Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bsubramaniam/awn 301959 #685

Open
wants to merge 319 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
319 commits
Select commit Hold shift + click to select a range
d1ee78e
Merge pull request #28 from rtkwlf/AWN-167293
areed42 Dec 14, 2022
c6b1ffa
[AWN-167292] Contextual remediation guide corrections.
areed42 Dec 14, 2022
7591ac0
Merge pull request #29 from rtkwlf/AWN-167292
areed42 Dec 14, 2022
1ba75d3
[AWN-167291] Contextual corrections
areed42 Dec 14, 2022
560561e
Merge pull request #30 from rtkwlf/AWN-167291
areed42 Dec 14, 2022
0a32edd
[AWN-167290] contextual corrections
areed42 Dec 14, 2022
d1203d3
Merge pull request #31 from rtkwlf/AWN-167290
areed42 Dec 14, 2022
a5cb7db
[AWN-167292] Contextual Correction
areed42 Dec 14, 2022
e2d58b5
[AWN-167292] contextual correction.
areed42 Dec 14, 2022
040feb8
Merge pull request #32 from rtkwlf/AWN-167292
areed42 Dec 14, 2022
0936e36
[AWN-173221] Limited release of securitycenter and storageaccounts re…
areed42 Dec 19, 2022
fe09b3d
Merge pull request #33 from rtkwlf/AWN-173221
areed42 Dec 19, 2022
9188710
[AWN-174599] Remediation guides for Plugin: Lambda Environment Variab…
nuhasha Dec 22, 2022
b32ade5
Merge pull request #34 from rtkwlf/nshawahna/AWN-174599
nuhasha Dec 22, 2022
b61dd67
[AWN-154237] Remediation guide for plugin Event Bus Cross Account Access
nuhasha Dec 22, 2022
3f4bc90
Merge pull request #35 from rtkwlf/nshawahna/AWN-154237
nuhasha Dec 22, 2022
6693705
[AWN-154258] Remediation guide for plugin CodeBuild Valid Source Prov…
nuhasha Dec 22, 2022
e788d3a
Merge pull request #36 from rtkwlf/nshawahna/AWN-154258
nuhasha Dec 22, 2022
08e2d5e
[AWN-193022] remediation context for google.postgresqlLogConnections
areed42 Feb 28, 2023
c5d2bde
Merge pull request #37 from rtkwlf/AWN-193022-gcp
areed42 Feb 28, 2023
54890a8
[AWN-193021] Remediation context for google.mysqlLocalInfile
areed42 Feb 28, 2023
8e21ecf
Merge pull request #38 from rtkwlf/AWN-193021-gcp
areed42 Feb 28, 2023
aafea0a
[AWN-193019] Remediation Context for google.postgresqlLogLockWaits
areed42 Feb 28, 2023
26a2bd4
Merge pull request #39 from rtkwlf/AWN-193019
areed42 Feb 28, 2023
6835613
[AWN-193018] Remediation context for google.postgresqlLogMinDuration
areed42 Feb 28, 2023
7a6ec89
Merge pull request #40 from rtkwlf/AWN-193018-gcp
areed42 Feb 28, 2023
22b40f7
[AWN-193017] Remediation context for google.postgresqlLogTempFiles
areed42 Feb 28, 2023
cebdbda
Merge pull request #41 from rtkwlf/AWN-193017
areed42 Feb 28, 2023
192ee71
[AWN-193015] Remediation context for google.postgresqlLogMinError
areed42 Feb 28, 2023
5881a80
Merge pull request #42 from rtkwlf/AWN-193015
areed42 Feb 28, 2023
d42ebc4
[AWN-192650] Remediation Context for google.diskOldSnapshots
areed42 Mar 1, 2023
16c7ed0
Merge pull request #43 from rtkwlf/AWN-192650-gcp
areed42 Mar 1, 2023
12e10e1
[AWN-192649] Remediation context for google.diskAutomaticBackupEnabled
areed42 Mar 1, 2023
58d23e7
Merge pull request #44 from rtkwlf/AWN-192649-gcp
areed42 Mar 1, 2023
5b13f03
[AWN-194531] Remediation context for google.openMsSQL
areed42 Mar 1, 2023
cc2a6c9
Merge pull request #45 from rtkwlf/AWN-194531-gcp
areed42 Mar 1, 2023
f4a6de0
[AWN-194528] Remediation context for google.openMongo
areed42 Mar 2, 2023
f4a3ddb
Merge pull request #46 from rtkwlf/AWN-194528-gcp
areed42 Mar 2, 2023
6d75762
[AWN-194527] Remediation context for google.openCassandra
areed42 Mar 2, 2023
f1b301f
Merge pull request #47 from rtkwlf/AWN-194527-gcp
areed42 Mar 2, 2023
5ee2bb8
[AWN-194534] Remediation guide context for google.openRedis
areed42 Mar 2, 2023
2aba9a1
Merge pull request #48 from rtkwlf/AWN-194534-gcp
areed42 Mar 2, 2023
1d17595
[AWN-192649] Incurred costs disclaimer
areed42 Mar 2, 2023
16a5015
Merge pull request #49 from rtkwlf/AWN-192649-update
areed42 Mar 2, 2023
3d69d66
[AWN-192650] Incurred costs disclaimer
areed42 Mar 2, 2023
25801b1
Merge pull request #50 from rtkwlf/AWN-192650-update
areed42 Mar 2, 2023
acd0a48
[AWN-194536] Remediation context for google.openCustomPorts
areed42 Mar 3, 2023
3da4a24
Merge pull request #51 from rtkwlf/AWN-194536-gcp
areed42 Mar 3, 2023
4c671fe
[AWN-194536] updating gcp link
areed42 Mar 3, 2023
5475479
Merge pull request #52 from rtkwlf/AWN-194536-gcp
areed42 Mar 3, 2023
e4a8a03
[AWN-194536] Updating remediation context description
areed42 Mar 3, 2023
7adaeec
Merge pull request #53 from rtkwlf/AWN-194536-gcp
areed42 Mar 3, 2023
bc5d6c6
created guide for gcp
laiba-zaman Mar 6, 2023
18dcb3e
[AWN-194535] Remediation context for google.dnsLoggingEnabled
areed42 Mar 6, 2023
95b4812
Merge pull request #54 from rtkwlf/AWN-194535
areed42 Mar 6, 2023
be43f93
[AWN-193062] Remediation context for google.deadLetteringEnabled
areed42 Mar 7, 2023
abeeaff
Merge pull request #55 from rtkwlf/AWN-193062-gcp
areed42 Mar 7, 2023
a28fde8
[AWN-193061] Remediation context for google.secureBootEnabled
areed42 Mar 7, 2023
e91c768
Merge pull request #56 from rtkwlf/AWN-193061-gcp
areed42 Mar 7, 2023
3cc98ab
[AWN-193060] Remediation context for google.integrityMonitoringEnabled
areed42 Mar 7, 2023
89db5b0
Merge pull request #57 from rtkwlf/AWN-193060-gcp
areed42 Mar 7, 2023
f3eaea6
[AWN-193023] Remediation context for google.postgresqlLogDisconnections
areed42 Mar 8, 2023
02a8d2e
Merge pull request #58 from rtkwlf/AWN-193023-gcp
areed42 Mar 8, 2023
35fcca2
[AWN-193059] Remediation context google.bucketLifecycleConfigured
areed42 Mar 8, 2023
943c211
Merge pull request #59 from rtkwlf/AWN-193059-gcp
areed42 Mar 8, 2023
442bbfc
[AWN-193058] Remediation context for google.bucketUniformAccess
areed42 Mar 8, 2023
fbc9c8f
Merge pull request #60 from rtkwlf/AWN-193058
areed42 Mar 8, 2023
33dfec8
[AWN-193037] Remediation context for google.bucketRetentionPolicy
areed42 Mar 8, 2023
5e7cdc0
Merge pull request #61 from rtkwlf/AWN-193037-gcp
areed42 Mar 8, 2023
0fbbcb0
added rem guide for vm
laiba-zaman Mar 9, 2023
9f02e9d
added rem guide for update
laiba-zaman Mar 9, 2023
967e5a6
added rem guide for delete
laiba-zaman Mar 9, 2023
4004b0f
[AWN-193025] Remediation context for google.sqlCrossDbOwnership
areed42 Mar 9, 2023
c28decb
Merge pull request #66 from rtkwlf/AWN-193025-gcp
areed42 Mar 9, 2023
9016a91
[AWN-193024] Remediation context for google.postgresqlLogCheckpoints
areed42 Mar 9, 2023
31078b3
Merge pull request #67 from rtkwlf/AWN-193024
areed42 Mar 9, 2023
1613349
[AWN-193021] Updating detailed remediation steps
areed42 Mar 9, 2023
0dde629
Merge pull request #68 from rtkwlf/AWN-193021-update
areed42 Mar 9, 2023
9be72c8
[AWN-193022] Updating detailed remediation steps
areed42 Mar 9, 2023
58d2358
Merge pull request #69 from rtkwlf/AWN-193022-update
areed42 Mar 9, 2023
7bff8eb
[AWN-193019] Updating detailed remediation steps
areed42 Mar 9, 2023
ba78fe9
Merge pull request #70 from rtkwlf/AWN-193019-update
areed42 Mar 9, 2023
5ad8729
[AWN-193018] Updating detailed remediaiton steps
areed42 Mar 9, 2023
ce6ce66
Merge pull request #71 from rtkwlf/AWN-193018-update
areed42 Mar 9, 2023
9523939
[AWN-198013] Updating detailed remediation steps
areed42 Mar 9, 2023
8857811
Merge pull request #72 from rtkwlf/AWN-193015-update
areed42 Mar 9, 2023
4edc3bf
added remidiation guide
laiba-zaman Mar 13, 2023
59840c9
Merge pull request #62 from rtkwlf/AWN-192644
laiba-zaman Mar 14, 2023
8e4492f
Merge pull request #64 from rtkwlf/AWN-192648
laiba-zaman Mar 14, 2023
d850d41
added requested changes
laiba-zaman Mar 15, 2023
33f7040
added requested changes
laiba-zaman Mar 15, 2023
507e477
Merge pull request #65 from rtkwlf/AWN-192645
laiba-zaman Mar 16, 2023
7459950
Merge pull request #73 from rtkwlf/AWN-192646
laiba-zaman Mar 16, 2023
82b46a6
new guide
laiba-zaman Mar 20, 2023
307027e
Merge pull request #74 from rtkwlf/AWN-194539
laiba-zaman Mar 21, 2023
a1bc355
added new guide
laiba-zaman Mar 21, 2023
fbe40a2
added new guide
laiba-zaman Mar 21, 2023
2c02f35
Delete persistent-disks-auto-delete.md
areed42 Mar 21, 2023
5021bf4
fixed title
laiba-zaman Mar 22, 2023
1d88881
Merge pull request #76 from rtkwlf/AWN-194551
laiba-zaman Mar 22, 2023
b251cbb
[AWN-194571] Remediation context for plugin google.sqlNoPublicIps
areed42 Mar 22, 2023
8fe993b
Merge pull request #77 from rtkwlf/AWN-194571
areed42 Mar 22, 2023
c70701a
[AWN-194565] Remediation context for google.frequentlyUsedSnapshots
areed42 Mar 22, 2023
f27cf1f
Merge pull request #78 from rtkwlf/AWN-194565
areed42 Mar 22, 2023
e933735
new rem guide
laiba-zaman Mar 23, 2023
305bd88
added new rem guide
laiba-zaman Mar 23, 2023
2bb6ee7
[AWN-194565] Updating remediation guide title
areed42 Mar 23, 2023
31daad2
Merge pull request #81 from rtkwlf/AWN-194565-correction
areed42 Mar 23, 2023
98a8ca9
added sql remidiation guide
laiba-zaman Mar 24, 2023
96be347
added full guide
laiba-zaman Mar 24, 2023
fb14026
[AWN-193026] Remediation context for google.sqlContainedDatabaseAuth
areed42 Mar 24, 2023
dab7620
Merge pull request #83 from rtkwlf/AWN-193026
areed42 Mar 24, 2023
b862874
Delete persistent-disks-auto-delete.md
areed42 Mar 24, 2023
ac82ab6
resolving merge conflict
laiba-zaman Mar 24, 2023
9c47abf
Merge pull request #75 from rtkwlf/AWN-194550
areed42 Mar 24, 2023
1bd15d4
Updated based on plugin recommendations
areed42 Mar 24, 2023
177b9ae
added rem guide for disk in use
laiba-zaman Mar 27, 2023
7752e62
Merge pull request #80 from rtkwlf/AWN-194566
areed42 Mar 27, 2023
02979d2
[AWN-192032] Remediation context for google.serverCertificateRotation
areed42 Mar 27, 2023
d913630
Merge pull request #85 from rtkwlf/AWN-193032
areed42 Mar 27, 2023
f5ce8e1
[AWN-193028] Remediation context for google.mysqlSlowQueryLog
areed42 Mar 27, 2023
4f3954d
Merge pull request #86 from rtkwlf/AWN-193028
areed42 Mar 27, 2023
dfc182e
[AWN-193027] Remediation context for google.postgresqlMaxConnections
areed42 Mar 27, 2023
41f32ff
Update postgresql-max-connections.md
areed42 Mar 27, 2023
ff12618
Merge pull request #87 from rtkwlf/AWN-193027
areed42 Mar 27, 2023
33baa1f
Merge pull request #84 from rtkwlf/AWN-194554
areed42 Mar 27, 2023
6be509b
fixed guide
laiba-zaman Mar 28, 2023
a28f0e8
Update disk-multiaz.md
laiba-zaman Mar 28, 2023
c48f85a
added guide
laiba-zaman Mar 28, 2023
2a866e4
Remediation context for google.bucketEncryption
areed42 Mar 28, 2023
3248727
Update bucket-encryption.md
areed42 Mar 28, 2023
3939e61
Merge pull request #89 from rtkwlf/AWN-194612
areed42 Mar 28, 2023
725efcd
[AWN-193454] Updating description and remediaiton guidance
areed42 Mar 29, 2023
4a36e7d
Merge pull request #90 from rtkwlf/AWN-193454
areed42 Mar 29, 2023
17064ec
Remediation context for google.deprecatedImages
areed42 Mar 30, 2023
dda8f9d
Merge pull request #91 from rtkwlf/AWN-194567
areed42 Mar 30, 2023
9c6ae74
added dataflow folder and guide?
laiba-zaman Mar 31, 2023
dd0fdc6
Update service-account-token-creator.md
laiba-zaman Mar 31, 2023
9359c3c
added dataflow folder and guide
laiba-zaman Mar 31, 2023
80f7777
Update dataflow-jobs-encryption.md
laiba-zaman Mar 31, 2023
ac10b6d
[AWN-194615] Remediation guide for plugin IAM: Member Admin
nuhasha Apr 3, 2023
a37176c
Merge pull request #94 from rtkwlf/nshawahna/AWN-194615
nuhasha Apr 3, 2023
5240d2f
[AWN-194616] Remediation guide for plugin: Kubernetes Alpha Disabled
nuhasha Apr 3, 2023
dc9ff99
Merge pull request #95 from rtkwlf/nshawahna/AWN-194616
nuhasha Apr 3, 2023
75fe522
[AWN-194621] Remediation guide for plugin: Kubernetes Alpha Disabled
nuhasha Apr 3, 2023
93aada2
Merge pull request #96 from rtkwlf/nshawahna/AWN-194621
nuhasha Apr 3, 2023
e106418
[AWN-194626] Remediation guide for plugin: Node Encryption Enabled
nuhasha Apr 3, 2023
97c9f8e
Merge pull request #97 from rtkwlf/nshawahna/AWN-194626
nuhasha Apr 3, 2023
8c6bd0c
[AWN-194627] Remediation guide for plugin: Cluster Encryption Enabled
nuhasha Apr 4, 2023
e33dea9
Merge pull request #98 from rtkwlf/nshawahna/AWN-194627
nuhasha Apr 4, 2023
4fde4b7
Merge pull request #92 from rtkwlf/AWN-194636
laiba-zaman Apr 4, 2023
5c607d4
[AWN-194629] Remediation guide for plugin: Dataset All Users Policy
nuhasha Apr 4, 2023
61ae9bd
Merge pull request #99 from rtkwlf/nshawahna/AWN-194629
nuhasha Apr 4, 2023
100d6c2
Update service-account-token-creator.md
laiba-zaman Apr 4, 2023
0ddb7a1
Update service-account-token-creator.md
areed42 Apr 4, 2023
5a1d2e8
Update dataflow-hanged-jobs.md
areed42 Apr 4, 2023
f3b2232
Merge pull request #93 from rtkwlf/AWN-194635
laiba-zaman Apr 4, 2023
c999e4d
Merge pull request #88 from rtkwlf/AWN-194614
laiba-zaman Apr 4, 2023
bd64801
Update sql-cmk-encryption.md
areed42 Apr 4, 2023
429cca9
Merge pull request #82 from rtkwlf/AWN-194574
laiba-zaman Apr 4, 2023
cb5fde2
Update disk-multiaz.md
laiba-zaman Apr 4, 2023
3ef426b
Merge pull request #79 from rtkwlf/AWN-194549
laiba-zaman Apr 4, 2023
79bbe6d
[AWN-194629] Remediation guide for plugin: # GOOGLE / BigQuery / Data…
nuhasha Apr 4, 2023
4c82ed4
Merge pull request #100 from rtkwlf/nshawahna/AWN-194629
nuhasha Apr 4, 2023
537ebe7
Add remediation steps for plugin: Dataset All Users Policy
nuhasha Apr 4, 2023
7aede81
Merge pull request #101 from rtkwlf/nshawahna/awn-194629
nuhasha Apr 4, 2023
8dc79b5
[AWN-194633] Remediation guide for plugin: Topic Encryption Enabled
nuhasha Apr 4, 2023
c77d10a
Merge pull request #102 from rtkwlf/nshawahna/AWN-194633
nuhasha Apr 4, 2023
9a2777e
[AWN-194860] Remediation guide for plugin HTTP Trigger require HTTPS
nuhasha Apr 5, 2023
c56a841
Merge pull request #103 from rtkwlf/nshawahna/AWN-194860
nuhasha Apr 5, 2023
520a2d4
fix images links
nuhasha Apr 5, 2023
b3fe943
Merge pull request #104 from rtkwlf/nshawahna/AWN-194860
nuhasha Apr 5, 2023
9982e41
Update http-trigger-require-https.md
nuhasha Apr 5, 2023
94362f4
Update http-trigger-require-https.md
nuhasha Apr 5, 2023
8751cad
[AWN-194865] Remediation guide for plugin: Ingress All Traffic Disabled
nuhasha Apr 5, 2023
e22fedd
Merge pull request #105 from rtkwlf/nshawahna/AWN-194865
nuhasha Apr 5, 2023
0cacaa8
Remediation context for google.trustedImageProjects
areed42 Apr 5, 2023
84cdbd8
Merge pull request #106 from rtkwlf/AWN-194904
areed42 Apr 5, 2023
5399c55
[AWN-194869] Remediation guide for plugin: Compute Allowed External IPs
nuhasha Apr 6, 2023
58a8e9b
Merge pull request #107 from rtkwlf/nshawahna/AWN-194869
nuhasha Apr 6, 2023
f1cc8cc
[AWN-194876] Remediation guide for plugin: Disable Automatic IAM Grants
nuhasha Apr 6, 2023
545e0d7
Merge pull request #108 from rtkwlf/nshawahna/AWN-194876
nuhasha Apr 6, 2023
66cb265
[AWN-194878] Remediation guide for plugin: Disable Guest Attributes
nuhasha Apr 10, 2023
752bce5
Merge pull request #109 from rtkwlf/nshawahna/AWN-194878
nuhasha Apr 10, 2023
aae0b1b
[AWN-194881] Remediation guide for plugin Disable Serial Port Access …
nuhasha Apr 10, 2023
8f81ef5
Merge pull request #110 from rtkwlf/nshawahna/AWN-194881
nuhasha Apr 10, 2023
6f7be80
[AWN-194881] Edit images and links
nuhasha Apr 10, 2023
eb583e4
Merge pull request #111 from rtkwlf/nshawahna/AWN-194881
nuhasha Apr 10, 2023
50207c0
[AWN-194881] Edit a link
nuhasha Apr 10, 2023
5d9234e
Merge pull request #112 from rtkwlf/nshawahna/AWN-194881
nuhasha Apr 10, 2023
b8f43b7
[AWN-194883] Remediation guide for plugin: Disable Service Account Cr…
nuhasha Apr 10, 2023
af695ce
Merge pull request #113 from rtkwlf/nshawahna/AWN-194883
nuhasha Apr 10, 2023
5c4f5d9
[AWN-194883] Corrections
nuhasha Apr 10, 2023
667f038
Merge pull request #114 from rtkwlf/nshawahna/AWN-194883
nuhasha Apr 10, 2023
f34565c
[AWN-194883] Remediation guide for plugin: Disable Service Account Ke…
nuhasha Apr 11, 2023
07b2ee8
Merge pull request #115 from rtkwlf/nshawahna/AWN-194883
nuhasha Apr 11, 2023
dc98601
[AWN-194886] Remediation guide for Plguin: Disable Service Account Ke…
nuhasha Apr 11, 2023
0350d2e
Merge pull request #116 from rtkwlf/nshawahna/AWN-194886
nuhasha Apr 11, 2023
9416554
[AWN-194888] Remediation guide for plugin: Disable Workload Identity …
nuhasha Apr 11, 2023
09f4b51
Merge pull request #117 from rtkwlf/nshawahna/AWN-194888
nuhasha Apr 11, 2023
87cbdb1
[AWN-194569] Remediation context for google.keyProtectionLevel
areed42 Apr 12, 2023
2a53dab
Merge pull request #118 from rtkwlf/AWN-194569
areed42 Apr 12, 2023
33f6349
Remediation context for google.locationBasedRestriction
areed42 Apr 12, 2023
4319435
Merge pull request #119 from rtkwlf/AWN-194907
areed42 Apr 12, 2023
b609afb
Remediation context for skipDefaultNetworkCreation
areed42 Apr 12, 2023
4af9f46
Merge pull request #120 from rtkwlf/AWN-194905
areed42 Apr 12, 2023
16e137a
[AWN-194903] Remediation context for disableVMIPForwarding
areed42 Apr 12, 2023
75000b7
Merge pull request #121 from rtkwlf/AWN-194903
areed42 Apr 12, 2023
86c2ba3
[AWN-194902] Remediation context for google.restrictVPNPeerIPs
areed42 Apr 12, 2023
19dab65
Merge pull request #122 from rtkwlf/AWN-194902
areed42 Apr 12, 2023
d6209c4
[AWN-194901] Remediation context for google.restrictVPCPeering
areed42 Apr 12, 2023
286f886
Merge pull request #123 from rtkwlf/AWN-194901
areed42 Apr 12, 2023
88d8fc7
[AWN-194900] Remediation context for google.restrictSharedVPCSubnetworks
areed42 Apr 12, 2023
9f1cc8d
Merge pull request #124 from rtkwlf/AWN-194900
areed42 Apr 12, 2023
c5ec673
[AWN-194899] Remediation context for google.restrictLoadBalancerCreation
areed42 Apr 12, 2023
acbe663
Merge pull request #125 from rtkwlf/AWN-194899
areed42 Apr 12, 2023
da69fba
[AWN-192643] Remediation context for google.instanceDefaultServiceAcc…
areed42 Apr 14, 2023
ae6b5d3
Merge pull request #126 from rtkwlf/AWN-192643
areed42 Apr 14, 2023
eee0f39
[AWN-193014] Remediation context for enableUsageExport
areed42 Apr 14, 2023
c797969
Merge pull request #127 from rtkwlf/AWN-193014
areed42 Apr 14, 2023
5c2c1b8
{AWN-194555] Remediation context for osLogin2FAEnabled
areed42 Apr 14, 2023
b159f4c
Merge pull request #128 from rtkwlf/AWN-194555
areed42 Apr 14, 2023
c523d41
[AWN-194889] remediation guide for Plugin: Detailed Audit Logging Mode
nuhasha Apr 17, 2023
22ac1c2
Merge pull request #129 from rtkwlf/nshawahna/AWN-194889
nuhasha Apr 17, 2023
8616001
[AWN-194889] Edit image path
nuhasha Apr 17, 2023
3ccd6b0
Merge pull request #130 from rtkwlf/nshawahna/AWN-194889
nuhasha Apr 17, 2023
b706e19
[AWN-194891] Remediation guide for plugin: Enforce Uniform Bucket-Lev…
nuhasha Apr 18, 2023
11d7295
Merge pull request #131 from rtkwlf/nshawahna/AWN-194891
nuhasha Apr 18, 2023
3672729
[AWN-194892] Remediation guide for Plugin: Enforce Require OS Login
nuhasha Apr 18, 2023
f84fa54
Merge pull request #132 from rtkwlf/nshawahna/AWN-194892
nuhasha Apr 18, 2023
00136b8
[AWN-194892] Add missing image
nuhasha Apr 18, 2023
2a06602
Merge pull request #133 from rtkwlf/nshawahna/AWN-194892
nuhasha Apr 18, 2023
b73fb46
[AWN-194892] Add missing image
nuhasha Apr 18, 2023
157ef9b
[AWN-194892] Cprrect image path for 2 plugins
nuhasha Apr 18, 2023
8051db2
Merge pull request #134 from rtkwlf/nshawahna/AWN-194892
nuhasha Apr 18, 2023
5016e2a
[AWN-194894] Remediation guide for Plugin: Enforce Restrict Authorize…
nuhasha Apr 19, 2023
6876896
Merge pull request #135 from rtkwlf/nshawahna/AWN-194894
nuhasha Apr 19, 2023
20bbeac
[AWN-194896] Remediation guide for Plugin: Disable Default Encryption…
nuhasha Apr 19, 2023
6d00c10
Merge pull request #136 from rtkwlf/nshawahna/AWN-194896
nuhasha Apr 19, 2023
a02a349
Remove .DS_Store files
areed42 Apr 27, 2023
4444e04
Omit .DS_Store files going forward
areed42 Apr 27, 2023
1479ac7
Merge pull request #137 from rtkwlf/AWN-217773
areed42 Apr 27, 2023
b4f77ee
Update ebs-volume-has-tags.md
nuhasha Oct 30, 2023
6dfff53
[AWN-281292 Add deprecation notice for AWS Launch Configurations
nuhasha Dec 8, 2023
23ba1b6
Merge pull request #138 from rtkwlf/nshawahna/AWN-281292a
nuhasha Dec 8, 2023
2d3a214
[AWN-281292] Add line break before the note
nuhasha Dec 8, 2023
3321c24
Merge pull request #139 from rtkwlf/nshawahna/AWN-281292a
nuhasha Dec 8, 2023
bcf2942
added expected password expiration date screenshot/text
balasathya16 Dec 13, 2023
807ca3a
minor typo in step 5
balasathya16 Dec 13, 2023
5b9c47f
minor typo - step 5
balasathya16 Dec 13, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.DS_Store
66 changes: 64 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,17 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* AWS
* ACM
* [ACM Certificate Validation](en/aws/acm/acm-certificate-validation.md)
* APIGateway
* [API Gateway Certificate Rotation](en/aws/apigateway/api-gateway-certificate-rotation.md)
* [API Gateway Client Certificate](en/aws/apigateway/api-gateway-client-certificate.md)
* [API Gateway CloudWatch Logs](en/aws/apigateway/api-gateway-cloudwatch-logs.md)
* [API Gateway Content Encoding](en/aws/apigateway/api-gateway-content-encoding.md)
* [API Gateway Detailed CloudWatch Metrics](en/aws/apigateway/api-gateway-detailed-cloudwatch-metrics.md)
* [API Gateway Private Endpoints](en/aws/apigateway/api-gateway-private-endpoints.md)
* [API Gateway Response Caching](en/aws/apigateway/api-gateway-response-caching.md)
* [API Gateway Tracing Enabled](en/aws/apigateway/api-gateway-tracing-enabled.md)
* [API Gateway WAF Enabled](en/aws/apigateway/api-gateway-waf-enabled.md)
* [API Stage-Level Cache Encryption](en/aws/apigateway/api-stage-level-cache-encryption.md)
* AutoScaling
* [ASG Multiple AZ](en/aws/autoscaling/asg-multiple-az.md)
* CloudFront
Expand All @@ -31,22 +42,32 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* [CloudTrail To CloudWatch](en/aws/cloudtrail/cloudtrail-to-cloudwatch.md)
* CloudWatchLogs
* [CloudWatch Monitoring Metrics](en/aws/cloudwatchlogs/cloudwatch-monitoring-metrics.md)
* CodeBuild
* [Project Artifacts Encrypted](en/aws/codebuild/project-artifacts-encrypted.md)
* ConfigService
* [Config Service Enabled](en/aws/configservice/config-service-enabled.md)
* EC2
* [Amazon EBS Public Snapshots](en/aws/ec2/amazon-ebs-public-snapshots.md)
* [App-Tier EC2 Instance IAM Role](en/aws/ec2/app-tier-ec2-instance-iam-role.md)
* [Automate EBS Snapshot Lifecycle](en/aws/ec2/automate-ebs-snapshot-lifecycle.md)
* [Cross Organization VPC Peering Connections](en/aws/ec2/cross-organization-vpc-peering-connections.md)
* [Cross VPC Public Private Communication](en/aws/ec2/cross-vpc-public-private-communication.md)
* [Default Security Group](en/aws/ec2/default-security-group.md)
* [Default VPC In Use](en/aws/ec2/default-vpc-in-use.md)
* [Detect EC2 Classic Instances](en/aws/ec2/detect-ec2-classic-instances.md)
* [EBS Backup Enabled](en/aws/ec2/ebs-backup-enabled.md)
* [EBS Encrypted Snapshots](en/aws/ec2/ebs-encrypted-snapshots.md)
* [EBS Encryption Enabled](en/aws/ec2/ebs-encryption-enabled.md)
* [EBS Encryption Enabled By Default](en/aws/ec2/ebs-encryption-enabled-by-default.md)
* [EBS Volumes Too Old Snapshots](en/aws/ec2/ebs-volumes-too-old-snapshots.md)
* [EC2 Instance Key Based Login](en/aws/ec2/ec2-instance-key-based-login.md)
* [EC2 Max Instances](en/aws/ec2/ec2-max-instances.md)
* [Elastic IP Limit](en/aws/ec2/elastic-ip-limit.md)
* [Encrypted AMI](en/aws/ec2/encrypted-ami.md)
* [Excessive Security Groups](en/aws/ec2/excessive-security-groups.md)
* [Instance IAM Role](en/aws/ec2/instance-iam-role.md)
* [Instance Limit](en/aws/ec2/instance-limit.md)
* [Managed NAT Gateway In Use](en/aws/ec2/managed-nat-gateway-in-use.md)
* [NAT Multiple AZ](en/aws/ec2/nat-multiple-az.md)
* [Open All Ports Protocols](en/aws/ec2/open-all-ports-protocols.md)
* [Open CIFS](en/aws/ec2/open-cifs.md)
Expand All @@ -66,19 +87,44 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* [Open Telnet](en/aws/ec2/open-telnet.md)
* [Open VNC Client](en/aws/ec2/open-vnc-client.md)
* [Open VNC Server](en/aws/ec2/open-vnc-server.md)
* [Outdated Amazon Machine Images](en/aws/ec2/outdated-amazon-machine-images.md)
* [Overlapping Security Groups](en/aws/ec2/overlapping-security-groups.md)
* [Public AMI](en/aws/ec2/public-ami.md)
* [Subnet IP Availability](en/aws/ec2/subnet-ip-availability.md)
* [Unrestricted Network ACL Outbound Traffic](en/aws/ec2/unrestricted-network-acl-outbound-traffic.md)
* [Unused Amazon Machine Images](en/aws/ec2/unused-amazon-machine-images.md)
* [Unused Elastic Network Interfaces](en/aws/ec2/unused-elastic-network-interfaces.md)
* [Unused Virtual Private Gateway](en/aws/ec2/unused-virtual-private-gateway.md)
* [Unused VPC Internet Gateways](en/aws/ec2/unused-vpc-internet-gateways.md)
* [VPC Elastic IP Limit](en/aws/ec2/vpc-elastic-ip-limit.md)
* [VPC Endpoint Cross Account Access](en/aws/ec2/vpc-endpoint-cross-account-acess.md)
* [VPC Endpoint Exposed](en/aws/ec2/vpc-endpoint-exposed.md)
* [VPC Flow Logs Enabled](en/aws/ec2/vpc-flow-logs-enabled.md)
* [VPC Multiple Subnets](en/aws/ec2/vpc-multiple-subnets.md)
* [VPC Subnet Instances Present](en/aws/ec2/vpc-subnet-instances-present.md)
* [VPN Tunnel State](en/aws/ec2/vpn-tunnel-state.md)
* [Web-Tier EC2 Instance IAM Role](en/aws/ec2/web-tier-ec2-instance-iam-role.md)
* EFS
* [EFS CMK Encrypted](en/aws/efs/efs-cmk-encrypted.md)
* [EFS Encryption Enabled](en/aws/efs/efs-encryption-enabled.md)
* EKS
* [EKS Kubernetes Version](en/aws/eks/eks-kubernetes-version.md)
* [EKS Latest Platform Version](en/aws/eks/eks-latest-platform-version.md)
* [EKS Logging Enabled](en/aws/eks/eks-logging-enabled.md)
* [EKS Private Endpoint](en/aws/eks/eks-private-endpoint.md)
* [EKS Secrets Encrypted](en/aws/eks/eks-secrets-encrypted.md)
* [EKS Security Groups](en/aws/eks/eks-security-groups.md)
* ELB
* [ELB HTTPS Only](en/aws/elb/elb-https-only.md)
* [ELB Logging Enabled](en/aws/elb/elb-logging-enabled.md)
* [ELB No Instances](en/aws/elb/elb-no-instances.md)
* [Insecure Ciphers](en/aws/elb/insecure-ciphers.md)
* Firehose
* EventBridge
* [EventBridge Event Rules In Use](en/aws/eventbridge/eventbridge-event-rules-in-use.md)
* Firehose
* [Firehose Delivery Streams Encrypted](en/aws/firehose/firehose-delivery-streams-encrypted.md)
* Glacier
* [S3 Glacier Vault Public Access](en/aws/glacier/S3-glacier-vault-public-access.md)
* IAM
* [Access Keys Extra](en/aws/iam/access-keys-extra.md)
* [Access Keys Last Used](en/aws/iam/access-keys-last-used.md)
Expand All @@ -102,14 +148,21 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* [Users MFA Enabled](en/aws/iam/users-mfa-enabled.md)
* [Users Password Last Used](en/aws/iam/users-password-last-used.md)
* KMS
* [App-Tier KMS Customer Master Key (CMK)](en/aws/kms/app-tier-kms-customer-master-key-(cmk).md)
* [KMS Default Key Usage](en/aws/kms/kms-default-key-usage.md)
* [KMS Duplicate Grants](en/aws/kms/kms-duplicate-grants.md)
* [KMS Grant Least Privilege](en/aws/kms/kms-grant-least-privilege.md)
* [KMS Key Policy](en/aws/kms/kms-key-policy.md)
* [KMS Key Rotation](en/aws/kms/kms-key-rotation.md)
* [KMS Scheduled Deletion](en/aws/kms/kms-scheduled-deletion.md)
* Kinesis
* [Kinesis Data Streams Encrypted](en/aws/kinesis/kinesis-data-streams-encrypted.md)
* [Kinesis Streams Encrypted](en/aws/kinesis/kinesis-streams-encrypted.md)
* Lambda
* [Lambda Old Runtimes](en/aws/lambda/lambda-old-runtimes.md)
* [Lambda Tracing Enabled](en/aws/lambda/lambda-tracing-enabled.md)
* Neptune
* [Neptune Database Instance Encrypted](en/aws/neptune/neptune-database-instance-encrypted.md)
* RDS
* [RDS Automated Backups](en/aws/rds/rds-automated-backups.md)
* [RDS Encryption Enabled](en/aws/rds/rds-encryption-enabled.md)
Expand All @@ -128,6 +181,11 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* [S3 Bucket All Users Policy](en/aws/s3/s3-bucket-all-users-policy.md)
* [S3 Bucket Logging](en/aws/s3/s3-bucket-logging.md)
* [S3 Bucket Versioning](en/aws/s3/s3-bucket-versioning.md)
* [S3 Bucket Lifecycle Configuration](en/aws/s3/s3-bucket-lifecycle-configuration.md)
* [S3 Bucket Policy CloudFront OAI](en/aws/s3/s3-bucket-policy-cloudfront-oai.md)
* [S3 DNS Compliant Bucket Names](en/aws/s3/s3-dns-compliant-bucket-names.md)
* [S3 Transfer Acceleration Enabled](en/aws/s3/s3-transfer-acceleration-enabled.md)
* [S3 Versioned Buckets Lifecycle Configuration](en/aws/s3/s3-versioned-buckets-lifecycle-configuration.md)
* SES
* [Email DKIM Enabled](en/aws/ses/email-dkim-enabled.md)
* SNS
Expand All @@ -140,6 +198,10 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* SageMaker
* [Notebook Data Encrypted](en/aws/sagemaker/notebook-data-encrypted.md)
* [Notebook Direct Internet Access](en/aws/sagemaker/notebook-direct-internet-access.md)
* WAF
* [AWS WAF In Use](en/aws/waf/aws-waf-in-use.md)
* WAFV2
* [AWS WAFV2 In Use](en/aws/wafv2/aws-wafv2-in-use.md)
* Azure
* Active Directory
* [Ensure No Guest User](en/azure/activedirectory/ensure-no-guest-user.md)
Expand Down Expand Up @@ -481,4 +543,4 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h

## Contributing

Please see the [contributor's guide](.github/CONTRIBUTING.md).
Please see the [contributor's guide](.github/CONTRIBUTING.md).
27 changes: 27 additions & 0 deletions en/aws/apigateway/api-gateway-certificate-rotation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# AWS / API Gateway / API Gateway Certificate Rotation

## Quick Info

| | |
|-|-|
| **Plugin Title** | API Gateway Certificate Rotation |
| **Cloud** | AWS |
| **Category** | API Gateway |
| **Description** | Ensures that Amazon API Gateway APIs have certificates with expiration date more than the rotation limit. |
| **More Info** | API Gateway APIs should have certificates with long term expiry date to avoid API insecurity after certificate expiration. |
| **AWS Link** | https://docs.aws.amazon.com/apigateway/latest/developerguide/data-protection-encryption.html |
| **Recommended Action** | Rotate the certificate attached to API Gateway API |

## Detailed Remediation Steps
You must rotate the certificate before a client certificate on an API stage expires to avoid any downtime for the API. </br>
To rotate a client certificate in the console for a previously deployed API, do the following: </br>
1. Open the API Gateway console at https://console.aws.amazon.com/apigateway/. </br>
2. In the main navigation pane, choose Client Certificates. </br>
3. From the Client Certificates pane, choose Generate Client Certificate. </br>
4. From navigation pane again click on APIs. </br>
5. Open the API for which you want to use the client certificate. </br>
6. Choose Stages under the selected API and then choose a stage. </br>
7. In the Stage Editor panel, select the new certificate under the Client Certificate section. </br>
8. To save the settings, choose Save Changes. </br>
30 changes: 30 additions & 0 deletions en/aws/apigateway/api-gateway-client-certificate.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# AWS / API Gateway / API Gateway Client Certificate

## Quick Info

| | |
|-|-|
| **Plugin Title** | API Gateway Client Certificate |
| **Cloud** | AWS |
| **Category** | API Gateway |
| **Description** | Ensures that Amazon API Gateway API stages use client certificates |
| **More Info** | API Gateway API stages should use client certificates to ensure API security authorization. |
| **AWS Link** | https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html |
| **Recommended Action** | Attach client certificate to API Gateway API stages |

## Detailed Remediation Steps
Generate a client certificate using the API Gateway console: </br>
1. Open the API Gateway console at https://console.aws.amazon.com/apigateway/. </br>
2. Choose a REST API.
3. In the main navigation pane, choose Client Certificates. </br>
4. From the Client Certificates pane, choose Generate Client Certificate. </br>
5. Optionally, for Edit, choose to add a descriptive title for the generated certificate and choose Save to save the description. API Gateway generates a new certificate and returns the new certificate GUID. </br>

Now you need to configure an API to use SSL certificate:
1. In the API Gateway console, create or open an API for which you want to use the client certificate. Make sure that the API has been deployed to a stage. For more information on how to deploy see https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api-with-console.html#how-to-deploy-api-console </br>
2. Choose Stages under the selected API and then choose a stage. </br>
3. In the Stage Editor panel, select a certificate under the Client Certificate section. </br>
4. To save the settings, choose Save Changes. </br>
5. If the API has been deployed previously in the API Gateway console, you'll need to redeploy it for the changes to take effect. For more information, see https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api-with-console.html#apigateway-how-to-redeploy-api-console </br>
33 changes: 33 additions & 0 deletions en/aws/apigateway/api-gateway-cloudwatch-logs.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# AWS / API Gateway / API Gateway CloudWatch Logs

## Quick Info

| | |
|-|-|
| **Plugin Title** | API Gateway CloudWatch Logs |
| **Cloud** | AWS |
| **Category** | API Gateway |
| **Description** | Ensures that Amazon API Gateway API stages have Amazon CloudWatch Logs enabled |
| **More Info** | API Gateway API stages should have Amazon CloudWatch Logs enabled to help debug issues related to request execution or client access to your API. |
| **AWS Link** | https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html |
| **Recommended Action** | Modify API Gateway API stages to enable CloudWatch Logs |

## Detailed Remediation Steps
1. Sign in to the API Gateway console at https://console.aws.amazon.com/apigateway. </br>
2. Choose a REST API. </br>
3. Choose Settings from the primary navigation panel and enter an ARN of an IAM role with appropriate permissions in CloudWatch log role ARN. You need to do this once. </br>
4. Choose an existing API and then choose a stage. </br>
5. Choose Logs/Tracing in the Stage Editor. </br>
6. To enable execution logging: </br>
a. Choose Enable CloudWatch Logs under CloudWatch Settings. </br>
b. Choose Error or Info from the dropdown menu. </br>
c. If desired, choose Log full requests/responses data to log the full API requests and responses. </br>
Warning: This can be useful to troubleshoot APIs, but can result in logging sensitive data. We recommend that you don't enable Log full requests/responses data for production APIs. </br>
d. If desired, choose Enable Detailed CloudWatch Metrics. </br>
7. To enable access logging: </br>
a. Choose Enable Access Logging under Custom Access Logging. </br>
b. Enter the ARN of a log group in Access Log Destination ARN. The ARN format is arn:aws:logs:{region}:{account-id}:log-group:log-group-name. </br>
c. Enter a log format in Log Format. You can choose CLF, JSON, XML, or CSV to use one of the provided examples as a guide. </br>
8. Choose Save Changes. </br>
22 changes: 22 additions & 0 deletions en/aws/apigateway/api-gateway-content-encoding.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# AWS / API Gateway / API Gateway Content Encoding

## Quick Info

| | |
|-|-|
| **Plugin Title** | API Gateway Content Encoding |
| **Cloud** | AWS |
| **Category** | API Gateway |
| **Description** | Ensures that Amazon API Gateway APIs have content encoding enabled. |
| **More Info** | API Gateway API should have content encoding enabled to enable compression of response payload. |
| **AWS Link** | https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-gzip-compression-decompression.html |
| **Recommended Action** | Enable content encoding and set minimum compression size of API Gateway API response |

## Detailed Remediation Steps
1. Sign in to the API Gateway console at https://console.aws.amazon.com/apigateway. </br>
2. Choose an existing API. </br>
3. In the primary navigation pane, choose Settings under the API you chose. </br>
4. Under the Content Encoding section in the Settings pane, select the Content Encoding enabled option to enable payload compression. Enter a number for the minimum compression size (in bytes) next to Minimum body size required for compression. </br>
5. Choose Save Changes.</br>
23 changes: 23 additions & 0 deletions en/aws/apigateway/api-gateway-detailed-cloudwatch-metrics.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# AWS / API Gateway / API Gateway Detailed CloudWatch Metrics

## Quick Info

| | |
|-|-|
| **Plugin Title** | API Gateway Detailed CloudWatch Metrics |
| **Cloud** | AWS |
| **Category** | API Gateway |
| **Description** | Ensures that API Gateway API stages have detailed CloudWatch metrics enabled. |
| **More Info** | API Gateway API stages should have detailed CloudWatch metrics enabled to monitor logs and events. |
| **AWS Link** | https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-metrics.html |
| **Recommended Action** | Add CloudWatch role ARN to API settings and enabled detailed metrics for each stage |

## Detailed Remediation Steps
1. Open the API Gateway console at https://console.aws.amazon.com/apigateway/. </br>
2. Choose an API. </br>
3. Choose a stage. </br>
4. On the Logs/Tracing tab, choose Enable Detailed CloudWatch Metrics. </br>
5. Choose Resources in the left side navigation panel. </br>
6. To redeploy the API with the new settings, choose the Actions dropdown, and then choose Deploy API. </br>
25 changes: 25 additions & 0 deletions en/aws/apigateway/api-gateway-private-endpoints.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# AWS / API Gateway / API Gateway Private Endpoints

## Quick Info

| | |
|-|-|
| **Plugin Title** | API Gateway Private Endpoints |
| **Cloud** | AWS |
| **Category** | API Gateway |
| **Description** | Ensures that Amazon API Gateway APIs are only accessible through private endpoints. |
| **More Info** | API Gateway APIs should be only accessible through private endpoints to ensure API security |
| **AWS Link** | https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints |
| **Recommended Action** | Set API Gateway API endpoint configuration to private |

## Detailed Remediation Steps
To convert a public endpoint from regional or edge-optimized to Private: </br>
1. Sign in to the API Gateway console at https://console.aws.amazon.com/apigateway. </br>
2. Choose an existing API. </br>
3. Choose Settings. </br>
4. Change the Endpoint Type option under Endpoint Configuration from Edge Optimized or from Regional to Private. </br>
5. You need to specify one or more VPC endpoints with your API and API Gateway will generate new Route 53 Alias records which you can use to invoke your API. </br>
6. If you don't have a VPC, then create one and then Create the VPC endpoint for API Gateway. See this for more details: https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/ </br>
7. Choose Save Changes to start the update. </br>
Loading