adding new plugins for open ec2 sg rules and rds logging

en/aws/cloudfront/insecure-cloudfront-protocols.md

@@ -10,9 +10,9 @@
 | **Cloud** | AWS |
 | **Category** | CloudFront |
 | **Description** | Detects the use of insecure HTTPS SSL/TLS protocols for use with HTTPS traffic between viewers and CloudFront |
-| **More Info** | CloudFront supports SSLv3 and TLSv1 protocols for use with HTTPS traffic, but only TLSv1 should be used unless there is a valid business justification to support the older, insecure SSLv3. |
+| **More Info** | CloudFront supports SSLv3 and TLSv1 protocols for use with HTTPS traffic, but only TLSv1.1 or higher should be used unless there is a valid business justification to support the older, insecure SSLv3. |
 | **AWS Link** | http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html |
-| **Recommended Action** | Ensure that traffic sent between viewers and CloudFront is passed over HTTPS and uses TLSv1, not SSLv3. |
+| **Recommended Action** | Ensure that traffic sent between viewers and CloudFront is passed over HTTPS and uses TLSv1.1 or higher. |
 
 ## Detailed Remediation Steps
 

en/aws/ec2/open-hadoop-hdfs-namenode-metadata-service.md

@@ -0,0 +1,18 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AWS / EC2 / Open Hadoop HDFS NameNode Metadata Service
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Open Hadoop HDFS NameNode Metadata Service |
+| **Cloud** | AWS |
+| **Category** | EC2 |
+| **Description** | Determine if TCP port 8020 for HDFS NameNode metadata service is open to the public |
+| **More Info** | While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as Hadoop/HDFS should be restricted to known IP addresses. |
+| **AWS Link** | http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html |
+| **Recommended Action** | Restrict TCP port 8020 to known IP addresses for Hadoop/HDFS |
+
+## Detailed Remediation Steps
+

en/aws/ec2/open-hadoop-hdfs-namenode-webui.md

@@ -0,0 +1,18 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AWS / EC2 / Open Hadoop HDFS NameNode WebUI
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Open Hadoop HDFS NameNode WebUI |
+| **Cloud** | AWS |
+| **Category** | EC2 |
+| **Description** | Determine if TCP port 50070 and 50470 for Hadoop/HDFS NameNode WebUI service is open to the public |
+| **More Info** | While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as Hadoop/HDFS should be restricted to known IP addresses. |
+| **AWS Link** | http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html |
+| **Recommended Action** | Restrict TCP port 50070 and 50470 to known IP addresses for Hadoop/HDFS |
+
+## Detailed Remediation Steps
+

en/aws/ec2/open-kibana.md

@@ -0,0 +1,18 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AWS / EC2 / Open Kibana
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Open Kibana |
+| **Cloud** | AWS |
+| **Category** | EC2 |
+| **Description** | Determine if TCP port 5601 for Kibana is open to the public |
+| **More Info** | While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as Kibana should be restricted to known IP addresses. |
+| **AWS Link** | http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html |
+| **Recommended Action** | Restrict TCP port 5601 to known IP addresses |
+
+## Detailed Remediation Steps
+

en/aws/iam/canary-keys-used.md

@@ -0,0 +1,18 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AWS / IAM / Canary Keys Used
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Canary Keys Used |
+| **Cloud** | AWS |
+| **Category** | IAM |
+| **Description** | Detects when a special canary-token access key has been used |
+| **More Info** | Canary access keys can be created with limited permissions and then used to detect when a potential breach occurs. |
+| **AWS Link** | https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html |
+| **Recommended Action** | Create a canary access token and provide its user to CloudSploit. If CloudSploit detects that the account is in use, it will trigger a failure. |
+
+## Detailed Remediation Steps
+

en/aws/lambda/lambda-old-runtimes.md

@@ -10,7 +10,7 @@
 | **Cloud** | AWS |
 | **Category** | Lambda |
 | **Description** | Ensures Lambda functions are not using out-of-date runtime environments. |
-| **More Info** | Lambda runtimes should be kept current with recent versions of the underlying codebase. Node.js 0.10.0 should not be used. |
+| **More Info** | Lambda runtimes should be kept current with recent versions of the underlying codebase. Deprecated runtimes should not be used. |
 | **AWS Link** | http://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html |
 | **Recommended Action** | Upgrade the Lambda function runtime to use a more current version. |
 

en/aws/rds/rds-logging-enabled.md

@@ -0,0 +1,18 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AWS / RDS / RDS Logging Enabled
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | RDS Logging Enabled |
+| **Cloud** | AWS |
+| **Category** | RDS |
+| **Description** | Ensures logging is configured for RDS instances |
+| **More Info** | Logging database level events enables teams to analyze events for the purpose diagnostics as well as audit tracking for compliance purposes. |
+| **AWS Link** | https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html |
+| **Recommended Action** | Modify the RDS instance to enable logging as required. |
+
+## Detailed Remediation Steps
+