- SSL support has been added
- Spectrum alerts have been configured
- All utilized resources (EC2, DB, Redis, SQS etc.)
- Domain name monitoring
- Queue length
- Number of messages
- Failed queue length
- Cloudwatch events based disk snapshots are configured
- www- should redirect to non-www
- fail2ban has been installed
- Directory listing is off
- Apache, PHP and MySQL are on latest versions
- Database is not being accessed via the “root” user
- Application is NOT running in debug mode
- All ports except 80, 443 are blocked
- Port 22 is blocked except for whitelisted IP
- Expires header has been set
- Gzip has been enabled