The four checks provided for free with this service are:

• Unrestricted ports: This is a check on the highest risk ports in your security groups. They'll be flagged if they're open to everyone (0.0.0.0/0).
• IAM usage: This is a fairly rudimentary check. If there isn't at least one IAM user in your account this check won't pass. It's considered good practice to not use your root login credentials for your AWS account and instead create IAM users with least privilege access.
• MFA on root account: This is also a fairly rudimentary check. You need to have MFA enabled for your root login in order for this check to pass. It's obviously a good idea to enable MFA for your IAM users too.
• Service limits: This one is quite handy: if you're approaching 80% of your service limits, this check won't pass. For example, it's nice to know if you're about to hit the cap of CloudFormation stacks or EC2 instances before you attempt to create them.

Even though there's only four checks here, these are some of the more useful ones so we'd encourage you to pay attention to them.

The console uses a color scheme to denote the status of each check:

• Red: It's recommended that you take action to remedy this check
• Yellow: This check requires investigation and possible remediation
• Green: This check is passing and needs no attention