Update benchmark and control tags for compatibility with dashboard pa…

…ge (#375)
turbot · Apr 27, 2022 · 1058331 · 1058331
1 parent 014d78e
commit 1058331
Show file tree

Hide file tree

Showing 138 changed files with 733 additions and 415 deletions.
diff --git a/audit_manager_control_tower/audit_manager_control_tower.sp b/audit_manager_control_tower/audit_manager_control_tower.sp
@@ -1,8 +1,8 @@
 locals {
-  audit_manager_control_tower_common_tags = {
+  audit_manager_control_tower_common_tags = merge(local.aws_compliance_common_tags, {
     audit_manager_control_tower = "true"
-    plugin                      = "aws"
-  }
+    type                        = "Benchmark"
+  })
 }
 
 benchmark "audit_manager_control_tower" {

diff --git a/audit_manager_control_tower/disallow_instances.sp b/audit_manager_control_tower/disallow_instances.sp
@@ -22,7 +22,8 @@ benchmark "audit_manager_control_tower_disallow_instances_5_0_1" {
   ]
 
   tags = merge(local.audit_manager_control_tower_disallow_instances_common_tags, {
-    audit_manager_control_tower_item_id  = "5.0.1"
+    audit_manager_control_tower_item_id = "5.0.1"
+    service                             = "AWS/RDS"
   })
 }
 
@@ -34,6 +35,7 @@ benchmark "audit_manager_control_tower_disallow_instances_5_1_1" {
   ]
 
   tags = merge(local.audit_manager_control_tower_disallow_instances_common_tags, {
-    audit_manager_control_tower_item_id  = "5.1.1"
+    audit_manager_control_tower_item_id = "5.1.1"
+    service                             = "AWS/S3"
   })
-}
+}
diff --git a/audit_manager_control_tower/disallow_internet_connection.sp b/audit_manager_control_tower/disallow_internet_connection.sp
@@ -11,7 +11,10 @@ benchmark "audit_manager_control_tower_disallow_internet_connection" {
     benchmark.audit_manager_control_tower_disallow_internet_connection_2_0_1,
     benchmark.audit_manager_control_tower_disallow_internet_connection_2_0_2
   ]
-  tags          = local.audit_manager_control_tower_disallow_internet_connection_common_tags
+
+  tags = merge(local.audit_manager_control_tower_disallow_internet_connection_common_tags, {
+    service = "AWS/VPC"
+  })
 }
 
 benchmark "audit_manager_control_tower_disallow_internet_connection_2_0_1" {
@@ -23,6 +26,7 @@ benchmark "audit_manager_control_tower_disallow_internet_connection_2_0_1" {
 
   tags = merge(local.audit_manager_control_tower_disallow_internet_connection_common_tags, {
     audit_manager_control_tower_item_id = "2.0.1"
+    service                             = "AWS/VPC"
   })
 }
 
@@ -35,5 +39,6 @@ benchmark "audit_manager_control_tower_disallow_internet_connection_2_0_2" {
 
   tags = merge(local.audit_manager_control_tower_disallow_internet_connection_common_tags, {
     audit_manager_control_tower_item_id = "2.0.2"
+    service                             = "AWS/VPC"
   })
-}
+}
diff --git a/audit_manager_control_tower/disallow_public_access.sp b/audit_manager_control_tower/disallow_public_access.sp
@@ -25,6 +25,7 @@ benchmark "audit_manager_control_tower_disallow_public_access_4_0_1" {
 
   tags = merge(local.audit_manager_control_tower_disallow_public_access_common_tags, {
     audit_manager_control_tower_item_id = "4.0.1"
+    service                             = "AWS/RDS"
   })
 }
 
@@ -37,6 +38,7 @@ benchmark "audit_manager_control_tower_disallow_public_access_4_0_2" {
 
   tags = merge(local.audit_manager_control_tower_disallow_public_access_common_tags, {
     audit_manager_control_tower_item_id = "4.0.2"
+    service                             = "AWS/RDS"
   })
 }
 
@@ -49,6 +51,7 @@ benchmark "audit_manager_control_tower_disallow_public_access_4_1_1" {
 
   tags = merge(local.audit_manager_control_tower_disallow_public_access_common_tags, {
     audit_manager_control_tower_item_id = "4.1.1"
+    service                             = "AWS/S3"
   })
 }
 
@@ -61,5 +64,6 @@ benchmark "audit_manager_control_tower_disallow_public_access_4_1_2" {
 
   tags = merge(local.audit_manager_control_tower_disallow_public_access_common_tags, {
     audit_manager_control_tower_item_id = "4.1.2"
+    service                             = "AWS/S3"
   })
-}
+}
diff --git a/audit_manager_control_tower/ebs_checks.sp b/audit_manager_control_tower/ebs_checks.sp
@@ -12,7 +12,10 @@ benchmark "audit_manager_control_tower_ebs_checks" {
     benchmark.audit_manager_control_tower_ebs_checks_1_0_2,
     benchmark.audit_manager_control_tower_ebs_checks_1_0_3
   ]
-  tags          = local.audit_manager_control_tower_ebs_checks_common_tags
+
+  tags = merge(local.audit_manager_control_tower_ebs_checks_common_tags, {
+    service = "AWS/EBS"
+  })
 }
 
 benchmark "audit_manager_control_tower_ebs_checks_1_0_1" {
@@ -24,6 +27,7 @@ benchmark "audit_manager_control_tower_ebs_checks_1_0_1" {
 
   tags = merge(local.audit_manager_control_tower_ebs_checks_common_tags, {
     audit_manager_control_tower_item_id = "1.0.1"
+    service                             = "AWS/EBS"
   })
 }
 
@@ -36,6 +40,7 @@ benchmark "audit_manager_control_tower_ebs_checks_1_0_2" {
 
   tags = merge(local.audit_manager_control_tower_ebs_checks_common_tags, {
     audit_manager_control_tower_item_id = "1.0.2"
+    service                             = "AWS/EBS"
   })
 }
 
@@ -48,5 +53,6 @@ benchmark "audit_manager_control_tower_ebs_checks_1_0_3" {
 
   tags = merge(local.audit_manager_control_tower_ebs_checks_common_tags, {
     audit_manager_control_tower_item_id = "1.0.3"
+    service                             = "AWS/EBS"
   })
-}
+}
diff --git a/audit_manager_control_tower/multi_factor_authentication.sp b/audit_manager_control_tower/multi_factor_authentication.sp
@@ -12,7 +12,10 @@ benchmark "audit_manager_control_tower_multi_factor_authentication" {
     benchmark.audit_manager_control_tower_multi_factor_authentication_3_0_2,
     benchmark.audit_manager_control_tower_multi_factor_authentication_3_0_3
   ]
-  tags          = local.audit_manager_control_tower_multi_factor_authentication_common_tags
+
+  tags = merge(local.audit_manager_control_tower_multi_factor_authentication_common_tags, {
+    service = "AWS/IAM"
+  })
 }
 
 benchmark "audit_manager_control_tower_multi_factor_authentication_3_0_1" {
@@ -24,8 +27,10 @@ benchmark "audit_manager_control_tower_multi_factor_authentication_3_0_1" {
 
   tags = merge(local.audit_manager_control_tower_multi_factor_authentication_common_tags, {
     audit_manager_control_tower_item_id = "3.0.1"
+    service                             = "AWS/IAM"
   })
 }
+
 benchmark "audit_manager_control_tower_multi_factor_authentication_3_0_2" {
   title         = "3.0.2 - Disallow console access to IAM users without MFA"
   description   = "Disallow console access to IAM users without MFA - Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password."
@@ -35,6 +40,7 @@ benchmark "audit_manager_control_tower_multi_factor_authentication_3_0_2" {
 
   tags = merge(local.audit_manager_control_tower_multi_factor_authentication_common_tags, {
     audit_manager_control_tower_item_id = "3.0.2"
+    service                             = "AWS/IAM"
   })
 }
 
@@ -47,5 +53,6 @@ benchmark "audit_manager_control_tower_multi_factor_authentication_3_0_3" {
 
   tags = merge(local.audit_manager_control_tower_multi_factor_authentication_common_tags, {
     audit_manager_control_tower_item_id = "3.0.3"
+    service                             = "AWS/IAM"
   })
-}
+}
diff --git a/cis_v130/cis.sp b/cis_v130/cis.sp
@@ -1,9 +1,8 @@
 locals {
-  cis_v130_common_tags = {
+  cis_v130_common_tags = merge(local.aws_compliance_common_tags, {
     cis         = "true"
     cis_version = "v1.3.0"
-    plugin      = "aws"
-  }
+  })
 }
 
 benchmark "cis_v130" {
@@ -17,5 +16,8 @@ benchmark "cis_v130" {
     benchmark.cis_v130_4,
     benchmark.cis_v130_5
   ]
-  tags = local.cis_v130_common_tags
+
+  tags = merge(local.cis_v130_common_tags, {
+    type = "Benchmark"
+  })
 }