LogoLogo
HomePricingSelf-hosted docsAPI docsLogin
  • Home
  • Login to hava
  • Developer
  • Getting Started
    • Quickstart
      • Create New Account
      • Import Demo Data
      • Creating Environments
      • Exporting Diagrams
  • AWS Marketplace
  • Using Hava
    • Providers & Sources
    • Environments
      • Creating Environments
      • Filtering Environments
  • Importing Data
    • Demo Data
    • AWS
      • Getting Started with AWS
        • Cross Account Role
        • Read Only IAM User
        • Minimum Access IAM User
      • AWS Supported Resources
      • AWS Views
        • Infrastructure
        • Security
        • Container - ECS
        • List
    • Azure
      • Getting Started with Azure
        • Powershell
        • Azure Portal
      • Azure Supported Resources
      • Azure Views
        • Infrastructure
        • Azure Security View
        • List
    • Google Cloud
      • Getting Started with GCP
        • Service Account
        • Import Multiple Projects
        • Enabling APIs
      • GCP Supported Resources
      • GCP Views
        • Infrastructure
        • List
    • Kubernetes
      • Getting Started with Kubernetes
        • Read Only Kubeconfig
        • Automatic Import of Managed Kubernetes
          • AWS EKS Cluster Configuration
        • Converting certificate files to certificate data fields
      • Kubernetes Supported Resources
      • Kubernetes Views
        • Container
        • List
    • Import Errors
  • Discover
    • Importing
    • Searching
      • Search Overview
      • Search Syntax
        • VPC Search
        • Wildcard Search
        • Tag Search
        • Deep Search
      • Search Examples
        • Discover Resources From Regions
        • Create a multiple VPC diagram
        • Defining Custom Environments
    • Versioning
      • Tracking Changes in Cloud Architecture
    • Manual Sync
  • Diagram
    • Listing Environments
      • Filtering Environments
      • Favouriting Environments
    • Viewing Environments
      • Diagram Controls
      • Diagram Layout
      • Switch Between Views
      • Diagram Canvas Resource Filters
    • Draw Custom Connections
  • Diagnose
    • Architectural Monitoring Alerts
    • Attributes
    • Cost Estimation
    • Diff View - Comparing Diagrams
    • Infrastructure
      • View Route Tables
      • View ACLs
      • View Security Groups
    • Reports
      • AWS Compliance Reports
  • Document
    • Environment Notes
    • Embed
    • Exporting Diagrams
    • Edit
      • Draw.io
  • Collaboration
    • Teams
    • Inviting Users
    • Disabling users
    • SSO/SAML
      • Overview
      • Azure AD - SAML Setup
      • Azure AD - OIDC Setup
      • Okta - SAML Setup
      • Okta - OIDC Setup
      • Trouble Shooting SSO
    • Project folders
  • Integrations
    • AWS Control Tower
    • CLI
    • Confluence Cloud
    • GitHub
    • Terraform
  • API
    • API Docs
  • Account & Billing
    • Types Of Hava Accounts
    • Change Subscription
    • Switch to AWS marketplace
    • Change Password
    • MFA
    • Download Invoice
    • Cancel Account
    • Account Audit Log
  • Quick Look
    • Quick AWS Overview
    • Security Overview
    • Customize the Hava Dashboard
Powered by GitBook
On this page
  • AWS Compliance Reporting - Region Usage
  • AWS Compliance Reporting - Graph Summary
  • AWS Compliance Reporting - Total Resources Graph
  • IAM Users and Roles
  • AWS Compliance Reporting - Best Practice Findings

Was this helpful?

  1. Diagnose
  2. Reports

AWS Compliance Reports

Reports based on AWS trusted advisor methodology

PreviousReportsNextEnvironment Notes

Last updated 4 months ago

Was this helpful?

The run daily and identify potential resource configuration issues that do not meet AWS best practices.

The reporting module can be accessed via a link in the menu bar of your Hava dashboard.

Once selected the reports dashboard is opened showing the available reports for each AWS account connected to your hava.io data sources

Selecting the required compliance report will open up the detailed report showing

  • An Account Summary

  • Region usage (Map)

  • Graphs Summary

  • Findings

AWS Compliance Reporting - Region Usage

The region usage section of the AWS compliance reports display a world map with the locations of the regions detected in your AWS account configuration.

The report also displays a table of all known available regions and indicates whether your network configuration is using them or not. Given the importance of load speed and latency this section of the report can highlight where gains can be made when comparing to the location of your application users.

The region report will also demonstrate that your data is stored in appropriate geographical locations in line with local data security compliance regimes like GDPR.

AWS Compliance Reporting - Graph Summary

Hava's AWS compliance report includes a number of interactive graphs. The first of which is the Resources by Region.

This graph details and totals the resources found in each active region in your AWS configuration.

The check boxes beneath the graph enable you to turn on/off inclusion of particular resource type in the graph.

Hovering over coloured sections of the bars will pop out an information box with details that relate to that section of the graph.

In the top right hand corner of each graph is a dotted icon that allows you to export just the selected graph to your choice of xls, csv, png or jpeg formats.

AWS Compliance Reporting - Total Resources Graph

As the name suggest the next graph on the report the "Total Resources" graph details resources totalled by resource type. The same hover and export functionality is available for this graph.

IAM Users and Roles

The final AWS Compliance graph in the series details the number of active and inactive IAM users and roles discovered in your AWS source account.

No account specific details are displayed, only the number of user and roles found and whether they are active or not. From an AWS best practice and security perspective, removing inactive or unused IAM credentials assists in the overall security of your cloud infrastructure.

As with the other interactive graphs, you are able to toggle on/off visibility of both active and inactive users and roles.

AWS Compliance Reporting - Best Practice Findings

The next section of the report runs through your resources and applies AWS Trusted Advisor style analysis which is visualised as either Informational, or a Low, Medium or High concern level.

This report section starts with a pie chart visualization of the resource types and the percentage of concern levels associated with each resource group.

This chart is also interactive and exportable. Selecting a section of the chart will reveal details about the number, size and gravity of the findings. On the example above, the centre wheel represents the overall number of findings..

The remainder of the report goes into detail on the nature of each of the findings that make up the above graph.

If we take a look at one of the four medium level findings we can see a summary of a "IMDSv2 not enforced" finding. Clicking the "more..." option reveals the configuration/policy that caused the warning.

An example of a critical "High" level finding is reported in this example against EC2

Low level findings typically make up the bulk of discovered potential configuration improvements like the following:

For presentation, audit and archive purposes the entire compliance report can be exported to PDF by selecting the 'Export' function in the top right of the report.

The details in the findings revealed by the 'more...' option in the report will be expanded in the exported PDF document.

Resources / Services reported on

Hava's Compliance reporting currently includes the following services:

Service / Resource Name

Access Analyzer

API Gateway

Autoscaling

Cloudformation

Cloudfront

Cloudsearch

Cloudtrail

Cloudwatch

Config

Directconnect

EC2

ECR

ECS

EFS

EKS

ElastiCache

Elastic Beanstalk

ELB

ELBv2

ES

Events

Firehose

Glacier

GuardDuty

IAM

KMS

Lambda

Lightsail

Logs

Organizations

RDS

RedShift

Route53

S3

Secrets Manager

SNS

SQS

STS

AWS_Compliance_Report_Regions_Map
AWS_Compliance_Report_Resources_by_Region
AWS_Compliance_Report_Bar_Chart_Detail
AWS_Compliance_Reporting_Details_Medium
AWS_Compliance_Reporting_High

AWS compliance reports
Reporting Module
Hava_AWS_Compliance_Reports
AWS Compliance Report Heading
AWS_Compliance_Report_Graph_Export
AWS Compliance Report Total Resources Graph
AWS Compliance IAM Users
AWS_Compliance_Reporting_Findings_Graph
AWS_Compliance_Report_PDF
AWS_Compliance_Reporting_Low_Level_Findings