CloudQuery is now SOC 2 Type II Certified! Learn more ❯

CloudQuery

Back to reports list
aws
security
compliance

AWS Security Best Practices

Identify common AWS misconfigurations that violate best practices and put your environment at risk.

Report logo

About this report

Quickly discover common security misconfigurations that leave your AWS environment vulnerable to attack. Security teams gain a prioritized view of essential hardening actions across IAM, network, storage, and compute resources that will immediately improve your security posture.

AWS Security Best Practices

Key questions

  • What are my most urgent AWS security vulnerabilities?
  • Which AWS security best practices am I not following?
  • How can I reduce my attack surface in AWS?
  • Are my critical AWS resources properly secured?

Visualizations in the report

Root users without MFA Enabled

Identifies your most powerful credentials lacking critical protection. The root user can do anything in an AWS account, making MFA absolutely essential for these credentials.

Root users without MFA Enabled
S3 public buckets

Highlights storage that anyone on the internet can access. Prevent accidental data exposure by quickly finding and securing these vulnerable resources.

S3 public buckets
EBS unencrypted volumes

Maps storage volumes missing data protection. This visualization helps you find sensitive data that might be exposed if the underlying storage is compromised.

EBS unencrypted volumes
Publicly Accessible RDS Instances

Shows database servers exposed directly to the internet. Immediately identify these high-risk configurations that violate security best practices.

Publicly Accessible RDS Instances
Unencrypted RDS databases

Flags databases operating without data protection. Ensure sensitive information is protected from theft if backup files or snapshots are compromised.

Security groups allowing access from the public network

Reveals overly permissive network rules. Quickly find and fix firewall configurations that permit traffic from any IP address.

EC2 instances authorizing SSH from anywhere

Identifies servers with dangerously open administrative access. These configurations allow attackers to attempt brute-force attacks from anywhere on the internet.

CloudTrail trails without log validation enabled

Shows logging configurations vulnerable to tampering. Ensure the integrity of your security audit data by identifying logs that could be modified to hide attacker activity.

CloudTrail trails without log validation enabled
IAM inactive users

Lists dormant user accounts that should be disabled. Reduce your attack surface by cleaning up these unnecessary access points.

IAM inactive users
IAM unused roles

Highlights permission sets that aren't being utilized. These unnecessary permissions could be exploited if an account is compromised.

AWS Lambda functions with deprecated runtimes

Reveals serverless functions running outdated environments. Functions using deprecated runtimes often contain unpatched security vulnerabilities.

AWS Lambda functions with deprecated runtimes

Get a personalized demo

Book a demo and see how easy it is to get started with CloudQuery Reports. We'll walk you through connecting your data sources and show you the information that's available. Book a demo today for a complete overview of CloudQuery's Reporting tools.

Video thumbnail

© 2025 CloudQuery, Inc. All rights reserved.