From b6f24b4656b4f240d360572e6462bc9a13a72cfb Mon Sep 17 00:00:00 2001 From: Nikita Pivkin Date: Fri, 20 Sep 2024 13:55:12 +0600 Subject: [PATCH] fix(checks): rename cloudformation -> cloud_formation in metadata Signed-off-by: Nikita Pivkin --- checks/cloud/aws/apigateway/enable_access_logging.rego | 2 +- checks/cloud/aws/athena/enable_at_rest_encryption.rego | 2 +- checks/cloud/aws/athena/no_encryption_override.rego | 2 +- checks/cloud/aws/cloudfront/enable_logging.rego | 2 +- checks/cloud/aws/cloudfront/enable_waf.rego | 2 +- checks/cloud/aws/cloudfront/enforce_https.rego | 2 +- checks/cloud/aws/cloudfront/use_secure_tls_policy.rego | 2 +- checks/cloud/aws/cloudtrail/enable_all_regions.rego | 2 +- checks/cloud/aws/cloudtrail/enable_log_validation.rego | 2 +- checks/cloud/aws/cloudtrail/encryption_customer_key.rego | 2 +- .../cloud/aws/cloudtrail/ensure_cloudwatch_integration.rego | 2 +- checks/cloud/aws/cloudtrail/no_public_log_access.rego | 2 +- .../cloud/aws/cloudtrail/require_bucket_access_logging.rego | 2 +- checks/cloud/aws/cloudwatch/log_group_customer_key.rego | 2 +- checks/cloud/aws/codebuild/enable_encryption.rego | 2 +- checks/cloud/aws/config/aggregate_all_regions.rego | 2 +- checks/cloud/aws/documentdb/enable_log_export.rego | 2 +- checks/cloud/aws/documentdb/enable_storage_encryption.rego | 2 +- checks/cloud/aws/documentdb/encryption_customer_key.rego | 2 +- checks/cloud/aws/dynamodb/enable_at_rest_encryption.rego | 2 +- checks/cloud/aws/ec2/add_description_to_security_group.rego | 2 +- .../aws/ec2/add_description_to_security_group_rule.rego | 2 +- checks/cloud/aws/ec2/as_enable_at_rest_encryption.rego | 2 +- checks/cloud/aws/ec2/as_enforce_http_token_imds.rego | 2 +- checks/cloud/aws/ec2/as_no_secrets_in_user_data.rego | 2 +- checks/cloud/aws/ec2/enable_at_rest_encryption.rego | 2 +- checks/cloud/aws/ec2/enable_volume_encryption.rego | 2 +- checks/cloud/aws/ec2/encryption_customer_key.rego | 2 +- checks/cloud/aws/ec2/no_excessive_port_access.rego | 2 +- checks/cloud/aws/ec2/no_public_egress_sgr.rego | 2 +- checks/cloud/aws/ec2/no_public_ingress_acl.rego | 2 +- checks/cloud/aws/ec2/no_public_ingress_sgr.rego | 2 +- checks/cloud/aws/ec2/no_public_ip.rego | 2 +- checks/cloud/aws/ec2/no_public_ip_subnet.rego | 2 +- checks/cloud/aws/ec2/no_secrets_in_user_data.rego | 2 +- checks/cloud/aws/ecr/enable_image_scans.rego | 2 +- checks/cloud/aws/ecr/enforce_immutable_repository.rego | 2 +- checks/cloud/aws/ecr/no_public_access.rego | 2 +- checks/cloud/aws/ecr/repository_customer_key.rego | 2 +- checks/cloud/aws/ecs/enable_container_insight.rego | 2 +- checks/cloud/aws/ecs/enable_in_transit_encryption.rego | 2 +- checks/cloud/aws/ecs/no_plaintext_secrets.rego | 2 +- checks/cloud/aws/efs/enable_at_rest_encryption.rego | 2 +- checks/cloud/aws/eks/encrypt_secrets.rego | 2 +- .../aws/elasticache/add_description_for_security_group.rego | 2 +- checks/cloud/aws/elasticache/enable_backup_retention.rego | 2 +- .../cloud/aws/elasticache/enable_in_transit_encryption.rego | 2 +- .../cloud/aws/elasticsearch/enable_domain_encryption.rego | 2 +- checks/cloud/aws/elasticsearch/enable_domain_logging.rego | 2 +- .../aws/elasticsearch/enable_in_transit_encryption.rego | 2 +- checks/cloud/aws/elasticsearch/enforce_https.rego | 2 +- checks/cloud/aws/elasticsearch/use_secure_tls_policy.rego | 2 +- checks/cloud/aws/kinesis/enable_in_transit_encryption.rego | 2 +- checks/cloud/aws/lambda/enable_tracing.rego | 2 +- checks/cloud/aws/lambda/restrict_source_arn.rego | 2 +- checks/cloud/aws/mq/enable_audit_logging.rego | 2 +- checks/cloud/aws/mq/enable_general_logging.rego | 2 +- checks/cloud/aws/mq/no_public_access.rego | 2 +- checks/cloud/aws/msk/enable_at_rest_encryption.rego | 2 +- checks/cloud/aws/msk/enable_in_transit_encryption.rego | 2 +- checks/cloud/aws/msk/enable_logging.rego | 2 +- checks/cloud/aws/neptune/enable_log_export.rego | 2 +- checks/cloud/aws/neptune/enable_storage_encryption.rego | 2 +- checks/cloud/aws/neptune/encryption_customer_key.rego | 2 +- checks/cloud/aws/rds/enable_performance_insights.rego | 2 +- checks/cloud/aws/rds/encrypt_cluster_storage_data.rego | 2 +- checks/cloud/aws/rds/encrypt_instance_storage_data.rego | 2 +- .../rds/performance_insights_encryption_customer_key.rego | 2 +- checks/cloud/aws/rds/specify_backup_retention.rego | 2 +- .../aws/redshift/add_description_to_security_group.rego | 2 +- checks/cloud/aws/redshift/encryption_customer_key.rego | 2 +- checks/cloud/aws/redshift/no_classic_resources.rego | 2 +- checks/cloud/aws/redshift/use_vpc.rego | 2 +- checks/cloud/aws/s3/block_public_acls.rego | 2 +- checks/cloud/aws/s3/block_public_policy.rego | 2 +- checks/cloud/aws/s3/enable_bucket_encryption.rego | 2 +- checks/cloud/aws/s3/enable_versioning.rego | 2 +- checks/cloud/aws/s3/encryption_customer_key.rego | 2 +- checks/cloud/aws/s3/ignore_public_acls.rego | 2 +- checks/cloud/aws/s3/no_public_access_with_acl.rego | 2 +- checks/cloud/aws/s3/no_public_buckets.rego | 2 +- checks/cloud/aws/s3/specify_public_access_block.rego | 2 +- checks/cloud/aws/sam/api_use_secure_tls_policy.rego | 2 +- checks/cloud/aws/sam/enable_api_access_logging.rego | 2 +- checks/cloud/aws/sam/enable_api_cache_encryption.rego | 2 +- checks/cloud/aws/sam/enable_api_tracing.rego | 2 +- checks/cloud/aws/sam/enable_function_tracing.rego | 2 +- checks/cloud/aws/sam/enable_http_api_access_logging.rego | 2 +- checks/cloud/aws/sam/enable_state_machine_tracing.rego | 2 +- checks/cloud/aws/sam/enable_table_encryption.rego | 2 +- checks/cloud/aws/sns/enable_topic_encryption.rego | 2 +- checks/cloud/aws/sns/topic_encryption_with_cmk.rego | 2 +- checks/cloud/aws/sqs/enable_queue_encryption.rego | 2 +- checks/cloud/aws/sqs/no_wildcards_in_policy_documents.rego | 2 +- checks/cloud/aws/sqs/queue_encryption_with_cmk.rego | 2 +- checks/cloud/aws/ssm/secret_use_customer_key.rego | 2 +- checks/cloud/aws/workspaces/enable_disk_encryption.rego | 2 +- cmd/avd_generator/main.go | 6 +++++- 98 files changed, 102 insertions(+), 98 deletions(-) diff --git a/checks/cloud/aws/apigateway/enable_access_logging.rego b/checks/cloud/aws/apigateway/enable_access_logging.rego index 2825ca94..4a85eb4a 100644 --- a/checks/cloud/aws/apigateway/enable_access_logging.rego +++ b/checks/cloud/aws/apigateway/enable_access_logging.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_stage#access_log_settings # good_examples: checks/cloud/aws/apigateway/enable_access_logging.tf.go # bad_examples: checks/cloud/aws/apigateway/enable_access_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/apigateway/enable_access_logging.cf.go # bad_examples: checks/cloud/aws/apigateway/enable_access_logging.cf.go package builtin.aws.apigateway.aws0001 diff --git a/checks/cloud/aws/athena/enable_at_rest_encryption.rego b/checks/cloud/aws/athena/enable_at_rest_encryption.rego index 15a90b64..dd319edd 100644 --- a/checks/cloud/aws/athena/enable_at_rest_encryption.rego +++ b/checks/cloud/aws/athena/enable_at_rest_encryption.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration # good_examples: checks/cloud/aws/athena/enable_at_rest_encryption.tf.go # bad_examples: checks/cloud/aws/athena/enable_at_rest_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/athena/enable_at_rest_encryption.cf.go # bad_examples: checks/cloud/aws/athena/enable_at_rest_encryption.cf.go package builtin.aws.athena.aws0006 diff --git a/checks/cloud/aws/athena/no_encryption_override.rego b/checks/cloud/aws/athena/no_encryption_override.rego index c64ab962..078d93eb 100644 --- a/checks/cloud/aws/athena/no_encryption_override.rego +++ b/checks/cloud/aws/athena/no_encryption_override.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#configuration # good_examples: checks/cloud/aws/athena/no_encryption_override.tf.go # bad_examples: checks/cloud/aws/athena/no_encryption_override.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/athena/no_encryption_override.cf.go # bad_examples: checks/cloud/aws/athena/no_encryption_override.cf.go package builtin.aws.athena.aws0007 diff --git a/checks/cloud/aws/cloudfront/enable_logging.rego b/checks/cloud/aws/cloudfront/enable_logging.rego index abd63d41..bb74205e 100644 --- a/checks/cloud/aws/cloudfront/enable_logging.rego +++ b/checks/cloud/aws/cloudfront/enable_logging.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#logging_config # good_examples: checks/cloud/aws/cloudfront/enable_logging.tf.go # bad_examples: checks/cloud/aws/cloudfront/enable_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudfront/enable_logging.cf.go # bad_examples: checks/cloud/aws/cloudfront/enable_logging.cf.go package builtin.aws.cloudfront.aws0010 diff --git a/checks/cloud/aws/cloudfront/enable_waf.rego b/checks/cloud/aws/cloudfront/enable_waf.rego index 2818a7e3..c34cbe62 100644 --- a/checks/cloud/aws/cloudfront/enable_waf.rego +++ b/checks/cloud/aws/cloudfront/enable_waf.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id # good_examples: checks/cloud/aws/cloudfront/enable_waf.tf.go # bad_examples: checks/cloud/aws/cloudfront/enable_waf.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudfront/enable_waf.cf.go # bad_examples: checks/cloud/aws/cloudfront/enable_waf.cf.go package builtin.aws.cloudfront.aws0011 diff --git a/checks/cloud/aws/cloudfront/enforce_https.rego b/checks/cloud/aws/cloudfront/enforce_https.rego index 4ef7813c..1a4f2e65 100644 --- a/checks/cloud/aws/cloudfront/enforce_https.rego +++ b/checks/cloud/aws/cloudfront/enforce_https.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#viewer_protocol_policy # good_examples: checks/cloud/aws/cloudfront/enforce_https.tf.go # bad_examples: checks/cloud/aws/cloudfront/enforce_https.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudfront/enforce_https.cf.go # bad_examples: checks/cloud/aws/cloudfront/enforce_https.cf.go package builtin.aws.cloudfront.aws0012 diff --git a/checks/cloud/aws/cloudfront/use_secure_tls_policy.rego b/checks/cloud/aws/cloudfront/use_secure_tls_policy.rego index 7bb65d70..9d65731f 100644 --- a/checks/cloud/aws/cloudfront/use_secure_tls_policy.rego +++ b/checks/cloud/aws/cloudfront/use_secure_tls_policy.rego @@ -30,7 +30,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#minimum_protocol_version # good_examples: checks/cloud/aws/cloudfront/use_secure_tls_policy.tf.go # bad_examples: checks/cloud/aws/cloudfront/use_secure_tls_policy.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudfront/use_secure_tls_policy.cf.go # bad_examples: checks/cloud/aws/cloudfront/use_secure_tls_policy.cf.go package builtin.aws.cloudfront.aws0013 diff --git a/checks/cloud/aws/cloudtrail/enable_all_regions.rego b/checks/cloud/aws/cloudtrail/enable_all_regions.rego index 76e84feb..0383c327 100644 --- a/checks/cloud/aws/cloudtrail/enable_all_regions.rego +++ b/checks/cloud/aws/cloudtrail/enable_all_regions.rego @@ -31,7 +31,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail # good_examples: checks/cloud/aws/cloudtrail/enable_all_regions.tf.go # bad_examples: checks/cloud/aws/cloudtrail/enable_all_regions.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudtrail/enable_all_regions.cf.go # bad_examples: checks/cloud/aws/cloudtrail/enable_all_regions.cf.go package builtin.aws.cloudtrail.aws0014 diff --git a/checks/cloud/aws/cloudtrail/enable_log_validation.rego b/checks/cloud/aws/cloudtrail/enable_log_validation.rego index f101c52d..ced05965 100644 --- a/checks/cloud/aws/cloudtrail/enable_log_validation.rego +++ b/checks/cloud/aws/cloudtrail/enable_log_validation.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#enable_log_file_validation # good_examples: checks/cloud/aws/cloudtrail/enable_log_validation.tf.go # bad_examples: checks/cloud/aws/cloudtrail/enable_log_validation.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudtrail/enable_log_validation.cf.go # bad_examples: checks/cloud/aws/cloudtrail/enable_log_validation.cf.go package builtin.aws.cloudtrail.aws0016 diff --git a/checks/cloud/aws/cloudtrail/encryption_customer_key.rego b/checks/cloud/aws/cloudtrail/encryption_customer_key.rego index 16cbc173..8c2576a4 100644 --- a/checks/cloud/aws/cloudtrail/encryption_customer_key.rego +++ b/checks/cloud/aws/cloudtrail/encryption_customer_key.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#kms_key_id # good_examples: checks/cloud/aws/cloudtrail/encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/cloudtrail/encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # links: # - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html#cfn-cloudtrail-trail-kmskeyid # good_examples: checks/cloud/aws/cloudtrail/encryption_customer_key.cf.go diff --git a/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.rego b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.rego index 28a40081..fdfdb964 100644 --- a/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.rego +++ b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.rego @@ -39,7 +39,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail # good_examples: checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.tf.go # bad_examples: checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.cf.go # bad_examples: checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.cf.go package builtin.aws.cloudtrail.aws0162 diff --git a/checks/cloud/aws/cloudtrail/no_public_log_access.rego b/checks/cloud/aws/cloudtrail/no_public_log_access.rego index c358ffb0..b598f9a2 100644 --- a/checks/cloud/aws/cloudtrail/no_public_log_access.rego +++ b/checks/cloud/aws/cloudtrail/no_public_log_access.rego @@ -33,7 +33,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail # good_examples: checks/cloud/aws/cloudtrail/no_public_log_access.tf.go # bad_examples: checks/cloud/aws/cloudtrail/no_public_log_access.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudtrail/no_public_log_access.cf.go # bad_examples: checks/cloud/aws/cloudtrail/no_public_log_access.cf.go package builtin.aws.cloudtrail.aws0161 diff --git a/checks/cloud/aws/cloudtrail/require_bucket_access_logging.rego b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.rego index 31db97d2..1fb862be 100644 --- a/checks/cloud/aws/cloudtrail/require_bucket_access_logging.rego +++ b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.rego @@ -35,7 +35,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail # good_examples: checks/cloud/aws/cloudtrail/require_bucket_access_logging.tf.go # bad_examples: checks/cloud/aws/cloudtrail/require_bucket_access_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudtrail/require_bucket_access_logging.cf.go # bad_examples: checks/cloud/aws/cloudtrail/require_bucket_access_logging.cf.go package builtin.aws.cloudtrail.aws0163 diff --git a/checks/cloud/aws/cloudwatch/log_group_customer_key.rego b/checks/cloud/aws/cloudwatch/log_group_customer_key.rego index f2c8a738..f93c2a68 100644 --- a/checks/cloud/aws/cloudwatch/log_group_customer_key.rego +++ b/checks/cloud/aws/cloudwatch/log_group_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id # good_examples: checks/cloud/aws/cloudwatch/log_group_customer_key.tf.go # bad_examples: checks/cloud/aws/cloudwatch/log_group_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/cloudwatch/log_group_customer_key.cf.go # bad_examples: checks/cloud/aws/cloudwatch/log_group_customer_key.cf.go package builtin.aws.cloudwatch.aws0017 diff --git a/checks/cloud/aws/codebuild/enable_encryption.rego b/checks/cloud/aws/codebuild/enable_encryption.rego index fd37bab4..8e0042e6 100644 --- a/checks/cloud/aws/codebuild/enable_encryption.rego +++ b/checks/cloud/aws/codebuild/enable_encryption.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#encryption_disabled # good_examples: checks/cloud/aws/codebuild/enable_encryption.tf.go # bad_examples: checks/cloud/aws/codebuild/enable_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/codebuild/enable_encryption.cf.go # bad_examples: checks/cloud/aws/codebuild/enable_encryption.cf.go package builtin.aws.codebuild.aws0018 diff --git a/checks/cloud/aws/config/aggregate_all_regions.rego b/checks/cloud/aws/config/aggregate_all_regions.rego index 5c5ec7c9..305fa36b 100644 --- a/checks/cloud/aws/config/aggregate_all_regions.rego +++ b/checks/cloud/aws/config/aggregate_all_regions.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_aggregator#all_regions # good_examples: checks/cloud/aws/config/aggregate_all_regions.tf.go # bad_examples: checks/cloud/aws/config/aggregate_all_regions.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/config/aggregate_all_regions.cf.go # bad_examples: checks/cloud/aws/config/aggregate_all_regions.cf.go package builtin.aws.config.aws0019 diff --git a/checks/cloud/aws/documentdb/enable_log_export.rego b/checks/cloud/aws/documentdb/enable_log_export.rego index e0cbd385..041166a0 100644 --- a/checks/cloud/aws/documentdb/enable_log_export.rego +++ b/checks/cloud/aws/documentdb/enable_log_export.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#enabled_cloudwatch_logs_exports # good_examples: checks/cloud/aws/documentdb/enable_log_export.tf.go # bad_examples: checks/cloud/aws/documentdb/enable_log_export.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/documentdb/enable_log_export.cf.go # bad_examples: checks/cloud/aws/documentdb/enable_log_export.cf.go package builtin.aws.documentdb.aws0020 diff --git a/checks/cloud/aws/documentdb/enable_storage_encryption.rego b/checks/cloud/aws/documentdb/enable_storage_encryption.rego index a7810613..dec97001 100644 --- a/checks/cloud/aws/documentdb/enable_storage_encryption.rego +++ b/checks/cloud/aws/documentdb/enable_storage_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#storage_encrypted # good_examples: checks/cloud/aws/documentdb/enable_storage_encryption.tf.go # bad_examples: checks/cloud/aws/documentdb/enable_storage_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/documentdb/enable_storage_encryption.cf.go # bad_examples: checks/cloud/aws/documentdb/enable_storage_encryption.cf.go package builtin.aws.documentdb.aws0021 diff --git a/checks/cloud/aws/documentdb/encryption_customer_key.rego b/checks/cloud/aws/documentdb/encryption_customer_key.rego index 4f95d554..c38427f6 100644 --- a/checks/cloud/aws/documentdb/encryption_customer_key.rego +++ b/checks/cloud/aws/documentdb/encryption_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id # good_examples: checks/cloud/aws/documentdb/encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/documentdb/encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/documentdb/encryption_customer_key.cf.go # bad_examples: checks/cloud/aws/documentdb/encryption_customer_key.cf.go package builtin.aws.documentdb.aws0022 diff --git a/checks/cloud/aws/dynamodb/enable_at_rest_encryption.rego b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.rego index 2ce4ea7e..db6c7463 100644 --- a/checks/cloud/aws/dynamodb/enable_at_rest_encryption.rego +++ b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dax_cluster#server_side_encryption # good_examples: checks/cloud/aws/dynamodb/enable_at_rest_encryption.tf.go # bad_examples: checks/cloud/aws/dynamodb/enable_at_rest_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/dynamodb/enable_at_rest_encryption.cf.go # bad_examples: checks/cloud/aws/dynamodb/enable_at_rest_encryption.cf.go package builtin.aws.dynamodb.aws0023 diff --git a/checks/cloud/aws/ec2/add_description_to_security_group.rego b/checks/cloud/aws/ec2/add_description_to_security_group.rego index 679ebe14..366836e8 100644 --- a/checks/cloud/aws/ec2/add_description_to_security_group.rego +++ b/checks/cloud/aws/ec2/add_description_to_security_group.rego @@ -29,7 +29,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule # good_examples: checks/cloud/aws/ec2/add_description_to_security_group.tf.go # bad_examples: checks/cloud/aws/ec2/add_description_to_security_group.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/add_description_to_security_group.cf.go # bad_examples: checks/cloud/aws/ec2/add_description_to_security_group.cf.go package builtin.aws.ec2.aws0099 diff --git a/checks/cloud/aws/ec2/add_description_to_security_group_rule.rego b/checks/cloud/aws/ec2/add_description_to_security_group_rule.rego index ffed7a2b..07268e3a 100644 --- a/checks/cloud/aws/ec2/add_description_to_security_group_rule.rego +++ b/checks/cloud/aws/ec2/add_description_to_security_group_rule.rego @@ -29,7 +29,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule # good_examples: checks/cloud/aws/ec2/add_description_to_security_group_rule.tf.go # bad_examples: checks/cloud/aws/ec2/add_description_to_security_group_rule.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/add_description_to_security_group_rule.cf.go # bad_examples: checks/cloud/aws/ec2/add_description_to_security_group_rule.cf.go package builtin.aws.ec2.aws0124 diff --git a/checks/cloud/aws/ec2/as_enable_at_rest_encryption.rego b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.rego index eac799c6..89176add 100644 --- a/checks/cloud/aws/ec2/as_enable_at_rest_encryption.rego +++ b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices # good_examples: checks/cloud/aws/ec2/as_enable_at_rest_encryption.tf.go # bad_examples: checks/cloud/aws/ec2/as_enable_at_rest_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/as_enable_at_rest_encryption.cf.go # bad_examples: checks/cloud/aws/ec2/as_enable_at_rest_encryption.cf.go package builtin.aws.ec2.aws0008 diff --git a/checks/cloud/aws/ec2/as_enforce_http_token_imds.rego b/checks/cloud/aws/ec2/as_enforce_http_token_imds.rego index 12c96086..da000acf 100644 --- a/checks/cloud/aws/ec2/as_enforce_http_token_imds.rego +++ b/checks/cloud/aws/ec2/as_enforce_http_token_imds.rego @@ -30,7 +30,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options # good_examples: checks/cloud/aws/ec2/as_enforce_http_token_imds.tf.go # bad_examples: checks/cloud/aws/ec2/as_enforce_http_token_imds.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/as_enforce_http_token_imds.cf.go # bad_examples: checks/cloud/aws/ec2/as_enforce_http_token_imds.cf.go package builtin.aws.ec2.aws0130 diff --git a/checks/cloud/aws/ec2/as_no_secrets_in_user_data.rego b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.rego index 744707f1..f778d6eb 100644 --- a/checks/cloud/aws/ec2/as_no_secrets_in_user_data.rego +++ b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#user_data # good_examples: checks/cloud/aws/ec2/as_no_secrets_in_user_data.tf.go # bad_examples: checks/cloud/aws/ec2/as_no_secrets_in_user_data.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/as_no_secrets_in_user_data.cf.go # bad_examples: checks/cloud/aws/ec2/as_no_secrets_in_user_data.cf.go package builtin.aws.ec2.aws0129 diff --git a/checks/cloud/aws/ec2/enable_at_rest_encryption.rego b/checks/cloud/aws/ec2/enable_at_rest_encryption.rego index 7d7dce4f..74a21486 100644 --- a/checks/cloud/aws/ec2/enable_at_rest_encryption.rego +++ b/checks/cloud/aws/ec2/enable_at_rest_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices # good_examples: checks/cloud/aws/ec2/enable_at_rest_encryption.tf.go # bad_examples: checks/cloud/aws/ec2/enable_at_rest_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/enable_at_rest_encryption.cf.go # bad_examples: checks/cloud/aws/ec2/enable_at_rest_encryption.cf.go package builtin.aws.ec2.aws0131 diff --git a/checks/cloud/aws/ec2/enable_volume_encryption.rego b/checks/cloud/aws/ec2/enable_volume_encryption.rego index 324d1628..9c1fa3b0 100644 --- a/checks/cloud/aws/ec2/enable_volume_encryption.rego +++ b/checks/cloud/aws/ec2/enable_volume_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#encrypted # good_examples: checks/cloud/aws/ec2/enable_volume_encryption.tf.go # bad_examples: checks/cloud/aws/ec2/enable_volume_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/enable_volume_encryption.cf.go # bad_examples: checks/cloud/aws/ec2/enable_volume_encryption.cf.go package builtin.aws.ec2.aws0026 diff --git a/checks/cloud/aws/ec2/encryption_customer_key.rego b/checks/cloud/aws/ec2/encryption_customer_key.rego index 9c6dbb9b..cc6506d4 100644 --- a/checks/cloud/aws/ec2/encryption_customer_key.rego +++ b/checks/cloud/aws/ec2/encryption_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#kms_key_id # good_examples: checks/cloud/aws/ec2/encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/ec2/encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/encryption_customer_key.cf.go # bad_examples: checks/cloud/aws/ec2/encryption_customer_key.cf.go package builtin.aws.ec2.aws0027 diff --git a/checks/cloud/aws/ec2/no_excessive_port_access.rego b/checks/cloud/aws/ec2/no_excessive_port_access.rego index 2e5494d9..959584a4 100644 --- a/checks/cloud/aws/ec2/no_excessive_port_access.rego +++ b/checks/cloud/aws/ec2/no_excessive_port_access.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule#to_port # good_examples: checks/cloud/aws/ec2/no_excessive_port_access.tf.go # bad_examples: checks/cloud/aws/ec2/no_excessive_port_access.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_excessive_port_access.cf.go # bad_examples: checks/cloud/aws/ec2/no_excessive_port_access.cf.go package builtin.aws.ec2.aws0102 diff --git a/checks/cloud/aws/ec2/no_public_egress_sgr.rego b/checks/cloud/aws/ec2/no_public_egress_sgr.rego index 42fb9aa3..cf5b3414 100644 --- a/checks/cloud/aws/ec2/no_public_egress_sgr.rego +++ b/checks/cloud/aws/ec2/no_public_egress_sgr.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group # good_examples: checks/cloud/aws/ec2/no_public_egress_sgr.tf.go # bad_examples: checks/cloud/aws/ec2/no_public_egress_sgr.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_public_egress_sgr.cf.go # bad_examples: checks/cloud/aws/ec2/no_public_egress_sgr.cf.go package builtin.aws.ec2.aws0104 diff --git a/checks/cloud/aws/ec2/no_public_ingress_acl.rego b/checks/cloud/aws/ec2/no_public_ingress_acl.rego index aa6e8b3a..154093b0 100644 --- a/checks/cloud/aws/ec2/no_public_ingress_acl.rego +++ b/checks/cloud/aws/ec2/no_public_ingress_acl.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule#cidr_block # good_examples: checks/cloud/aws/ec2/no_public_ingress_acl.tf.go # bad_examples: checks/cloud/aws/ec2/no_public_ingress_acl.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_public_ingress_acl.cf.go # bad_examples: checks/cloud/aws/ec2/no_public_ingress_acl.cf.go package builtin.aws.ec2.aws0105 diff --git a/checks/cloud/aws/ec2/no_public_ingress_sgr.rego b/checks/cloud/aws/ec2/no_public_ingress_sgr.rego index 0412d889..77262245 100644 --- a/checks/cloud/aws/ec2/no_public_ingress_sgr.rego +++ b/checks/cloud/aws/ec2/no_public_ingress_sgr.rego @@ -32,7 +32,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#cidr_blocks # good_examples: checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go # bad_examples: checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_public_ingress_sgr.cf.go # bad_examples: checks/cloud/aws/ec2/no_public_ingress_sgr.cf.go package builtin.aws.ec2.aws0107 diff --git a/checks/cloud/aws/ec2/no_public_ip.rego b/checks/cloud/aws/ec2/no_public_ip.rego index b6f49f7b..0b8a192d 100644 --- a/checks/cloud/aws/ec2/no_public_ip.rego +++ b/checks/cloud/aws/ec2/no_public_ip.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#associate_public_ip_address # good_examples: checks/cloud/aws/ec2/no_public_ip.tf.go # bad_examples: checks/cloud/aws/ec2/no_public_ip.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_public_ip.cf.go # bad_examples: checks/cloud/aws/ec2/no_public_ip.cf.go package builtin.aws.ec2.aws0009 diff --git a/checks/cloud/aws/ec2/no_public_ip_subnet.rego b/checks/cloud/aws/ec2/no_public_ip_subnet.rego index e5c68043..0869e857 100644 --- a/checks/cloud/aws/ec2/no_public_ip_subnet.rego +++ b/checks/cloud/aws/ec2/no_public_ip_subnet.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#map_public_ip_on_launch # good_examples: checks/cloud/aws/ec2/no_public_ip_subnet.tf.go # bad_examples: checks/cloud/aws/ec2/no_public_ip_subnet.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_public_ip_subnet.cf.go # bad_examples: checks/cloud/aws/ec2/no_public_ip_subnet.cf.go package builtin.aws.ec2.aws0164 diff --git a/checks/cloud/aws/ec2/no_secrets_in_user_data.rego b/checks/cloud/aws/ec2/no_secrets_in_user_data.rego index 5d9a681e..d8fde07e 100644 --- a/checks/cloud/aws/ec2/no_secrets_in_user_data.rego +++ b/checks/cloud/aws/ec2/no_secrets_in_user_data.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#user_data # good_examples: checks/cloud/aws/ec2/no_secrets_in_user_data.tf.go # bad_examples: checks/cloud/aws/ec2/no_secrets_in_user_data.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ec2/no_secrets_in_user_data.cf.go # bad_examples: checks/cloud/aws/ec2/no_secrets_in_user_data.cf.go package builtin.aws.ec2.aws0029 diff --git a/checks/cloud/aws/ecr/enable_image_scans.rego b/checks/cloud/aws/ecr/enable_image_scans.rego index c36535be..1d0090d8 100644 --- a/checks/cloud/aws/ecr/enable_image_scans.rego +++ b/checks/cloud/aws/ecr/enable_image_scans.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#image_scanning_configuration # good_examples: checks/cloud/aws/ecr/enable_image_scans.tf.go # bad_examples: checks/cloud/aws/ecr/enable_image_scans.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecr/enable_image_scans.cf.go # bad_examples: checks/cloud/aws/ecr/enable_image_scans.cf.go package builtin.aws.ecr.aws0030 diff --git a/checks/cloud/aws/ecr/enforce_immutable_repository.rego b/checks/cloud/aws/ecr/enforce_immutable_repository.rego index 5f70f0b7..5f26daba 100644 --- a/checks/cloud/aws/ecr/enforce_immutable_repository.rego +++ b/checks/cloud/aws/ecr/enforce_immutable_repository.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository # good_examples: checks/cloud/aws/ecr/enforce_immutable_repository.tf.go # bad_examples: checks/cloud/aws/ecr/enforce_immutable_repository.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecr/enforce_immutable_repository.cf.go # bad_examples: checks/cloud/aws/ecr/enforce_immutable_repository.cf.go package builtin.aws.ecr.aws0031 diff --git a/checks/cloud/aws/ecr/no_public_access.rego b/checks/cloud/aws/ecr/no_public_access.rego index f378703e..4f55178d 100644 --- a/checks/cloud/aws/ecr/no_public_access.rego +++ b/checks/cloud/aws/ecr/no_public_access.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_policy#policy # good_examples: checks/cloud/aws/ecr/no_public_access.tf.go # bad_examples: checks/cloud/aws/ecr/no_public_access.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecr/no_public_access.cf.go # bad_examples: checks/cloud/aws/ecr/no_public_access.cf.go package builtin.aws.ecr.aws0032 diff --git a/checks/cloud/aws/ecr/repository_customer_key.rego b/checks/cloud/aws/ecr/repository_customer_key.rego index ece32597..7d7b3cf7 100644 --- a/checks/cloud/aws/ecr/repository_customer_key.rego +++ b/checks/cloud/aws/ecr/repository_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#encryption_configuration # good_examples: checks/cloud/aws/ecr/repository_customer_key.tf.go # bad_examples: checks/cloud/aws/ecr/repository_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecr/repository_customer_key.cf.go # bad_examples: checks/cloud/aws/ecr/repository_customer_key.cf.go package builtin.aws.ecr.aws0033 diff --git a/checks/cloud/aws/ecs/enable_container_insight.rego b/checks/cloud/aws/ecs/enable_container_insight.rego index c5e825aa..428fc58a 100644 --- a/checks/cloud/aws/ecs/enable_container_insight.rego +++ b/checks/cloud/aws/ecs/enable_container_insight.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster#setting # good_examples: checks/cloud/aws/ecs/enable_container_insight.tf.go # bad_examples: checks/cloud/aws/ecs/enable_container_insight.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecs/enable_container_insight.cf.go # bad_examples: checks/cloud/aws/ecs/enable_container_insight.cf.go package builtin.aws.ecs.aws0034 diff --git a/checks/cloud/aws/ecs/enable_in_transit_encryption.rego b/checks/cloud/aws/ecs/enable_in_transit_encryption.rego index 28f555a3..966d381a 100644 --- a/checks/cloud/aws/ecs/enable_in_transit_encryption.rego +++ b/checks/cloud/aws/ecs/enable_in_transit_encryption.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#transit_encryption # good_examples: checks/cloud/aws/ecs/enable_in_transit_encryption.tf.go # bad_examples: checks/cloud/aws/ecs/enable_in_transit_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecs/enable_in_transit_encryption.cf.go # bad_examples: checks/cloud/aws/ecs/enable_in_transit_encryption.cf.go package builtin.aws.ecs.aws0035 diff --git a/checks/cloud/aws/ecs/no_plaintext_secrets.rego b/checks/cloud/aws/ecs/no_plaintext_secrets.rego index c421c37b..89a25c20 100644 --- a/checks/cloud/aws/ecs/no_plaintext_secrets.rego +++ b/checks/cloud/aws/ecs/no_plaintext_secrets.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition # good_examples: checks/cloud/aws/ecs/no_plaintext_secrets.tf.go # bad_examples: checks/cloud/aws/ecs/no_plaintext_secrets.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ecs/no_plaintext_secrets.cf.go # bad_examples: checks/cloud/aws/ecs/no_plaintext_secrets.cf.go package builtin.aws.ecs.aws0036 diff --git a/checks/cloud/aws/efs/enable_at_rest_encryption.rego b/checks/cloud/aws/efs/enable_at_rest_encryption.rego index fd5b0365..673de489 100644 --- a/checks/cloud/aws/efs/enable_at_rest_encryption.rego +++ b/checks/cloud/aws/efs/enable_at_rest_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system # good_examples: checks/cloud/aws/efs/enable_at_rest_encryption.tf.go # bad_examples: checks/cloud/aws/efs/enable_at_rest_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/efs/enable_at_rest_encryption.cf.go # bad_examples: checks/cloud/aws/efs/enable_at_rest_encryption.cf.go package builtin.aws.efs.aws0037 diff --git a/checks/cloud/aws/eks/encrypt_secrets.rego b/checks/cloud/aws/eks/encrypt_secrets.rego index 11a2a56f..ef4087f4 100644 --- a/checks/cloud/aws/eks/encrypt_secrets.rego +++ b/checks/cloud/aws/eks/encrypt_secrets.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#encryption_config # good_examples: checks/cloud/aws/eks/encrypt_secrets.tf.go # bad_examples: checks/cloud/aws/eks/encrypt_secrets.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/eks/encrypt_secrets.cf.go # bad_examples: checks/cloud/aws/eks/encrypt_secrets.cf.go package builtin.aws.eks.aws0039 diff --git a/checks/cloud/aws/elasticache/add_description_for_security_group.rego b/checks/cloud/aws/elasticache/add_description_for_security_group.rego index 778547c9..a09687f2 100644 --- a/checks/cloud/aws/elasticache/add_description_for_security_group.rego +++ b/checks/cloud/aws/elasticache/add_description_for_security_group.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_security_group#description # good_examples: checks/cloud/aws/elasticache/add_description_for_security_group.tf.go # bad_examples: checks/cloud/aws/elasticache/add_description_for_security_group.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticache/add_description_for_security_group.cf.go # bad_examples: checks/cloud/aws/elasticache/add_description_for_security_group.cf.go package builtin.aws.elasticache.aws0049 diff --git a/checks/cloud/aws/elasticache/enable_backup_retention.rego b/checks/cloud/aws/elasticache/enable_backup_retention.rego index db93d623..0a8aa6fe 100644 --- a/checks/cloud/aws/elasticache/enable_backup_retention.rego +++ b/checks/cloud/aws/elasticache/enable_backup_retention.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster#snapshot_retention_limit # good_examples: checks/cloud/aws/elasticache/enable_backup_retention.tf.go # bad_examples: checks/cloud/aws/elasticache/enable_backup_retention.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticache/enable_backup_retention.cf.go # bad_examples: checks/cloud/aws/elasticache/enable_backup_retention.cf.go package builtin.aws.elasticache.aws0050 diff --git a/checks/cloud/aws/elasticache/enable_in_transit_encryption.rego b/checks/cloud/aws/elasticache/enable_in_transit_encryption.rego index 71b80908..b1f2b010 100644 --- a/checks/cloud/aws/elasticache/enable_in_transit_encryption.rego +++ b/checks/cloud/aws/elasticache/enable_in_transit_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#transit_encryption_enabled # good_examples: checks/cloud/aws/elasticache/enable_in_transit_encryption.tf.go # bad_examples: checks/cloud/aws/elasticache/enable_in_transit_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticache/enable_in_transit_encryption.cf.go # bad_examples: checks/cloud/aws/elasticache/enable_in_transit_encryption.cf.go package builtin.aws.elasticache.aws0051 diff --git a/checks/cloud/aws/elasticsearch/enable_domain_encryption.rego b/checks/cloud/aws/elasticsearch/enable_domain_encryption.rego index 154b895e..2661878f 100644 --- a/checks/cloud/aws/elasticsearch/enable_domain_encryption.rego +++ b/checks/cloud/aws/elasticsearch/enable_domain_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#encrypt_at_rest # good_examples: checks/cloud/aws/elasticsearch/enable_domain_encryption.tf.go # bad_examples: checks/cloud/aws/elasticsearch/enable_domain_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticsearch/enable_domain_encryption.cf.go # bad_examples: checks/cloud/aws/elasticsearch/enable_domain_encryption.cf.go package builtin.aws.elasticsearch.aws0048 diff --git a/checks/cloud/aws/elasticsearch/enable_domain_logging.rego b/checks/cloud/aws/elasticsearch/enable_domain_logging.rego index b0146b50..7a6387a9 100644 --- a/checks/cloud/aws/elasticsearch/enable_domain_logging.rego +++ b/checks/cloud/aws/elasticsearch/enable_domain_logging.rego @@ -29,7 +29,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#log_type # good_examples: checks/cloud/aws/elasticsearch/enable_domain_logging.tf.go # bad_examples: checks/cloud/aws/elasticsearch/enable_domain_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticsearch/enable_domain_logging.cf.go # bad_examples: checks/cloud/aws/elasticsearch/enable_domain_logging.cf.go package builtin.aws.elasticsearch.aws0042 diff --git a/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.rego b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.rego index 10aaff75..9cdb8011 100644 --- a/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.rego +++ b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#encrypt_at_rest # good_examples: checks/cloud/aws/elasticsearch/enable_in_transit_encryption.tf.go # bad_examples: checks/cloud/aws/elasticsearch/enable_in_transit_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticsearch/enable_in_transit_encryption.cf.go # bad_examples: checks/cloud/aws/elasticsearch/enable_in_transit_encryption.cf.go package builtin.aws.elasticsearch.aws0043 diff --git a/checks/cloud/aws/elasticsearch/enforce_https.rego b/checks/cloud/aws/elasticsearch/enforce_https.rego index eb7f6370..33c84d80 100644 --- a/checks/cloud/aws/elasticsearch/enforce_https.rego +++ b/checks/cloud/aws/elasticsearch/enforce_https.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#enforce_https # good_examples: checks/cloud/aws/elasticsearch/enforce_https.tf.go # bad_examples: checks/cloud/aws/elasticsearch/enforce_https.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticsearch/enforce_https.cf.go # bad_examples: checks/cloud/aws/elasticsearch/enforce_https.cf.go package builtin.aws.elasticsearch.aws0046 diff --git a/checks/cloud/aws/elasticsearch/use_secure_tls_policy.rego b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.rego index 7f1c013e..6a299378 100644 --- a/checks/cloud/aws/elasticsearch/use_secure_tls_policy.rego +++ b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#tls_security_policy # good_examples: checks/cloud/aws/elasticsearch/use_secure_tls_policy.tf.go # bad_examples: checks/cloud/aws/elasticsearch/use_secure_tls_policy.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/elasticsearch/use_secure_tls_policy.cf.go # bad_examples: checks/cloud/aws/elasticsearch/use_secure_tls_policy.cf.go package builtin.aws.elasticsearch.aws0126 diff --git a/checks/cloud/aws/kinesis/enable_in_transit_encryption.rego b/checks/cloud/aws/kinesis/enable_in_transit_encryption.rego index cfe28331..5ab7e363 100644 --- a/checks/cloud/aws/kinesis/enable_in_transit_encryption.rego +++ b/checks/cloud/aws/kinesis/enable_in_transit_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream#encryption_type # good_examples: checks/cloud/aws/kinesis/enable_in_transit_encryption.tf.go # bad_examples: checks/cloud/aws/kinesis/enable_in_transit_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/kinesis/enable_in_transit_encryption.cf.go # bad_examples: checks/cloud/aws/kinesis/enable_in_transit_encryption.cf.go package builtin.aws.kinesis.aws0064 diff --git a/checks/cloud/aws/lambda/enable_tracing.rego b/checks/cloud/aws/lambda/enable_tracing.rego index 1ba93861..d92766aa 100644 --- a/checks/cloud/aws/lambda/enable_tracing.rego +++ b/checks/cloud/aws/lambda/enable_tracing.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#mode # good_examples: checks/cloud/aws/lambda/enable_tracing.tf.go # bad_examples: checks/cloud/aws/lambda/enable_tracing.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/lambda/enable_tracing.cf.go # bad_examples: checks/cloud/aws/lambda/enable_tracing.cf.go package builtin.aws.lambda.aws0066 diff --git a/checks/cloud/aws/lambda/restrict_source_arn.rego b/checks/cloud/aws/lambda/restrict_source_arn.rego index efa74447..5cbc9c6a 100644 --- a/checks/cloud/aws/lambda/restrict_source_arn.rego +++ b/checks/cloud/aws/lambda/restrict_source_arn.rego @@ -28,7 +28,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission # good_examples: checks/cloud/aws/lambda/restrict_source_arn.tf.go # bad_examples: checks/cloud/aws/lambda/restrict_source_arn.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/lambda/restrict_source_arn.cf.go # bad_examples: checks/cloud/aws/lambda/restrict_source_arn.cf.go package builtin.aws.lambda.aws0067 diff --git a/checks/cloud/aws/mq/enable_audit_logging.rego b/checks/cloud/aws/mq/enable_audit_logging.rego index 4ac5b784..94eb0a9c 100644 --- a/checks/cloud/aws/mq/enable_audit_logging.rego +++ b/checks/cloud/aws/mq/enable_audit_logging.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#audit # good_examples: checks/cloud/aws/mq/enable_audit_logging.tf.go # bad_examples: checks/cloud/aws/mq/enable_audit_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/mq/enable_audit_logging.cf.go # bad_examples: checks/cloud/aws/mq/enable_audit_logging.cf.go package builtin.aws.mq.aws0070 diff --git a/checks/cloud/aws/mq/enable_general_logging.rego b/checks/cloud/aws/mq/enable_general_logging.rego index e820f8fd..82ec21e1 100644 --- a/checks/cloud/aws/mq/enable_general_logging.rego +++ b/checks/cloud/aws/mq/enable_general_logging.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#general # good_examples: checks/cloud/aws/mq/enable_general_logging.tf.go # bad_examples: checks/cloud/aws/mq/enable_general_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/mq/enable_general_logging.cf.go # bad_examples: checks/cloud/aws/mq/enable_general_logging.cf.go package builtin.aws.mq.aws0071 diff --git a/checks/cloud/aws/mq/no_public_access.rego b/checks/cloud/aws/mq/no_public_access.rego index c52dbe1c..c8263af5 100644 --- a/checks/cloud/aws/mq/no_public_access.rego +++ b/checks/cloud/aws/mq/no_public_access.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#publicly_accessible # good_examples: checks/cloud/aws/mq/no_public_access.tf.go # bad_examples: checks/cloud/aws/mq/no_public_access.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/mq/no_public_access.cf.go # bad_examples: checks/cloud/aws/mq/no_public_access.cf.go package builtin.aws.mq.aws0072 diff --git a/checks/cloud/aws/msk/enable_at_rest_encryption.rego b/checks/cloud/aws/msk/enable_at_rest_encryption.rego index 5dac67d3..7dc27a11 100644 --- a/checks/cloud/aws/msk/enable_at_rest_encryption.rego +++ b/checks/cloud/aws/msk/enable_at_rest_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#encryption_info-argument-reference # good_examples: checks/cloud/aws/msk/enable_at_rest_encryption.tf.go # bad_examples: checks/cloud/aws/msk/enable_at_rest_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/msk/enable_at_rest_encryption.cf.go # bad_examples: checks/cloud/aws/msk/enable_at_rest_encryption.cf.go package builtin.aws.msk.aws0179 diff --git a/checks/cloud/aws/msk/enable_in_transit_encryption.rego b/checks/cloud/aws/msk/enable_in_transit_encryption.rego index 714a20ee..ac7ec232 100644 --- a/checks/cloud/aws/msk/enable_in_transit_encryption.rego +++ b/checks/cloud/aws/msk/enable_in_transit_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#encryption_info-argument-reference # good_examples: checks/cloud/aws/msk/enable_in_transit_encryption.tf.go # bad_examples: checks/cloud/aws/msk/enable_in_transit_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/msk/enable_in_transit_encryption.cf.go # bad_examples: checks/cloud/aws/msk/enable_in_transit_encryption.cf.go package builtin.aws.msk.aws0073 diff --git a/checks/cloud/aws/msk/enable_logging.rego b/checks/cloud/aws/msk/enable_logging.rego index fee72ec8..2e718923 100644 --- a/checks/cloud/aws/msk/enable_logging.rego +++ b/checks/cloud/aws/msk/enable_logging.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster# # good_examples: checks/cloud/aws/msk/enable_logging.tf.go # bad_examples: checks/cloud/aws/msk/enable_logging.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/msk/enable_logging.cf.go # bad_examples: checks/cloud/aws/msk/enable_logging.cf.go package builtin.aws.msk.aws0074 diff --git a/checks/cloud/aws/neptune/enable_log_export.rego b/checks/cloud/aws/neptune/enable_log_export.rego index c565af78..acf6a71b 100644 --- a/checks/cloud/aws/neptune/enable_log_export.rego +++ b/checks/cloud/aws/neptune/enable_log_export.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#enable_cloudwatch_logs_exports # good_examples: checks/cloud/aws/neptune/enable_log_export.tf.go # bad_examples: checks/cloud/aws/neptune/enable_log_export.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/neptune/enable_log_export.cf.go # bad_examples: checks/cloud/aws/neptune/enable_log_export.cf.go package builtin.aws.neptune.aws0075 diff --git a/checks/cloud/aws/neptune/enable_storage_encryption.rego b/checks/cloud/aws/neptune/enable_storage_encryption.rego index 08ec8f6b..067593b5 100644 --- a/checks/cloud/aws/neptune/enable_storage_encryption.rego +++ b/checks/cloud/aws/neptune/enable_storage_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted # good_examples: checks/cloud/aws/neptune/enable_storage_encryption.tf.go # bad_examples: checks/cloud/aws/neptune/enable_storage_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/neptune/enable_storage_encryption.cf.go # bad_examples: checks/cloud/aws/neptune/enable_storage_encryption.cf.go package builtin.aws.neptune.aws0076 diff --git a/checks/cloud/aws/neptune/encryption_customer_key.rego b/checks/cloud/aws/neptune/encryption_customer_key.rego index 4ef28630..f70495d1 100644 --- a/checks/cloud/aws/neptune/encryption_customer_key.rego +++ b/checks/cloud/aws/neptune/encryption_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted # good_examples: checks/cloud/aws/neptune/encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/neptune/encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/neptune/encryption_customer_key.cf.go # bad_examples: checks/cloud/aws/neptune/encryption_customer_key.cf.go package builtin.aws.neptune.aws0128 diff --git a/checks/cloud/aws/rds/enable_performance_insights.rego b/checks/cloud/aws/rds/enable_performance_insights.rego index 1e895c85..f6c9569e 100644 --- a/checks/cloud/aws/rds/enable_performance_insights.rego +++ b/checks/cloud/aws/rds/enable_performance_insights.rego @@ -28,7 +28,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#performance_insights_kms_key_id # good_examples: checks/cloud/aws/rds/enable_performance_insights.tf.go # bad_examples: checks/cloud/aws/rds/enable_performance_insights.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/rds/enable_performance_insights.cf.go # bad_examples: checks/cloud/aws/rds/enable_performance_insights.cf.go package builtin.aws.rds.aws0133 diff --git a/checks/cloud/aws/rds/encrypt_cluster_storage_data.rego b/checks/cloud/aws/rds/encrypt_cluster_storage_data.rego index cf391fd5..02261ab1 100644 --- a/checks/cloud/aws/rds/encrypt_cluster_storage_data.rego +++ b/checks/cloud/aws/rds/encrypt_cluster_storage_data.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster # good_examples: checks/cloud/aws/rds/encrypt_cluster_storage_data.tf.go # bad_examples: checks/cloud/aws/rds/encrypt_cluster_storage_data.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/rds/encrypt_cluster_storage_data.cf.go # bad_examples: checks/cloud/aws/rds/encrypt_cluster_storage_data.cf.go package builtin.aws.rds.aws0079 diff --git a/checks/cloud/aws/rds/encrypt_instance_storage_data.rego b/checks/cloud/aws/rds/encrypt_instance_storage_data.rego index 091dc834..e167b79d 100644 --- a/checks/cloud/aws/rds/encrypt_instance_storage_data.rego +++ b/checks/cloud/aws/rds/encrypt_instance_storage_data.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance # good_examples: checks/cloud/aws/rds/encrypt_instance_storage_data.tf.go # bad_examples: checks/cloud/aws/rds/encrypt_instance_storage_data.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/rds/encrypt_instance_storage_data.cf.go # bad_examples: checks/cloud/aws/rds/encrypt_instance_storage_data.cf.go package builtin.aws.rds.aws0080 diff --git a/checks/cloud/aws/rds/performance_insights_encryption_customer_key.rego b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.rego index c44ba810..42068773 100644 --- a/checks/cloud/aws/rds/performance_insights_encryption_customer_key.rego +++ b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.rego @@ -29,7 +29,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#performance_insights_kms_key_id # good_examples: checks/cloud/aws/rds/performance_insights_encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/rds/performance_insights_encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/rds/performance_insights_encryption_customer_key.cf.go # bad_examples: checks/cloud/aws/rds/performance_insights_encryption_customer_key.cf.go package builtin.aws.rds.aws0078 diff --git a/checks/cloud/aws/rds/specify_backup_retention.rego b/checks/cloud/aws/rds/specify_backup_retention.rego index 5d9e34a4..dd6c0052 100644 --- a/checks/cloud/aws/rds/specify_backup_retention.rego +++ b/checks/cloud/aws/rds/specify_backup_retention.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#backup_retention_period # good_examples: checks/cloud/aws/rds/specify_backup_retention.tf.go # bad_examples: checks/cloud/aws/rds/specify_backup_retention.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/rds/specify_backup_retention.cf.go # bad_examples: checks/cloud/aws/rds/specify_backup_retention.cf.go package builtin.aws.rds.aws0077 diff --git a/checks/cloud/aws/redshift/add_description_to_security_group.rego b/checks/cloud/aws/redshift/add_description_to_security_group.rego index 00d19042..329e677c 100644 --- a/checks/cloud/aws/redshift/add_description_to_security_group.rego +++ b/checks/cloud/aws/redshift/add_description_to_security_group.rego @@ -22,7 +22,7 @@ # subtypes: # - service: redshift # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/redshift/add_description_to_security_group.cf.go # bad_examples: checks/cloud/aws/redshift/add_description_to_security_group.cf.go package builtin.aws.redshift.aws0083 diff --git a/checks/cloud/aws/redshift/encryption_customer_key.rego b/checks/cloud/aws/redshift/encryption_customer_key.rego index 274f4ba3..a9c705f9 100644 --- a/checks/cloud/aws/redshift/encryption_customer_key.rego +++ b/checks/cloud/aws/redshift/encryption_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted # good_examples: checks/cloud/aws/redshift/encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/redshift/encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/redshift/encryption_customer_key.cf.go # bad_examples: checks/cloud/aws/redshift/encryption_customer_key.cf.go package builtin.aws.redshift.aws0084 diff --git a/checks/cloud/aws/redshift/no_classic_resources.rego b/checks/cloud/aws/redshift/no_classic_resources.rego index 120380f9..d0d797ae 100644 --- a/checks/cloud/aws/redshift/no_classic_resources.rego +++ b/checks/cloud/aws/redshift/no_classic_resources.rego @@ -22,7 +22,7 @@ # subtypes: # - service: redshift # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/redshift/no_classic_resources.cf.go # bad_examples: checks/cloud/aws/redshift/no_classic_resources.cf.go package builtin.aws.redshift.aws0085 diff --git a/checks/cloud/aws/redshift/use_vpc.rego b/checks/cloud/aws/redshift/use_vpc.rego index 1895a46a..ac83e72c 100644 --- a/checks/cloud/aws/redshift/use_vpc.rego +++ b/checks/cloud/aws/redshift/use_vpc.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#cluster_subnet_group_name # good_examples: checks/cloud/aws/redshift/use_vpc.tf.go # bad_examples: checks/cloud/aws/redshift/use_vpc.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/redshift/use_vpc.cf.go # bad_examples: checks/cloud/aws/redshift/use_vpc.cf.go package builtin.aws.redshift.aws0127 diff --git a/checks/cloud/aws/s3/block_public_acls.rego b/checks/cloud/aws/s3/block_public_acls.rego index 47b20eed..cd56524f 100644 --- a/checks/cloud/aws/s3/block_public_acls.rego +++ b/checks/cloud/aws/s3/block_public_acls.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#block_public_acls # good_examples: checks/cloud/aws/s3/block_public_acls.tf.go # bad_examples: checks/cloud/aws/s3/block_public_acls.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/block_public_acls.cf.go # bad_examples: checks/cloud/aws/s3/block_public_acls.cf.go package builtin.aws.s3.aws0086 diff --git a/checks/cloud/aws/s3/block_public_policy.rego b/checks/cloud/aws/s3/block_public_policy.rego index 554de600..ae394ec2 100644 --- a/checks/cloud/aws/s3/block_public_policy.rego +++ b/checks/cloud/aws/s3/block_public_policy.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#block_public_policy # good_examples: checks/cloud/aws/s3/block_public_policy.tf.go # bad_examples: checks/cloud/aws/s3/block_public_policy.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/block_public_policy.cf.go # bad_examples: checks/cloud/aws/s3/block_public_policy.cf.go package builtin.aws.s3.aws0087 diff --git a/checks/cloud/aws/s3/enable_bucket_encryption.rego b/checks/cloud/aws/s3/enable_bucket_encryption.rego index 9cd54975..62331050 100644 --- a/checks/cloud/aws/s3/enable_bucket_encryption.rego +++ b/checks/cloud/aws/s3/enable_bucket_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption # good_examples: checks/cloud/aws/s3/enable_bucket_encryption.tf.go # bad_examples: checks/cloud/aws/s3/enable_bucket_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/enable_bucket_encryption.cf.go # bad_examples: checks/cloud/aws/s3/enable_bucket_encryption.cf.go package builtin.aws.s3.aws0088 diff --git a/checks/cloud/aws/s3/enable_versioning.rego b/checks/cloud/aws/s3/enable_versioning.rego index 4e0925b8..56653ded 100644 --- a/checks/cloud/aws/s3/enable_versioning.rego +++ b/checks/cloud/aws/s3/enable_versioning.rego @@ -30,7 +30,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning # good_examples: checks/cloud/aws/s3/enable_versioning.tf.go # bad_examples: checks/cloud/aws/s3/enable_versioning.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/enable_versioning.cf.go # bad_examples: checks/cloud/aws/s3/enable_versioning.cf.go package builtin.aws.s3.aws0090 diff --git a/checks/cloud/aws/s3/encryption_customer_key.rego b/checks/cloud/aws/s3/encryption_customer_key.rego index b9fd6600..92f679df 100644 --- a/checks/cloud/aws/s3/encryption_customer_key.rego +++ b/checks/cloud/aws/s3/encryption_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption # good_examples: checks/cloud/aws/s3/encryption_customer_key.tf.go # bad_examples: checks/cloud/aws/s3/encryption_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/encryption_customer_key.cf.go # bad_examples: checks/cloud/aws/s3/encryption_customer_key.cf.go package builtin.aws.s3.aws0132 diff --git a/checks/cloud/aws/s3/ignore_public_acls.rego b/checks/cloud/aws/s3/ignore_public_acls.rego index 0fe589a5..55cfa87c 100644 --- a/checks/cloud/aws/s3/ignore_public_acls.rego +++ b/checks/cloud/aws/s3/ignore_public_acls.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#ignore_public_acls # good_examples: checks/cloud/aws/s3/ignore_public_acls.tf.go # bad_examples: checks/cloud/aws/s3/ignore_public_acls.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/ignore_public_acls.cf.go # bad_examples: checks/cloud/aws/s3/ignore_public_acls.cf.go package builtin.aws.s3.aws0091 diff --git a/checks/cloud/aws/s3/no_public_access_with_acl.rego b/checks/cloud/aws/s3/no_public_access_with_acl.rego index c3d017b7..c59d2e9a 100644 --- a/checks/cloud/aws/s3/no_public_access_with_acl.rego +++ b/checks/cloud/aws/s3/no_public_access_with_acl.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket # good_examples: checks/cloud/aws/s3/no_public_access_with_acl.tf.go # bad_examples: checks/cloud/aws/s3/no_public_access_with_acl.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/no_public_access_with_acl.cf.go # bad_examples: checks/cloud/aws/s3/no_public_access_with_acl.cf.go package builtin.aws.s3.aws0092 diff --git a/checks/cloud/aws/s3/no_public_buckets.rego b/checks/cloud/aws/s3/no_public_buckets.rego index 143abfe1..c6dd3e9e 100644 --- a/checks/cloud/aws/s3/no_public_buckets.rego +++ b/checks/cloud/aws/s3/no_public_buckets.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#restrict_public_bucketsĀ” # good_examples: checks/cloud/aws/s3/no_public_buckets.tf.go # bad_examples: checks/cloud/aws/s3/no_public_buckets.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/no_public_buckets.cf.go # bad_examples: checks/cloud/aws/s3/no_public_buckets.cf.go package builtin.aws.s3.aws0093 diff --git a/checks/cloud/aws/s3/specify_public_access_block.rego b/checks/cloud/aws/s3/specify_public_access_block.rego index 18735a1e..e76b7a50 100644 --- a/checks/cloud/aws/s3/specify_public_access_block.rego +++ b/checks/cloud/aws/s3/specify_public_access_block.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#bucket # good_examples: checks/cloud/aws/s3/specify_public_access_block.tf.go # bad_examples: checks/cloud/aws/s3/specify_public_access_block.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/s3/specify_public_access_block.cf.go # bad_examples: checks/cloud/aws/s3/specify_public_access_block.cf.go package builtin.aws.s3.aws0094 diff --git a/checks/cloud/aws/sam/api_use_secure_tls_policy.rego b/checks/cloud/aws/sam/api_use_secure_tls_policy.rego index 9cd27795..9289cd9d 100644 --- a/checks/cloud/aws/sam/api_use_secure_tls_policy.rego +++ b/checks/cloud/aws/sam/api_use_secure_tls_policy.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/api_use_secure_tls_policy.cf.go # bad_examples: checks/cloud/aws/sam/api_use_secure_tls_policy.cf.go package builtin.aws.sam.aws0112 diff --git a/checks/cloud/aws/sam/enable_api_access_logging.rego b/checks/cloud/aws/sam/enable_api_access_logging.rego index 58da3524..247c9e6c 100644 --- a/checks/cloud/aws/sam/enable_api_access_logging.rego +++ b/checks/cloud/aws/sam/enable_api_access_logging.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_api_access_logging.cf.go # bad_examples: checks/cloud/aws/sam/enable_api_access_logging.cf.go package builtin.aws.sam.aws0113 diff --git a/checks/cloud/aws/sam/enable_api_cache_encryption.rego b/checks/cloud/aws/sam/enable_api_cache_encryption.rego index 869f5fce..4dedda35 100644 --- a/checks/cloud/aws/sam/enable_api_cache_encryption.rego +++ b/checks/cloud/aws/sam/enable_api_cache_encryption.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_api_cache_encryption.cf.go # bad_examples: checks/cloud/aws/sam/enable_api_cache_encryption.cf.go package builtin.aws.sam.aws0110 diff --git a/checks/cloud/aws/sam/enable_api_tracing.rego b/checks/cloud/aws/sam/enable_api_tracing.rego index 658abc85..e36dd1b6 100644 --- a/checks/cloud/aws/sam/enable_api_tracing.rego +++ b/checks/cloud/aws/sam/enable_api_tracing.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_api_tracing.cf.go # bad_examples: checks/cloud/aws/sam/enable_api_tracing.cf.go package builtin.aws.sam.aws0111 diff --git a/checks/cloud/aws/sam/enable_function_tracing.rego b/checks/cloud/aws/sam/enable_function_tracing.rego index 8d6a651b..863286b3 100644 --- a/checks/cloud/aws/sam/enable_function_tracing.rego +++ b/checks/cloud/aws/sam/enable_function_tracing.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_function_tracing.cf.go # bad_examples: checks/cloud/aws/sam/enable_function_tracing.cf.go package builtin.aws.sam.aws0125 diff --git a/checks/cloud/aws/sam/enable_http_api_access_logging.rego b/checks/cloud/aws/sam/enable_http_api_access_logging.rego index 8517e003..fbdddcec 100644 --- a/checks/cloud/aws/sam/enable_http_api_access_logging.rego +++ b/checks/cloud/aws/sam/enable_http_api_access_logging.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_http_api_access_logging.cf.go # bad_examples: checks/cloud/aws/sam/enable_http_api_access_logging.cf.go package builtin.aws.sam.aws0116 diff --git a/checks/cloud/aws/sam/enable_state_machine_tracing.rego b/checks/cloud/aws/sam/enable_state_machine_tracing.rego index 12be2f3a..f32fd2eb 100644 --- a/checks/cloud/aws/sam/enable_state_machine_tracing.rego +++ b/checks/cloud/aws/sam/enable_state_machine_tracing.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_state_machine_tracing.cf.go # bad_examples: checks/cloud/aws/sam/enable_state_machine_tracing.cf.go package builtin.aws.sam.aws0117 diff --git a/checks/cloud/aws/sam/enable_table_encryption.rego b/checks/cloud/aws/sam/enable_table_encryption.rego index 9d5b0980..d45f831b 100644 --- a/checks/cloud/aws/sam/enable_table_encryption.rego +++ b/checks/cloud/aws/sam/enable_table_encryption.rego @@ -21,7 +21,7 @@ # subtypes: # - service: sam # provider: aws -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sam/enable_table_encryption.cf.go # bad_examples: checks/cloud/aws/sam/enable_table_encryption.cf.go package builtin.aws.sam.aws0121 diff --git a/checks/cloud/aws/sns/enable_topic_encryption.rego b/checks/cloud/aws/sns/enable_topic_encryption.rego index 9c8f6cf7..d41a659e 100644 --- a/checks/cloud/aws/sns/enable_topic_encryption.rego +++ b/checks/cloud/aws/sns/enable_topic_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic#example-with-server-side-encryption-sse # good_examples: checks/cloud/aws/sns/enable_topic_encryption.tf.go # bad_examples: checks/cloud/aws/sns/enable_topic_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sns/enable_topic_encryption.cf.go # bad_examples: checks/cloud/aws/sns/enable_topic_encryption.cf.go package builtin.aws.sns.aws0095 diff --git a/checks/cloud/aws/sns/topic_encryption_with_cmk.rego b/checks/cloud/aws/sns/topic_encryption_with_cmk.rego index 0c3795c4..cb44165d 100644 --- a/checks/cloud/aws/sns/topic_encryption_with_cmk.rego +++ b/checks/cloud/aws/sns/topic_encryption_with_cmk.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic#example-with-server-side-encryption-sse # good_examples: checks/cloud/aws/sns/topic_encryption_with_cmk.tf.go # bad_examples: checks/cloud/aws/sns/topic_encryption_with_cmk.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sns/topic_encryption_with_cmk.cf.go # bad_examples: checks/cloud/aws/sns/topic_encryption_with_cmk.cf.go package builtin.aws.sns.aws0136 diff --git a/checks/cloud/aws/sqs/enable_queue_encryption.rego b/checks/cloud/aws/sqs/enable_queue_encryption.rego index 5060331f..d5e4395a 100644 --- a/checks/cloud/aws/sqs/enable_queue_encryption.rego +++ b/checks/cloud/aws/sqs/enable_queue_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#server-side-encryption-sse # good_examples: checks/cloud/aws/sqs/enable_queue_encryption.tf.go # bad_examples: checks/cloud/aws/sqs/enable_queue_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sqs/enable_queue_encryption.cf.go # bad_examples: checks/cloud/aws/sqs/enable_queue_encryption.cf.go package builtin.aws.sqs.aws0096 diff --git a/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.rego b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.rego index 2a865285..0df6ec57 100644 --- a/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.rego +++ b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.rego @@ -27,7 +27,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy # good_examples: checks/cloud/aws/sqs/no_wildcards_in_policy_documents.tf.go # bad_examples: checks/cloud/aws/sqs/no_wildcards_in_policy_documents.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sqs/no_wildcards_in_policy_documents.cf.go # bad_examples: checks/cloud/aws/sqs/no_wildcards_in_policy_documents.cf.go package builtin.aws.sqs.aws0097 diff --git a/checks/cloud/aws/sqs/queue_encryption_with_cmk.rego b/checks/cloud/aws/sqs/queue_encryption_with_cmk.rego index bbe113e2..98b24240 100644 --- a/checks/cloud/aws/sqs/queue_encryption_with_cmk.rego +++ b/checks/cloud/aws/sqs/queue_encryption_with_cmk.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#server-side-encryption-sse # good_examples: checks/cloud/aws/sqs/queue_encryption_with_cmk.tf.go # bad_examples: checks/cloud/aws/sqs/queue_encryption_with_cmk.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/sqs/queue_encryption_with_cmk.cf.go # bad_examples: checks/cloud/aws/sqs/queue_encryption_with_cmk.cf.go package builtin.aws.sqs.aws0135 diff --git a/checks/cloud/aws/ssm/secret_use_customer_key.rego b/checks/cloud/aws/ssm/secret_use_customer_key.rego index 3d0541d2..152c330b 100644 --- a/checks/cloud/aws/ssm/secret_use_customer_key.rego +++ b/checks/cloud/aws/ssm/secret_use_customer_key.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret#kms_key_id # good_examples: checks/cloud/aws/ssm/secret_use_customer_key.tf.go # bad_examples: checks/cloud/aws/ssm/secret_use_customer_key.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/ssm/secret_use_customer_key.cf.go # bad_examples: checks/cloud/aws/ssm/secret_use_customer_key.cf.go package builtin.aws.ssm.aws0098 diff --git a/checks/cloud/aws/workspaces/enable_disk_encryption.rego b/checks/cloud/aws/workspaces/enable_disk_encryption.rego index 58017fab..6cabb03f 100644 --- a/checks/cloud/aws/workspaces/enable_disk_encryption.rego +++ b/checks/cloud/aws/workspaces/enable_disk_encryption.rego @@ -26,7 +26,7 @@ # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/workspaces_workspace#root_volume_encryption_enabled # good_examples: checks/cloud/aws/workspaces/enable_disk_encryption.tf.go # bad_examples: checks/cloud/aws/workspaces/enable_disk_encryption.tf.go -# cloudformation: +# cloud_formation: # good_examples: checks/cloud/aws/workspaces/enable_disk_encryption.cf.go # bad_examples: checks/cloud/aws/workspaces/enable_disk_encryption.cf.go package builtin.aws.workspaces.aws0109 diff --git a/cmd/avd_generator/main.go b/cmd/avd_generator/main.go index a9fab1a0..464f827a 100644 --- a/cmd/avd_generator/main.go +++ b/cmd/avd_generator/main.go @@ -134,7 +134,11 @@ func GetExampleValuesFromFile(filename string, exampleType string) ([]string, er switch spec := spec.(type) { case *goast.ValueSpec: for _, id := range spec.Names { - switch v := id.Obj.Decl.(*goast.ValueSpec).Values[0].(type) { + valueSpec := id.Obj.Decl.(*goast.ValueSpec) + if len(valueSpec.Values) == 0 { + continue + } + switch v := valueSpec.Values[0].(type) { case *goast.CompositeLit: for _, e := range v.Elts { switch e := e.(type) {