.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Overview
DSALTA connects to Amazon Web Services (AWS) using read-only API access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.Read-only access. DSALTA never modifies, creates, or deletes resources in your Amazon Web Services (AWS) environment.
How to Connect
- Go to Integrations in the DSALTA sidebar.
- Find Amazon Web Services (AWS) and click Connect.
- Authenticate with admin-level access.
- Select the scope (accounts, projects, or resources to monitor).
- DSALTA performs an initial sync (5-15 minutes). Checks activate after sync completes.
Automated Compliance Checks
Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.| Check | Description |
|---|---|
| AWS access should be removed for offboarded users | Checks that AWS access is revoked for offboarded users. |
| AWS users should have MFA enabled | Checks that all AWS IAM users have MFA enabled. |
| AWS should be on HTTPS | Checks that AWS resources are served over HTTPS. |
| AWS should redirect HTTP to HTTPS | Checks that HTTP traffic is automatically redirected to HTTPS in AWS. |
| AWS CloudTrail should be enabled | Checks that AWS CloudTrail is enabled to log account activity. |
| AWS GuardDuty should be enabled | Checks that AWS GuardDuty is enabled for threat detection. |
| Reported incidents should be closed in GuardDuty | Checks that incidents reported in GuardDuty are closed and resolved. |
| AWS credentials not used in last 90 days should be disabled | Checks that AWS credentials unused for 90+ days are disabled. |
| AWS user access keys should not be older than 90 days | Checks that AWS IAM user access keys are not older than 90 days. |
| AWS root account should have MFA enabled | Checks that the AWS root account has MFA enabled. |
| AWS users should not have attached IAM policies | Checks that AWS users do not have IAM policies attached directly. |
| AWS account password policy should be configured | Checks that an AWS account-level password policy is configured. |
| AWS root account usage should be avoided | Checks that the AWS root account is not being used for routine activity. |
| AWS server access logs should be retained for 90 days | Checks that AWS server access logs are retained for at least 90 days. |
| AWS S3 server access logging should be enabled | Checks that S3 server access logging is enabled for important buckets. |
| AWS groups should have at least one IAM policy | Checks that all AWS IAM groups have at least one policy attached. |
| Infrastructure entities should be classified | Checks that all AWS infrastructure entities are classified by criticality. |
| AWS RDS database free space should be monitored | Checks that AWS RDS free storage space is being monitored. |
| AWS RDS database CPU utilization should be monitored | Checks that AWS RDS CPU utilization is being monitored. |
| AWS RDS database freeable memory should be monitored | Checks that AWS RDS freeable memory is being monitored. |
| AWS RDS database IO utilization should be monitored | Checks that AWS RDS I/O utilization is being monitored. |
| AWS RDS database backup should be enabled | Checks that automated backups are enabled for AWS RDS databases. |
| AWS RDS database storage should be encrypted | Checks that AWS RDS database storage is encrypted at rest. |
| AWS RDS database should be protected from direct internet traffic | Checks that AWS RDS databases are not directly exposed to the internet. |
| AWS ElastiCache CPU utilization should be monitored | Checks that AWS ElastiCache CPU utilization is being monitored. |
| AWS ElastiCache current connections should be monitored | Checks that AWS ElastiCache current connection count is being monitored. |
| AWS ElastiCache freeable memory should be monitored | Checks that AWS ElastiCache freeable memory is being monitored. |
| AWS Redshift cluster backup should be enabled | Checks that automated backups are enabled for AWS Redshift clusters. |
| AWS Redshift cluster should be encrypted | Checks that AWS Redshift clusters are encrypted at rest. |
| AWS Redshift CPU utilization should be monitored | Checks that AWS Redshift CPU utilization is being monitored. |
| AWS Redshift health should be monitored | Checks that AWS Redshift cluster health status is being monitored. |
| AWS EC2 instances should be protected from direct internet traffic | Checks that AWS EC2 instances are not directly exposed to the internet. |
| AWS EC2 instance CPU utilization should be monitored | Checks that AWS EC2 instance CPU utilization is being monitored. |
| AWS EBS volume backup should be enabled | Checks that EBS volume snapshots (backups) are enabled. |
| AWS EBS volumes should be encrypted | Checks that AWS EBS volumes are encrypted at rest. |
| AWS EFS storage backup should be enabled | Checks that AWS EFS storage has backups enabled. |
| AWS FSx File System storage backup should be enabled | Checks that AWS FSx File System has backups enabled. |
| AWS EFS storage should be encrypted | Checks that AWS EFS storage is encrypted at rest. |
| AWS FSx File System storage should be encrypted | Checks that AWS FSx File System storage is encrypted at rest. |
| AWS VPC flow logs should be captured | Checks that VPC flow logs are enabled to capture network traffic. |
| AWS S3 storage buckets should be encrypted | Checks that AWS S3 buckets are encrypted at rest. |
| AWS S3 bucket public access should be blocked | Checks that AWS S3 bucket public access block is enabled. |
| AWS S3 buckets should be versioned | Checks that AWS S3 bucket versioning is enabled. |
| AWS SQS message visibility should be monitored | Checks that AWS SQS message visibility timeout is being monitored. |
| AWS SQS message age should be monitored | Checks that AWS SQS message age is being monitored. |
| AWS Firehose stream throttling should be monitored | Checks that AWS Firehose stream throttling is being monitored. |
| AWS DynamoDB latency should be monitored | Checks that AWS DynamoDB read/write latency is being monitored. |
| AWS DynamoDB point-in-time recovery should be enabled | Checks that AWS DynamoDB point-in-time recovery (PITR) is enabled. |
| AWS DynamoDB should be encrypted | Checks that AWS DynamoDB tables are encrypted at rest. |
| AWS DynamoDB read capacity should be monitored | Checks that AWS DynamoDB read capacity utilization is being monitored. |
| AWS DynamoDB write capacity should be monitored | Checks that AWS DynamoDB write capacity utilization is being monitored. |
| AWS DynamoDB backup should be enabled | Checks that AWS DynamoDB backups are enabled. |
| AWS API Gateway V2 errors should be monitored | Checks that AWS API Gateway V2 errors are being monitored. |
| AWS ECS CPU utilization should be monitored | Checks that AWS ECS CPU utilization is being monitored. |
| AWS ECS memory utilization should be monitored | Checks that AWS ECS memory utilization is being monitored. |
| AWS ECR repositories should be encrypted | Checks that AWS ECR container repositories are encrypted at rest. |
| AWS Elasticsearch cluster free space should be monitored | Checks that AWS Elasticsearch cluster free storage space is being monitored. |
| AWS FSx File System free space should be monitored | Checks that AWS FSx File System free space is being monitored. |
| AWS Elasticsearch cluster CPU utilization should be monitored | Checks that AWS Elasticsearch cluster CPU utilization is being monitored. |
| AWS Elasticsearch cluster health should be monitored | Checks that AWS Elasticsearch cluster health status is being monitored. |
| AWS EBS health should be monitored | Checks that AWS EBS volume health status is being monitored. |
| AWS load balancer errors should be monitored | Checks that AWS load balancer error rates are being monitored. |
| AWS load balancer latency should be monitored | Checks that AWS load balancer latency is being monitored. |
| AWS classic load balancer errors should be monitored | Checks that AWS classic load balancer error rates are being monitored. |
| AWS classic load balancer latency should be monitored | Checks that AWS classic load balancer latency is being monitored. |
| AWS load balancer should redirect HTTP to HTTPS | Checks that AWS load balancers redirect HTTP traffic to HTTPS. |
| AWS load balancer healthy host count should be monitored | Checks that AWS load balancer healthy host count is being monitored. |
| AWS load balancer should have valid configuration | Checks that AWS load balancer configuration is valid and correct. |
| AWS load balancer host health should be monitored | Checks that AWS load balancer backend host health is being monitored. |
| AWS application load balancer should be protected from direct internet traffic | Checks that AWS application load balancers are not directly exposed to the internet. |
| AWS Lightsail instance CPU utilization should be monitored | Checks that AWS Lightsail instance CPU utilization is being monitored. |
| AWS Lightsail disk backup should be enabled | Checks that AWS Lightsail disk backups are enabled. |
| AWS Lightsail disks should be encrypted | Checks that AWS Lightsail disks are encrypted at rest. |
| AWS CloudTrail log file integrity validation should be enabled | Checks that AWS CloudTrail log file integrity validation is enabled. |
| AWS CloudTrail S3 logging bucket access logging should be enabled | Checks that access logging is enabled on the S3 bucket used by CloudTrail. |
| AWS CloudTrail logging bucket should be protected from direct internet traffic | Checks that the CloudTrail logging S3 bucket is not publicly accessible. |
Troubleshooting
Integration shows Disconnected
Integration shows Disconnected
Re-authenticate from Integrations → Amazon Web Services (AWS) → Reconnect. This usually happens when API tokens expire.
Data is not syncing
Data is not syncing
Verify the connected account has admin permissions. Try a manual sync from the integration settings.