diff --git a/docs/queries/all-queries.md b/docs/queries/all-queries.md
index d7cfa897daf..b3dc6ba8625 100644
--- a/docs/queries/all-queries.md
+++ b/docs/queries/all-queries.md
@@ -48,6 +48,7 @@ This page contains all queries.
|API Gateway Without Security Policy
8275fab0-68ec-4705-bbf4-86975edb170e|CloudFormation|High|Insecure Configurations|API Gateway should have a Security Policy defined and use TLS 1.2.|Documentation
|
|KMS Key With Vulnerable Policy
da905474-7454-43c0-b8d2-5756ab951aba|CloudFormation|High|Insecure Configurations|Checks if the policy is vulnerable and needs updating|Documentation
|
|Redshift Publicly Accessible
bdf8dcb4-75df-4370-92c4-606e4ae6c4d3|CloudFormation|High|Insecure Configurations|AWS Redshift Clusters must not be publicly accessible, which means the attribute 'PubliclyAccessible' must be set to false|Documentation
|
+|S3 Bucket with Unsecured CORS Rule
3609d27c-3698-483a-9402-13af6ae80583|CloudFormation|High|Insecure Configurations|If the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure|Documentation
|
|Batch Job Definition With Privileged Container Properties
76ddf32c-85b1-4808-8935-7eef8030ab36|CloudFormation|High|Insecure Configurations|Batch Job Definition should not have Privileged Container Properties|Documentation
|
|Root Account Has Active Access Keys
4c137350-7307-4803-8c04-17c09a7a9fcf|CloudFormation|High|Insecure Configurations|Check if the root user has any access keys associated to it.|Documentation
|
|S3 Static Website Host Enabled
90501b1b-cded-4cc1-9e8b-206b85cda317|CloudFormation|High|Insecure Configurations|It's dangerous disabling a block public access settings in bucket or writing a bucket policy that grants public read access|Documentation
|
@@ -141,7 +142,7 @@ This page contains all queries.
|EMR Cluster Without Security Configuration
48af92a5-c89b-4936-bc62-1086fe2bab23|CloudFormation|Medium|Insecure Configurations|EMR Cluster should have security configuration defined.|Documentation
|
|Inline Policies Are Attached To ECS Service
9e8c89b3-7997-4d15-93e4-7911b9db99fd|CloudFormation|Medium|Insecure Configurations|Check if any ECS service has inline policies attached, which are embedded directly into an entity (user, group,...), instead of the equivalent recommended managed policies.|Documentation
|
|MQ Broker Is Publicly Accessible
68b6a789-82f8-4cfd-85de-e95332fe6a61|CloudFormation|Medium|Insecure Configurations|Check if any MQ Broker is not publicly accessible|Documentation
|
-|IAM User Has Too Many Access Keys
48677914-6fdf-40ec-80c4-2b0e94079f54|CloudFormation|Medium|Insecure Configurations|Check if any user has more than one access key, which increases the risk of unauthorized access and compromise of credentials.|Documentation
|
+|IAM User Has Too Many Access Keys
48677914-6fdf-40ec-80c4-2b0e94079f54|CloudFormation|Medium|Insecure Configurations|Any IAM User should not have more than one access key since it increases the risk of unauthorized access and compromise credentials|Documentation
|
|GitHub Repository Set To Public
5906092d-5f74-490d-9a03-78febe0f65e1|CloudFormation|Medium|Insecure Configurations|Repositories must be set to private, which means the attribute 'visibility' must be set to 'private' and/or the attribute 'private' must be set to true (the attribute 'visibility' overrides 'private')|Documentation
|
|Instance With No VPC
8a6d36cd-0bc6-42b7-92c4-67acc8576861|CloudFormation|Medium|Insecure Configurations|EC2 Instances should be configured under a VPC network. AWS VPCs provide the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.|Documentation
|
|ECR Image Tag Not Immutable
33f41d31-86b1-46a4-81f7-9c9a671f59ac|CloudFormation|Medium|Insecure Configurations|ECR should have an image tag be immutable|Documentation
|
@@ -505,6 +506,7 @@ This page contains all queries.
|Authentication Without MFA
3ddfa124-6407-4845-a501-179f90c65097|Terraform|High|Insecure Configurations|Users should authenticate with MFA (Multi-factor Authentication)|Documentation
|
|No Password Policy Enabled
b592ffd4-0577-44b6-bd35-8c5ee81b5918|Terraform|High|Insecure Configurations|IAM password policies should be set through the password minimum length and reset password attributes|Documentation
|
|Redshift Publicly Accessible
af173fde-95ea-4584-b904-bb3923ac4bda|Terraform|High|Insecure Configurations|Check if 'publicly_accessible' field is true or undefined (default is true)|Documentation
|
+|S3 Bucket with Unsecured CORS Rule
98a8f708-121b-455b-ae2f-da3fb59d17e1|Terraform|High|Insecure Configurations|If the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure|Documentation
|
|Batch Job Definition With Privileged Container Properties
66cd88ac-9ddf-424a-b77e-e55e17630bee|Terraform|High|Insecure Configurations|Batch Job Definition should not have Privileged Container Properties|Documentation
|
|S3 Bucket Without Enabled MFA Delete
c5b31ab9-0f26-4a49-b8aa-4cc064392f4d|Terraform|High|Insecure Configurations|S3 bucket without enabled MFA Delete|Documentation
|
|Root Account Has Active Access Keys
970d224d-b42a-416b-81f9-8f4dfe70c4bc|Terraform|High|Insecure Configurations|The AWS Root Account must not have active access keys associated, which means if there are access keys associated to the Root Account, they must be inactive.|Documentation
|
@@ -521,12 +523,14 @@ This page contains all queries.
|Default Security Groups With Unrestricted Traffic
46883ce1-dc3e-4b17-9195-c6a601624c73|Terraform|High|Networking and Firewall|Check if default security group does not restrict all inbound and outbound traffic.|Documentation
|
|EKS Cluster Has Public Access CIDRs
61cf9883-1752-4768-b18c-0d57f2737709|Terraform|High|Networking and Firewall|Amazon EKS public endpoint is enables and accessible to all: 0.0.0.0/0"|Documentation
|
|HTTP Port Open
ffac8a12-322e-42c1-b9b9-81ff85c39ef7|Terraform|High|Networking and Firewall|The HTTP port is open in a Security Group|Documentation
|
-|Security Group With Unrestricted Access To SSH
65905cec-d691-4320-b320-2000436cb696|Terraform|High|Networking and Firewall|SSH' (TCP:22) should not be public in AWS Security Group|Documentation
|
+|Security Group With Unrestricted Access To SSH
65905cec-d691-4320-b320-2000436cb696|Terraform|High|Networking and Firewall|'SSH' (TCP:22) should not be public in AWS Security Group|Documentation
|
|Route53 Record Undefined
25db74bf-fa3b-44da-934e-8c3e005c0453|Terraform|High|Networking and Firewall|Check if Record is set|Documentation
|
|Unrestricted Security Group Ingress
4728cd65-a20c-49da-8b31-9c08b423e4db|Terraform|High|Networking and Firewall|Security groups allow ingress from 0.0.0.0:0|Documentation
|
|DB Security Group Open To Large Scope
4f615f3e-fb9c-4fad-8b70-2e9f781806ce|Terraform|High|Networking and Firewall|The IP address in a DB Security Group must not have more than 256 hosts.|Documentation
|
|EC2 Instance Has Public IP
5a2486aa-facf-477d-a5c1-b010789459ce|Terraform|High|Networking and Firewall|EC2 Instance should not have a public IP address.|Documentation
|
+|Network ACL With Unrestricted Access To SSH
3af7f2fd-06e6-4dab-b996-2912bea19ba4|Terraform|High|Networking and Firewall|'SSH' (TCP:22) should not be public in AWS Network ACL|Documentation
|
|Remote Desktop Port Open
151187cb-0efc-481c-babd-ad24e3c9bc22|Terraform|High|Networking and Firewall|The Remote Desktop port is open in a Security Group|Documentation
|
+|Network ACL With Unrestricted Access To RDP
a20be318-cac7-457b-911d-04cc6e812c25|Terraform|High|Networking and Firewall|'RDP' (TCP:3389) should not be public in AWS Network ACL|Documentation
|
|ALB Listening on HTTP
de7f5e83-da88-4046-871f-ea18504b1d43|Terraform|High|Networking and Firewall|AWS Application Load Balancer (alb) should not listen on HTTP|Documentation
|
|Unknown Port Exposed To Internet
590d878b-abdc-428f-895a-e2b68a0e1998|Terraform|High|Networking and Firewall|AWS Security Group should not have an unknown port exposed to the entire Internet|Documentation
|
|KMS Key With No Deletion Window
0b530315-0ea4-497f-b34c-4ff86268f59d|Terraform|High|Observability|AWS KMS Key should have a valid deletion window|Documentation
|
@@ -598,6 +602,7 @@ This page contains all queries.
|Certificate RSA Key Bytes Lower Than 256
874d68a3-bfbe-4a4b-aaa0-9e74d7da634b|Terraform|Medium|Insecure Configurations|The certificate should use a RSA key with a length equal to or higher than 256 bytes|Documentation
|
|EKS Cluster Has Public Access
42f4b905-3736-4213-bfe9-c0660518cda8|Terraform|Medium|Insecure Configurations|Amazon EKS public endpoint shoud be set to false|Documentation
|
|MQ Broker Is Publicly Accessible
4eb5f791-c861-4afd-9f94-f2a6a3fe49cb|Terraform|Medium|Insecure Configurations|Check if any MQ Broker is not publicly accessible|Documentation
|
+|IAM User Has Too Many Access Keys
3561130e-9c5f-485b-9e16-2764c82763e5|Terraform|Medium|Insecure Configurations|Any IAM User should not have more than one access key since it increases the risk of unauthorized access and compromise credentials|Documentation
|
|Instance With No VPC
a31a5a29-718a-4ff4-8001-a69e5e4d029e|Terraform|Medium|Insecure Configurations|Instance should be configured in VPC (Virtual Private Cloud)|Documentation
|
|Redshift Cluster Without VPC
0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3|Terraform|Medium|Insecure Configurations|Redshift Cluster should be configured in VPC (Virtual Private Cloud)|Documentation
|
|AWS Password Policy With Unchangeable Passwords
9ef7d25d-9764-4224-9968-fa321c56ef76|Terraform|Medium|Insecure Configurations|Unchangeable passwords in AWS password policy|Documentation
|
@@ -1189,6 +1194,7 @@ This page contains all queries.
|EFS Without KMS
bd77554e-f138-40c5-91b2-2a09f878608e|Ansible|High|Encryption|Elastic File System (EFS) must have KMS Key ID|Documentation
|
|KMS Key With Vulnerable Policy
5b9d237a-57d5-4177-be0e-71434b0fef47|Ansible|High|Insecure Configurations|Checks if the policy is vulnerable and needs updating.|Documentation
|
|Redshift Publicly Accessible
5c6b727b-1382-4629-8ba9-abd1365e5610|Ansible|High|Insecure Configurations|Check if 'publicly_accessible' field is true (default is false)|Documentation
|
+|S3 Bucket with Unsecured CORS Rule
3505094c-f77c-4ba0-95da-f83db712f86c|Ansible|High|Insecure Configurations|If the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure|Documentation
|
|Batch Job Definition With Privileged Container Properties
defe5b18-978d-4722-9325-4d1975d3699f|Ansible|High|Insecure Configurations|Batch Job Definition should not have Privileged Container Properties|Documentation
|
|Root Account Has Active Access Keys
e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40|Ansible|High|Insecure Configurations|The AWS Root Account must not have active access keys associated, which means if there are access keys associated to the Root Account, they must be inactive.|Documentation
|
|ECS Task Definition Network Mode Not Recommended
01aec7c2-3e4d-4274-ae47-2b8fea22fd1f|Ansible|High|Insecure Configurations|Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations|Documentation
|
diff --git a/docs/queries/ansible-queries.md b/docs/queries/ansible-queries.md
index 4153bf65d0b..ea57eb0da17 100644
--- a/docs/queries/ansible-queries.md
+++ b/docs/queries/ansible-queries.md
@@ -141,6 +141,7 @@ Bellow are listed queries related with Ansible AWS:
|EFS Without KMS
bd77554e-f138-40c5-91b2-2a09f878608e|High|Encryption|Elastic File System (EFS) must have KMS Key ID|Documentation
|
|KMS Key With Vulnerable Policy
5b9d237a-57d5-4177-be0e-71434b0fef47|High|Insecure Configurations|Checks if the policy is vulnerable and needs updating.|Documentation
|
|Redshift Publicly Accessible
5c6b727b-1382-4629-8ba9-abd1365e5610|High|Insecure Configurations|Check if 'publicly_accessible' field is true (default is false)|Documentation
|
+|S3 Bucket with Unsecured CORS Rule
3505094c-f77c-4ba0-95da-f83db712f86c|High|Insecure Configurations|If the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure|Documentation
|
|Batch Job Definition With Privileged Container Properties
defe5b18-978d-4722-9325-4d1975d3699f|High|Insecure Configurations|Batch Job Definition should not have Privileged Container Properties|Documentation
|
|Root Account Has Active Access Keys
e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40|High|Insecure Configurations|The AWS Root Account must not have active access keys associated, which means if there are access keys associated to the Root Account, they must be inactive.|Documentation
|
|ECS Task Definition Network Mode Not Recommended
01aec7c2-3e4d-4274-ae47-2b8fea22fd1f|High|Insecure Configurations|Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations|Documentation
|
diff --git a/docs/queries/cloudformation-queries.md b/docs/queries/cloudformation-queries.md
index b369fea7f99..fb01cba358c 100644
--- a/docs/queries/cloudformation-queries.md
+++ b/docs/queries/cloudformation-queries.md
@@ -48,6 +48,7 @@ This page contains all queries from CloudFormation.
|API Gateway Without Security Policy
8275fab0-68ec-4705-bbf4-86975edb170e|High|Insecure Configurations|API Gateway should have a Security Policy defined and use TLS 1.2.|Documentation
|
|KMS Key With Vulnerable Policy
da905474-7454-43c0-b8d2-5756ab951aba|High|Insecure Configurations|Checks if the policy is vulnerable and needs updating|Documentation
|
|Redshift Publicly Accessible
bdf8dcb4-75df-4370-92c4-606e4ae6c4d3|High|Insecure Configurations|AWS Redshift Clusters must not be publicly accessible, which means the attribute 'PubliclyAccessible' must be set to false|Documentation
|
+|S3 Bucket with Unsecured CORS Rule
3609d27c-3698-483a-9402-13af6ae80583|High|Insecure Configurations|If the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure|Documentation
|
|Batch Job Definition With Privileged Container Properties
76ddf32c-85b1-4808-8935-7eef8030ab36|High|Insecure Configurations|Batch Job Definition should not have Privileged Container Properties|Documentation
|
|Root Account Has Active Access Keys
4c137350-7307-4803-8c04-17c09a7a9fcf|High|Insecure Configurations|Check if the root user has any access keys associated to it.|Documentation
|
|S3 Static Website Host Enabled
90501b1b-cded-4cc1-9e8b-206b85cda317|High|Insecure Configurations|It's dangerous disabling a block public access settings in bucket or writing a bucket policy that grants public read access|Documentation
|
@@ -141,7 +142,7 @@ This page contains all queries from CloudFormation.
|EMR Cluster Without Security Configuration
48af92a5-c89b-4936-bc62-1086fe2bab23|Medium|Insecure Configurations|EMR Cluster should have security configuration defined.|Documentation
|
|Inline Policies Are Attached To ECS Service
9e8c89b3-7997-4d15-93e4-7911b9db99fd|Medium|Insecure Configurations|Check if any ECS service has inline policies attached, which are embedded directly into an entity (user, group,...), instead of the equivalent recommended managed policies.|Documentation
|
|MQ Broker Is Publicly Accessible
68b6a789-82f8-4cfd-85de-e95332fe6a61|Medium|Insecure Configurations|Check if any MQ Broker is not publicly accessible|Documentation
|
-|IAM User Has Too Many Access Keys
48677914-6fdf-40ec-80c4-2b0e94079f54|Medium|Insecure Configurations|Check if any user has more than one access key, which increases the risk of unauthorized access and compromise of credentials.|Documentation
|
+|IAM User Has Too Many Access Keys
48677914-6fdf-40ec-80c4-2b0e94079f54|Medium|Insecure Configurations|Any IAM User should not have more than one access key since it increases the risk of unauthorized access and compromise credentials|Documentation
|
|GitHub Repository Set To Public
5906092d-5f74-490d-9a03-78febe0f65e1|Medium|Insecure Configurations|Repositories must be set to private, which means the attribute 'visibility' must be set to 'private' and/or the attribute 'private' must be set to true (the attribute 'visibility' overrides 'private')|Documentation
|
|Instance With No VPC
8a6d36cd-0bc6-42b7-92c4-67acc8576861|Medium|Insecure Configurations|EC2 Instances should be configured under a VPC network. AWS VPCs provide the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.|Documentation
|
|ECR Image Tag Not Immutable
33f41d31-86b1-46a4-81f7-9c9a671f59ac|Medium|Insecure Configurations|ECR should have an image tag be immutable|Documentation
|
diff --git a/docs/queries/terraform-queries.md b/docs/queries/terraform-queries.md
index 00cb3378891..d85004474f3 100644
--- a/docs/queries/terraform-queries.md
+++ b/docs/queries/terraform-queries.md
@@ -280,6 +280,7 @@ Bellow are listed queries related with Terraform AWS:
|Authentication Without MFA
3ddfa124-6407-4845-a501-179f90c65097|High|Insecure Configurations|Users should authenticate with MFA (Multi-factor Authentication)|Documentation
|
|No Password Policy Enabled
b592ffd4-0577-44b6-bd35-8c5ee81b5918|High|Insecure Configurations|IAM password policies should be set through the password minimum length and reset password attributes|Documentation
|
|Redshift Publicly Accessible
af173fde-95ea-4584-b904-bb3923ac4bda|High|Insecure Configurations|Check if 'publicly_accessible' field is true or undefined (default is true)|Documentation
|
+|S3 Bucket with Unsecured CORS Rule
98a8f708-121b-455b-ae2f-da3fb59d17e1|High|Insecure Configurations|If the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure|Documentation
|
|Batch Job Definition With Privileged Container Properties
66cd88ac-9ddf-424a-b77e-e55e17630bee|High|Insecure Configurations|Batch Job Definition should not have Privileged Container Properties|Documentation
|
|S3 Bucket Without Enabled MFA Delete
c5b31ab9-0f26-4a49-b8aa-4cc064392f4d|High|Insecure Configurations|S3 bucket without enabled MFA Delete|Documentation
|
|Root Account Has Active Access Keys
970d224d-b42a-416b-81f9-8f4dfe70c4bc|High|Insecure Configurations|The AWS Root Account must not have active access keys associated, which means if there are access keys associated to the Root Account, they must be inactive.|Documentation
|
@@ -296,12 +297,14 @@ Bellow are listed queries related with Terraform AWS:
|Default Security Groups With Unrestricted Traffic
46883ce1-dc3e-4b17-9195-c6a601624c73|High|Networking and Firewall|Check if default security group does not restrict all inbound and outbound traffic.|Documentation
|
|EKS Cluster Has Public Access CIDRs
61cf9883-1752-4768-b18c-0d57f2737709|High|Networking and Firewall|Amazon EKS public endpoint is enables and accessible to all: 0.0.0.0/0"|Documentation
|
|HTTP Port Open
ffac8a12-322e-42c1-b9b9-81ff85c39ef7|High|Networking and Firewall|The HTTP port is open in a Security Group|Documentation
|
-|Security Group With Unrestricted Access To SSH
65905cec-d691-4320-b320-2000436cb696|High|Networking and Firewall|SSH' (TCP:22) should not be public in AWS Security Group|Documentation
|
+|Security Group With Unrestricted Access To SSH
65905cec-d691-4320-b320-2000436cb696|High|Networking and Firewall|'SSH' (TCP:22) should not be public in AWS Security Group|Documentation
|
|Route53 Record Undefined
25db74bf-fa3b-44da-934e-8c3e005c0453|High|Networking and Firewall|Check if Record is set|Documentation
|
|Unrestricted Security Group Ingress
4728cd65-a20c-49da-8b31-9c08b423e4db|High|Networking and Firewall|Security groups allow ingress from 0.0.0.0:0|Documentation
|
|DB Security Group Open To Large Scope
4f615f3e-fb9c-4fad-8b70-2e9f781806ce|High|Networking and Firewall|The IP address in a DB Security Group must not have more than 256 hosts.|Documentation
|
|EC2 Instance Has Public IP
5a2486aa-facf-477d-a5c1-b010789459ce|High|Networking and Firewall|EC2 Instance should not have a public IP address.|Documentation
|
+|Network ACL With Unrestricted Access To SSH
3af7f2fd-06e6-4dab-b996-2912bea19ba4|High|Networking and Firewall|'SSH' (TCP:22) should not be public in AWS Network ACL|Documentation
|
|Remote Desktop Port Open
151187cb-0efc-481c-babd-ad24e3c9bc22|High|Networking and Firewall|The Remote Desktop port is open in a Security Group|Documentation
|
+|Network ACL With Unrestricted Access To RDP
a20be318-cac7-457b-911d-04cc6e812c25|High|Networking and Firewall|'RDP' (TCP:3389) should not be public in AWS Network ACL|Documentation
|
|ALB Listening on HTTP
de7f5e83-da88-4046-871f-ea18504b1d43|High|Networking and Firewall|AWS Application Load Balancer (alb) should not listen on HTTP|Documentation
|
|Unknown Port Exposed To Internet
590d878b-abdc-428f-895a-e2b68a0e1998|High|Networking and Firewall|AWS Security Group should not have an unknown port exposed to the entire Internet|Documentation
|
|KMS Key With No Deletion Window
0b530315-0ea4-497f-b34c-4ff86268f59d|High|Observability|AWS KMS Key should have a valid deletion window|Documentation
|
@@ -373,6 +376,7 @@ Bellow are listed queries related with Terraform AWS:
|Certificate RSA Key Bytes Lower Than 256
874d68a3-bfbe-4a4b-aaa0-9e74d7da634b|Medium|Insecure Configurations|The certificate should use a RSA key with a length equal to or higher than 256 bytes|Documentation
|
|EKS Cluster Has Public Access
42f4b905-3736-4213-bfe9-c0660518cda8|Medium|Insecure Configurations|Amazon EKS public endpoint shoud be set to false|Documentation
|
|MQ Broker Is Publicly Accessible
4eb5f791-c861-4afd-9f94-f2a6a3fe49cb|Medium|Insecure Configurations|Check if any MQ Broker is not publicly accessible|Documentation
|
+|IAM User Has Too Many Access Keys
3561130e-9c5f-485b-9e16-2764c82763e5|Medium|Insecure Configurations|Any IAM User should not have more than one access key since it increases the risk of unauthorized access and compromise credentials|Documentation
|
|Instance With No VPC
a31a5a29-718a-4ff4-8001-a69e5e4d029e|Medium|Insecure Configurations|Instance should be configured in VPC (Virtual Private Cloud)|Documentation
|
|Redshift Cluster Without VPC
0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3|Medium|Insecure Configurations|Redshift Cluster should be configured in VPC (Virtual Private Cloud)|Documentation
|
|AWS Password Policy With Unchangeable Passwords
9ef7d25d-9764-4224-9968-fa321c56ef76|Medium|Insecure Configurations|Unchangeable passwords in AWS password policy|Documentation
|