S_112 | resource | Deployment | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7512 | CKV_K8S_112 | resource | DeploymentConfig | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7513 | CKV_K8S_112 | resource | Job | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7514 | CKV_K8S_112 | resource | Pod | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7515 | CKV_K8S_112 | resource | PodTemplate | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7516 | CKV_K8S_112 | resource | ReplicaSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7517 | CKV_K8S_112 | resource | ReplicationController | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7518 | CKV_K8S_112 | resource | StatefulSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | [RotateKubeletServerCertificate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RotateKubeletServerCertificate.py) | | 7519 | CKV_K8S_113 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7520 | CKV_K8S_113 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7521 | CKV_K8S_113 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7522 | CKV_K8S_113 | resource | DeploymentConfig | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7523 | CKV_K8S_113 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7524 | CKV_K8S_113 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7525 | CKV_K8S_113 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7526 | CKV_K8S_113 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7527 | CKV_K8S_113 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7528 | CKV_K8S_113 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [ControllerManagerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/ControllerManagerBindAddress.py) | | 7529 | CKV_K8S_114 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7530 | CKV_K8S_114 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7531 | CKV_K8S_114 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7532 | CKV_K8S_114 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7533 | CKV_K8S_114 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7534 | CKV_K8S_114 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7535 | CKV_K8S_114 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7536 | CKV_K8S_114 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7537 | CKV_K8S_114 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7538 | CKV_K8S_114 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | [SchedulerProfiling.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerProfiling.py) | | 7539 | CKV_K8S_115 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7540 | CKV_K8S_115 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7541 | CKV_K8S_115 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7542 | CKV_K8S_115 | resource | DeploymentConfig | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7543 | CKV_K8S_115 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7544 | CKV_K8S_115 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7545 | CKV_K8S_115 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7546 | CKV_K8S_115 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7547 | CKV_K8S_115 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7548 | CKV_K8S_115 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | [SchedulerBindAddress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/SchedulerBindAddress.py) | | 7549 | CKV_K8S_116 | resource | CronJob | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7550 | CKV_K8S_116 | resource | DaemonSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7551 | CKV_K8S_116 | resource | Deployment | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7552 | CKV_K8S_116 | resource | DeploymentConfig | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7553 | CKV_K8S_116 | resource | Job | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7554 | CKV_K8S_116 | resource | Pod | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7555 | CKV_K8S_116 | resource | PodTemplate | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7556 | CKV_K8S_116 | resource | ReplicaSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7557 | CKV_K8S_116 | resource | ReplicationController | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7558 | CKV_K8S_116 | resource | StatefulSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | [EtcdCertAndKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdCertAndKey.py) | | 7559 | CKV_K8S_117 | resource | CronJob | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7560 | CKV_K8S_117 | resource | DaemonSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7561 | CKV_K8S_117 | resource | Deployment | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7562 | CKV_K8S_117 | resource | DeploymentConfig | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7563 | CKV_K8S_117 | resource | Job | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7564 | CKV_K8S_117 | resource | Pod | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7565 | CKV_K8S_117 | resource | PodTemplate | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7566 | CKV_K8S_117 | resource | ReplicaSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7567 | CKV_K8S_117 | resource | ReplicationController | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7568 | CKV_K8S_117 | resource | StatefulSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | [EtcdClientCertAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdClientCertAuth.py) | | 7569 | CKV_K8S_118 | resource | CronJob | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7570 | CKV_K8S_118 | resource | DaemonSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7571 | CKV_K8S_118 | resource | Deployment | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7572 | CKV_K8S_118 | resource | DeploymentConfig | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7573 | CKV_K8S_118 | resource | Job | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7574 | CKV_K8S_118 | resource | Pod | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7575 | CKV_K8S_118 | resource | PodTemplate | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7576 | CKV_K8S_118 | resource | ReplicaSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7577 | CKV_K8S_118 | resource | ReplicationController | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7578 | CKV_K8S_118 | resource | StatefulSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | [EtcdAutoTls.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdAutoTls.py) | | 7579 | CKV_K8S_119 | resource | CronJob | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7580 | CKV_K8S_119 | resource | DaemonSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7581 | CKV_K8S_119 | resource | Deployment | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7582 | CKV_K8S_119 | resource | DeploymentConfig | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7583 | CKV_K8S_119 | resource | Job | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7584 | CKV_K8S_119 | resource | Pod | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7585 | CKV_K8S_119 | resource | PodTemplate | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7586 | CKV_K8S_119 | resource | ReplicaSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7587 | CKV_K8S_119 | resource | ReplicationController | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7588 | CKV_K8S_119 | resource | StatefulSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | [EtcdPeerFiles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/EtcdPeerFiles.py) | | 7589 | CKV_K8S_121 | resource | Pod | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | [PeerClientCertAuthTrue.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/PeerClientCertAuthTrue.py) | | 7590 | CKV_K8S_138 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7591 | CKV_K8S_138 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7592 | CKV_K8S_138 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7593 | CKV_K8S_138 | resource | DeploymentConfig | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7594 | CKV_K8S_138 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7595 | CKV_K8S_138 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7596 | CKV_K8S_138 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7597 | CKV_K8S_138 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7598 | CKV_K8S_138 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7599 | CKV_K8S_138 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | [KubeletAnonymousAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAnonymousAuth.py) | | 7600 | CKV_K8S_139 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7601 | CKV_K8S_139 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7602 | CKV_K8S_139 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7603 | CKV_K8S_139 | resource | DeploymentConfig | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7604 | CKV_K8S_139 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7605 | CKV_K8S_139 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7606 | CKV_K8S_139 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7607 | CKV_K8S_139 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7608 | CKV_K8S_139 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7609 | CKV_K8S_139 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | [KubeletAuthorizationModeNotAlwaysAllow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletAuthorizationModeNotAlwaysAllow.py) | | 7610 | CKV_K8S_140 | resource | CronJob | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7611 | CKV_K8S_140 | resource | DaemonSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7612 | CKV_K8S_140 | resource | Deployment | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7613 | CKV_K8S_140 | resource | DeploymentConfig | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7614 | CKV_K8S_140 | resource | Job | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7615 | CKV_K8S_140 | resource | Pod | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7616 | CKV_K8S_140 | resource | PodTemplate | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7617 | CKV_K8S_140 | resource | ReplicaSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7618 | CKV_K8S_140 | resource | ReplicationController | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7619 | CKV_K8S_140 | resource | StatefulSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | [KubeletClientCa.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletClientCa.py) | | 7620 | CKV_K8S_141 | resource | CronJob | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7621 | CKV_K8S_141 | resource | DaemonSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7622 | CKV_K8S_141 | resource | Deployment | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7623 | CKV_K8S_141 | resource | DeploymentConfig | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7624 | CKV_K8S_141 | resource | Job | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7625 | CKV_K8S_141 | resource | Pod | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7626 | CKV_K8S_141 | resource | PodTemplate | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7627 | CKV_K8S_141 | resource | ReplicaSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7628 | CKV_K8S_141 | resource | ReplicationController | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7629 | CKV_K8S_141 | resource | StatefulSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | [KubeletReadOnlyPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletReadOnlyPort.py) | | 7630 | CKV_K8S_143 | resource | CronJob | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7631 | CKV_K8S_143 | resource | DaemonSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7632 | CKV_K8S_143 | resource | Deployment | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7633 | CKV_K8S_143 | resource | DeploymentConfig | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7634 | CKV_K8S_143 | resource | Job | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7635 | CKV_K8S_143 | resource | Pod | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7636 | CKV_K8S_143 | resource | PodTemplate | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7637 | CKV_K8S_143 | resource | ReplicaSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7638 | CKV_K8S_143 | resource | ReplicationController | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7639 | CKV_K8S_143 | resource | StatefulSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | [KubeletStreamingConnectionIdleTimeout.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletStreamingConnectionIdleTimeout.py) | | 7640 | CKV_K8S_144 | resource | CronJob | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7641 | CKV_K8S_144 | resource | DaemonSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7642 | CKV_K8S_144 | resource | Deployment | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7643 | CKV_K8S_144 | resource | DeploymentConfig | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7644 | CKV_K8S_144 | resource | Job | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7645 | CKV_K8S_144 | resource | Pod | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7646 | CKV_K8S_144 | resource | PodTemplate | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7647 | CKV_K8S_144 | resource | ReplicaSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7648 | CKV_K8S_144 | resource | ReplicationController | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7649 | CKV_K8S_144 | resource | StatefulSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | [KubeletProtectKernelDefaults.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletProtectKernelDefaults.py) | | 7650 | CKV_K8S_145 | resource | CronJob | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7651 | CKV_K8S_145 | resource | DaemonSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7652 | CKV_K8S_145 | resource | Deployment | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7653 | CKV_K8S_145 | resource | DeploymentConfig | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7654 | CKV_K8S_145 | resource | Job | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7655 | CKV_K8S_145 | resource | Pod | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7656 | CKV_K8S_145 | resource | PodTemplate | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7657 | CKV_K8S_145 | resource | ReplicaSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7658 | CKV_K8S_145 | resource | ReplicationController | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7659 | CKV_K8S_145 | resource | StatefulSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | [KubeletMakeIptablesUtilChains.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletMakeIptablesUtilChains.py) | | 7660 | CKV_K8S_146 | resource | CronJob | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7661 | CKV_K8S_146 | resource | DaemonSet | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7662 | CKV_K8S_146 | resource | Deployment | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7663 | CKV_K8S_146 | resource | DeploymentConfig | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7664 | CKV_K8S_146 | resource | Job | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7665 | CKV_K8S_146 | resource | Pod | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7666 | CKV_K8S_146 | resource | PodTemplate | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7667 | CKV_K8S_146 | resource | ReplicaSet | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7668 | CKV_K8S_146 | resource | ReplicationController | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7669 | CKV_K8S_146 | resource | StatefulSet | Ensure that the --hostname-override argument is not set | Kubernetes | [KubeletHostnameOverride.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletHostnameOverride.py) | | 7670 | CKV_K8S_147 | resource | CronJob | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7671 | CKV_K8S_147 | resource | DaemonSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7672 | CKV_K8S_147 | resource | Deployment | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7673 | CKV_K8S_147 | resource | DeploymentConfig | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7674 | CKV_K8S_147 | resource | Job | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7675 | CKV_K8S_147 | resource | Pod | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7676 | CKV_K8S_147 | resource | PodTemplate | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7677 | CKV_K8S_147 | resource | ReplicaSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7678 | CKV_K8S_147 | resource | ReplicationController | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7679 | CKV_K8S_147 | resource | StatefulSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | [KubletEventCapture.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletEventCapture.py) | | 7680 | CKV_K8S_148 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7681 | CKV_K8S_148 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7682 | CKV_K8S_148 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7683 | CKV_K8S_148 | resource | DeploymentConfig | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7684 | CKV_K8S_148 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7685 | CKV_K8S_148 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7686 | CKV_K8S_148 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7687 | CKV_K8S_148 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7688 | CKV_K8S_148 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7689 | CKV_K8S_148 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | [KubeletKeyFilesSetAppropriate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletKeyFilesSetAppropriate.py) | | 7690 | CKV_K8S_149 | resource | CronJob | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7691 | CKV_K8S_149 | resource | DaemonSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7692 | CKV_K8S_149 | resource | Deployment | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7693 | CKV_K8S_149 | resource | DeploymentConfig | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7694 | CKV_K8S_149 | resource | Job | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7695 | CKV_K8S_149 | resource | Pod | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7696 | CKV_K8S_149 | resource | PodTemplate | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7697 | CKV_K8S_149 | resource | ReplicaSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7698 | CKV_K8S_149 | resource | ReplicationController | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7699 | CKV_K8S_149 | resource | StatefulSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | [KubletRotateCertificates.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubletRotateCertificates.py) | | 7700 | CKV_K8S_151 | resource | CronJob | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7701 | CKV_K8S_151 | resource | DaemonSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7702 | CKV_K8S_151 | resource | Deployment | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7703 | CKV_K8S_151 | resource | DeploymentConfig | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7704 | CKV_K8S_151 | resource | Job | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7705 | CKV_K8S_151 | resource | Pod | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7706 | CKV_K8S_151 | resource | PodTemplate | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7707 | CKV_K8S_151 | resource | ReplicaSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7708 | CKV_K8S_151 | resource | ReplicationController | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7709 | CKV_K8S_151 | resource | StatefulSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | [KubeletCryptographicCiphers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/KubeletCryptographicCiphers.py) | | 7710 | CKV_K8S_152 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742 | Kubernetes | [NginxIngressCVE202125742Lua.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/NginxIngressCVE202125742Lua.py) | | 7711 | CKV_K8S_153 | resource | Ingress | Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742 | Kubernetes | [NginxIngressCVE202125742AllSnippets.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/NginxIngressCVE202125742AllSnippets.py) | | 7712 | CKV_K8S_154 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742 | Kubernetes | [NginxIngressCVE202125742Alias.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/NginxIngressCVE202125742Alias.py) | | 7713 | CKV_K8S_155 | resource | ClusterRole | Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations | Kubernetes | [RbacControlWebhooks.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RbacControlWebhooks.py) | | 7714 | CKV_K8S_156 | resource | ClusterRole | Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests | Kubernetes | [RbacApproveCertificateSigningRequests.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RbacApproveCertificateSigningRequests.py) | | 7715 | CKV_K8S_157 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes | [RbacBindRoleBindings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RbacBindRoleBindings.py) | | 7716 | CKV_K8S_157 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes | [RbacBindRoleBindings.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RbacBindRoleBindings.py) | | 7717 | CKV_K8S_158 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes | [RbacEscalateRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RbacEscalateRoles.py) | | 7718 | CKV_K8S_158 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes | [RbacEscalateRoles.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/RbacEscalateRoles.py) | | 7719 | CKV_K8S_159 | resource | CronJob | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7720 | CKV_K8S_159 | resource | DaemonSet | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7721 | CKV_K8S_159 | resource | Deployment | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7722 | CKV_K8S_159 | resource | DeploymentConfig | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7723 | CKV_K8S_159 | resource | Job | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7724 | CKV_K8S_159 | resource | Pod | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7725 | CKV_K8S_159 | resource | PodTemplate | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7726 | CKV_K8S_159 | resource | ReplicaSet | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7727 | CKV_K8S_159 | resource | ReplicationController | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7728 | CKV_K8S_159 | resource | StatefulSet | Limit the use of git-sync to prevent code injection | Kubernetes | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/DangerousGitSync.py) | | 7729 | CKV_K8S_159 | resource | kubernetes_deployment | Do not admit privileged containers | Terraform | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DangerousGitSync.py) | | 7730 | CKV_K8S_159 | resource | kubernetes_deployment_v1 | Do not admit privileged containers | Terraform | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DangerousGitSync.py) | | 7731 | CKV_K8S_159 | resource | kubernetes_pod | Do not admit privileged containers | Terraform | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DangerousGitSync.py) | | 7732 | CKV_K8S_159 | resource | kubernetes_pod_v1 | Do not admit privileged containers | Terraform | [DangerousGitSync.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/kubernetes/DangerousGitSync.py) | | 7733 | CKV2_K8S_1 | resource | ClusterRole | RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding | Kubernetes | [RoleBindingPE.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/RoleBindingPE.yaml) | | 7734 | CKV2_K8S_1 | resource | ClusterRoleBinding | RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding | Kubernetes | [RoleBindingPE.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/RoleBindingPE.yaml) | | 7735 | CKV2_K8S_1 | resource | Role | RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding | Kubernetes | [RoleBindingPE.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/RoleBindingPE.yaml) | | 7736 | CKV2_K8S_1 | resource | RoleBinding | RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding | Kubernetes | [RoleBindingPE.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/RoleBindingPE.yaml) | | 7737 | CKV2_K8S_2 | resource | ClusterRole | Granting `create` permissions to `nodes/proxy` or `pods/exec` sub resources allows potential privilege escalation | Kubernetes | [NoCreateNodesProxyOrPodsExec.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/NoCreateNodesProxyOrPodsExec.yaml) | | 7738 | CKV2_K8S_2 | resource | ClusterRoleBinding | Granting `create` permissions to `nodes/proxy` or `pods/exec` sub resources allows potential privilege escalation | Kubernetes | [NoCreateNodesProxyOrPodsExec.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/NoCreateNodesProxyOrPodsExec.yaml) | | 7739 | CKV2_K8S_2 | resource | Role | Granting `create` permissions to `nodes/proxy` or `pods/exec` sub resources allows potential privilege escalation | Kubernetes | [NoCreateNodesProxyOrPodsExec.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/NoCreateNodesProxyOrPodsExec.yaml) | | 7740 | CKV2_K8S_2 | resource | RoleBinding | Granting `create` permissions to `nodes/proxy` or `pods/exec` sub resources allows potential privilege escalation | Kubernetes | [NoCreateNodesProxyOrPodsExec.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/NoCreateNodesProxyOrPodsExec.yaml) | | 7741 | CKV2_K8S_3 | resource | ClusterRole | No ServiceAccount/Node should have `impersonate` permissions for groups/users/service-accounts | Kubernetes | [ImpersonatePermissions.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ImpersonatePermissions.yaml) | | 7742 | CKV2_K8S_3 | resource | ClusterRoleBinding | No ServiceAccount/Node should have `impersonate` permissions for groups/users/service-accounts | Kubernetes | [ImpersonatePermissions.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ImpersonatePermissions.yaml) | | 7743 | CKV2_K8S_3 | resource | Role | No ServiceAccount/Node should have `impersonate` permissions for groups/users/service-accounts | Kubernetes | [ImpersonatePermissions.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ImpersonatePermissions.yaml) | | 7744 | CKV2_K8S_3 | resource | RoleBinding | No ServiceAccount/Node should have `impersonate` permissions for groups/users/service-accounts | Kubernetes | [ImpersonatePermissions.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ImpersonatePermissions.yaml) | | 7745 | CKV2_K8S_4 | resource | ClusterRole | ServiceAccounts and nodes that can modify services/status may set the `status.loadBalancer.ingress.ip` field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. | Kubernetes | [ModifyServicesStatus.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ModifyServicesStatus.yaml) | | 7746 | CKV2_K8S_4 | resource | ClusterRoleBinding | ServiceAccounts and nodes that can modify services/status may set the `status.loadBalancer.ingress.ip` field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. | Kubernetes | [ModifyServicesStatus.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ModifyServicesStatus.yaml) | | 7747 | CKV2_K8S_4 | resource | Role | ServiceAccounts and nodes that can modify services/status may set the `status.loadBalancer.ingress.ip` field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. | Kubernetes | [ModifyServicesStatus.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ModifyServicesStatus.yaml) | | 7748 | CKV2_K8S_4 | resource | RoleBinding | ServiceAccounts and nodes that can modify services/status may set the `status.loadBalancer.ingress.ip` field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. | Kubernetes | [ModifyServicesStatus.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ModifyServicesStatus.yaml) | | 7749 | CKV2_K8S_5 | resource | ClusterRole | No ServiceAccount/Node should be able to read all secrets | Kubernetes | [ReadAllSecrets.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ReadAllSecrets.yaml) | | 7750 | CKV2_K8S_5 | resource | ClusterRoleBinding | No ServiceAccount/Node should be able to read all secrets | Kubernetes | [ReadAllSecrets.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ReadAllSecrets.yaml) | | 7751 | CKV2_K8S_5 | resource | Role | No ServiceAccount/Node should be able to read all secrets | Kubernetes | [ReadAllSecrets.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ReadAllSecrets.yaml) | | 7752 | CKV2_K8S_5 | resource | RoleBinding | No ServiceAccount/Node should be able to read all secrets | Kubernetes | [ReadAllSecrets.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/ReadAllSecrets.yaml) | | 7753 | CKV2_K8S_6 | resource | Deployment | Minimize the admission of pods which lack an associated NetworkPolicy | Kubernetes | [RequireAllPodsToHaveNetworkPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/RequireAllPodsToHaveNetworkPolicy.yaml) | | 7754 | CKV2_K8S_6 | resource | Pod | Minimize the admission of pods which lack an associated NetworkPolicy | Kubernetes | [RequireAllPodsToHaveNetworkPolicy.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/graph_checks/RequireAllPodsToHaveNetworkPolicy.yaml) | | 7755 | CKV_LIN_1 | provider | linode | Ensure no hard coded Linode tokens exist in provider | Terraform | [credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/provider/linode/credentials.py) | | 7756 | CKV_LIN_2 | resource | linode_instance | Ensure SSH key set in authorized_keys | Terraform | [authorized_keys.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/linode/authorized_keys.py) | | 7757 | CKV_LIN_3 | resource | linode_user | Ensure email is set | Terraform | [user_email_set.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/linode/user_email_set.py) | | 7758 | CKV_LIN_4 | resource | linode_user | Ensure username is set | Terraform | [user_username_set.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/linode/user_username_set.py) | | 7759 | CKV_LIN_5 | resource | linode_firewall | Ensure Inbound Firewall Policy is not set to ACCEPT | Terraform | [firewall_inbound_policy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/linode/firewall_inbound_policy.py) | | 7760 | CKV_LIN_6 | resource | linode_firewall | Ensure Outbound Firewall Policy is not set to ACCEPT | Terraform | [firewall_outbound_policy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/linode/firewall_outbound_policy.py) | | 7761 | CKV_NCP_1 | resource | ncloud_lb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | [LBTargetGroupDefinesHealthCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/LBTargetGroupDefinesHealthCheck.py) | | 7762 | CKV_NCP_2 | resource | ncloud_access_control_group | Ensure every access control groups rule has a description | Terraform | [AccessControlGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/AccessControlGroupRuleDescription.py) | | 7763 | CKV_NCP_2 | resource | ncloud_access_control_group_rule | Ensure every access control groups rule has a description | Terraform | [AccessControlGroupRuleDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/AccessControlGroupRuleDescription.py) | | 7764 | CKV_NCP_3 | resource | ncloud_access_control_group_rule | Ensure no security group rules allow outbound traffic to 0.0.0.0/0 | Terraform | [AccessControlGroupOutboundRule.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/AccessControlGroupOutboundRule.py) | | 7765 | CKV_NCP_4 | resource | ncloud_access_control_group_rule | Ensure no access control groups allow inbound from 0.0.0.0:0 to port 22 | Terraform | [AccessControlGroupInboundRulePort22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort22.py) | | 7766 | CKV_NCP_5 | resource | ncloud_access_control_group_rule | Ensure no access control groups allow inbound from 0.0.0.0:0 to port 3389 | Terraform | [AccessControlGroupInboundRulePort3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort3389.py) | | 7767 | CKV_NCP_6 | resource | ncloud_server | Ensure Server instance is encrypted. | Terraform | [ServerEncryptionVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/ServerEncryptionVPC.py) | | 7768 | CKV_NCP_7 | resource | ncloud_launch_configuration | Ensure Basic Block storage is encrypted. | Terraform | [LaunchConfigurationEncryptionVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/LaunchConfigurationEncryptionVPC.py) | | 7769 | CKV_NCP_8 | resource | ncloud_network_acl_rule | Ensure no NACL allow inbound from 0.0.0.0:0 to port 20 | Terraform | [NACLInbound20.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NACLInbound20.py) | | 7770 | CKV_NCP_9 | resource | ncloud_network_acl_rule | Ensure no NACL allow inbound from 0.0.0.0:0 to port 21 | Terraform | [NACLInbound21.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NACLInbound21.py) | | 7771 | CKV_NCP_10 | resource | ncloud_network_acl_rule | Ensure no NACL allow inbound from 0.0.0.0:0 to port 22 | Terraform | [NACLInbound22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NACLInbound22.py) | | 7772 | CKV_NCP_11 | resource | ncloud_network_acl_rule | Ensure no NACL allow inbound from 0.0.0.0:0 to port 3389 | Terraform | [NACLInbound3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NACLInbound3389.py) | | 7773 | CKV_NCP_12 | resource | ncloud_network_acl_rule | An inbound Network ACL rule should not allow ALL ports. | Terraform | [NACLPortCheck.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NACLPortCheck.py) | | 7774 | CKV_NCP_13 | resource | ncloud_lb_listener | Ensure LB Listener uses only secure protocols | Terraform | [LBListenerUsesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/LBListenerUsesSecureProtocols.py) | | 7775 | CKV_NCP_14 | resource | ncloud_nas_volume | Ensure NAS is securely encrypted | Terraform | [NASEncryptionEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NASEncryptionEnabled.py) | | 7776 | CKV_NCP_15 | resource | ncloud_lb_target_group | Ensure Load Balancer Target Group is not using HTTP | Terraform | [LBTargetGroupUsingHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/LBTargetGroupUsingHTTPS.py) | | 7777 | CKV_NCP_16 | resource | ncloud_lb | Ensure Load Balancer isn't exposed to the internet | Terraform | [LBNetworkPrivate.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/LBNetworkPrivate.py) | | 7778 | CKV_NCP_18 | resource | ncloud_auto_scaling_group | Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks. | Terraform | [AutoScalingEnabledLB.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ncp/AutoScalingEnabledLB.yaml) | | 7779 | CKV_NCP_18 | resource | ncloud_lb_target_group | Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks. | Terraform | [AutoScalingEnabledLB.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ncp/AutoScalingEnabledLB.yaml) | | 7780 | CKV_NCP_19 | resource | ncloud_nks_cluster | Ensure Naver Kubernetes Service public endpoint disabled | Terraform | [NKSPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NKSPublicAccess.py) | | 7781 | CKV_NCP_20 | resource | ncloud_route | Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivity | Terraform | [RouteTableNATGatewayDefault.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/RouteTableNATGatewayDefault.py) | | 7782 | CKV_NCP_22 | resource | ncloud_nks_cluster | Ensure NKS control plane logging enabled for all log types | Terraform | [NKSControlPlaneLogging.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py) | | 7783 | CKV_NCP_22 | resource | ncloud_route_table | Ensure a route table for the public subnets is created. | Terraform | [RouteTablePublicSubnetConnection.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ncp/RouteTablePublicSubnetConnection.yaml) | | 7784 | CKV_NCP_22 | resource | ncloud_subnet | Ensure a route table for the public subnets is created. | Terraform | [RouteTablePublicSubnetConnection.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ncp/RouteTablePublicSubnetConnection.yaml) | | 7785 | CKV_NCP_23 | resource | ncloud_public_ip | Ensure Server instance should not have public IP. | Terraform | [ServerPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/ServerPublicIP.py) | | 7786 | CKV_NCP_24 | resource | ncloud_lb_listener | Ensure Load Balancer Listener Using HTTPS | Terraform | [LBListenerUsingHTTPS.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/LBListenerUsingHTTPS.py) | | 7787 | CKV_NCP_25 | resource | ncloud_access_control_group_rule | Ensure no access control groups allow inbound from 0.0.0.0:0 to port 80 | Terraform | [AccessControlGroupInboundRulePort80.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/ncp/AccessControlGroupInboundRulePort80.py) | | 7788 | CKV_NCP_26 | resource | ncloud_access_control_group | Ensure Access Control Group has Access Control Group Rule attached | Terraform | [AccessControlGroupRuleDefine.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/ncp/AccessControlGroupRuleDefine.yaml) | | 7789 | CKV_OCI_1 | provider | oci | Ensure no hard coded OCI private key in provider | Terraform | [credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/provider/oci/credentials.py) | | 7790 | CKV_OCI_2 | resource | oci_core_volume | Ensure OCI Block Storage Block Volume has backup enabled | Terraform | [StorageBlockBackupEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/StorageBlockBackupEnabled.py) | | 7791 | CKV_OCI_3 | resource | oci_core_volume | OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) | Terraform | [StorageBlockEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/StorageBlockEncryption.py) | | 7792 | CKV_OCI_4 | resource | oci_core_instance | Ensure OCI Compute Instance boot volume has in-transit data encryption enabled | Terraform | [InstanceBootVolumeIntransitEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/InstanceBootVolumeIntransitEncryption.py) | | 7793 | CKV_OCI_5 | resource | oci_core_instance | Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled | Terraform | [InstanceMetadataServiceEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/InstanceMetadataServiceEnabled.py) | | 7794 | CKV_OCI_6 | resource | oci_core_instance | Ensure OCI Compute Instance has monitoring enabled | Terraform | [InstanceMonitoringEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/InstanceMonitoringEnabled.py) | | 7795 | CKV_OCI_7 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage bucket can emit object events | Terraform | [ObjectStorageEmitEvents.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/ObjectStorageEmitEvents.py) | | 7796 | CKV_OCI_8 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage has versioning enabled | Terraform | [ObjectStorageVersioning.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/ObjectStorageVersioning.py) | | 7797 | CKV_OCI_9 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is encrypted with Customer Managed Key | Terraform | [ObjectStorageEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/ObjectStorageEncryption.py) | | 7798 | CKV_OCI_10 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is not Public | Terraform | [ObjectStoragePublic.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/ObjectStoragePublic.py) | | 7799 | CKV_OCI_11 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain lower case | Terraform | [IAMPasswordPolicyLowerCase.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/IAMPasswordPolicyLowerCase.py) | | 7800 | CKV_OCI_12 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Numeric characters | Terraform | [IAMPasswordPolicyNumeric.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/IAMPasswordPolicyNumeric.py) | | 7801 | CKV_OCI_13 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Special characters | Terraform | [IAMPasswordPolicySpecialCharacters.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/IAMPasswordPolicySpecialCharacters.py) | | 7802 | CKV_OCI_14 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Uppercase characters | Terraform | [IAMPasswordPolicyUpperCase.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/IAMPasswordPolicyUpperCase.py) | | 7803 | CKV_OCI_15 | resource | oci_file_storage_file_system | Ensure OCI File System is Encrypted with a customer Managed Key | Terraform | [FileSystemEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/FileSystemEncryption.py) | | 7804 | CKV_OCI_16 | resource | oci_core_security_list | Ensure VCN has an inbound security list | Terraform | [SecurityListIngress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/SecurityListIngress.py) | | 7805 | CKV_OCI_17 | resource | oci_core_security_list | Ensure VCN inbound security lists are stateless | Terraform | [SecurityListIngressStateless.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/SecurityListIngressStateless.py) | | 7806 | CKV_OCI_18 | resource | oci_identity_authentication_policy | OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters | Terraform | [IAMPasswordLength.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/IAMPasswordLength.py) | | 7807 | CKV_OCI_19 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 22. | Terraform | [SecurityListUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/SecurityListUnrestrictedIngress22.py) | | 7808 | CKV_OCI_20 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. | Terraform | [SecurityListUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/SecurityListUnrestrictedIngress3389.py) | | 7809 | CKV_OCI_21 | resource | oci_core_network_security_group_security_rule | Ensure security group has stateless ingress security rules | Terraform | [SecurityGroupsIngressStatelessSecurityRules.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/SecurityGroupsIngressStatelessSecurityRules.py) | | 7810 | CKV_OCI_22 | resource | oci_core_network_security_group_security_rule | Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 | Terraform | [AbsSecurityGroupUnrestrictedIngress.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/AbsSecurityGroupUnrestrictedIngress.py) | | 7811 | CKV_OCI_23 | resource | oci_datacatalog_catalog | Ensure OCI Data Catalog is configured without overly permissive network access | Terraform | [DataCatalogWithPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/oci/DataCatalogWithPublicAccess.py) | | 7812 | CKV2_OCI_1 | resource | oci_identity_group | Ensure administrator users are not associated with API keys | Terraform | [AdministratorUserNotAssociatedWithAPIKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/AdministratorUserNotAssociatedWithAPIKey.yaml) | | 7813 | CKV2_OCI_1 | resource | oci_identity_user | Ensure administrator users are not associated with API keys | Terraform | [AdministratorUserNotAssociatedWithAPIKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/AdministratorUserNotAssociatedWithAPIKey.yaml) | | 7814 | CKV2_OCI_1 | resource | oci_identity_user_group_membership | Ensure administrator users are not associated with API keys | Terraform | [AdministratorUserNotAssociatedWithAPIKey.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/AdministratorUserNotAssociatedWithAPIKey.yaml) | | 7815 | CKV2_OCI_2 | resource | oci_core_network_security_group_security_rule | Ensure NSG does not allow all traffic on RDP port (3389) | Terraform | [OCI_NSGNotAllowRDP.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_NSGNotAllowRDP.yaml) | | 7816 | CKV2_OCI_3 | resource | oci_containerengine_cluster | Ensure Kubernetes engine cluster is configured with NSG(s) | Terraform | [OCI_KubernetesEngineClusterEndpointConfigWithNSG.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_KubernetesEngineClusterEndpointConfigWithNSG.yaml) | | 7817 | CKV2_OCI_4 | resource | oci_file_storage_export | Ensure File Storage File System access is restricted to root users | Terraform | [OCI_NFSaccessRestrictedToRootUsers.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_NFSaccessRestrictedToRootUsers.yaml) | | 7818 | CKV2_OCI_5 | resource | oci_containerengine_node_pool | Ensure Kubernetes Engine Cluster boot volume is configured with in-transit data encryption | Terraform | [OCI_K8EngineClusterBootVolConfigInTransitEncryption.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_K8EngineClusterBootVolConfigInTransitEncryption.yaml) | | 7819 | CKV2_OCI_6 | resource | oci_containerengine_cluster | Ensure Kubernetes Engine Cluster pod security policy is enforced | Terraform | [OCI_K8EngineClusterPodSecPolicyEnforced.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_K8EngineClusterPodSecPolicyEnforced.yaml) | | 7820 | CKV_OPENAPI_1 | resource | securityDefinitions | Ensure that securityDefinitions is defined and not empty - version 2.0 files | OpenAPI | [SecurityDefinitions.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityDefinitions.py) | | 7821 | CKV_OPENAPI_2 | resource | security | Ensure that if the security scheme is not of type 'oauth2', the array value must be empty - version 2.0 files | OpenAPI | [Oauth2SecurityRequirement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityRequirement.py) | | 7822 | CKV_OPENAPI_3 | resource | components | Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files | OpenAPI | [CleartextOverUnencryptedChannel.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v3/CleartextOverUnencryptedChannel.py) | | 7823 | CKV_OPENAPI_4 | resource | security | Ensure that the global security field has rules defined | OpenAPI | [GlobalSecurityFieldIsEmpty.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/GlobalSecurityFieldIsEmpty.py) | | 7824 | CKV_OPENAPI_5 | resource | security | Ensure that security operations is not empty. | OpenAPI | [SecurityOperations.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/SecurityOperations.py) | | 7825 | CKV_OPENAPI_6 | resource | security | Ensure that security requirement defined in securityDefinitions - version 2.0 files | OpenAPI | [SecurityRequirement.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityRequirement.py) | | 7826 | CKV_OPENAPI_7 | resource | security | Ensure that the path scheme does not support unencrypted HTTP connection where all transmissions are open to interception- version 2.0 files | OpenAPI | [PathSchemeDefineHTTP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/PathSchemeDefineHTTP.py) | | 7827 | CKV_OPENAPI_8 | resource | security | Ensure that security is not using 'password' flow in OAuth2 authentication - version 2.0 files | OpenAPI | [Oauth2SecurityPasswordFlow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityPasswordFlow.py) | | 7828 | CKV_OPENAPI_9 | resource | paths | Ensure that security scopes of operations are defined in securityDefinitions - version 2.0 files | OpenAPI | [OperationObjectSecurityScopeUndefined.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectSecurityScopeUndefined.py) | | 7829 | CKV_OPENAPI_10 | resource | paths | Ensure that operation object does not use 'password' flow in OAuth2 authentication - version 2.0 files | OpenAPI | [Oauth2OperationObjectPasswordFlow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2OperationObjectPasswordFlow.py) | | 7830 | CKV_OPENAPI_11 | resource | securityDefinitions | Ensure that operation object does not use 'password' flow in OAuth2 authentication - version 2.0 files | OpenAPI | [Oauth2SecurityDefinitionPasswordFlow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionPasswordFlow.py) | | 7831 | CKV_OPENAPI_12 | resource | securityDefinitions | Ensure no security definition is using implicit flow on OAuth2, which is deprecated - version 2.0 files | OpenAPI | [Oauth2SecurityDefinitionImplicitFlow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionImplicitFlow.py) | | 7832 | CKV_OPENAPI_13 | resource | securityDefinitions | Ensure security definitions do not use basic auth - version 2.0 files | OpenAPI | [SecurityDefinitionBasicAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityDefinitionBasicAuth.py) | | 7833 | CKV_OPENAPI_14 | resource | paths | Ensure that operation objects do not use 'implicit' flow, which is deprecated - version 2.0 files | OpenAPI | [OperationObjectImplicitFlow.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectImplicitFlow.py) | | 7834 | CKV_OPENAPI_15 | resource | paths | Ensure that operation objects do not use basic auth - version 2.0 files | OpenAPI | [OperationObjectBasicAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectBasicAuth.py) | | 7835 | CKV_OPENAPI_16 | resource | paths | Ensure that operation objects have 'produces' field defined for GET operations - version 2.0 files | OpenAPI | [OperationObjectProducesUndefined.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectProducesUndefined.py) | | 7836 | CKV_OPENAPI_17 | resource | paths | Ensure that operation objects have 'consumes' field defined for PUT, POST and PATCH operations - version 2.0 files | OpenAPI | [OperationObjectConsumesUndefined.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectConsumesUndefined.py) | | 7837 | CKV_OPENAPI_18 | resource | schemes | Ensure that global schemes use 'https' protocol instead of 'http'- version 2.0 files | OpenAPI | [GlobalSchemeDefineHTTP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSchemeDefineHTTP.py) | | 7838 | CKV_OPENAPI_19 | resource | security | Ensure that global security scope is defined in securityDefinitions - version 2.0 files | OpenAPI | [GlobalSecurityScopeUndefined.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSecurityScopeUndefined.py) | | 7839 | CKV_OPENAPI_20 | resource | paths | Ensure that API keys are not sent over cleartext | OpenAPI | [ClearTextAPIKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/ClearTextAPIKey.py) | | 7840 | CKV_OPENAPI_21 | resource | paths | Ensure that arrays have a maximum number of items | OpenAPI | [NoMaximumNumberItems.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/NoMaximumNumberItems.py) | | 7841 | CKV_OPENSTACK_1 | provider | openstack | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider | Terraform | [credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/provider/openstack/credentials.py) | | 7842 | CKV_OPENSTACK_2 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress22.py) | | 7843 | CKV_OPENSTACK_2 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | [SecurityGroupUnrestrictedIngress22.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress22.py) | | 7844 | CKV_OPENSTACK_3 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress3389.py) | | 7845 | CKV_OPENSTACK_3 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | [SecurityGroupUnrestrictedIngress3389.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/openstack/SecurityGroupUnrestrictedIngress3389.py) | | 7846 | CKV_OPENSTACK_4 | resource | openstack_compute_instance_v2 | Ensure that instance does not use basic credentials | Terraform | [ComputeInstanceAdminPassword.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/openstack/ComputeInstanceAdminPassword.py) | | 7847 | CKV_OPENSTACK_5 | resource | openstack_fw_rule_v1 | Ensure firewall rule set a destination IP | Terraform | [FirewallRuleSetDestinationIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/openstack/FirewallRuleSetDestinationIP.py) | | 7848 | CKV_PAN_1 | provider | panos | Ensure no hard coded PAN-OS credentials exist in provider | Terraform | [credentials.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/provider/panos/credentials.py) | | 7849 | CKV_PAN_2 | resource | panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Terraform | [InterfaceMgmtProfileNoHTTP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/InterfaceMgmtProfileNoHTTP.py) | | 7850 | CKV_PAN_2 | resource | tasks.paloaltonetworks.panos.panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Ansible | [PanosInterfaceMgmtProfileNoHTTP.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosInterfaceMgmtProfileNoHTTP.yaml) | | 7851 | CKV_PAN_3 | resource | panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Terraform | [InterfaceMgmtProfileNoTelnet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/InterfaceMgmtProfileNoTelnet.py) | | 7852 | CKV_PAN_3 | resource | tasks.paloaltonetworks.panos.panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Ansible | [PanosInterfaceMgmtProfileNoTelnet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosInterfaceMgmtProfileNoTelnet.yaml) | | 7853 | CKV_PAN_4 | resource | panos_security_policy | Ensure DSRI is not enabled within security policies | Terraform | [PolicyNoDSRI.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoDSRI.py) | | 7854 | CKV_PAN_4 | resource | panos_security_rule_group | Ensure DSRI is not enabled within security policies | Terraform | [PolicyNoDSRI.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoDSRI.py) | | 7855 | CKV_PAN_4 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure DSRI is not enabled within security policies | Ansible | [PanosPolicyNoDSRI.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyNoDSRI.yaml) | | 7856 | CKV_PAN_5 | resource | panos_security_policy | Ensure security rules do not have 'applications' set to 'any' | Terraform | [PolicyNoApplicationAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoApplicationAny.py) | | 7857 | CKV_PAN_5 | resource | panos_security_rule_group | Ensure security rules do not have 'applications' set to 'any' | Terraform | [PolicyNoApplicationAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoApplicationAny.py) | | 7858 | CKV_PAN_5 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure security rules do not have 'application' set to 'any' | Ansible | [PanosPolicyNoApplicationAny.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyNoApplicationAny.yaml) | | 7859 | CKV_PAN_6 | resource | panos_security_policy | Ensure security rules do not have 'services' set to 'any' | Terraform | [PolicyNoServiceAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoServiceAny.py) | | 7860 | CKV_PAN_6 | resource | panos_security_rule_group | Ensure security rules do not have 'services' set to 'any' | Terraform | [PolicyNoServiceAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoServiceAny.py) | | 7861 | CKV_PAN_6 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure security rules do not have 'service' set to 'any' | Ansible | [PanosPolicyNoServiceAny.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyNoServiceAny.yaml) | | 7862 | CKV_PAN_7 | resource | panos_security_policy | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | [PolicyNoSrcAnyDstAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoSrcAnyDstAny.py) | | 7863 | CKV_PAN_7 | resource | panos_security_rule_group | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | [PolicyNoSrcAnyDstAny.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyNoSrcAnyDstAny.py) | | 7864 | CKV_PAN_7 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure security rules do not have 'source_ip' and 'destination_ip' both containing values of 'any' | Ansible | [PanosPolicyNoSrcAnyDstAny.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyNoSrcAnyDstAny.yaml) | | 7865 | CKV_PAN_8 | resource | panos_security_policy | Ensure description is populated within security policies | Terraform | [PolicyDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyDescription.py) | | 7866 | CKV_PAN_8 | resource | panos_security_rule_group | Ensure description is populated within security policies | Terraform | [PolicyDescription.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyDescription.py) | | 7867 | CKV_PAN_8 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure description is populated within security policies | Ansible | [PanosPolicyDescription.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyDescription.yaml) | | 7868 | CKV_PAN_9 | resource | panos_security_policy | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | [PolicyLogForwarding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyLogForwarding.py) | | 7869 | CKV_PAN_9 | resource | panos_security_rule_group | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | [PolicyLogForwarding.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyLogForwarding.py) | | 7870 | CKV_PAN_9 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure a Log Forwarding Profile is selected for each security policy rule | Ansible | [PanosPolicyLogForwarding.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyLogForwarding.yaml) | | 7871 | CKV_PAN_10 | resource | panos_security_policy | Ensure logging at session end is enabled within security policies | Terraform | [PolicyLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyLoggingEnabled.py) | | 7872 | CKV_PAN_10 | resource | panos_security_rule_group | Ensure logging at session end is enabled within security policies | Terraform | [PolicyLoggingEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/PolicyLoggingEnabled.py) | | 7873 | CKV_PAN_10 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure logging at session end is enabled within security policies | Ansible | [PanosPolicyLoggingEnabled.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyLoggingEnabled.yaml) | | 7874 | CKV_PAN_11 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | [NetworkIPsecAlgorithms.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/NetworkIPsecAlgorithms.py) | | 7875 | CKV_PAN_11 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | [NetworkIPsecAlgorithms.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/NetworkIPsecAlgorithms.py) | | 7876 | CKV_PAN_12 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | [NetworkIPsecAuthAlgorithms.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/NetworkIPsecAuthAlgorithms.py) | | 7877 | CKV_PAN_12 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | [NetworkIPsecAuthAlgorithms.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/NetworkIPsecAuthAlgorithms.py) | | 7878 | CKV_PAN_12 | resource | tasks.paloaltonetworks.panos.panos_ipsec_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Ansible | [PanosIPsecAuthenticationAlgorithms.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosIPsecAuthenticationAlgorithms.yaml) | | 7879 | CKV_PAN_13 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | [NetworkIPsecProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/NetworkIPsecProtocols.py) | | 7880 | CKV_PAN_13 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | [NetworkIPsecProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/NetworkIPsecProtocols.py) | | 7881 | CKV_PAN_13 | resource | tasks.paloaltonetworks.panos.panos_ipsec_profile | Ensure IPsec profiles do not specify use of insecure protocols | Ansible | [PanosIPsecProtocols.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosIPsecProtocols.yaml) | | 7882 | CKV_PAN_14 | resource | panos_panorama_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | [ZoneProtectionProfile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/ZoneProtectionProfile.py) | | 7883 | CKV_PAN_14 | resource | panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | [ZoneProtectionProfile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/ZoneProtectionProfile.py) | | 7884 | CKV_PAN_14 | resource | panos_zone_entry | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | [ZoneProtectionProfile.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/ZoneProtectionProfile.py) | | 7885 | CKV_PAN_14 | resource | tasks.paloaltonetworks.panos.panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Ansible | [PanosZoneProtectionProfile.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosZoneProtectionProfile.yaml) | | 7886 | CKV_PAN_15 | resource | panos_panorama_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | [ZoneUserIDIncludeACL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/ZoneUserIDIncludeACL.py) | | 7887 | CKV_PAN_15 | resource | panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | [ZoneUserIDIncludeACL.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/panos/ZoneUserIDIncludeACL.py) | | 7888 | CKV_PAN_15 | resource | tasks.paloaltonetworks.panos.panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Ansible | [PanosZoneUserIDIncludeACL.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosZoneUserIDIncludeACL.yaml) | | 7889 | CKV_PAN_16 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure logging at session start is disabled within security policies except for troubleshooting and long lived GRE tunnels | Ansible | [PanosPolicyLogSessionStart.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyLogSessionStart.yaml) | | 7890 | CKV_PAN_17 | resource | tasks.paloaltonetworks.panos.panos_security_rule | Ensure security rules do not have 'source_zone' and 'destination_zone' both containing values of 'any' | Ansible | [PanosPolicyNoSrcZoneAnyNoDstZoneAny.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/ansible/checks/graph_checks/PanosPolicyNoSrcZoneAnyNoDstZoneAny.yaml) | | 7891 | CKV_SECRET_1 | Artifactory Credentials | secrets | Artifactory Credentials | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7892 | CKV_SECRET_2 | AWS Access Key | secrets | AWS Access Key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7893 | CKV_SECRET_3 | Azure Storage Account access key | secrets | Azure Storage Account access key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7894 | CKV_SECRET_4 | Basic Auth Credentials | secrets | Basic Auth Credentials | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7895 | CKV_SECRET_5 | Cloudant Credentials | secrets | Cloudant Credentials | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7896 | CKV_SECRET_6 | Base64 High Entropy String | secrets | Base64 High Entropy String | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7897 | CKV_SECRET_7 | IBM Cloud IAM Key | secrets | IBM Cloud IAM Key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7898 | CKV_SECRET_8 | IBM COS HMAC Credentials | secrets | IBM COS HMAC Credentials | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7899 | CKV_SECRET_9 | JSON Web Token | secrets | JSON Web Token | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7900 | CKV_SECRET_11 | Mailchimp Access Key | secrets | Mailchimp Access Key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7901 | CKV_SECRET_12 | NPM tokens | secrets | NPM tokens | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7902 | CKV_SECRET_13 | Private Key | secrets | Private Key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7903 | CKV_SECRET_14 | Slack Token | secrets | Slack Token | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7904 | CKV_SECRET_15 | SoftLayer Credentials | secrets | SoftLayer Credentials | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7905 | CKV_SECRET_16 | Square OAuth Secret | secrets | Square OAuth Secret | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7906 | CKV_SECRET_17 | Stripe Access Key | secrets | Stripe Access Key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7907 | CKV_SECRET_18 | Twilio API Key | secrets | Twilio API Key | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7908 | CKV_SECRET_19 | Hex High Entropy String | secrets | Hex High Entropy String | secrets | [policy_metadata_integration.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/integration_features/features/policy_metadata_integration.py) | | 7909 | CKV_TC_1 | resource | tencentcloud_cbs_storage | Ensure Tencent Cloud CBS is encrypted | Terraform | [CBSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CBSEncryption.py) | | 7910 | CKV_TC_2 | resource | tencentcloud_instance | Ensure Tencent Cloud CVM instance does not allocate a public IP | Terraform | [CVMAllocatePublicIp.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CVMAllocatePublicIp.py) | | 7911 | CKV_TC_3 | resource | tencentcloud_instance | Ensure Tencent Cloud CVM monitor service is enabled | Terraform | [CVMDisableMonitorService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CVMDisableMonitorService.py) | | 7912 | CKV_TC_4 | resource | tencentcloud_instance | Ensure Tencent Cloud CVM instances do not use the default security group | Terraform | [CVMUseDefaultSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CVMUseDefaultSecurityGroup.py) | | 7913 | CKV_TC_5 | resource | tencentcloud_instance | Ensure Tencent Cloud CVM instances do not use the default VPC | Terraform | [CVMUseDefaultVPC.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CVMUseDefaultVPC.py) | | 7914 | CKV_TC_6 | resource | tencentcloud_kubernetes_cluster | Ensure Tencent Cloud TKE clusters enable log agent | Terraform | [TKELogAgentEnabled.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/TKELogAgentEnabled.py) | | 7915 | CKV_TC_7 | resource | tencentcloud_kubernetes_cluster | Ensure Tencent Cloud TKE cluster is not assigned a public IP address | Terraform | [TKEPublicIpAssigned.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/TKEPublicIpAssigned.py) | | 7916 | CKV_TC_8 | resource | tencentcloud_security_group_rule_set | Ensure Tencent Cloud VPC security group rules do not accept all traffic | Terraform | [VPCSecurityGroupRuleSet.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/VPCSecurityGroupRuleSet.py) | | 7917 | CKV_TC_9 | resource | tencentcloud_mysql_instance | Ensure Tencent Cloud mysql instances do not enable access from public networks | Terraform | [CDBInternetService.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CDBInternetService.py) | | 7918 | CKV_TC_10 | resource | tencentcloud_mysql_instance | Ensure Tencent Cloud MySQL instances intranet ports are not set to the default 3306 | Terraform | [CDBIntranetPort.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CDBIntranetPort.py) | | 7919 | CKV_TC_11 | resource | tencentcloud_clb_instance | Ensure Tencent Cloud CLB has a logging ID and topic | Terraform | [CLBInstanceLog.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CLBInstanceLog.py) | | 7920 | CKV_TC_12 | resource | tencentcloud_clb_listener | Ensure Tencent Cloud CLBs use modern, encrypted protocols | Terraform | [CLBListenerProtocol.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CLBListenerProtocol.py) | | 7921 | CKV_TC_13 | resource | tencentcloud_instance | Ensure Tencent Cloud CVM user data does not contain sensitive information | Terraform | [CVMUserData.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/CVMUserData.py) | | 7922 | CKV_TC_14 | resource | tencentcloud_vpc_flow_log_config | Ensure Tencent Cloud VPC flow logs are enabled | Terraform | [VPCFlowLogConfigEnable.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/tencentcloud/VPCFlowLogConfigEnable.py) | | 7923 | CKV_TF_1 | module | module | Ensure Terraform module sources use a commit hash | Terraform | [RevisionHash.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/module/generic/RevisionHash.py) | | 7924 | CKV_TF_2 | module | module | Ensure Terraform module sources use a tag with a version number | Terraform | [RevisionVersionTag.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/module/generic/RevisionVersionTag.py) | | 7925 | CKV_YC_1 | resource | yandex_mdb_clickhouse_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7926 | CKV_YC_1 | resource | yandex_mdb_elasticsearch_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7927 | CKV_YC_1 | resource | yandex_mdb_greenplum_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7928 | CKV_YC_1 | resource | yandex_mdb_kafka_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7929 | CKV_YC_1 | resource | yandex_mdb_mongodb_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7930 | CKV_YC_1 | resource | yandex_mdb_mysql_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7931 | CKV_YC_1 | resource | yandex_mdb_postgresql_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7932 | CKV_YC_1 | resource | yandex_mdb_redis_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7933 | CKV_YC_1 | resource | yandex_mdb_sqlserver_cluster | Ensure security group is assigned to database cluster. | Terraform | [MDBSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBSecurityGroup.py) | | 7934 | CKV_YC_2 | resource | yandex_compute_instance | Ensure compute instance does not have public IP. | Terraform | [ComputeVMPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ComputeVMPublicIP.py) | | 7935 | CKV_YC_3 | resource | yandex_storage_bucket | Ensure storage bucket is encrypted. | Terraform | [ObjectStorageBucketEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ObjectStorageBucketEncryption.py) | | 7936 | CKV_YC_4 | resource | yandex_compute_instance | Ensure compute instance does not have serial console enabled. | Terraform | [ComputeVMSerialConsole.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ComputeVMSerialConsole.py) | | 7937 | CKV_YC_5 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster does not have public IP address. | Terraform | [K8SPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SPublicIP.py) | | 7938 | CKV_YC_6 | resource | yandex_kubernetes_node_group | Ensure Kubernetes cluster node group does not have public IP addresses. | Terraform | [K8SNodeGroupPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SNodeGroupPublicIP.py) | | 7939 | CKV_YC_7 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster auto-upgrade is enabled. | Terraform | [K8SAutoUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SAutoUpgrade.py) | | 7940 | CKV_YC_8 | resource | yandex_kubernetes_node_group | Ensure Kubernetes node group auto-upgrade is enabled. | Terraform | [K8SNodeGroupAutoUpgrade.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SNodeGroupAutoUpgrade.py) | | 7941 | CKV_YC_9 | resource | yandex_kms_symmetric_key | Ensure KMS symmetric key is rotated. | Terraform | [KMSSymmetricKeyRotation.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/KMSSymmetricKeyRotation.py) | | 7942 | CKV_YC_10 | resource | yandex_kubernetes_cluster | Ensure etcd database is encrypted with KMS key. | Terraform | [K8SEtcdKMSEncryption.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SEtcdKMSEncryption.py) | | 7943 | CKV_YC_11 | resource | yandex_compute_instance | Ensure security group is assigned to network interface. | Terraform | [ComputeVMSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ComputeVMSecurityGroup.py) | | 7944 | CKV_YC_12 | resource | yandex_mdb_clickhouse_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7945 | CKV_YC_12 | resource | yandex_mdb_elasticsearch_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7946 | CKV_YC_12 | resource | yandex_mdb_greenplum_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7947 | CKV_YC_12 | resource | yandex_mdb_kafka_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7948 | CKV_YC_12 | resource | yandex_mdb_mongodb_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7949 | CKV_YC_12 | resource | yandex_mdb_mysql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7950 | CKV_YC_12 | resource | yandex_mdb_postgresql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7951 | CKV_YC_12 | resource | yandex_mdb_sqlserver_cluster | Ensure public IP is not assigned to database cluster. | Terraform | [MDBPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/MDBPublicIP.py) | | 7952 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure cloud member does not have elevated access. | Terraform | [IAMCloudElevatedMembers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMCloudElevatedMembers.py) | | 7953 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_member | Ensure cloud member does not have elevated access. | Terraform | [IAMCloudElevatedMembers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMCloudElevatedMembers.py) | | 7954 | CKV_YC_14 | resource | yandex_kubernetes_cluster | Ensure security group is assigned to Kubernetes cluster. | Terraform | [K8SSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SSecurityGroup.py) | | 7955 | CKV_YC_15 | resource | yandex_kubernetes_node_group | Ensure security group is assigned to Kubernetes node group. | Terraform | [K8SNodeGroupSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SNodeGroupSecurityGroup.py) | | 7956 | CKV_YC_16 | resource | yandex_kubernetes_cluster | Ensure network policy is assigned to Kubernetes cluster. | Terraform | [K8SNetworkPolicy.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/K8SNetworkPolicy.py) | | 7957 | CKV_YC_17 | resource | yandex_storage_bucket | Ensure storage bucket does not have public access permissions. | Terraform | [ObjectStorageBucketPublicAccess.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ObjectStorageBucketPublicAccess.py) | | 7958 | CKV_YC_18 | resource | yandex_compute_instance_group | Ensure compute instance group does not have public IP. | Terraform | [ComputeInstanceGroupPublicIP.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ComputeInstanceGroupPublicIP.py) | | 7959 | CKV_YC_19 | resource | yandex_vpc_security_group | Ensure security group does not contain allow-all rules. | Terraform | [VPCSecurityGroupAllowAll.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/VPCSecurityGroupAllowAll.py) | | 7960 | CKV_YC_20 | resource | yandex_vpc_security_group_rule | Ensure security group rule is not allow-all. | Terraform | [VPCSecurityGroupRuleAllowAll.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/VPCSecurityGroupRuleAllowAll.py) | | 7961 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_binding | Ensure organization member does not have elevated access. | Terraform | [IAMOrganizationElevatedMembers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMOrganizationElevatedMembers.py) | | 7962 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_member | Ensure organization member does not have elevated access. | Terraform | [IAMOrganizationElevatedMembers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMOrganizationElevatedMembers.py) | | 7963 | CKV_YC_22 | resource | yandex_compute_instance_group | Ensure compute instance group has security group assigned. | Terraform | [ComputeInstanceGroupSecurityGroup.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/ComputeInstanceGroupSecurityGroup.py) | | 7964 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_binding | Ensure folder member does not have elevated access. | Terraform | [IAMFolderElevatedMembers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMFolderElevatedMembers.py) | | 7965 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_member | Ensure folder member does not have elevated access. | Terraform | [IAMFolderElevatedMembers.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMFolderElevatedMembers.py) | | 7966 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | [IAMPassportAccountUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py) | | 7967 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | [IAMPassportAccountUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py) | | 7968 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | [IAMPassportAccountUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py) | | 7969 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | [IAMPassportAccountUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py) | | 7970 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | [IAMPassportAccountUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py) | | 7971 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | [IAMPassportAccountUsage.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/yandexcloud/IAMPassportAccountUsage.py) | ---