| Bootstrapping | SYSTEM AND COMMUNICATIONS PROTECTION |
| Building Threat Protection Layers | PROGRAM MANAGEMENT |
| CloudTrail: CloudTrail is enabled in all regions | AUDIT AND ACCOUNTABILITY |
| CLOUDTRAIL: CloudTrail logs are encrypted at rest | SYSTEM AND COMMUNICATIONS PROTECTION |
| CLOUDTRAIL: CloudTrail logs are not publicly accessible - 'Review S3 Buckets | AUDIT AND ACCOUNTABILITY |
| CloudTrail: CloudWatch Logs - 'log group is configured' | AUDIT AND ACCOUNTABILITY |
| CLOUDTRAIL: Log file validation is enabled | AUDIT AND ACCOUNTABILITY |
| Conclusion | PROGRAM MANAGEMENT |
| Controlling Security for Public AMIs | SYSTEM AND COMMUNICATIONS PROTECTION |
| Creating Custom AMIs | SYSTEM AND COMMUNICATIONS PROTECTION |
| Cross-Account Access | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Decommission Data and Media Securely | MEDIA PROTECTION, PHYSICAL AND ENVIRONMENTAL PROTECTION |
| Define and Categorize Assets on AWS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Design Your ISMS to Protect Your Assets on AWS | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, MEDIA PROTECTION, PHYSICAL AND ENVIRONMENTAL PROTECTION, PROGRAM MANAGEMENT, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| EC2: DescribeAccountAttributes - 'default VPC' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeAccountAttributes - 'maximum security groups per interface' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeAccountAttributes - 'supported platforms' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeAddresses - 'Review list of interface assignments and private IPs' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeAddresses - 'Review list of public IPs' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeAvailabilityZones: 'Avalable availability zones list' | SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeAvailabilityZones: 'Impaired availability zones list' | SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeAvailabilityZones: 'Unavailable availability zones list' | SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeCustomerGateways - 'Review list of customer gateways' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeDhcpOptions - 'DHCP DNS Servers' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeDhcpOptions - 'DHCP domains' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeInstances - 'Review list of current VPCs and their platforms' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstances - 'Review list of current VPCs and their status' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstances - 'Verify that monitoring is enabled' | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| EC2: DescribeInstances - 'Verify the architecture of instances' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| EC2: DescribeInstances - 'Verify the private IP addresses of instances' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeInstances - 'Verify the public IP addresses of instances' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeInstances - 'Verify the root device of instances' | |
| EC2: DescribeInstances - 'Verify the security group of instances in the VPC' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeInstanceStatus - 'Review instances with impaired system status' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review instances with impared instance status' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review instances with insufficient-data instance status' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review instances with insufficient-data system status' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review pending instances' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review shutting down instances' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review status of instances' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review stopped instances' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInstanceStatus - 'Review terminated instances' | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeInternetGateways - 'Review list of internet gateways' | SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeKeyPairs - 'Key names currently in use' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| EC2: DescribeNetworkAcls - 'Review list of network ACLs' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribePlacementGroups - 'Placement groups currently in use' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribePlacementGroups - 'Placement groups deleted or deleting' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribePlacementGroups - 'Placement groups pending' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| EC2: DescribeRegions - 'Regions that are currently available' | SYSTEM AND SERVICES ACQUISITION |
| EC2: DescribeRouteTables - 'Review manually added routes' | SYSTEM AND COMMUNICATIONS PROTECTION |
