GKE cluster has an unsupported master node version
Google Kubernetes Engine (GKE) let you Deploy, manage, and scale containerized applications on Kubernetes. Orca has detected that {GcpGkeCluster} is...
Blog
Pub/Sub subscription without dead letter topic
It was detected that the subscription {GcpPubSubSubscription} is not using a dead letter topic. When a message can't be acknowledged,...
Route 53 Domain has Privacy Protection disabled
Route 53 domain {AwsRoute53Domain} does not have privacy protection enabled. Without privacy protection all contact information for the domain will...
KMS default keys in use
It was found that {AwsKmsKey} is an AWS-managed key, which is the default. Check AWS services to ensure the default...
DynamoDB table is not encrypted using customer-managed KMS key
DynamoDB table {AwsDynamodbTable} is encrypted using AWS-managed KMS key, instead of customer-managed KMS key
K8S API server configuration request-timeout is more the 60 seconds
Setting global request timeout allows extending the API server request timeout limit to a duration appropriate to the user's connection...
Security Hub is not enabled in all regions
AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your...
Kubernetes scheduler –profiling argument is not set to false
It was found that the argument --profiling in the Scheduler pod specification file is not set to False. Profiling is...
Kube-Proxy configuration file permissions are too permissive
It was found that the Kube-Proxy configuration file's permissions are too broad. Setting the file's permissions to be permissive might...