Terraform Security Scanner
Scan Terraform/HCL files for security vulnerabilities including public S3 buckets, open security groups,
unencrypted resources, hardcoded credentials, and IAM misconfigurations.
Upload Terraform Configuration
Manual Input
S3 Example
EC2 Example
RDS Example
IAM Example
What We Check
AWS S3 Security
Public access blocks disabled
Public read/write ACLs
Unencrypted buckets
Missing versioning
No logging enabled
Network Security
Open security groups (0.0.0.0/0)
Unrestricted ingress rules
Missing egress controls
Public subnet exposure
Data Encryption
Unencrypted RDS instances
Unencrypted EBS volumes
No KMS encryption
Storage encryption disabled
IAM & Access
Overly permissive policies
Wildcard actions/resources
Hardcoded credentials
Missing MFA requirements
Monitoring & Backup
Missing CloudWatch logs
No backup configurations
Disabled monitoring
Missing CloudTrail
Best Practices
Missing resource tags
No deletion protection
Default configurations
Lifecycle policies missing