Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new fsbp controls #457

Merged
merged 4 commits into from
Jul 19, 2022
Merged

Add new fsbp controls #457

merged 4 commits into from
Jul 19, 2022

Conversation

khushboo9024
Copy link
Contributor

@khushboo9024 khushboo9024 commented Jul 14, 2022
edited by vkumbha
Loading

Checklist

  • Issue(s) linked

query/autoscaling/autoscaling_launch_config_hop_limit.sql

+--------------------------------------------------------------------------------------------------------------------------------------+--------+---------------------------------------------------------+-----------+--------------+
| resource                                                                                                                             | status | reason                                                  | region    | account_id   |
+--------------------------------------------------------------------------------------------------------------------------------------+--------+---------------------------------------------------------+-----------+--------------+
| arn:aws:autoscaling:us-east-2:010203040506:launchConfiguration:f39e4000-a9f2-4598-b828-75263645864a:launchConfigurationName/testCopy | alarm  | testCopy metadata response hop limit is greater than 1. | us-east-2 | 010203040506 |
| arn:aws:autoscaling:us-east-2:010203040506:launchConfiguration:33527bcd-910d-48b9-826c-25f983288446:launchConfigurationName/test     | ok     | test metadata response hop limit is not greater than 1. | us-east-2 | 010203040506 |
+--------------------------------------------------------------------------------------------------------------------------------------+--------+---------------------------------------------------------+-----------+--------------+

aws autoscaling describe-launch-configurations --query "LaunchConfigurations[*].{LaunchConfigurationName:LaunchConfigurationName,HttpPutResponseHopLimit:MetadataOptions.HttpPutResponseHopLimit}"
[
    {
        "LaunchConfigurationName": "test",
        "HttpPutResponseHopLimit": 1
    },
    {
        "LaunchConfigurationName": "testCopy",
        "HttpPutResponseHopLimit": 2
    }
]

query/autoscaling/autoscaling_launch_config_requires_imdsv2.sql

+-------------------------------------------------------------------------------------------------------------------------------------------+--------+-----------------------------------------------------------------------------------+-----------+--------------+
| resource                                                                                                                                  | status | reason                                                                            | region    | account_id   |
+-------------------------------------------------------------------------------------------------------------------------------------------+--------+-----------------------------------------------------------------------------------+-----------+--------------+
| arn:aws:autoscaling:us-east-2:010203040506:launchConfiguration:33527bcd-910d-48b9-826c-25f983288446:launchConfigurationName/test          | alarm  | test not configured to use Instance Metadata Service Version 2 (IMDSv2).          | us-east-2 | 010203040506 |
| arn:aws:autoscaling:us-east-2:010203040506:launchConfiguration:5a80462c-db66-4946-94ff-677dc5080708:launchConfigurationName/imdsv2test    | ok     | imdsv2test configured to use Instance Metadata Service Version 2 (IMDSv2).        | us-east-2 | 010203040506 |
+-------------------------------------------------------------------------------------------------------------------------------------------+--------+-----------------------------------------------------------------------------------+-----------+--------------+

aws autoscaling describe-launch-configurations --query "LaunchConfigurations[*].{LaunchConfigurationName:LaunchConfigurationName,HttpTokens:MetadataOptions.HttpTokens}"
[
    {
        "LaunchConfigurationName": "imdsv2test",
        "HttpTokens": "required"
    },
    {
        "LaunchConfigurationName": "test",
        "HttpTokens": "optional"
    }
]

query/ec2/ec2_instance_no_amazon_key_pair.sql

+----------------------------------------------------------------------+--------+--------------------------------------------------------------------+----------------+--------------+
| resource                                                             | status | reason                                                             | region         | account_id   |
+----------------------------------------------------------------------+--------+--------------------------------------------------------------------+----------------+--------------+
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-0f6c7e2aab9744aaa | skip   | stopped-inst-without-key-pair is in stopped state.                 | ap-southeast-2 | 010203040506 |
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-072d02660b8fe8bbb | ok     | running-inst-without-key-pair not launched using amazon key pairs. | ap-southeast-2 | 010203040506 |
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-087a475e5fa851ccc | alarm  | running-inst-with-key-pair launched using amazon key pairs.        | ap-southeast-2 | 010203040506 |
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-0cdc261c9d5ea9ddd | skip   | stopped-inst-with-key-pair is in stopped state.                    | ap-southeast-2 | 010203040506 |
+----------------------------------------------------------------------+--------+--------------------------------------------------------------------+----------------+--------------+

aws ec2 describe-instances --query "Reservations[*].Instances[*].{InstanceName:Tags[?Key=='Name'].Value,State:State,KeyName:KeyName}"
[
    [
        {
            "InstanceName": [
                "running-inst-with-key-pair"
            ],
            "State": {
                "Code": 16,
                "Name": "running"
            },
            "KeyName": "sydney-punisher-aaa-key-file"
        }
    ],
    [
        {
            "InstanceName": [
                "running-inst-without-key-pair"
            ],
            "State": {
                "Code": 16,
                "Name": "running"
            },
            "KeyName": null
        }
    ],
    [
        {
            "InstanceName": [
                "stopped-inst-with-key-pair"
            ],
            "State": {
                "Code": 80,
                "Name": "stopped"
            },
            "KeyName": "sydney-punisher-aaa-key-file"
        }
    ],
    [
        {
            "InstanceName": [
                "stopped-inst-without-key-pair"
            ],
            "State": {
                "Code": 80,
                "Name": "stopped"
            },
            "KeyName": null
        }
    ]
]

query/ec2/ec2_instance_virtualization_type_no_paravirtual.sql

+----------------------------------------------------------------------+--------+-----------------------------------------------------------+----------------+--------------+
| resource                                                             | status | reason                                                    | region         | account_id   |
+----------------------------------------------------------------------+--------+-----------------------------------------------------------+----------------+--------------+
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-0f26c076388df7b52 | alarm  | paravirtual-instance virtualization type is paravirtual.  | ap-southeast-2 | 010203040506 |
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-0f6c7e2aab97444dc | ok     | stopped-inst-without-key-pair virtualization type is hvm. | ap-southeast-2 | 010203040506 |
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-087a475e5fa851481 | ok     |  virtualization type is hvm.                              | ap-southeast-2 | 010203040506 |
| arn:aws:ec2:ap-southeast-2:010203040506:instance/i-072d02660b8fe856b | ok     | running-inst-without-key-pair virtualization type is hvm. | ap-southeast-2 | 010203040506 |
+----------------------------------------------------------------------+--------+-----------------------------------------------------------+----------------+--------------+

$ aws ec2 describe-instances --query "Reservations[*].Instances[*].{InstanceName:Tags[?Key=='Name'].Value,VirtualizationType:VirtualizationType}" 
[
    [
        {
            "InstanceName": [
                ""
            ],
            "VirtualizationType": "hvm"
        }
    ],
    [
        {
            "InstanceName": [
                "running-inst-without-key-pair"
            ],
            "VirtualizationType": "hvm"
        }
    ],
    [
        {
            "InstanceName": [
                "stopped-inst-with-key-pair"
            ],
            "VirtualizationType": "hvm"
        }
    ],
    [
        {
            "InstanceName": [
                "stopped-inst-without-key-pair"
            ],
            "VirtualizationType": "hvm"
        }
    ],
    [
        {
            "InstanceName": [
                "paravirtual-instance"
            ],
            "VirtualizationType": "paravirtual"
        }
    ]
]

query/elb/elb_application_gateway_network_lb_multiple_az_configured.sql

+----------------------------------------------------------------------------------------------------------------+--------+------------------------------------------------------+----------------+--------------+
| resource                                                                                                       | status | reason                                               | region         | account_id   |
+----------------------------------------------------------------------------------------------------------------+--------+------------------------------------------------------+----------------+--------------+
| arn:aws:elasticloadbalancing:us-east-2:010203040506:loadbalancer/app/turbottest-lb/2a42220bfac077c4            | ok     | turbottest-lb has 2 availability zone(s).            | us-east-2      | 010203040506 |
| arn:aws:elasticloadbalancing:us-east-2:010203040506:loadbalancer/net/test/a3b7fdb15259c504                     | alarm  | test has 1 availability zone(s).                     | us-east-2      | 010203040506 |
+----------------------------------------------------------------------------------------------------------------+--------+------------------------------------------------------+----------------+--------------+

$ aws elbv2 describe-load-balancers --query "LoadBalancers[*].{LoadBalancerArn:LoadBalancerArn,AvailabilityZones:AvailabilityZones}" 
[
    {
        "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-2:010203040506:loadbalancer/net/test/a3b7fdb15259c504",
        "AvailabilityZones": [
            {
                "ZoneName": "us-east-2a",
                "SubnetId": "subnet-0abd9e243e79ebxxx",
                "LoadBalancerAddresses": []
            }
        ]
    },
    {
        "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-2:010203040506:loadbalancer/app/turbottest-lb/2a42220bfac077c4",
        "AvailabilityZones": [
            {
                "ZoneName": "us-east-2a",
                "SubnetId": "subnet-0abd9e243e79ebxxx",
                "LoadBalancerAddresses": []
            },
            {
                "ZoneName": "us-east-2b",
                "SubnetId": "subnet-0f80360e2b794fec4",
                "LoadBalancerAddresses": []
            }
        ]
    }
]

query/elb/elb_application_lb_desync_mitigation_mode.sql

+----------------------------------------------------------------------------------------------------------------+--------+----------------------------------------------------------------+----------------+--------------+
| resource                                                                                                       | status | reason                                                         | region         | account_id   |
+----------------------------------------------------------------------------------------------------------------+--------+----------------------------------------------------------------+----------------+--------------+
| arn:aws:elasticloadbalancing:us-east-1:010203040506:loadbalancer/app/spongebob-lb/b71c6b30c292c530             | ok     | spongebob-lb has defensive desync mitigation mode.             | us-east-1      | 010203040506 |
| arn:aws:elasticloadbalancing:us-east-2:010203040506:loadbalancer/app/turbot-lb/17964d1301e59db2                | alarm  | turbot-lb has monitor desync mitigation mode.                  | us-east-2      | 010203040506 |
+----------------------------------------------------------------------------------------------------------------+--------+----------------------------------------------------------------+----------------+--------------+


aws elbv2 describe-load-balancer-attributes --load-balancer-arn arn:aws:elasticloadbalancing:us-east-2:010203040506:loadbalancer/app/turbot-lb/17964d1301e59db2  --query "{Attribute:Attributes[10]}"
{
    "Attribute": {
        "Key": "routing.http.desync_mitigation_mode",
        "Value": "monitor"
    }
}

aws elbv2 describe-load-balancer-attributes --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:010203040506:loadbalancer/app/spongebob-lb/b71c6b30c292c530  --query "{Attribute:Attributes[10]}"
{
    "Attribute": {
        "Key": "routing.http.desync_mitigation_mode",
        "Value": "defensive"
    }
}

query/elb/elb_classic_lb_desync_mitigation_mode.sql

+---------------------------------------------------------------------------------------------------+--------+------------------------------------------------------------------------+-----------+--------------+
| resource                                                                                          | status | reason                                                                 | region    | account_id   |
+---------------------------------------------------------------------------------------------------+--------+------------------------------------------------------------------------+-----------+--------------+
| arn:aws:elasticloadbalancing:us-east-1:010203040506:loadbalancer/aaa-jsmyth-reltest-test01-elb-01 | ok     | aaa-jsmyth-reltest-test01-elb-01 has defensive desync mitigation mode. | us-east-1 | 010203040506 |
| arn:aws:elasticloadbalancing:us-east-1:010203040506:loadbalancer/aaa-jsmyth-reltest-ec2-elb       | alarm  | aaa-jsmyth-reltest-ec2-elb has monitor desync mitigation mode.         | us-east-1 | 010203040506 |
+---------------------------------------------------------------------------------------------------+--------+------------------------------------------------------------------------+-----------+--------------+

aws elb describe-load-balancer-attributes  --load-balancer-name aaa-jsmyth-reltest-ec2-elb --query "LoadBalancerAttributes.AdditionalAttributes"
[
    {
        "Key": "elb.http.desyncmitigationmode",
        "Value": "monitor"
    }
]
aws elb describe-load-balancer-attributes  --load-balancer-name aaa-jsmyth-reltest-test01-elb-01 --query "LoadBalancerAttributes.AdditionalAttributes"
[
    {
        "Key": "elb.http.desyncmitigationmode",
        "Value": "defensive"
    }
]

query/eks/eks_cluster_with_latest_kubernetes_version.sql

+-------------------------------------------------------------+--------+-------------------------------------------------------+----------------+--------------+
| resource                                                    | status | reason                                                | region         | account_id   |
+-------------------------------------------------------------+--------+-------------------------------------------------------+----------------+--------------+
| arn:aws:eks:ap-southeast-1:010203040506:cluster/new-cluster | ok     | new-cluster runs on a lastet kubernetes version.      | ap-southeast-1 | 010203040506 |
| arn:aws:eks:ap-southeast-1:010203040506:cluster/eks-test    | alarm  | eks-test does not run on a lastet kubernetes version. | ap-southeast-1 | 010203040506 |
+-------------------------------------------------------------+--------+-------------------------------------------------------+----------------+--------------+

 aws eks describe-cluster --name eks-test --query "cluster.{name:name,version:version}"
{
    "name": "eks-test",
    "version": "1.21"
}
 aws eks describe-cluster --name new-cluster --query "cluster.{name:name,version:version}"
{
    "name": "new-cluster",
    "version": "1.22"
}

query/cloudfront/cloudfront_distribution_no_deprecated_ssl_protocol.sql

+--------------------------------------------------------------+--------+--------------------------------------------------------+--------+--------------+
| resource                                                     | status | reason                                                 | region | account_id   |
+--------------------------------------------------------------+--------+--------------------------------------------------------+--------+--------------+
| arn:aws:cloudfront::010203040506:distribution/EMSZX8KO6H40P  | alarm  | EMSZX8KO6H40P have deprecated SSL protocols.           | global | 010203040506 |
| arn:aws:cloudfront::010203040506:distribution/E1G4EVMY9YHX1A | ok     | E1G4EVMY9YHX1A does not have deprecated SSL protocols. | global | 010203040506 |
+--------------------------------------------------------------+--------+--------------------------------------------------------+--------+--------------+

$ aws cloudfront list-distributions --query "{Id:DistributionList.Items[*].Id, OriginSslProtocols:DistributionList.Items[*].Origins.Items[*].CustomOriginConfig.OriginSslProtocols}"
{
    "Id": [
        "EMSZX8KO6H40P"
    ],
    "OriginSslProtocols": [
        [
            {
                "Quantity": 4,
                "Items": [
                    "SSLv3",
                    "TLSv1",
                    "TLSv1.1",
                    "TLSv1.2"
                ]
            }
        ]
    ]
}

$ aws cloudfront  list-distributions --query "{Id:DistributionList.Items[*].Id, OriginSslProtocols:DistributionList.Items[*].Origins.Items[*].CustomOriginConfig.OriginSslProtocols}"
{
    "Id": [
        "E1G4EVMY9YHX1A"
    ],
    "OriginSslProtocols": [
        []
    ]
}

query/ecr/ecr_repository_tag_immutability_enabled.sql

+----------------------------------------------------------------------------+--------+---------------------------------------------------------+----------------+--------------+
| resource                                                                   | status | reason                                                  | region         | account_id   |
+----------------------------------------------------------------------------+--------+---------------------------------------------------------+----------------+--------------+
| arn:aws:ecr:us-east-1:010203040506:repository/test                         | ok     | test tag immutability enabled.                          | us-east-1      | 010203040506 |
| arn:aws:ecr:us-east-1:010203040506:repository/ora-hello                    | alarm  | ora-hello tag immutability disabled.                    | us-east-1      | 010203040506 |
+----------------------------------------------------------------------------+--------+---------------------------------------------------------+----------------+--------------+

$ aws ecr describe-repositories --query "repositories[*].{repositoryArn:repositoryArn,imageTagMutability:imageTagMutability}"
[
    {
        "repositoryArn": "arn:aws:ecr:us-east-1:010203040506:repository/ora-hello",
        "imageTagMutability": "MUTABLE"
    },
    {
        "repositoryArn": "arn:aws:ecr:us-east-1:010203040506:repository/test",
        "imageTagMutability": "IMMUTABLE"
    }
]

query/ecs/ecs_service_fargate_using_latest_platform_version.sql

+---------------------------------------------------------------------------------------------------------+--------+----------------------------------------------------------------------+----------------+--------------+
| resource                                                                                                | status | reason                                                               | region         | account_id   |
+---------------------------------------------------------------------------------------------------------+--------+----------------------------------------------------------------------+----------------+--------------+
| arn:aws:ecs:ap-southeast-1:010203040506:service/snapshot/ec2-service                                    | skip   | ec2-service is EC2 service.                                          | ap-southeast-1 | 010203040506 |
| arn:aws:ecs:ap-southeast-1:010203040506:service/snapshot/turbot_snapshot_copy                           | ok     | turbot_snapshot_copy running on the latest fargate platform version. | ap-southeast-1 | 010203040506 |
| arn:aws:ecs:ap-southeast-1:010203040506:service/snapshot/test-vk                                        | alarm  | test-vk not running on the latest fargate platform version.          | ap-southeast-1 | 010203040506 |
+---------------------------------------------------------------------------------------------------------+--------+----------------------------------------------------------------------+----------------+--------------+


$ aws ecs  describe-services --cluster snapshot --services test-vk  --query "services[*].{serviceName:serviceName, launchType:launchType, platformVersion:platformVersion}"
[
    {
        "serviceName": "test-vk",
        "launchType": "FARGATE",
        "platformVersion": "1.3.0"
    }
]
$ aws ecs  describe-services --cluster snapshot --services turbot_snapshot_copy   --query "services[*].{serviceName:serviceName, launchType:launchType, platformVersion:platformVersion}"
[
    {
        "serviceName": "turbot_snapshot_copy",
        "launchType": "FARGATE",
        "platformVersion": "LATEST"
    }
]
$ aws ecs  describe-services --cluster snapshot --services ec2-service   --query "services[*].{serviceName:serviceName, launchType:launchType, platformVersion:platformVersion}"
[
    {
        "serviceName": "ec2-service",
        "launchType": "EC2",
        "platformVersion": null
    }
]

@khushboo9024 khushboo9024 self-assigned this Jul 14, 2022
@khushboo9024 khushboo9024 marked this pull request as draft July 14, 2022 13:23
Base automatically changed from release/v0.39 to main July 14, 2022 15:26
@rajlearner17 rajlearner17 changed the base branch from main to release/v0.40 July 15, 2022 05:40
Base automatically changed from release/v0.40 to main July 15, 2022 14:54
@khushboo9024 khushboo9024 changed the base branch from main to release/v0.41 July 18, 2022 05:44
@khushboo9024 khushboo9024 marked this pull request as ready for review July 19, 2022 05:50
misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/ec2/ec2_instance_no_amazon_key_pair.sql Outdated
else 'alarm'
end as status,
case
when instance_state <> 'running' then title || ' is in ' || instance_state || ' state.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
when instance_state <> 'running' then title || ' is in ' || instance_state || ' state.'
when instance_state <> 'running' then title || ' is in ' || instance_state || ' state.'

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/efs/efs_access_point_enforce_user_identity.sql Outdated
end as status,
case
when posix_user is null then title || ' does not enforce a user identity.'
else title || ' enforce a user identity.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
else title || ' enforce a user identity.'
else title || ' enforces a user identity.'

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/ecs/ecs_task_definition_no_host_pid_mode.sql Outdated
else 'ok'
end as status,
case
when pid_mode = 'host' then title || ' share the host process namespace.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
when pid_mode = 'host' then title || ' share the host process namespace.'
when pid_mode = 'host' then title || ' shares the host process namespace.'

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/ecs/ecs_task_definition_container_non_privileged.sql Outdated
end as status,
case
when c.arn is null then d.title || ' does not have elevated privileges.'
else d.title || ' have elevated privileges.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
else d.title || ' have elevated privileges.'
else d.title || ' has elevated privileges.'

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/ec2/ec2_instance_virtualization_type_no_paravirtual.sql Outdated
Comment on lines 8 to 11
case
when virtualization_type = 'paravirtual' then title || ' virtualization type is paravirtual.'
else title || ' virtualization type is ' || virtualization_type || '.'
end as reason,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
case
when virtualization_type = 'paravirtual' then title || ' virtualization type is paravirtual.'
else title || ' virtualization type is ' || virtualization_type || '.'
end as reason,
title || ' virtualization type is ' || virtualization_type || '.' as reason,

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/cloudfront/cloudfront_distribution_no_deprecated_ssl_protocol.sql Outdated
end as status,
case
when o.arn is null then title || ' does not have deprecated SSL protocols.'
else title || ' have deprecated SSL protocols.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
else title || ' have deprecated SSL protocols.'
else title || ' has deprecated SSL protocols.'

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/autoscaling/autoscaling_launch_config_hop_limit.sql Outdated
Comment on lines 8 to 11
case
when metadata_options_put_response_hop_limit > 1 then title || ' metadata response hop limit is greater than 1.'
else title || ' metadata response hop limit is not greater than 1.'
end as reason,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
case
when metadata_options_put_response_hop_limit > 1 then title || ' metadata response hop limit is greater than 1.'
else title || ' metadata response hop limit is not greater than 1.'
end as reason,
title || ' has a metadata response hop limit of ' || metadata_options_put_response_hop_limit || '.' as reason

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
foundational_security/foundational_security.sp
Comment on lines +44 to +45
benchmark.foundational_security_sqs,
benchmark.foundational_security_ssm
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
benchmark.foundational_security_sqs,
benchmark.foundational_security_ssm
benchmark.foundational_security_ssm
benchmark.foundational_security_sqs,

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
foundational_security/docs/foundational_security_eks.md
@@ -0,0 +1,3 @@
## Overview

This section contains recommendations for configuring AWS EKS resources and options.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are the descriptions missing?

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
foundational_security/docs/foundational_security_ecs_5.md Outdated

1. Open the [Amazon ECS console](https://console.aws.amazon.com/ecs/).
2. In the left navigation pane, choose `Task Definitions`.
3.For each task definition that has container definitions that need to be updated, do the following:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3.For each task definition that has container definitions that need to be updated, do the following:
3. For each task definition that has container definitions that need to be updated, do the following:

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
query/eks/eks_cluster_with_latest_kubernetes_version.sql Outdated
Comment on lines 9 to 10
when version = '1.22' then title || ' runs on a lastet kubernetes version.'
else title || ' does not run on a lastet kubernetes version.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
when version = '1.22' then title || ' runs on a lastet kubernetes version.'
else title || ' does not run on a lastet kubernetes version.'
when version = '1.22' then title || ' runs on a latest kubernetes version.'
else title || ' does not run on a latest kubernetes version.'

misraved
misraved reviewed Jul 19, 2022
View reviewed changes
Copy link
Contributor

@misraved misraved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make changes wherever required

@misraved misraved merged commit f36bad9 into release/v0.41 Jul 19, 2022
@misraved misraved deleted the add-new-fsbp-controls branch July 19, 2022 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@misraved misraved misraved approved these changes

@vkumbha vkumbha Awaiting requested review from vkumbha

Assignees

@khushboo9024 khushboo9024

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@khushboo9024 @misraved