From ceb2c8df6be8fcc11ac5412b5064d9cf9af26bc0 Mon Sep 17 00:00:00 2001 From: AkhtarAmir Date: Thu, 8 Apr 2021 23:06:28 +0500 Subject: [PATCH] Added AWS CodeBuild Valid Source Providers plugin and test cases --- collectors/aws/codebuild/batchGetProjects.js | 24 + collectors/aws/collector.js | 13 + exports.js | 680 +++++++++--------- helpers/aws/regions.js | 3 +- helpers/aws/regions_china.js | 3 +- helpers/aws/regions_gov.js | 3 +- .../codebuildValidSourceProviders.js | 94 +++ .../codebuildValidSourceProviders.spec.js | 126 ++++ 8 files changed, 604 insertions(+), 342 deletions(-) create mode 100644 collectors/aws/codebuild/batchGetProjects.js create mode 100644 plugins/aws/codebuild/codebuildValidSourceProviders.js create mode 100644 plugins/aws/codebuild/codebuildValidSourceProviders.spec.js diff --git a/collectors/aws/codebuild/batchGetProjects.js b/collectors/aws/codebuild/batchGetProjects.js new file mode 100644 index 0000000000..0f89400b31 --- /dev/null +++ b/collectors/aws/codebuild/batchGetProjects.js @@ -0,0 +1,24 @@ +var AWS = require('aws-sdk'); +var async = require('async'); + +module.exports = function(AWSConfig, collection, callback) { + var codebuild = new AWS.CodeBuild(AWSConfig); + + async.eachLimit(collection.codebuild.listProjects[AWSConfig.region].data, 15, function(project, cb){ + collection.codebuild.batchGetProjects[AWSConfig.region][project] = {}; + + var params = { + names: [project], + }; + + codebuild.batchGetProjects(params, function(err, data) { + if (err) { + collection.codebuild.batchGetProjects[AWSConfig.region][project].err = err; + } + collection.codebuild.batchGetProjects[AWSConfig.region][project].data = data; + cb(); + }); + }, function(){ + callback(); + }); +}; \ No newline at end of file diff --git a/collectors/aws/collector.js b/collectors/aws/collector.js index b91f9ade5e..5c3b1a5eb1 100644 --- a/collectors/aws/collector.js +++ b/collectors/aws/collector.js @@ -129,6 +129,12 @@ var calls = { } } }, + CodeBuild: { + listProjects: { + property: 'projects', + paginate: 'nextToken' + } + }, Comprehend: { listEntitiesDetectionJobs: { property: 'EntitiesDetectionJobPropertiesList', @@ -838,6 +844,13 @@ var postcalls = [ filterValue: 'TrailARN' } }, + CodeBuild: { + batchGetProjects: { + reliesOnService: 'codebuild', + reliesOnCall: 'listProjects', + override: true + } + }, DynamoDB: { describeTable: { reliesOnService: 'dynamodb', diff --git a/exports.js b/exports.js index 322aa84cad..df745ee0ce 100644 --- a/exports.js +++ b/exports.js @@ -2,348 +2,350 @@ module.exports = { aws : { - 'acmValidation' : require(__dirname + '/plugins/aws/acm/acmValidation.js'), - 'acmCertificateExpiry' : require(__dirname + '/plugins/aws/acm/acmCertificateExpiry.js'), - - 'apigatewayCertificateRotation' : require(__dirname + '/plugins/aws/apigateway/apigatewayCertificateRotation.js'), - 'apigatewayCloudwatchLogs' : require(__dirname + '/plugins/aws/apigateway/apigatewayCloudwatchLogs.js'), - 'apigatewayPrivateEndpoints' : require(__dirname + '/plugins/aws/apigateway/apigatewayPrivateEndpoints.js'), - 'apigatewayContentEncoding' : require(__dirname + '/plugins/aws/apigateway/apigatewayContentEncoding.js'), - 'apigatewayTracingEnabled' : require(__dirname + '/plugins/aws/apigateway/apigatewayTracingEnabled.js'), - 'apigatewayWafEnabled' : require(__dirname + '/plugins/aws/apigateway/apigatewayWafEnabled.js'), - 'detailedCloudWatchMetrics' : require(__dirname + '/plugins/aws/apigateway/detailedCloudWatchMetrics.js'), - 'apigatewayClientCertificate' : require(__dirname + '/plugins/aws/apigateway/apigatewayClientCertificate.js'), - - 'asgMultiAz' : require(__dirname + '/plugins/aws/autoscaling/asgMultiAz.js'), - 'asgActiveNotifications' : require(__dirname + '/plugins/aws/autoscaling/asgActiveNotifications.js'), - 'emptyASG' : require(__dirname + '/plugins/aws/autoscaling/emptyASG.js'), - 'sameAzElb' : require(__dirname + '/plugins/aws/autoscaling/sameAzElb.js'), - 'asgMissingELB' : require(__dirname + '/plugins/aws/autoscaling/asgMissingELB.js'), - 'webTierAsgAssociatedElb' : require(__dirname + '/plugins/aws/autoscaling/webTierAsgAssociatedElb.js'), - 'elbHealthCheckActive' : require(__dirname + '/plugins/aws/autoscaling/elbHealthCheckActive.js'), - 'asgSuspendedProcesses' : require(__dirname + '/plugins/aws/autoscaling/asgSuspendedProcesses.js'), - 'appTierAsgApprovedAmi' : require(__dirname + '/plugins/aws/autoscaling/appTierAsgApprovedAmi.js'), - 'webTierAsgApprovedAmi' : require(__dirname + '/plugins/aws/autoscaling/webTierAsgApprovedAmi.js'), - 'appTierAsgCloudwatchLogs' : require(__dirname + '/plugins/aws/autoscaling/appTierAsgCloudwatchLogs.js'), - 'webTierAsgCloudwatchLogs' : require(__dirname + '/plugins/aws/autoscaling/webTierAsgCloudwatchLogs.js'), - 'asgMissingSecurityGroups' : require(__dirname + '/plugins/aws/autoscaling/asgMissingSecurityGroups.js'), - 'webTierIamRole' : require(__dirname + '/plugins/aws/autoscaling/webTierIamRole.js'), - 'appTierIamRole' : require(__dirname + '/plugins/aws/autoscaling/appTierIamRole.js'), - - 'workgroupEncrypted' : require(__dirname + '/plugins/aws/athena/workgroupEncrypted.js'), - 'workgroupEnforceConfiguration' : require(__dirname + '/plugins/aws/athena/workgroupEnforceConfiguration.js'), - - 'publicS3Origin' : require(__dirname + '/plugins/aws/cloudfront/publicS3Origin.js'), - 'secureOrigin' : require(__dirname + '/plugins/aws/cloudfront/secureOrigin.js'), - 'insecureProtocols' : require(__dirname + '/plugins/aws/cloudfront/insecureProtocols.js'), - 'cloudfrontHttpsOnly' : require(__dirname + '/plugins/aws/cloudfront/cloudfrontHttpsOnly.js'), - 'cloudfrontLoggingEnabled' : require(__dirname + '/plugins/aws/cloudfront/cloudfrontLoggingEnabled.js'), - 'cloudfrontWafEnabled' : require(__dirname + '/plugins/aws/cloudfront/cloudfrontWafEnabled.js'), + // 'acmValidation' : require(__dirname + '/plugins/aws/acm/acmValidation.js'), + // 'acmCertificateExpiry' : require(__dirname + '/plugins/aws/acm/acmCertificateExpiry.js'), + + // 'apigatewayCertificateRotation' : require(__dirname + '/plugins/aws/apigateway/apigatewayCertificateRotation.js'), + // 'apigatewayCloudwatchLogs' : require(__dirname + '/plugins/aws/apigateway/apigatewayCloudwatchLogs.js'), + // 'apigatewayPrivateEndpoints' : require(__dirname + '/plugins/aws/apigateway/apigatewayPrivateEndpoints.js'), + // 'apigatewayContentEncoding' : require(__dirname + '/plugins/aws/apigateway/apigatewayContentEncoding.js'), + // 'apigatewayTracingEnabled' : require(__dirname + '/plugins/aws/apigateway/apigatewayTracingEnabled.js'), + // 'apigatewayWafEnabled' : require(__dirname + '/plugins/aws/apigateway/apigatewayWafEnabled.js'), + // 'detailedCloudWatchMetrics' : require(__dirname + '/plugins/aws/apigateway/detailedCloudWatchMetrics.js'), + // 'apigatewayClientCertificate' : require(__dirname + '/plugins/aws/apigateway/apigatewayClientCertificate.js'), + + // 'asgMultiAz' : require(__dirname + '/plugins/aws/autoscaling/asgMultiAz.js'), + // 'asgActiveNotifications' : require(__dirname + '/plugins/aws/autoscaling/asgActiveNotifications.js'), + // 'emptyASG' : require(__dirname + '/plugins/aws/autoscaling/emptyASG.js'), + // 'sameAzElb' : require(__dirname + '/plugins/aws/autoscaling/sameAzElb.js'), + // 'asgMissingELB' : require(__dirname + '/plugins/aws/autoscaling/asgMissingELB.js'), + // 'webTierAsgAssociatedElb' : require(__dirname + '/plugins/aws/autoscaling/webTierAsgAssociatedElb.js'), + // 'elbHealthCheckActive' : require(__dirname + '/plugins/aws/autoscaling/elbHealthCheckActive.js'), + // 'asgSuspendedProcesses' : require(__dirname + '/plugins/aws/autoscaling/asgSuspendedProcesses.js'), + // 'appTierAsgApprovedAmi' : require(__dirname + '/plugins/aws/autoscaling/appTierAsgApprovedAmi.js'), + // 'webTierAsgApprovedAmi' : require(__dirname + '/plugins/aws/autoscaling/webTierAsgApprovedAmi.js'), + // 'appTierAsgCloudwatchLogs' : require(__dirname + '/plugins/aws/autoscaling/appTierAsgCloudwatchLogs.js'), + // 'webTierAsgCloudwatchLogs' : require(__dirname + '/plugins/aws/autoscaling/webTierAsgCloudwatchLogs.js'), + // 'asgMissingSecurityGroups' : require(__dirname + '/plugins/aws/autoscaling/asgMissingSecurityGroups.js'), + // 'webTierIamRole' : require(__dirname + '/plugins/aws/autoscaling/webTierIamRole.js'), + // 'appTierIamRole' : require(__dirname + '/plugins/aws/autoscaling/appTierIamRole.js'), + + // 'workgroupEncrypted' : require(__dirname + '/plugins/aws/athena/workgroupEncrypted.js'), + // 'workgroupEnforceConfiguration' : require(__dirname + '/plugins/aws/athena/workgroupEnforceConfiguration.js'), + + // 'publicS3Origin' : require(__dirname + '/plugins/aws/cloudfront/publicS3Origin.js'), + // 'secureOrigin' : require(__dirname + '/plugins/aws/cloudfront/secureOrigin.js'), + // 'insecureProtocols' : require(__dirname + '/plugins/aws/cloudfront/insecureProtocols.js'), + // 'cloudfrontHttpsOnly' : require(__dirname + '/plugins/aws/cloudfront/cloudfrontHttpsOnly.js'), + // 'cloudfrontLoggingEnabled' : require(__dirname + '/plugins/aws/cloudfront/cloudfrontLoggingEnabled.js'), + // 'cloudfrontWafEnabled' : require(__dirname + '/plugins/aws/cloudfront/cloudfrontWafEnabled.js'), - 'volumeEncryption' : require(__dirname + '/plugins/aws/comprehend/volumeEncryption.js'), - 'outputResultEncryption' : require(__dirname + '/plugins/aws/comprehend/outputResultEncryption.js'), - - 'plainTextParameters' : require(__dirname + '/plugins/aws/cloudformation/plainTextParameters.js'), - 'stackFailedStatus' : require(__dirname + '/plugins/aws/cloudformation/stackFailedStatus.js'), - 'driftDetection' : require(__dirname + '/plugins/aws/cloudformation/driftDetection.js'), - 'stackTerminationProtection' : require(__dirname + '/plugins/aws/cloudformation/stackTerminationProtection.js'), - 'stackNotifications' : require(__dirname + '/plugins/aws/cloudformation/stackNotifications.js'), - - 'cloudtrailBucketAccessLogging' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailBucketAccessLogging.js'), - 'cloudtrailBucketDelete' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailBucketDelete.js'), - 'cloudtrailDataEvents' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailDataEvents.js'), - 'cloudtrailEnabled' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailEnabled.js'), - 'cloudtrailEncryption' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailEncryption.js'), - 'cloudtrailFileValidation' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailFileValidation.js'), - 'cloudtrailObjectLock' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailObjectLock.js'), - 'cloudtrailToCloudwatch' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailToCloudwatch.js'), - 'cloudtrailBucketPrivate' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailBucketPrivate.js'), - 'cloudtrailDeliveryFailing' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailDeliveryFailing.js'), - 'cloudtrailManagementEvents' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailManagementEvents.js'), - 'cloudtrailS3Bucket' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailS3Bucket.js'), - 'globalLoggingDuplicated' : require(__dirname + '/plugins/aws/cloudtrail/globalLoggingDuplicated.js'), - - 'configServiceEnabled' : require(__dirname + '/plugins/aws/configservice/configServiceEnabled.js'), - - 'devOpsGuruNotificationEnabled' : require(__dirname + '/plugins/aws/devopsguru/devOpsGuruNotificationEnabled.js'), - - 'dmsEncryptionEnabled' : require(__dirname + '/plugins/aws/dms/dmsEncryptionEnabled.js'), - - 'dynamoKmsEncryption' : require(__dirname + '/plugins/aws/dynamodb/dynamoKmsEncryption.js'), - 'daxClusterEncryption' : require(__dirname + '/plugins/aws/dynamodb/daxClusterEncryption.js'), - 'dynamoContinuousBackups' : require(__dirname + '/plugins/aws/dynamodb/dynamoContinuousBackups.js'), - - 'appTierInstanceIamRole' : require(__dirname + '/plugins/aws/ec2/appTierInstanceIamRole.js'), - 'defaultSecurityGroup' : require(__dirname + '/plugins/aws/ec2/defaultSecurityGroup.js'), - 'launchWizardSecurityGroups' : require(__dirname + '/plugins/aws/ec2/launchWizardSecurityGroups'), - 'securityGroupRfc1918' : require(__dirname + '/plugins/aws/ec2/securityGroupRfc1918.js'), - 'elasticIpLimit' : require(__dirname + '/plugins/aws/ec2/elasticIpLimit.js'), - 'unassociatedElasticIp' : require(__dirname + '/plugins/aws/ec2/unassociatedElasticIp.js'), - 'subnetIpAvailability' : require(__dirname + '/plugins/aws/ec2/subnetIpAvailability.js'), - 'excessiveSecurityGroups' : require(__dirname + '/plugins/aws/ec2/excessiveSecurityGroups.js'), - 'instanceLimit' : require(__dirname + '/plugins/aws/ec2/instanceLimit.js'), - 'instanceVcpusLimit' : require(__dirname + '/plugins/aws/ec2/instanceVcpusLimit.js'), - 'instanceMaxCount' : require(__dirname + '/plugins/aws/ec2/instanceMaxCount.js'), - 'instanceKeyBasedLogin' : require(__dirname + '/plugins/aws/ec2/instanceKeyBasedLogin.js'), - 'openAllPortsProtocols' : require(__dirname + '/plugins/aws/ec2/openAllPortsProtocols.js'), - 'openCIFS' : require(__dirname + '/plugins/aws/ec2/openCIFS.js'), - 'openCustomPorts' : require(__dirname + '/plugins/aws/ec2/openCustomPorts.js'), - 'openDNS' : require(__dirname + '/plugins/aws/ec2/openDNS.js'), - 'openDocker' : require(__dirname + '/plugins/aws/ec2/openDocker.js'), - 'openFTP' : require(__dirname + '/plugins/aws/ec2/openFTP.js'), - 'openHadoopNameNode' : require(__dirname + '/plugins/aws/ec2/openHadoopNameNode.js'), - 'openHadoopNameNodeWebUI' : require(__dirname + '/plugins/aws/ec2/openHadoopNameNodeWebUI.js'), - 'openOracleAutoDataWarehouse' : require(__dirname + '/plugins/aws/ec2/openOracleAutoDataWarehouse.js'), - 'openKibana' : require(__dirname + '/plugins/aws/ec2/openKibana.js'), - 'openMySQL' : require(__dirname + '/plugins/aws/ec2/openMySQL.js'), - 'openOracle' : require(__dirname + '/plugins/aws/ec2/openOracle.js'), - 'openNetBIOS' : require(__dirname + '/plugins/aws/ec2/openNetBIOS.js'), - 'openPostgreSQL' : require(__dirname + '/plugins/aws/ec2/openPostgreSQL.js'), - 'openRDP' : require(__dirname + '/plugins/aws/ec2/openRDP.js'), - 'openRPC' : require(__dirname + '/plugins/aws/ec2/openRPC.js'), - 'openSalt' : require(__dirname + '/plugins/aws/ec2/openSalt.js'), - 'openSMBoTCP' : require(__dirname + '/plugins/aws/ec2/openSMBoTCP.js'), - 'openSMTP' : require(__dirname + '/plugins/aws/ec2/openSMTP.js'), - 'openSQLServer' : require(__dirname + '/plugins/aws/ec2/openSQLServer.js'), - 'openSSH' : require(__dirname + '/plugins/aws/ec2/openSSH.js'), - 'openTelnet' : require(__dirname + '/plugins/aws/ec2/openTelnet.js'), - 'openVNCClient' : require(__dirname + '/plugins/aws/ec2/openVNCClient.js'), - 'openVNCServer' : require(__dirname + '/plugins/aws/ec2/openVNCServer.js'), - 'openElasticsearch' : require(__dirname + '/plugins/aws/ec2/openElasticsearch.js'), - 'vpcElasticIpLimit' : require(__dirname + '/plugins/aws/ec2/vpcElasticIpLimit.js'), - 'classicInstances' : require(__dirname + '/plugins/aws/ec2/classicInstances.js'), - 'flowLogsEnabled' : require(__dirname + '/plugins/aws/ec2/flowLogsEnabled.js'), - 'vpcMultipleSubnets' : require(__dirname + '/plugins/aws/ec2/multipleSubnets.js'), - 'overlappingSecurityGroups' : require(__dirname + '/plugins/aws/ec2/overlappingSecurityGroups.js'), - 'publicAmi' : require(__dirname + '/plugins/aws/ec2/publicAmi.js'), - 'encryptedAmi' : require(__dirname + '/plugins/aws/ec2/encryptedAmi.js'), - 'instanceIamRole' : require(__dirname + '/plugins/aws/ec2/instanceIamRole.js'), - 'ebsBackupEnabled' : require(__dirname + '/plugins/aws/ec2/ebsBackupEnabled.js'), - 'ebsEncryptionEnabled' : require(__dirname + '/plugins/aws/ec2/ebsEncryptionEnabled.js'), - 'ebsSnapshotLifecycle' : require(__dirname + '/plugins/aws/ec2/ebsSnapshotLifecycle.js'), - 'ebsOldSnapshots' : require(__dirname + '/plugins/aws/ec2/ebsOldSnapshots.js'), - 'ebsSnapshotPrivate' : require(__dirname + '/plugins/aws/ec2/ebsSnapshotPrivate.js'), - 'ebsSnapshotPublic' : require(__dirname + '/plugins/aws/ec2/ebsSnapshotPublic.js'), - - 'natMultiAz' : require(__dirname + '/plugins/aws/ec2/natMultiAz.js'), - 'defaultVpcInUse' : require(__dirname + '/plugins/aws/ec2/defaultVpcInUse.js'), - 'defaultVpcExists' : require(__dirname + '/plugins/aws/ec2/defaultVpcExists.js'), - 'crossVpcPublicPrivate' : require(__dirname + '/plugins/aws/ec2/crossVpcPublicPrivate.js'), - 'vpcEndpointAcceptance' : require(__dirname + '/plugins/aws/ec2/vpcEndpointAcceptance'), - 'vpcEndpointExposed' : require(__dirname + '/plugins/aws/ec2/vpcEndpointExposed.js'), - 'vpcEndpointCrossAccount' : require(__dirname + '/plugins/aws/ec2/vpcEndpointCrossAccount.js'), - 'vpcPeeringConnections' : require(__dirname + '/plugins/aws/ec2/vpcPeeringConnections.js'), - 'ebsEncryptedSnapshots' : require(__dirname + '/plugins/aws/ec2/ebsEncryptedSnapshots.js'), - 'ebsDefaultEncryptionEnabled' : require(__dirname + '/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js'), - 'ec2MetadataOptions' : require(__dirname + '/plugins/aws/ec2/ec2MetadataOptions.js'), - 'unusedEni' : require(__dirname + '/plugins/aws/ec2/unusedEni.js'), - 'unusedAmi' : require(__dirname + '/plugins/aws/ec2/unusedAmi.js'), - 'unusedVpcInternetGateways' : require(__dirname + '/plugins/aws/ec2/unusedVpcInternetGateways.js'), - 'managedNatGateway' : require(__dirname + '/plugins/aws/ec2/managedNatGateway.js'), - 'allowedCustomPorts' : require(__dirname + '/plugins/aws/ec2/allowedCustomPorts.js'), - 'ebsUnusedVolumes' : require(__dirname + '/plugins/aws/ec2/ebsUnusedVolumes.js'), - 'publicIpAddress' : require(__dirname + '/plugins/aws/ec2/publicIpAddress.js'), - 'unusedVirtualPrivateGateway' : require(__dirname + '/plugins/aws/ec2/unusedVirtualPrivateGateway.js'), - 'vpcSubnetInstancesPresent' : require(__dirname + '/plugins/aws/ec2/vpcSubnetInstancesPresent.js'), - 'webTierInstanceIamRole' : require(__dirname + '/plugins/aws/ec2/webTierInstanceIamRole.js'), - 'vpnTunnelState' : require(__dirname + '/plugins/aws/ec2/vpnTunnelState.js'), - 'networkAclOutboundTraffic' : require(__dirname + '/plugins/aws/ec2/networkAclOutboundTraffic.js'), - - 'efsCmkEncrypted' : require(__dirname + '/plugins/aws/efs/efsCmkEncrypted.js'), - 'efsEncryptionEnabled' : require(__dirname + '/plugins/aws/efs/efsEncryptionEnabled.js'), - - 'ecrRepositoryPolicy' : require(__dirname + '/plugins/aws/ecr/ecrRepositoryPolicy.js'), - 'ecrRepositoryTagImmutability' : require(__dirname + '/plugins/aws/ecr/ecrRepositoryTagImmutability.js'), + // 'volumeEncryption' : require(__dirname + '/plugins/aws/comprehend/volumeEncryption.js'), + // 'outputResultEncryption' : require(__dirname + '/plugins/aws/comprehend/outputResultEncryption.js'), + + // 'plainTextParameters' : require(__dirname + '/plugins/aws/cloudformation/plainTextParameters.js'), + // 'stackFailedStatus' : require(__dirname + '/plugins/aws/cloudformation/stackFailedStatus.js'), + // 'driftDetection' : require(__dirname + '/plugins/aws/cloudformation/driftDetection.js'), + // 'stackTerminationProtection' : require(__dirname + '/plugins/aws/cloudformation/stackTerminationProtection.js'), + // 'stackNotifications' : require(__dirname + '/plugins/aws/cloudformation/stackNotifications.js'), + + // 'cloudtrailBucketAccessLogging' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailBucketAccessLogging.js'), + // 'cloudtrailBucketDelete' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailBucketDelete.js'), + // 'cloudtrailDataEvents' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailDataEvents.js'), + // 'cloudtrailEnabled' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailEnabled.js'), + // 'cloudtrailEncryption' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailEncryption.js'), + // 'cloudtrailFileValidation' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailFileValidation.js'), + // 'cloudtrailObjectLock' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailObjectLock.js'), + // 'cloudtrailToCloudwatch' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailToCloudwatch.js'), + // 'cloudtrailBucketPrivate' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailBucketPrivate.js'), + // 'cloudtrailDeliveryFailing' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailDeliveryFailing.js'), + // 'cloudtrailManagementEvents' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailManagementEvents.js'), + // 'cloudtrailS3Bucket' : require(__dirname + '/plugins/aws/cloudtrail/cloudtrailS3Bucket.js'), + // 'globalLoggingDuplicated' : require(__dirname + '/plugins/aws/cloudtrail/globalLoggingDuplicated.js'), + + // 'configServiceEnabled' : require(__dirname + '/plugins/aws/configservice/configServiceEnabled.js'), + + // 'devOpsGuruNotificationEnabled' : require(__dirname + '/plugins/aws/devopsguru/devOpsGuruNotificationEnabled.js'), + + // 'dmsEncryptionEnabled' : require(__dirname + '/plugins/aws/dms/dmsEncryptionEnabled.js'), + + // 'dynamoKmsEncryption' : require(__dirname + '/plugins/aws/dynamodb/dynamoKmsEncryption.js'), + // 'daxClusterEncryption' : require(__dirname + '/plugins/aws/dynamodb/daxClusterEncryption.js'), + // 'dynamoContinuousBackups' : require(__dirname + '/plugins/aws/dynamodb/dynamoContinuousBackups.js'), + + // 'appTierInstanceIamRole' : require(__dirname + '/plugins/aws/ec2/appTierInstanceIamRole.js'), + // 'defaultSecurityGroup' : require(__dirname + '/plugins/aws/ec2/defaultSecurityGroup.js'), + // 'launchWizardSecurityGroups' : require(__dirname + '/plugins/aws/ec2/launchWizardSecurityGroups'), + // 'securityGroupRfc1918' : require(__dirname + '/plugins/aws/ec2/securityGroupRfc1918.js'), + // 'elasticIpLimit' : require(__dirname + '/plugins/aws/ec2/elasticIpLimit.js'), + // 'unassociatedElasticIp' : require(__dirname + '/plugins/aws/ec2/unassociatedElasticIp.js'), + // 'subnetIpAvailability' : require(__dirname + '/plugins/aws/ec2/subnetIpAvailability.js'), + // 'excessiveSecurityGroups' : require(__dirname + '/plugins/aws/ec2/excessiveSecurityGroups.js'), + // 'instanceLimit' : require(__dirname + '/plugins/aws/ec2/instanceLimit.js'), + // 'instanceVcpusLimit' : require(__dirname + '/plugins/aws/ec2/instanceVcpusLimit.js'), + // 'instanceMaxCount' : require(__dirname + '/plugins/aws/ec2/instanceMaxCount.js'), + // 'instanceKeyBasedLogin' : require(__dirname + '/plugins/aws/ec2/instanceKeyBasedLogin.js'), + // 'openAllPortsProtocols' : require(__dirname + '/plugins/aws/ec2/openAllPortsProtocols.js'), + // 'openCIFS' : require(__dirname + '/plugins/aws/ec2/openCIFS.js'), + // 'openCustomPorts' : require(__dirname + '/plugins/aws/ec2/openCustomPorts.js'), + // 'openDNS' : require(__dirname + '/plugins/aws/ec2/openDNS.js'), + // 'openDocker' : require(__dirname + '/plugins/aws/ec2/openDocker.js'), + // 'openFTP' : require(__dirname + '/plugins/aws/ec2/openFTP.js'), + // 'openHadoopNameNode' : require(__dirname + '/plugins/aws/ec2/openHadoopNameNode.js'), + // 'openHadoopNameNodeWebUI' : require(__dirname + '/plugins/aws/ec2/openHadoopNameNodeWebUI.js'), + // 'openOracleAutoDataWarehouse' : require(__dirname + '/plugins/aws/ec2/openOracleAutoDataWarehouse.js'), + // 'openKibana' : require(__dirname + '/plugins/aws/ec2/openKibana.js'), + // 'openMySQL' : require(__dirname + '/plugins/aws/ec2/openMySQL.js'), + // 'openOracle' : require(__dirname + '/plugins/aws/ec2/openOracle.js'), + // 'openNetBIOS' : require(__dirname + '/plugins/aws/ec2/openNetBIOS.js'), + // 'openPostgreSQL' : require(__dirname + '/plugins/aws/ec2/openPostgreSQL.js'), + // 'openRDP' : require(__dirname + '/plugins/aws/ec2/openRDP.js'), + // 'openRPC' : require(__dirname + '/plugins/aws/ec2/openRPC.js'), + // 'openSalt' : require(__dirname + '/plugins/aws/ec2/openSalt.js'), + // 'openSMBoTCP' : require(__dirname + '/plugins/aws/ec2/openSMBoTCP.js'), + // 'openSMTP' : require(__dirname + '/plugins/aws/ec2/openSMTP.js'), + // 'openSQLServer' : require(__dirname + '/plugins/aws/ec2/openSQLServer.js'), + // 'openSSH' : require(__dirname + '/plugins/aws/ec2/openSSH.js'), + // 'openTelnet' : require(__dirname + '/plugins/aws/ec2/openTelnet.js'), + // 'openVNCClient' : require(__dirname + '/plugins/aws/ec2/openVNCClient.js'), + // 'openVNCServer' : require(__dirname + '/plugins/aws/ec2/openVNCServer.js'), + // 'openElasticsearch' : require(__dirname + '/plugins/aws/ec2/openElasticsearch.js'), + // 'vpcElasticIpLimit' : require(__dirname + '/plugins/aws/ec2/vpcElasticIpLimit.js'), + // 'classicInstances' : require(__dirname + '/plugins/aws/ec2/classicInstances.js'), + // 'flowLogsEnabled' : require(__dirname + '/plugins/aws/ec2/flowLogsEnabled.js'), + // 'vpcMultipleSubnets' : require(__dirname + '/plugins/aws/ec2/multipleSubnets.js'), + // 'overlappingSecurityGroups' : require(__dirname + '/plugins/aws/ec2/overlappingSecurityGroups.js'), + // 'publicAmi' : require(__dirname + '/plugins/aws/ec2/publicAmi.js'), + // 'encryptedAmi' : require(__dirname + '/plugins/aws/ec2/encryptedAmi.js'), + // 'instanceIamRole' : require(__dirname + '/plugins/aws/ec2/instanceIamRole.js'), + // 'ebsBackupEnabled' : require(__dirname + '/plugins/aws/ec2/ebsBackupEnabled.js'), + // 'ebsEncryptionEnabled' : require(__dirname + '/plugins/aws/ec2/ebsEncryptionEnabled.js'), + // 'ebsSnapshotLifecycle' : require(__dirname + '/plugins/aws/ec2/ebsSnapshotLifecycle.js'), + // 'ebsOldSnapshots' : require(__dirname + '/plugins/aws/ec2/ebsOldSnapshots.js'), + // 'ebsSnapshotPrivate' : require(__dirname + '/plugins/aws/ec2/ebsSnapshotPrivate.js'), + // 'ebsSnapshotPublic' : require(__dirname + '/plugins/aws/ec2/ebsSnapshotPublic.js'), + + // 'natMultiAz' : require(__dirname + '/plugins/aws/ec2/natMultiAz.js'), + // 'defaultVpcInUse' : require(__dirname + '/plugins/aws/ec2/defaultVpcInUse.js'), + // 'defaultVpcExists' : require(__dirname + '/plugins/aws/ec2/defaultVpcExists.js'), + // 'crossVpcPublicPrivate' : require(__dirname + '/plugins/aws/ec2/crossVpcPublicPrivate.js'), + // 'vpcEndpointAcceptance' : require(__dirname + '/plugins/aws/ec2/vpcEndpointAcceptance'), + // 'vpcEndpointExposed' : require(__dirname + '/plugins/aws/ec2/vpcEndpointExposed.js'), + // 'vpcEndpointCrossAccount' : require(__dirname + '/plugins/aws/ec2/vpcEndpointCrossAccount.js'), + // 'vpcPeeringConnections' : require(__dirname + '/plugins/aws/ec2/vpcPeeringConnections.js'), + // 'ebsEncryptedSnapshots' : require(__dirname + '/plugins/aws/ec2/ebsEncryptedSnapshots.js'), + // 'ebsDefaultEncryptionEnabled' : require(__dirname + '/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js'), + // 'ec2MetadataOptions' : require(__dirname + '/plugins/aws/ec2/ec2MetadataOptions.js'), + // 'unusedEni' : require(__dirname + '/plugins/aws/ec2/unusedEni.js'), + // 'unusedAmi' : require(__dirname + '/plugins/aws/ec2/unusedAmi.js'), + // 'unusedVpcInternetGateways' : require(__dirname + '/plugins/aws/ec2/unusedVpcInternetGateways.js'), + // 'managedNatGateway' : require(__dirname + '/plugins/aws/ec2/managedNatGateway.js'), + // 'allowedCustomPorts' : require(__dirname + '/plugins/aws/ec2/allowedCustomPorts.js'), + // 'ebsUnusedVolumes' : require(__dirname + '/plugins/aws/ec2/ebsUnusedVolumes.js'), + // 'publicIpAddress' : require(__dirname + '/plugins/aws/ec2/publicIpAddress.js'), + // 'unusedVirtualPrivateGateway' : require(__dirname + '/plugins/aws/ec2/unusedVirtualPrivateGateway.js'), + // 'vpcSubnetInstancesPresent' : require(__dirname + '/plugins/aws/ec2/vpcSubnetInstancesPresent.js'), + // 'webTierInstanceIamRole' : require(__dirname + '/plugins/aws/ec2/webTierInstanceIamRole.js'), + // 'vpnTunnelState' : require(__dirname + '/plugins/aws/ec2/vpnTunnelState.js'), + // 'networkAclOutboundTraffic' : require(__dirname + '/plugins/aws/ec2/networkAclOutboundTraffic.js'), + + // 'efsCmkEncrypted' : require(__dirname + '/plugins/aws/efs/efsCmkEncrypted.js'), + // 'efsEncryptionEnabled' : require(__dirname + '/plugins/aws/efs/efsEncryptionEnabled.js'), + + // 'ecrRepositoryPolicy' : require(__dirname + '/plugins/aws/ecr/ecrRepositoryPolicy.js'), + // 'ecrRepositoryTagImmutability' : require(__dirname + '/plugins/aws/ecr/ecrRepositoryTagImmutability.js'), - 'managedPlatformUpdates' : require(__dirname + '/plugins/aws/elasticbeanstalk/managedPlatformUpdates.js'), + // 'managedPlatformUpdates' : require(__dirname + '/plugins/aws/elasticbeanstalk/managedPlatformUpdates.js'), - 'eksKubernetesVersion' : require(__dirname + '/plugins/aws/eks/eksKubernetesVersion.js'), - 'eksLoggingEnabled' : require(__dirname + '/plugins/aws/eks/eksLoggingEnabled.js'), - 'eksPrivateEndpoint' : require(__dirname + '/plugins/aws/eks/eksPrivateEndpoint.js'), - 'eksSecretsEncrypted' : require(__dirname + '/plugins/aws/eks/eksSecretsEncrypted.js'), - 'eksSecurityGroups' : require(__dirname + '/plugins/aws/eks/eksSecurityGroups.js'), - - 'crosszoneLoadBalancing' : require(__dirname + '/plugins/aws/elb/crosszoneLoadBalancing.js'), - 'insecureCiphers' : require(__dirname + '/plugins/aws/elb/insecureCiphers.js'), - 'elbHttpsOnly' : require(__dirname + '/plugins/aws/elb/elbHttpsOnly.js'), - 'elbLoggingEnabled' : require(__dirname + '/plugins/aws/elb/elbLoggingEnabled.js'), - 'elbNoInstances' : require(__dirname + '/plugins/aws/elb/elbNoInstances.js'), - 'classicELBInUse' : require(__dirname + '/plugins/aws/elb/classicELBInUse.js'), - 'connectionDrainingEnabled' : require(__dirname + '/plugins/aws/elb/connectionDrainingEnabled.js'), - 'appTierElbSecurity' : require(__dirname + '/plugins/aws/elb/appTierElbSecurity.js'), - - 'elbv2DeletionProtection' : require(__dirname + '/plugins/aws/elbv2/elbv2DeletionProtection.js'), - 'elbv2LoggingEnabled' : require(__dirname + '/plugins/aws/elbv2/elbv2LoggingEnabled.js'), - 'elbv2HttpsOnly' : require(__dirname + '/plugins/aws/elbv2/elbv2HttpsOnly.js'), - 'elbv2NoInstances' : require(__dirname + '/plugins/aws/elbv2/elbv2NoInstances.js'), - 'elbv2WafEnabled' : require(__dirname + '/plugins/aws/elbv2/elbv2WafEnabled.js'), - 'elbv2MinimumTargetInstances' : require(__dirname + '/plugins/aws/elbv2/elbv2MinimumTargetInstances.js'), - 'elbv2NlbListenerSecurity' : require(__dirname + '/plugins/aws/elbv2/elbv2NlbListenerSecurity.js'), - 'elbv2DeregistrationDelay' : require(__dirname + '/plugins/aws/elbv2/elbv2DeregistrationDelay.js'), - - 'emrClusterLogging' : require(__dirname + '/plugins/aws/emr/emrClusterLogging.js'), - 'emrEncryptionInTransit' : require(__dirname + '/plugins/aws/emr/emrEncryptionInTransit.js'), - 'emrEncryptionAtRest' : require(__dirname + '/plugins/aws/emr/emrEncryptionAtRest.js'), - - 'esAccessFromIps' : require(__dirname + '/plugins/aws/es/esAccessFromIps.js'), - 'esPublicEndpoint' : require(__dirname + '/plugins/aws/es/esPublicEndpoint.js'), - 'esRequireIAMAuth' : require(__dirname + '/plugins/aws/es/esRequireIAMAuth.js'), - 'esEncryptedDomain' : require(__dirname + '/plugins/aws/es/esEncryptedDomain.js'), - 'esExposedDomain' : require(__dirname + '/plugins/aws/es/esExposedDomain.js'), - 'esNodeToNodeEncryption' : require(__dirname + '/plugins/aws/es/esNodeToNodeEncryption.js'), - 'esLoggingEnabled' : require(__dirname + '/plugins/aws/es/esLoggingEnabled.js'), - 'esUpgradeAvailable' : require(__dirname + '/plugins/aws/es/esUpgradeAvailable.js'), - 'esHttpsOnly' : require(__dirname + '/plugins/aws/es/esHttpsOnly.js'), - - 'glueCloudwatchLogsEncrypted' : require(__dirname + '/plugins/aws/glue/glueCloudwatchLogsEncrypted.js'), - 'glueS3EncryptionEnabled' : require(__dirname + '/plugins/aws/glue/glueS3EncryptionEnabled.js'), - 'dataCatalogCmkEncrypted' : require(__dirname + '/plugins/aws/glue/dataCatalogCmkEncrypted.js'), - 'bookmarkEncryptionEnabled' : require(__dirname + '/plugins/aws/glue/bookmarkEncryptionEnabled.js'), - 'dataCatalogEncryptionEnabled' : require(__dirname + '/plugins/aws/glue/dataCatalogEncryptionEnabled.js'), - - 'accessKeysExtra' : require(__dirname + '/plugins/aws/iam/accessKeysExtra.js'), - 'accessKeysLastUsed' : require(__dirname + '/plugins/aws/iam/accessKeysLastUsed.js'), - 'accessKeysRotated' : require(__dirname + '/plugins/aws/iam/accessKeysRotated.js'), - 'certificateExpiry' : require(__dirname + '/plugins/aws/iam/certificateExpiry.js'), - 'crossAccountMfaExtIdAccess' : require(__dirname + '/plugins/aws/iam/crossAccountMfaExtIdAccess.js'), - 'emptyGroups' : require(__dirname + '/plugins/aws/iam/emptyGroups.js'), - 'groupInlinePolicies' : require(__dirname + '/plugins/aws/iam/groupInlinePolicies.js'), - 'iamMasterManagerRoles' : require(__dirname + '/plugins/aws/iam/iamMasterManagerRoles.js'), - 'iamUserAdmins' : require(__dirname + '/plugins/aws/iam/iamUserAdmins.js'), - 'iamUserNameRegex' : require(__dirname + '/plugins/aws/iam/iamUserNameRegex.js'), - 'iamUserUnauthorizedToEdit' : require(__dirname + '/plugins/aws/iam/iamUserUnauthorizedToEdit'), - 'iamRolePolicies' : require(__dirname + '/plugins/aws/iam/iamRolePolicies.js'), - 'iamRoleLastUsed' : require(__dirname + '/plugins/aws/iam/iamRoleLastUsed.js'), - 'maxPasswordAge' : require(__dirname + '/plugins/aws/iam/maxPasswordAge.js'), - 'minPasswordLength' : require(__dirname + '/plugins/aws/iam/minPasswordLength.js'), - 'noUserIamPolicies' : require(__dirname + '/plugins/aws/iam/noUserIamPolicies.js'), - 'passwordExpiration' : require(__dirname + '/plugins/aws/iam/passwordExpiration.js'), - 'passwordRequiresLowercase' : require(__dirname + '/plugins/aws/iam/passwordRequiresLowercase.js'), - 'passwordRequiresNumbers' : require(__dirname + '/plugins/aws/iam/passwordRequiresNumbers.js'), - 'passwordRequiresSymbols' : require(__dirname + '/plugins/aws/iam/passwordRequiresSymbols.js'), - 'passwordRequiresUppercase' : require(__dirname + '/plugins/aws/iam/passwordRequiresUppercase.js'), - 'passwordReusePrevention' : require(__dirname + '/plugins/aws/iam/passwordReusePrevention.js'), - 'rootAccessKeys' : require(__dirname + '/plugins/aws/iam/rootAccessKeys.js'), - 'rootSigningCertificate' : require(__dirname + '/plugins/aws/iam/rootSigningCertificate.js'), - 'rootAccountInUse' : require(__dirname + '/plugins/aws/iam/rootAccountInUse.js'), - 'rootHardwareMfa' : require(__dirname + '/plugins/aws/iam/rootHardwareMfa.js'), - 'rootMfaEnabled' : require(__dirname + '/plugins/aws/iam/rootMfaEnabled.js'), - 'sshKeysRotated' : require(__dirname + '/plugins/aws/iam/sshKeysRotated.js'), - 'trustedCrossAccountRoles' : require(__dirname + '/plugins/aws/iam/trustedCrossAccountRoles.js'), - 'usersMfaEnabled' : require(__dirname + '/plugins/aws/iam/usersMfaEnabled.js'), - 'usersPasswordAndKeys' : require(__dirname + '/plugins/aws/iam/usersPasswordAndKeys.js'), - 'usersPasswordLastUsed' : require(__dirname + '/plugins/aws/iam/usersPasswordLastUsed.js'), - 'canaryKeysUsed' : require(__dirname + '/plugins/aws/iam/canaryKeysUsed.js'), - 'kinesisEncrypted' : require(__dirname + '/plugins/aws/kinesis/kinesisEncrypted.js'), - 'firehoseEncrypted' : require(__dirname + '/plugins/aws/firehose/firehoseEncrypted.js'), - 'kmsKeyRotation' : require(__dirname + '/plugins/aws/kms/kmsKeyRotation.js'), - 'kmsScheduledDeletion' : require(__dirname + '/plugins/aws/kms/kmsScheduledDeletion.js'), - 'kmsKeyPolicy' : require(__dirname + '/plugins/aws/kms/kmsKeyPolicy.js'), - 'kmsDefaultKeyUsage' : require(__dirname + '/plugins/aws/kms/kmsDefaultKeyUsage.js'), - 'kmsAppTierCmk' : require(__dirname + '/plugins/aws/kms/kmsAppTierCmk.js'), - - 'iamDbAuthenticationEnabled' : require(__dirname + '/plugins/aws/rds/iamDbAuthenticationEnabled.js'), - 'rdsAutomatedBackups' : require(__dirname + '/plugins/aws/rds/rdsAutomatedBackups.js'), - 'rdsEncryptionEnabled' : require(__dirname + '/plugins/aws/rds/rdsEncryptionEnabled.js'), - 'rdsCmkEncryptionEnabled' : require(__dirname + '/plugins/aws/rds/rdsCmkEncryptionEnabled.js'), - 'rdsLoggingEnabled' : require(__dirname + '/plugins/aws/rds/rdsLoggingEnabled.js'), - 'rdsPubliclyAccessible' : require(__dirname + '/plugins/aws/rds/rdsPubliclyAccessible.js'), - 'rdsRestorable' : require(__dirname + '/plugins/aws/rds/rdsRestorable.js'), - 'rdsMultiAz' : require(__dirname + '/plugins/aws/rds/rdsMultiAz.js'), - 'rdsSnapshotEncryption' : require(__dirname + '/plugins/aws/rds/rdsSnapshotEncryption.js'), - 'rdsMinorVersionUpgrade' : require(__dirname + '/plugins/aws/rds/rdsMinorVersionUpgrade.js'), - 'sqlServerTLSVersion' : require(__dirname + '/plugins/aws/rds/sqlServerTLSVersion'), - 'rdsTransportEncryption' : require(__dirname + '/plugins/aws/rds/rdsTransportEncryption'), - 'rdsDeletionProtectionEnabled' : require(__dirname + '/plugins/aws/rds/rdsDeletionProtectionEnabled.js'), - - 'domainAutoRenew' : require(__dirname + '/plugins/aws/route53/domainAutoRenew.js'), - 'domainExpiry' : require(__dirname + '/plugins/aws/route53/domainExpiry.js'), - 'domainTransferLock' : require(__dirname + '/plugins/aws/route53/domainTransferLock.js'), - 'danglingDnsRecords' : require(__dirname + '/plugins/aws/route53/danglingDnsRecords.js'), - - 'bucketEncryptionInTransit' : require(__dirname + '/plugins/aws/s3/bucketEncryptionInTransit.js'), - 'bucketAllUsersPolicy' : require(__dirname + '/plugins/aws/s3/bucketAllUsersPolicy.js'), - 'bucketAllUsersAcl' : require(__dirname + '/plugins/aws/s3/bucketAllUsersAcl.js'), - 'bucketPolicyCloudFrontOai' : require(__dirname + '/plugins/aws/s3/bucketPolicyCloudFrontOai.js'), - 'bucketVersioning' : require(__dirname + '/plugins/aws/s3/bucketVersioning.js'), - 'bucketLogging' : require(__dirname + '/plugins/aws/s3/bucketLogging.js'), - 's3Encryption' : require(__dirname + '/plugins/aws/s3/s3Encryption.js'), - 'bucketPublicAccessBlock' : require(__dirname + '/plugins/aws/s3/bucketPublicAccessBlock.js'), - 'bucketEncryption' : require(__dirname + '/plugins/aws/s3/bucketEncryption.js'), - 'bucketWebsiteEnabled' : require(__dirname + '/plugins/aws/s3/bucketWebsiteEnabled.js'), - 'bucketEnforceEncryption' : require(__dirname + '/plugins/aws/s3/bucketEnforceEncryption.js'), - 'bucketSecureTransportEnabled' : require(__dirname + '/plugins/aws/s3/bucketSecureTransportEnabled.js'), - 'bucketLifecycleConfiguration' : require(__dirname + '/plugins/aws/s3/bucketLifecycleConfiguration'), - 'bucketTransferAcceleration' : require(__dirname + '/plugins/aws/s3/bucketTransferAcceleration'), - 'bucketDnsCompliantName' : require(__dirname + '/plugins/aws/s3/bucketDnsCompliantName.js'), - - 'notebookDataEncrypted' : require(__dirname + '/plugins/aws/sagemaker/notebookDataEncrypted.js'), - 'notebookDirectInternetAccess' : require(__dirname + '/plugins/aws/sagemaker/notebookDirectInternetAccess.js'), - - 'dkimEnabled' : require(__dirname + '/plugins/aws/ses/dkimEnabled.js'), - - 'topicEncrypted' : require(__dirname + '/plugins/aws/sns/topicEncrypted.js'), - 'topicPolicies' : require(__dirname + '/plugins/aws/sns/topicPolicies.js'), - 'topicCmkEncrypted' : require(__dirname + '/plugins/aws/sns/topicCmkEncrypted.js'), - 'sqsCrossAccount' : require(__dirname + '/plugins/aws/sqs/sqsCrossAccount.js'), - 'sqsDeadLetterQueue' : require(__dirname + '/plugins/aws/sqs/sqsDeadLetterQueue.js'), - 'sqsEncrypted' : require(__dirname + '/plugins/aws/sqs/sqsEncrypted.js'), - 'sqsPublicAccess' : require(__dirname + '/plugins/aws/sqs/sqsPublicAccess.js'), - 'queueUnprocessedMessages' : require(__dirname + '/plugins/aws/sqs/queueUnprocessedMessages.js'), - - 'ssmEncryptedParameters' : require(__dirname + '/plugins/aws/ssm/ssmEncryptedParameters.js'), - 'ssmActiveOnAllInstances' : require(__dirname + '/plugins/aws/ssm/ssmActiveOnAllInstances.js'), - 'ssmAgentLatestVersion' : require(__dirname + '/plugins/aws/ssm/ssmAgentLatestVersion.js'), - 'ssmAgentAutoUpdateEnabled' : require(__dirname + '/plugins/aws/ssm/ssmAgentAutoUpdateEnabled'), - - - 'lambdaAdminPrivileges' : require(__dirname + '/plugins/aws/lambda/lambdaAdminPrivileges.js'), - 'envVarsClientSideEncryption' : require(__dirname + '/plugins/aws/lambda/envVarsClientSideEncryption.js'), - 'lambdaOldRuntimes' : require(__dirname + '/plugins/aws/lambda/lambdaOldRuntimes.js'), - 'lambdaVpcConfig' : require(__dirname + '/plugins/aws/lambda/lambdaVpcConfig.js'), - 'lambdaPublicAccess' : require(__dirname + '/plugins/aws/lambda/lambdaPublicAccess.js'), - 'lambdaLogGroups' : require(__dirname + '/plugins/aws/lambda/lambdaLogGroups.js'), - 'lambdaTracingEnabled' : require(__dirname + '/plugins/aws/lambda/lambdaTracingEnabled.js'), - - 'webServerPublicAccess' : require(__dirname + '/plugins/aws/mwaa/webServerPublicAccess.js'), - 'environmentAdminPrivileges' : require(__dirname + '/plugins/aws/mwaa/environmentAdminPrivileges.js'), - - 'monitoringMetrics' : require(__dirname + '/plugins/aws/cloudwatchlogs/monitoringMetrics.js'), - 'logRetentionPeriod' : require(__dirname + '/plugins/aws/cloudwatchlogs/logRetentionPeriod.js'), - - 'auditLoggingEnabled' : require(__dirname + '/plugins/aws/redshift/auditLoggingEnabled.js'), - 'redshiftClusterCmkEncrypted' : require(__dirname + '/plugins/aws/redshift/redshiftClusterCmkEncrypted.js'), - 'redshiftEncryptionEnabled' : require(__dirname + '/plugins/aws/redshift/redshiftEncryptionEnabled.js'), - 'redshiftPubliclyAccessible' : require(__dirname + '/plugins/aws/redshift/redshiftPubliclyAccessible.js'), - 'redshiftAllowVersionUpgrade' : require(__dirname + '/plugins/aws/redshift/redshiftAllowVersionUpgrade.js'), - 'redshiftSSLEnabled' : require(__dirname + '/plugins/aws/redshift/redshiftSSLEnabled.js'), - 'redshiftClusterInVpc' : require(__dirname + '/plugins/aws/redshift/redshiftClusterInVpc.js'), - 'redshiftClusterDefaultPort' : require(__dirname + '/plugins/aws/redshift/redshiftClusterDefaultPort.js'), - 'redshiftClusterMasterUsername' : require(__dirname + '/plugins/aws/redshift/redshiftClusterMasterUsername.js'), - 'snapshotRetentionPeriod' : require(__dirname + '/plugins/aws/redshift/snapshotRetentionPeriod.js'), - 'userActivityLoggingEnabled' : require(__dirname + '/plugins/aws/redshift/userActivityLoggingEnabled.js'), - 'redshiftNodesCount' : require(__dirname + '/plugins/aws/redshift/redshiftNodesCount.js'), - 'redshiftUnusedReservedNodes' : require(__dirname + '/plugins/aws/redshift/redshiftUnusedReservedNodes.js'), - 'redshiftDesiredNodeType' : require(__dirname + '/plugins/aws/redshift/redshiftDesiredNodeType.js'), - - 'transferLoggingEnabled' : require(__dirname + '/plugins/aws/transfer/transferLoggingEnabled.js'), - - 'secretRotationEnabled' : require(__dirname + '/plugins/aws/secretsmanager/secretRotationEnabled.js'), - 'secretsManagerEncrypted' : require(__dirname + '/plugins/aws/secretsmanager/secretsManagerEncrypted.js'), - - 'shieldAdvancedEnabled' : require(__dirname + '/plugins/aws/shield/shieldAdvancedEnabled.js'), - 'shieldEmergencyContacts' : require(__dirname + '/plugins/aws/shield/shieldEmergencyContacts.js'), - 'shieldProtections' : require(__dirname + '/plugins/aws/shield/shieldProtections.js'), - - 'enableAllFeatures' : require(__dirname + '/plugins/aws/organizations/enableAllFeatures.js'), - 'organizationInvite' : require(__dirname + '/plugins/aws/organizations/organizationInvite.js'), - 'guardDutyEnabled' : require(__dirname + '/plugins/aws/guardduty/guarddutyEnabled.js'), - 'guardDutyMaster' : require(__dirname + '/plugins/aws/guardduty/guarddutyMaster.js'), - - 'workspacesVolumeEncryption' : require(__dirname + '/plugins/aws/workspaces/workspacesVolumeEncryption.js'), - 'workspacesIpAccessControl' : require(__dirname + '/plugins/aws/workspaces/workspacesIpAccessControl.js'), - - 'xrayEncryptionEnabled' : require(__dirname + '/plugins/aws/xray/xrayEncryptionEnabled.js'), + // 'eksKubernetesVersion' : require(__dirname + '/plugins/aws/eks/eksKubernetesVersion.js'), + // 'eksLoggingEnabled' : require(__dirname + '/plugins/aws/eks/eksLoggingEnabled.js'), + // 'eksPrivateEndpoint' : require(__dirname + '/plugins/aws/eks/eksPrivateEndpoint.js'), + // 'eksSecretsEncrypted' : require(__dirname + '/plugins/aws/eks/eksSecretsEncrypted.js'), + // 'eksSecurityGroups' : require(__dirname + '/plugins/aws/eks/eksSecurityGroups.js'), + + // 'crosszoneLoadBalancing' : require(__dirname + '/plugins/aws/elb/crosszoneLoadBalancing.js'), + // 'insecureCiphers' : require(__dirname + '/plugins/aws/elb/insecureCiphers.js'), + // 'elbHttpsOnly' : require(__dirname + '/plugins/aws/elb/elbHttpsOnly.js'), + // 'elbLoggingEnabled' : require(__dirname + '/plugins/aws/elb/elbLoggingEnabled.js'), + // 'elbNoInstances' : require(__dirname + '/plugins/aws/elb/elbNoInstances.js'), + // 'classicELBInUse' : require(__dirname + '/plugins/aws/elb/classicELBInUse.js'), + // 'connectionDrainingEnabled' : require(__dirname + '/plugins/aws/elb/connectionDrainingEnabled.js'), + // 'appTierElbSecurity' : require(__dirname + '/plugins/aws/elb/appTierElbSecurity.js'), + + // 'elbv2DeletionProtection' : require(__dirname + '/plugins/aws/elbv2/elbv2DeletionProtection.js'), + // 'elbv2LoggingEnabled' : require(__dirname + '/plugins/aws/elbv2/elbv2LoggingEnabled.js'), + // 'elbv2HttpsOnly' : require(__dirname + '/plugins/aws/elbv2/elbv2HttpsOnly.js'), + // 'elbv2NoInstances' : require(__dirname + '/plugins/aws/elbv2/elbv2NoInstances.js'), + // 'elbv2WafEnabled' : require(__dirname + '/plugins/aws/elbv2/elbv2WafEnabled.js'), + // 'elbv2MinimumTargetInstances' : require(__dirname + '/plugins/aws/elbv2/elbv2MinimumTargetInstances.js'), + // 'elbv2NlbListenerSecurity' : require(__dirname + '/plugins/aws/elbv2/elbv2NlbListenerSecurity.js'), + // 'elbv2DeregistrationDelay' : require(__dirname + '/plugins/aws/elbv2/elbv2DeregistrationDelay.js'), + + // 'emrClusterLogging' : require(__dirname + '/plugins/aws/emr/emrClusterLogging.js'), + // 'emrEncryptionInTransit' : require(__dirname + '/plugins/aws/emr/emrEncryptionInTransit.js'), + // 'emrEncryptionAtRest' : require(__dirname + '/plugins/aws/emr/emrEncryptionAtRest.js'), + + // 'esAccessFromIps' : require(__dirname + '/plugins/aws/es/esAccessFromIps.js'), + // 'esPublicEndpoint' : require(__dirname + '/plugins/aws/es/esPublicEndpoint.js'), + // 'esRequireIAMAuth' : require(__dirname + '/plugins/aws/es/esRequireIAMAuth.js'), + // 'esEncryptedDomain' : require(__dirname + '/plugins/aws/es/esEncryptedDomain.js'), + // 'esExposedDomain' : require(__dirname + '/plugins/aws/es/esExposedDomain.js'), + // 'esNodeToNodeEncryption' : require(__dirname + '/plugins/aws/es/esNodeToNodeEncryption.js'), + // 'esLoggingEnabled' : require(__dirname + '/plugins/aws/es/esLoggingEnabled.js'), + // 'esUpgradeAvailable' : require(__dirname + '/plugins/aws/es/esUpgradeAvailable.js'), + // 'esHttpsOnly' : require(__dirname + '/plugins/aws/es/esHttpsOnly.js'), + + // 'glueCloudwatchLogsEncrypted' : require(__dirname + '/plugins/aws/glue/glueCloudwatchLogsEncrypted.js'), + // 'glueS3EncryptionEnabled' : require(__dirname + '/plugins/aws/glue/glueS3EncryptionEnabled.js'), + // 'dataCatalogCmkEncrypted' : require(__dirname + '/plugins/aws/glue/dataCatalogCmkEncrypted.js'), + // 'bookmarkEncryptionEnabled' : require(__dirname + '/plugins/aws/glue/bookmarkEncryptionEnabled.js'), + // 'dataCatalogEncryptionEnabled' : require(__dirname + '/plugins/aws/glue/dataCatalogEncryptionEnabled.js'), + + // 'accessKeysExtra' : require(__dirname + '/plugins/aws/iam/accessKeysExtra.js'), + // 'accessKeysLastUsed' : require(__dirname + '/plugins/aws/iam/accessKeysLastUsed.js'), + // 'accessKeysRotated' : require(__dirname + '/plugins/aws/iam/accessKeysRotated.js'), + // 'certificateExpiry' : require(__dirname + '/plugins/aws/iam/certificateExpiry.js'), + // 'crossAccountMfaExtIdAccess' : require(__dirname + '/plugins/aws/iam/crossAccountMfaExtIdAccess.js'), + // 'emptyGroups' : require(__dirname + '/plugins/aws/iam/emptyGroups.js'), + // 'groupInlinePolicies' : require(__dirname + '/plugins/aws/iam/groupInlinePolicies.js'), + // 'iamMasterManagerRoles' : require(__dirname + '/plugins/aws/iam/iamMasterManagerRoles.js'), + // 'iamUserAdmins' : require(__dirname + '/plugins/aws/iam/iamUserAdmins.js'), + // 'iamUserNameRegex' : require(__dirname + '/plugins/aws/iam/iamUserNameRegex.js'), + // 'iamUserUnauthorizedToEdit' : require(__dirname + '/plugins/aws/iam/iamUserUnauthorizedToEdit'), + // 'iamRolePolicies' : require(__dirname + '/plugins/aws/iam/iamRolePolicies.js'), + // 'iamRoleLastUsed' : require(__dirname + '/plugins/aws/iam/iamRoleLastUsed.js'), + // 'maxPasswordAge' : require(__dirname + '/plugins/aws/iam/maxPasswordAge.js'), + // 'minPasswordLength' : require(__dirname + '/plugins/aws/iam/minPasswordLength.js'), + // 'noUserIamPolicies' : require(__dirname + '/plugins/aws/iam/noUserIamPolicies.js'), + // 'passwordExpiration' : require(__dirname + '/plugins/aws/iam/passwordExpiration.js'), + // 'passwordRequiresLowercase' : require(__dirname + '/plugins/aws/iam/passwordRequiresLowercase.js'), + // 'passwordRequiresNumbers' : require(__dirname + '/plugins/aws/iam/passwordRequiresNumbers.js'), + // 'passwordRequiresSymbols' : require(__dirname + '/plugins/aws/iam/passwordRequiresSymbols.js'), + // 'passwordRequiresUppercase' : require(__dirname + '/plugins/aws/iam/passwordRequiresUppercase.js'), + // 'passwordReusePrevention' : require(__dirname + '/plugins/aws/iam/passwordReusePrevention.js'), + // 'rootAccessKeys' : require(__dirname + '/plugins/aws/iam/rootAccessKeys.js'), + // 'rootSigningCertificate' : require(__dirname + '/plugins/aws/iam/rootSigningCertificate.js'), + // 'rootAccountInUse' : require(__dirname + '/plugins/aws/iam/rootAccountInUse.js'), + // 'rootHardwareMfa' : require(__dirname + '/plugins/aws/iam/rootHardwareMfa.js'), + // 'rootMfaEnabled' : require(__dirname + '/plugins/aws/iam/rootMfaEnabled.js'), + // 'sshKeysRotated' : require(__dirname + '/plugins/aws/iam/sshKeysRotated.js'), + // 'trustedCrossAccountRoles' : require(__dirname + '/plugins/aws/iam/trustedCrossAccountRoles.js'), + // 'usersMfaEnabled' : require(__dirname + '/plugins/aws/iam/usersMfaEnabled.js'), + // 'usersPasswordAndKeys' : require(__dirname + '/plugins/aws/iam/usersPasswordAndKeys.js'), + // 'usersPasswordLastUsed' : require(__dirname + '/plugins/aws/iam/usersPasswordLastUsed.js'), + // 'canaryKeysUsed' : require(__dirname + '/plugins/aws/iam/canaryKeysUsed.js'), + // 'kinesisEncrypted' : require(__dirname + '/plugins/aws/kinesis/kinesisEncrypted.js'), + // 'firehoseEncrypted' : require(__dirname + '/plugins/aws/firehose/firehoseEncrypted.js'), + // 'kmsKeyRotation' : require(__dirname + '/plugins/aws/kms/kmsKeyRotation.js'), + // 'kmsScheduledDeletion' : require(__dirname + '/plugins/aws/kms/kmsScheduledDeletion.js'), + // 'kmsKeyPolicy' : require(__dirname + '/plugins/aws/kms/kmsKeyPolicy.js'), + // 'kmsDefaultKeyUsage' : require(__dirname + '/plugins/aws/kms/kmsDefaultKeyUsage.js'), + // 'kmsAppTierCmk' : require(__dirname + '/plugins/aws/kms/kmsAppTierCmk.js'), + + // 'iamDbAuthenticationEnabled' : require(__dirname + '/plugins/aws/rds/iamDbAuthenticationEnabled.js'), + // 'rdsAutomatedBackups' : require(__dirname + '/plugins/aws/rds/rdsAutomatedBackups.js'), + // 'rdsEncryptionEnabled' : require(__dirname + '/plugins/aws/rds/rdsEncryptionEnabled.js'), + // 'rdsCmkEncryptionEnabled' : require(__dirname + '/plugins/aws/rds/rdsCmkEncryptionEnabled.js'), + // 'rdsLoggingEnabled' : require(__dirname + '/plugins/aws/rds/rdsLoggingEnabled.js'), + // 'rdsPubliclyAccessible' : require(__dirname + '/plugins/aws/rds/rdsPubliclyAccessible.js'), + // 'rdsRestorable' : require(__dirname + '/plugins/aws/rds/rdsRestorable.js'), + // 'rdsMultiAz' : require(__dirname + '/plugins/aws/rds/rdsMultiAz.js'), + // 'rdsSnapshotEncryption' : require(__dirname + '/plugins/aws/rds/rdsSnapshotEncryption.js'), + // 'rdsMinorVersionUpgrade' : require(__dirname + '/plugins/aws/rds/rdsMinorVersionUpgrade.js'), + // 'sqlServerTLSVersion' : require(__dirname + '/plugins/aws/rds/sqlServerTLSVersion'), + // 'rdsTransportEncryption' : require(__dirname + '/plugins/aws/rds/rdsTransportEncryption'), + // 'rdsDeletionProtectionEnabled' : require(__dirname + '/plugins/aws/rds/rdsDeletionProtectionEnabled.js'), + + // 'domainAutoRenew' : require(__dirname + '/plugins/aws/route53/domainAutoRenew.js'), + // 'domainExpiry' : require(__dirname + '/plugins/aws/route53/domainExpiry.js'), + // 'domainTransferLock' : require(__dirname + '/plugins/aws/route53/domainTransferLock.js'), + // 'danglingDnsRecords' : require(__dirname + '/plugins/aws/route53/danglingDnsRecords.js'), + + // 'bucketEncryptionInTransit' : require(__dirname + '/plugins/aws/s3/bucketEncryptionInTransit.js'), + // 'bucketAllUsersPolicy' : require(__dirname + '/plugins/aws/s3/bucketAllUsersPolicy.js'), + // 'bucketAllUsersAcl' : require(__dirname + '/plugins/aws/s3/bucketAllUsersAcl.js'), + // 'bucketPolicyCloudFrontOai' : require(__dirname + '/plugins/aws/s3/bucketPolicyCloudFrontOai.js'), + // 'bucketVersioning' : require(__dirname + '/plugins/aws/s3/bucketVersioning.js'), + // 'bucketLogging' : require(__dirname + '/plugins/aws/s3/bucketLogging.js'), + // 's3Encryption' : require(__dirname + '/plugins/aws/s3/s3Encryption.js'), + // 'bucketPublicAccessBlock' : require(__dirname + '/plugins/aws/s3/bucketPublicAccessBlock.js'), + // 'bucketEncryption' : require(__dirname + '/plugins/aws/s3/bucketEncryption.js'), + // 'bucketWebsiteEnabled' : require(__dirname + '/plugins/aws/s3/bucketWebsiteEnabled.js'), + // 'bucketEnforceEncryption' : require(__dirname + '/plugins/aws/s3/bucketEnforceEncryption.js'), + // 'bucketSecureTransportEnabled' : require(__dirname + '/plugins/aws/s3/bucketSecureTransportEnabled.js'), + // 'bucketLifecycleConfiguration' : require(__dirname + '/plugins/aws/s3/bucketLifecycleConfiguration'), + // 'bucketTransferAcceleration' : require(__dirname + '/plugins/aws/s3/bucketTransferAcceleration'), + // 'bucketDnsCompliantName' : require(__dirname + '/plugins/aws/s3/bucketDnsCompliantName.js'), + + // 'notebookDataEncrypted' : require(__dirname + '/plugins/aws/sagemaker/notebookDataEncrypted.js'), + // 'notebookDirectInternetAccess' : require(__dirname + '/plugins/aws/sagemaker/notebookDirectInternetAccess.js'), + + // 'dkimEnabled' : require(__dirname + '/plugins/aws/ses/dkimEnabled.js'), + + // 'topicEncrypted' : require(__dirname + '/plugins/aws/sns/topicEncrypted.js'), + // 'topicPolicies' : require(__dirname + '/plugins/aws/sns/topicPolicies.js'), + // 'topicCmkEncrypted' : require(__dirname + '/plugins/aws/sns/topicCmkEncrypted.js'), + // 'sqsCrossAccount' : require(__dirname + '/plugins/aws/sqs/sqsCrossAccount.js'), + // 'sqsDeadLetterQueue' : require(__dirname + '/plugins/aws/sqs/sqsDeadLetterQueue.js'), + // 'sqsEncrypted' : require(__dirname + '/plugins/aws/sqs/sqsEncrypted.js'), + // 'sqsPublicAccess' : require(__dirname + '/plugins/aws/sqs/sqsPublicAccess.js'), + // 'queueUnprocessedMessages' : require(__dirname + '/plugins/aws/sqs/queueUnprocessedMessages.js'), + + // 'ssmEncryptedParameters' : require(__dirname + '/plugins/aws/ssm/ssmEncryptedParameters.js'), + // 'ssmActiveOnAllInstances' : require(__dirname + '/plugins/aws/ssm/ssmActiveOnAllInstances.js'), + // 'ssmAgentLatestVersion' : require(__dirname + '/plugins/aws/ssm/ssmAgentLatestVersion.js'), + // 'ssmAgentAutoUpdateEnabled' : require(__dirname + '/plugins/aws/ssm/ssmAgentAutoUpdateEnabled'), + + + // 'lambdaAdminPrivileges' : require(__dirname + '/plugins/aws/lambda/lambdaAdminPrivileges.js'), + // 'envVarsClientSideEncryption' : require(__dirname + '/plugins/aws/lambda/envVarsClientSideEncryption.js'), + // 'lambdaOldRuntimes' : require(__dirname + '/plugins/aws/lambda/lambdaOldRuntimes.js'), + // 'lambdaVpcConfig' : require(__dirname + '/plugins/aws/lambda/lambdaVpcConfig.js'), + // 'lambdaPublicAccess' : require(__dirname + '/plugins/aws/lambda/lambdaPublicAccess.js'), + // 'lambdaLogGroups' : require(__dirname + '/plugins/aws/lambda/lambdaLogGroups.js'), + // 'lambdaTracingEnabled' : require(__dirname + '/plugins/aws/lambda/lambdaTracingEnabled.js'), + + // 'webServerPublicAccess' : require(__dirname + '/plugins/aws/mwaa/webServerPublicAccess.js'), + // 'environmentAdminPrivileges' : require(__dirname + '/plugins/aws/mwaa/environmentAdminPrivileges.js'), + + // 'monitoringMetrics' : require(__dirname + '/plugins/aws/cloudwatchlogs/monitoringMetrics.js'), + // 'logRetentionPeriod' : require(__dirname + '/plugins/aws/cloudwatchlogs/logRetentionPeriod.js'), + + // 'auditLoggingEnabled' : require(__dirname + '/plugins/aws/redshift/auditLoggingEnabled.js'), + // 'redshiftClusterCmkEncrypted' : require(__dirname + '/plugins/aws/redshift/redshiftClusterCmkEncrypted.js'), + // 'redshiftEncryptionEnabled' : require(__dirname + '/plugins/aws/redshift/redshiftEncryptionEnabled.js'), + // 'redshiftPubliclyAccessible' : require(__dirname + '/plugins/aws/redshift/redshiftPubliclyAccessible.js'), + // 'redshiftAllowVersionUpgrade' : require(__dirname + '/plugins/aws/redshift/redshiftAllowVersionUpgrade.js'), + // 'redshiftSSLEnabled' : require(__dirname + '/plugins/aws/redshift/redshiftSSLEnabled.js'), + // 'redshiftClusterInVpc' : require(__dirname + '/plugins/aws/redshift/redshiftClusterInVpc.js'), + // 'redshiftClusterDefaultPort' : require(__dirname + '/plugins/aws/redshift/redshiftClusterDefaultPort.js'), + // 'redshiftClusterMasterUsername' : require(__dirname + '/plugins/aws/redshift/redshiftClusterMasterUsername.js'), + // 'snapshotRetentionPeriod' : require(__dirname + '/plugins/aws/redshift/snapshotRetentionPeriod.js'), + // 'userActivityLoggingEnabled' : require(__dirname + '/plugins/aws/redshift/userActivityLoggingEnabled.js'), + // 'redshiftNodesCount' : require(__dirname + '/plugins/aws/redshift/redshiftNodesCount.js'), + // 'redshiftUnusedReservedNodes' : require(__dirname + '/plugins/aws/redshift/redshiftUnusedReservedNodes.js'), + // 'redshiftDesiredNodeType' : require(__dirname + '/plugins/aws/redshift/redshiftDesiredNodeType.js'), + + // 'transferLoggingEnabled' : require(__dirname + '/plugins/aws/transfer/transferLoggingEnabled.js'), + + // 'secretRotationEnabled' : require(__dirname + '/plugins/aws/secretsmanager/secretRotationEnabled.js'), + // 'secretsManagerEncrypted' : require(__dirname + '/plugins/aws/secretsmanager/secretsManagerEncrypted.js'), + + // 'shieldAdvancedEnabled' : require(__dirname + '/plugins/aws/shield/shieldAdvancedEnabled.js'), + // 'shieldEmergencyContacts' : require(__dirname + '/plugins/aws/shield/shieldEmergencyContacts.js'), + // 'shieldProtections' : require(__dirname + '/plugins/aws/shield/shieldProtections.js'), + + // 'enableAllFeatures' : require(__dirname + '/plugins/aws/organizations/enableAllFeatures.js'), + // 'organizationInvite' : require(__dirname + '/plugins/aws/organizations/organizationInvite.js'), + // 'guardDutyEnabled' : require(__dirname + '/plugins/aws/guardduty/guarddutyEnabled.js'), + // 'guardDutyMaster' : require(__dirname + '/plugins/aws/guardduty/guarddutyMaster.js'), + + // 'workspacesVolumeEncryption' : require(__dirname + '/plugins/aws/workspaces/workspacesVolumeEncryption.js'), + // 'workspacesIpAccessControl' : require(__dirname + '/plugins/aws/workspaces/workspacesIpAccessControl.js'), + + // 'xrayEncryptionEnabled' : require(__dirname + '/plugins/aws/xray/xrayEncryptionEnabled.js'), + + 'codebuildValidSourceProviders' : require(__dirname + '/plugins/aws/codebuild/codebuildValidSourceProviders.js'), }, azure : { 'fileServiceEncryption' : require(__dirname + '/plugins/azure/storageaccounts/fileServiceEncryption.js'), diff --git a/helpers/aws/regions.js b/helpers/aws/regions.js index 43f6fec4fc..461ce6c7f1 100644 --- a/helpers/aws/regions.js +++ b/helpers/aws/regions.js @@ -125,5 +125,6 @@ module.exports = { xray: ['us-east-1', 'us-east-2', 'us-west-2', 'us-west-1', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'eu-north-1', 'ap-northeast-1', 'ap-northeast-2', - 'ap-southeast-1', 'ap-southeast-2', 'ap-south-1', 'sa-east-1', 'ap-east-1'] + 'ap-southeast-1', 'ap-southeast-2', 'ap-south-1', 'sa-east-1', 'ap-east-1'], + codebuild: regions }; diff --git a/helpers/aws/regions_china.js b/helpers/aws/regions_china.js index bc3a066f29..176dbf6aa2 100644 --- a/helpers/aws/regions_china.js +++ b/helpers/aws/regions_china.js @@ -73,5 +73,6 @@ module.exports = { wafv2: [], workspaces: ['cn-northwest-1'], xray: regions, - resourcegroupstaggingapi: regions + resourcegroupstaggingapi: regions, + codebuild: regions }; diff --git a/helpers/aws/regions_gov.js b/helpers/aws/regions_gov.js index 5fd4212b72..ffaf19465b 100644 --- a/helpers/aws/regions_gov.js +++ b/helpers/aws/regions_gov.js @@ -73,5 +73,6 @@ module.exports = { wafv2: regions, workspaces: ['us-gov-west-1'], xray: [], - resourcegroupstaggingapi: regions + resourcegroupstaggingapi: regions, + codebuild: regions }; diff --git a/plugins/aws/codebuild/codebuildValidSourceProviders.js b/plugins/aws/codebuild/codebuildValidSourceProviders.js new file mode 100644 index 0000000000..ce1f634771 --- /dev/null +++ b/plugins/aws/codebuild/codebuildValidSourceProviders.js @@ -0,0 +1,94 @@ +var async = require('async'); +var helpers = require('../../../helpers/aws'); + +module.exports = { + title: 'CodeBuild Valid Source Providers', + category: 'CodeBuild', + description: 'Ensure that CodeBuild projects are using only valid source providers.', + more_info: 'CodeBuild should use only desired source providers in order to follow your organizations\'s security and compliance requirements.', + link: 'https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSource.html', + recommended_action: 'Edit CodeBuild project source provider information and remove disallowed source providers', + apis: ['CodeBuild:listProjects', 'CodeBuild:batchGetProjects', 'STS:getCallerIdentity'], + settings: { + codebuild_disallowed_source_providers: { + name: 'CodeBuild Disallowed Source Providers', + description: 'A comma-separated list of source providers which should not be used', + regex: '^((bitbucket|codecommit|codepipeline|github|github_enterprise|s3|),? ?){1,5}$', + default: '' + } + }, + + run: function(cache, settings, callback) { + var results = []; + var source = {}; + var regions = helpers.regions(settings); + + var config = { + codebuild_disallowed_source_providers: settings.codebuild_disallowed_source_providers || this.settings.codebuild_disallowed_source_providers.default + }; + + if (!config.codebuild_disallowed_source_providers.length) return callback(null, results, source); + + var acctRegion = helpers.defaultRegion(settings); + var awsOrGov = helpers.defaultPartition(settings); + var accountId = helpers.addSource(cache, source, + ['sts', 'getCallerIdentity', acctRegion, 'data']); + + async.each(regions.codebuild, function(region, rcb){ + var listProjects = helpers.addSource(cache, source, ['codebuild', 'listProjects', region]); + + if (!listProjects) return rcb(); + + if (listProjects.err || !listProjects.data) { + helpers.addResult(results, 3, `Unable to query CodeBuild projects: ${helpers.addError(listProjects)}`, region); + return rcb(); + } + + if (!listProjects.data.length) { + helpers.addResult(results, 0, 'No CodeBuild projects found', region); + return rcb(); + } + + async.each(listProjects.data, function(project, cb) { + var resource = `arn:${awsOrGov}:codebuild:${region}:${accountId}:project/${project}`; + + var batchGetProjects = helpers.addSource(cache, source, ['codebuild', 'batchGetProjects', region, project]); + + if (!batchGetProjects || batchGetProjects.err || + !batchGetProjects.data || !batchGetProjects.data.projects || !batchGetProjects.data.projects.length) { + helpers.addResult(results, 3, + `Unable to query CodeBuild project: ${helpers.addError(batchGetProjects)}`, region, resource); + return cb(); + } + + var invalidSources = []; + if (batchGetProjects.data.projects[0].source && + batchGetProjects.data.projects[0].source.type && + config.codebuild_disallowed_source_providers.includes(batchGetProjects.data.projects[0].source.type.toLowerCase())) + invalidSources.push(batchGetProjects.data.projects[0].source.type.toLowerCase()); + + if (batchGetProjects.data.projects[0].secondarySources && + batchGetProjects.data.projects[0].secondarySources.length) { + for (let source of batchGetProjects.data.projects[0].secondarySources) { + var sourceLower = source.type.toLowerCase() + if (config.codebuild_disallowed_source_providers.includes(sourceLower) && !invalidSources.includes(sourceLower)) invalidSources.push(sourceLower); + } + } + + if (invalidSources.length) { + helpers.addResult(results, 2, + `CodeBuild project is using these disallowed source providers: ${invalidSources.join(', ')}`, region, resource); + } else { + helpers.addResult(results, 0, + 'CodeBuild project is using allowed source providers', region, resource); + } + + cb(); + }, function(){ + rcb(); + }); + }, function(){ + callback(null, results, source); + }); + } +}; \ No newline at end of file diff --git a/plugins/aws/codebuild/codebuildValidSourceProviders.spec.js b/plugins/aws/codebuild/codebuildValidSourceProviders.spec.js new file mode 100644 index 0000000000..a3467818db --- /dev/null +++ b/plugins/aws/codebuild/codebuildValidSourceProviders.spec.js @@ -0,0 +1,126 @@ +var expect = require('chai').expect; +const codebuildValidSourceProviders = require('./codebuildValidSourceProviders'); + +const listProjects = [ + 'test-project' +]; + + +const batchGetProjects ={ + "projects": [ + { + "name": "test-project", + "arn": "arn:aws:codebuild:us-east-1:111122223333:project/test-project", + "source": { + "type": "GITHUB", + "location": "https://github.com/cloudsplit/scans", + "gitCloneDepth": 1, + "gitSubmodulesConfig": { + "fetchSubmodules": false + }, + "reportBuildStatus": false, + "insecureSsl": false + }, + "secondarySources": [ + { + "type": "S3", + "location": "my-aqua-bucket/data", + "insecureSsl": false, + "sourceIdentifier": "s3_source" + } + ] + } + ], +}; + +const createCache = (listProjects, batchGetProjects, listProjectsErr, batchGetProjectsErr) => { + let project = (listProjects && listProjects.length) ? listProjects[0] : null; + return { + codebuild: { + listProjects: { + 'us-east-1': { + data: listProjects, + err: listProjectsErr + } + }, + batchGetProjects: { + 'us-east-1': { + [project]: { + data: batchGetProjects, + err: batchGetProjectsErr + } + } + } + } + } +}; + +const createNullCache = () => { + return { + codebuild: { + listProjects: { + 'us-east-1': null, + }, + }, + }; +}; + +describe('codebuildValidSourceProviders', function () { + describe('run', function () { + it('should PASS if CodeBuild project is using allowed source providers', function (done) { + const cache = createCache(listProjects, batchGetProjects); + codebuildValidSourceProviders.run(cache, { codebuild_disallowed_source_providers: 'bitbucket'}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].region).to.equal('us-east-1'); + done(); + }); + }); + + it('should FAIL if CodeBuild project is using disallowed source providers', function (done) { + const cache = createCache(listProjects, batchGetProjects); + codebuildValidSourceProviders.run(cache, { codebuild_disallowed_source_providers: 's3' }, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(2); + expect(results[0].region).to.equal('us-east-1'); + done(); + }); + }); + + it('should PASS if no CodeBuild projects found', function (done) { + const cache = createCache([]); + codebuildValidSourceProviders.run(cache, { codebuild_disallowed_source_providers: 's3' }, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].region).to.equal('us-east-1'); + done(); + }); + }); + + it('should UNKNOWN if unable to query CodeBuild projects', function (done) { + const cache = createCache(listProjects, { message: 'Unable to query CodeBuild projects' }); + codebuildValidSourceProviders.run(cache, { codebuild_disallowed_source_providers: 's3' }, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(3); + done(); + }); + }); + + it('should UNKNOWN if unable to query CodeBuild project', function (done) { + const cache = createCache(listProjects, null, null, { message: 'Unable to query CodeBuild project' }); + codebuildValidSourceProviders.run(cache, { codebuild_disallowed_source_providers: 's3' }, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(3); + done(); + }); + }); + + it('should not return any results if unable to query for comprehend jobs', function (done) { + const cache = createNullCache(); + codebuildValidSourceProviders.run(cache, {}, (err, results) => { + expect(results.length).to.equal(0); + done(); + }); + }); + }); +});