| Set AMI to Private | AMI Is Public | None | No |
| Revoke Access to Untrusted Accounts | AMI Is Shared Externally | None | No |
| Enable EBS Encryption By Default | EBS Default Encryption Disabled | ec2:EnableEbsEncryptionByDefault | No |
| Remove Failed Security Groups | EC2 Instance Exposes an Administrative Port to Internet | None | No |
| Revoke Security Group Rules | EC2 Security Group References Itself | None | No |
| Release IP Address | Elastic IP Is Not In Use | None | No |
| Disable IAM Access Keys | IAM Access Key Should Be Rotated | None | No |
| Enforce Password Policy Compliance | IAM Account Does Not Have A Secure Password Policy | None | No |
| Enable Password Reuse Prevention | IAM Password Policy Does Not Prevent Reuse | None | No |
| Enable Minimum Password Length of 14 | IAM Password Policy Does Not Require Minimum Length of 14 or Greater | None | No |
| Disable IAM User | IAM User Has Access Key Without MFA Enforced | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |
| Disable IAM User | IAM User Has Access Key(s) That Are Publicly Available Online | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |
| Disable IAM User | IAM User Has Administrator Access With MFA Disabled | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |
| Disable IAM User | IAM User Has Risky Permissions | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |
| Disable IAM User | New IAM User Has Access Keys | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |
| Remove Failed Security Groups | Sensitive Ports are Exposed To Internet | None | No |
| Remove Failed Security Groups | Sensitive Ports On Windows System Exposed To Internet | None | No |
| Disable IAM User | Unused IAM User Credentials | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |
| Quarantine IAM User | Unused IAM User Credentials | None | No |
| Disable IAM User | User MFA not Enforced and Missing MFA Device | iam:DeleteLoginProfile,iam:UpdateAccessKey | No |