Path	Lines of Code
src/index.ts	9
src/nag-pack.ts	217
src/nag-rules.ts	31
src/nag-suppressions.ts	109
src/packs/aws-solutions.ts	1262
src/packs/hipaa-security.ts	919
src/packs/nist-800-53-r4.ts	729
src/packs/nist-800-53-r5.ts	869
src/packs/pci-dss-321.ts	730
src/rules/apigw/APIGWAccessLogging.ts	38
src/rules/apigw/APIGWAssociatedWithWAF.ts	67
src/rules/apigw/APIGWAuthorization.ts	26
src/rules/apigw/APIGWCacheEnabledAndEncrypted.ts	35
src/rules/apigw/APIGWExecutionLoggingEnabled.ts	35
src/rules/apigw/APIGWRequestValidation.ts	44
src/rules/apigw/APIGWSSLEnabled.ts	18
src/rules/apigw/APIGWXrayEnabled.ts	22
src/rules/apigw/index.ts	8
src/rules/appsync/AppSyncGraphQLRequestLogging.ts	29
src/rules/appsync/index.ts	1
src/rules/athena/AthenaWorkgroupEncryptedQueryResults.ts	73
src/rules/athena/index.ts	1
src/rules/autoscaling/AutoScalingGroupCooldownPeriod.ts	19
src/rules/autoscaling/AutoScalingGroupELBHealthCheckRequired.ts	33
src/rules/autoscaling/AutoScalingGroupHealthCheck.ts	30
src/rules/autoscaling/AutoScalingGroupScalingNotifications.ts	35
src/rules/autoscaling/AutoScalingLaunchConfigPublicIpDisabled.ts	22
src/rules/autoscaling/index.ts	5
src/rules/cloud9/Cloud9InstanceNoIngressSystemsManager.ts	22
src/rules/cloud9/index.ts	1
src/rules/cloudfront/CloudFrontDistributionAccessLogging.ts	37
src/rules/cloudfront/CloudFrontDistributionGeoRestrictions.ts	35
src/rules/cloudfront/CloudFrontDistributionNoOutdatedSSL.ts	58
src/rules/cloudfront/CloudFrontDistributionS3OriginAccessIdentity.ts	57
src/rules/cloudfront/CloudFrontDistributionWAFIntegration.ts	21
src/rules/cloudfront/index.ts	5
src/rules/cloudtrail/CloudTrailCloudWatchLogsEnabled.ts	19
src/rules/cloudtrail/CloudTrailEncryptionEnabled.ts	19
src/rules/cloudtrail/CloudTrailLogFileValidationEnabled.ts	22
src/rules/cloudtrail/index.ts	3
src/rules/cloudwatch/CloudWatchAlarmAction.ts	34
src/rules/cloudwatch/CloudWatchLogGroupEncrypted.ts	18
src/rules/cloudwatch/CloudWatchLogGroupRetentionPeriod.ts	18
src/rules/cloudwatch/index.ts	3
src/rules/codebuild/CodeBuildProjectEnvVarAwsCred.ts	31
src/rules/codebuild/CodeBuildProjectKMSEncryptedArtifacts.ts	22
src/rules/codebuild/CodeBuildProjectManagedImages.ts	20
src/rules/codebuild/CodeBuildProjectPrivilegedModeDisabled.ts	23
src/rules/codebuild/CodeBuildProjectSourceRepoUrl.ts	28
src/rules/codebuild/index.ts	5
src/rules/cognito/CognitoUserPoolAPIGWAuthorizer.ts	18
src/rules/cognito/CognitoUserPoolAdvancedSecurityModeEnforced.ts	29
src/rules/cognito/CognitoUserPoolMFA.ts	22
src/rules/cognito/CognitoUserPoolNoUnauthenticatedLogins.ts	22
src/rules/cognito/CognitoUserPoolStrongPasswordPolicy.ts	51
src/rules/cognito/index.ts	5
src/rules/dms/DMSReplicationNotPublic.ts	22
src/rules/dms/index.ts	1
src/rules/documentdb/DocumentDBClusterBackupRetentionPeriod.ts	22
src/rules/documentdb/DocumentDBClusterEncryptionAtRest.ts	25
src/rules/documentdb/DocumentDBClusterLogExports.ts	24
src/rules/documentdb/DocumentDBClusterNonDefaultPort.ts	19
src/rules/documentdb/DocumentDBCredentialsInSecretsManager.ts	29
src/rules/documentdb/index.ts	5
src/rules/dynamodb/DAXEncrypted.ts	26
src/rules/dynamodb/DynamoDBAutoScalingEnabled.ts	103
src/rules/dynamodb/DynamoDBInBackupPlan.ts	56
src/rules/dynamodb/DynamoDBPITREnabled.ts	28
src/rules/dynamodb/index.ts	4
src/rules/ec2/EC2EBSInBackupPlan.ts	48
src/rules/ec2/EC2EBSOptimizedInstance.ts	45
src/rules/ec2/EC2EBSVolumeEncrypted.ts	19
src/rules/ec2/EC2InstanceDetailedMonitoringEnabled.ts	29
src/rules/ec2/EC2InstanceNoPublicIp.ts	28
src/rules/ec2/EC2InstanceProfileAttached.ts	18
src/rules/ec2/EC2InstanceTerminationProtection.ts	22
src/rules/ec2/EC2InstancesInVPC.ts	19
src/rules/ec2/EC2RestrictedCommonPorts.ts	65
src/rules/ec2/EC2RestrictedInbound.ts	48
src/rules/ec2/EC2RestrictedSSH.ts	80
src/rules/ec2/EC2SecurityGroupDescription.ts	22
src/rules/ec2/index.ts	12
src/rules/ecr/ECROpenAccess.ts	44
src/rules/ecr/index.ts	1
src/rules/ecs/ECSClusterCloudWatchContainerInsights.ts	35
src/rules/ecs/ECSTaskDefinitionContainerLogging.ts	32
src/rules/ecs/ECSTaskDefinitionUserForHostMode.ts	44
src/rules/ecs/index.ts	3
src/rules/efs/EFSEncrypted.ts	19
src/rules/efs/EFSInBackupPlan.ts	50
src/rules/efs/index.ts	2
src/rules/elasticache/ElastiCacheClusterInVPC.ts	24
src/rules/elasticache/ElastiCacheClusterNonDefaultPort.ts	38
src/rules/elasticache/ElastiCacheRedisClusterAutomaticBackup.ts	35
src/rules/elasticache/ElastiCacheRedisClusterEncryption.ts	32
src/rules/elasticache/ElastiCacheRedisClusterMultiAZ.ts	22
src/rules/elasticache/ElastiCacheRedisClusterRedisAuth.ts	18
src/rules/elasticache/index.ts	6
src/rules/elasticbeanstalk/ElasticBeanstalkEC2InstanceLogsToS3.ts	37
src/rules/elasticbeanstalk/ElasticBeanstalkEnhancedHealthReportingEnabled.ts	37
src/rules/elasticbeanstalk/ElasticBeanstalkManagedUpdatesEnabled.ts	49
src/rules/elasticbeanstalk/ElasticBeanstalkVPCSpecified.ts	37
src/rules/elasticbeanstalk/index.ts	4
src/rules/elb/ALBHttpDropInvalidHeaderEnabled.ts	28
src/rules/elb/ALBHttpToHttpsRedirection.ts	29
src/rules/elb/ALBWAFEnabled.ts	51
src/rules/elb/CLBConnectionDraining.ts	27
src/rules/elb/CLBNoInboundHttpHttps.ts	29
src/rules/elb/ELBACMCertificateRequired.ts	33
src/rules/elb/ELBCrossZoneLoadBalancingEnabled.ts	32
src/rules/elb/ELBDeletionProtectionEnabled.ts	35
src/rules/elb/ELBLoggingEnabled.ts	36
src/rules/elb/ELBTlsHttpsListenersOnly.ts	46
src/rules/elb/ELBv2ACMCertificateRequired.ts	30
src/rules/elb/index.ts	11
src/rules/emr/EMRAuthEC2KeyPairOrKerberos.ts	24
src/rules/emr/EMRKerberosEnabled.ts	21
src/rules/emr/EMRS3AccessLogging.ts	19
src/rules/emr/index.ts	3
src/rules/iam/IAMGroupHasUsers.ts	72
src/rules/iam/IAMNoInlinePolicy.ts	25
src/rules/iam/IAMNoManagedPolicies.ts	31
src/rules/iam/IAMNoWildcardPermissions.ts	43
src/rules/iam/IAMPolicyNoStatementsWithAdminAccess.ts	38
src/rules/iam/IAMPolicyNoStatementsWithFullAccess.ts	37
src/rules/iam/IAMUserGroupMembership.ts	19
src/rules/iam/IAMUserNoPolicies.ts	26
src/rules/iam/index.ts	8
src/rules/index.ts	41
src/rules/kinesis/KinesisDataAnalyticsFlinkCheckpointing.ts	49
src/rules/kinesis/KinesisDataFirehoseSSE.ts	21
src/rules/kinesis/KinesisDataStreamDefaultKeyWhenSSE.ts	21
src/rules/kinesis/KinesisDataStreamSSE.ts	19
src/rules/kinesis/index.ts	4
src/rules/kms/KMSBackingKeyRotationEnabled.ts	25
src/rules/kms/index.ts	1
src/rules/lambda/LambdaConcurrency.ts	25
src/rules/lambda/LambdaDLQ.ts	22
src/rules/lambda/LambdaInsideVPC.ts	27
src/rules/lambda/index.ts	3
src/rules/mediastore/MediaStoreCloudWatchMetricPolicy.ts	26
src/rules/mediastore/MediaStoreContainerAccessLogging.ts	22
src/rules/mediastore/MediaStoreContainerCORSPolicy.ts	19
src/rules/mediastore/MediaStoreContainerHasContainerPolicy.ts	19
src/rules/mediastore/MediaStoreContainerLifecyclePolicy.ts	19
src/rules/mediastore/index.ts	5
src/rules/msk/MSKBrokerLogging.ts	53
src/rules/msk/MSKBrokerToBrokerTLS.ts	30
src/rules/msk/MSKClientToBrokerTLS.ts	30
src/rules/msk/index.ts	3
src/rules/neptune/NeptuneClusterAutomaticMinorVersionUpgrade.ts	25
src/rules/neptune/NeptuneClusterBackupRetentionPeriod.ts	22
src/rules/neptune/NeptuneClusterEncryptionAtRest.ts	25
src/rules/neptune/NeptuneClusterIAMAuth.ts	25
src/rules/neptune/NeptuneClusterMultiAZ.ts	24
src/rules/neptune/index.ts	5
src/rules/opensearch/OpenSearchAllowlistedIPs.ts	32
src/rules/opensearch/OpenSearchDedicatedMasterNode.ts	42
src/rules/opensearch/OpenSearchEncryptedAtRest.ts	30
src/rules/opensearch/OpenSearchErrorLogsToCloudWatch.ts	28
src/rules/opensearch/OpenSearchInVPCOnly.ts	24
src/rules/opensearch/OpenSearchNoUnsignedOrAnonymousAccess.ts	34
src/rules/opensearch/OpenSearchNodeToNodeEncryption.ts	30
src/rules/opensearch/OpenSearchSlowLogsToCloudWatch.ts	36
src/rules/opensearch/OpenSearchZoneAwareness.ts	42
src/rules/opensearch/index.ts	9
src/rules/quicksight/QuicksightSSLConnections.ts	25
src/rules/quicksight/index.ts	1
src/rules/rds/AuroraMySQLBacktrack.ts	28
src/rules/rds/AuroraMySQLLogging.ts	41
src/rules/rds/AuroraMySQLPostgresIAMAuth.ts	27
src/rules/rds/RDSAutomaticMinorVersionUpgradeEnabled.ts	22
src/rules/rds/RDSEnhancedMonitoringEnabled.ts	22
src/rules/rds/RDSInBackupPlan.ts	48
src/rules/rds/RDSInstanceBackupEnabled.ts	22
src/rules/rds/RDSInstanceDeletionProtectionEnabled.ts	38
src/rules/rds/RDSInstancePublicAccess.ts	22
src/rules/rds/RDSLoggingEnabled.ts	55
src/rules/rds/RDSMultiAZSupport.ts	23
src/rules/rds/RDSNonDefaultPort.ts	64
src/rules/rds/RDSStorageEncrypted.ts	38
src/rules/rds/index.ts	13
src/rules/redshift/RedshiftBackupEnabled.ts	25
src/rules/redshift/RedshiftClusterAuditLogging.ts	19
src/rules/redshift/RedshiftClusterConfiguration.ts	20
src/rules/redshift/RedshiftClusterEncryptionAtRest.ts	22
src/rules/redshift/RedshiftClusterInVPC.ts	21
src/rules/redshift/RedshiftClusterMaintenanceSettings.ts	31
src/rules/redshift/RedshiftClusterNonDefaultPort.ts	19
src/rules/redshift/RedshiftClusterNonDefaultUsername.ts	22
src/rules/redshift/RedshiftClusterPublicAccess.ts	22
src/rules/redshift/RedshiftClusterUserActivityLogging.ts	54
src/rules/redshift/RedshiftClusterVersionUpgrade.ts	22
src/rules/redshift/RedshiftEnhancedVPCRoutingEnabled.ts	22
src/rules/redshift/RedshiftRequireTlsSSL.ts	60
src/rules/redshift/index.ts	13
src/rules/s3/S3BucketDefaultLockEnabled.ts	32
src/rules/s3/S3BucketLevelPublicAccessProhibited.ts	45
src/rules/s3/S3BucketLoggingEnabled.ts	23
src/rules/s3/S3BucketPublicReadProhibited.ts	42
src/rules/s3/S3BucketPublicWriteProhibited.ts	38
src/rules/s3/S3BucketReplicationEnabled.ts	31
src/rules/s3/S3BucketSSLRequestsOnly.ts	136
src/rules/s3/S3BucketServerSideEncryptionEnabled.ts	43
src/rules/s3/S3BucketVersioningEnabled.ts	25
src/rules/s3/S3DefaultEncryptionKMS.ts	40
src/rules/s3/index.ts	10
src/rules/sagemaker/SageMakerEndpointConfigurationKMSKeyConfigured.ts	19
src/rules/sagemaker/SageMakerNotebookInVPC.ts	19
src/rules/sagemaker/SageMakerNotebookInstanceKMSKeyConfigured.ts	19
src/rules/sagemaker/SageMakerNotebookNoDirectInternetAccess.ts	25
src/rules/sagemaker/index.ts	4
src/rules/secretsmanager/SecretsManagerRotationEnabled.ts	105
src/rules/secretsmanager/SecretsManagerUsingKMSKey.ts	19
src/rules/secretsmanager/index.ts	2
src/rules/sns/SNSEncryptedKMS.ts	19
src/rules/sns/index.ts	1
src/rules/sqs/SQSQueueDLQ.ts	19
src/rules/sqs/SQSQueueSSE.ts	19
src/rules/sqs/index.ts	2
src/rules/stepfunctions/StepFunctionStateMachineAllLogsToCloudWatch.ts	28
src/rules/stepfunctions/StepFunctionStateMachineXray.ts	28
src/rules/stepfunctions/index.ts	2
src/rules/timestream/TimestreamDatabaseCustomerManagedKey.ts	18
src/rules/timestream/index.ts	1
src/rules/vpc/VPCDefaultSecurityGroupClosed.ts	15
src/rules/vpc/VPCFlowLogsEnabled.ts	44
src/rules/vpc/VPCNoNACLs.ts	15
src/rules/vpc/VPCNoUnrestrictedRouteToIGW.ts	37
src/rules/vpc/VPCSubnetAutoAssignPublicIpDisabled.ts	29
src/rules/vpc/index.ts	5
src/rules/waf/WAFv2LoggingEnabled.ts	49
src/rules/waf/index.ts	1