AVD-AWS-0052: Load balancers should drop invalid headers Passing unknown or invalid headers through to the target poses a potential risk of compromise.

AVD-AWS-0053: Load balancer is exposed to the internet. There are many scenarios in which you would want to expose a load balancer to the wider internet, but this check exists as a warning to prevent accidental exposure of internal assets. You should ensure that this resource should be exposed publicly.

AVD-AWS-0005: API Gateway domain name uses outdated SSL/TLS protocols. You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

AVD-AWS-0005: API Gateway domain name uses outdated SSL/TLS protocols. You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

AVD-AWS-0005: API Gateway domain name uses outdated SSL/TLS protocols. You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

AVD-AWS-0054: Use of plain HTTP. Plain HTTP is unencrypted and human-readable. This means that if a malicious actor was to eavesdrop on your connection, they would be able to see all of your data flowing back and forth.

AVD-AZU-0038: Enable disk encryption on managed disk Manage disks should be encrypted at rest. When specifying the <code>encryption_settings</code> block, the enabled attribute should be set to <code>true</code>.