Skip to content

Release v1.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 07 Jun 06:29
v1.0
2c5039c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

✨ New Policies

  • b54d258 - added non compatible policies (see the list in the commit message)
  • 5e4393b - added a number of terraform files for policies (see the list in the commit message)
  • 3e9aed2 - added policy ecc-aws-807-unused_efs_filesystem
  • 4d48faf - added policy ecc-aws-1005-ebs_volumes_too_old_snapshots
  • 737f6e8 - added policy ecc-aws-526-waf_global_rulegroup_not_empty
  • 075a903 - added policy ecc-aws-529-ebs_attached_volume_delete_on_termination_enabled
  • e7208b3 - added policy ecc-aws-543-cloudfront_realtime_logging_enabled
  • ad35d4c - added policy ecc-aws-546-kinesis_streams_retention_period_set_correctly
  • 5810523 - added policy ecc-aws-548-ebs_volumes_are_of_type_gp3_instead_of_gp2
  • 9f014d6 - added policy ecc-aws-547-rds_instance_generation
  • 11ef8ce - added policy ecc-aws-552-dynamodb_tables_unused
  • f0dc7d1 - added policy ecc-aws-553-unused_clb
  • cbe41ca - added policy ecc-aws-560-unused_sns_topic
  • 5254033 - added policy ecc-aws-571-stopped_rds_instances_removed
  • 738f42b - added policy ecc-aws-572-disabled_kms_keys_removed
  • beb24ca - added policy ecc-aws-573-unused_nat_gateway
  • cd5cc3f - added policy ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances
  • bb3e948 - added policy ecc-aws-576-ec2_instance_dedicated_tenancy
  • 0a9ea6d - added policy ecc-aws-577-reserved_ec2_instance_payment_failed
  • 2115d78 - added policy ecc-aws-578-reserved_ec2_instance_payment_pending
  • 6a6db51 - added policy ecc-aws-579-reserved_ec2_instance_recent_purchases
  • deffe48 - added policy ecc-aws-580-reserved_instance_lease_expiration_in_30_days
  • 6edbb11 - added policy ecc-aws-581-reserved_instance_lease_expiration_in_7_days
  • f7c3aa5 - added policy ecc-aws-582-ecs_service_placement_strategy
  • 26ebbec - added policy ecc-aws-610-idle_ec2_instance
  • 27c142e - added policy ecc-aws-594-underutilized_rds_instance_storage
  • 3f062a3 - added policy ecc-aws-614-idle_rds_instance
  • 9dabefa - added policy ecc-aws-604-efs_without_lifecycle_management
  • 537e1fe - added policy ecc-aws-601-auto_scaling_group_statically_configured
  • 96f4899 - added policy ecc-aws-067-unauthorized_api_calls_alarm_exists
  • e0902d1 - added policy ecc-aws-493-ecs_container_insights_enabled
  • 1e356f7 - added policy ecc-aws-376-api_gateway_http_api_and_websocket_api_logs_not_enabled
  • a68480d - added policy ecc-aws-872-access_to_cloudshell_restricted
  • f96d13e - added policy ecc-aws-549-ec2_instance_previous_generation
  • 6d7b1f0 - added policy ecc-aws-583-elb_classic_metadata
  • cff94e1 - added policy ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1
  • 5c119e8 - added policy ecc-aws-590-rds_general_purpose_ssd_storage_type
  • ee0c927 - added policy ecc-aws-598-redshift_instance_generation
  • 113c7d8 - added policy ecc-aws-566-opensearch_auto_tune_enabled
  • 4471865 - added policy ecc-aws-602-cloudwatch_logs_with_no_log_retention_period
  • 203dd37 - added policy ecc-aws-586-elasticsearch_general_purpose_ssd_volume
  • 6ec8467 - added policy ecc-aws-630-ec2_ami_not_in_use
  • 22888bc - added policy ecc-aws-591-reserved_rds_instance_payment_failed
  • 4267de2 - added policy ecc-aws-569-asg_propagate_tags_to_ec2_instances
  • 3477e96 - added policy ecc-aws-077-sign_in_without_mfa_alarm_exist
  • 4c9c06e - added policy ecc-aws-080-cloudtrail_configuration_changes_alarm_exists
  • e49896e - added policy ecc-aws-079-iam_policy_changes_alarm_exist
  • 4c25919 - added policy ecc-aws-145-organizations_changes_alarm_exists
  • 3658a3b - added policy ecc-aws-094-s3_bucket_policy_changes_alarm_exists
  • 743ef15 - added policy ecc-aws-082-cmk_key_disabling_or_deletion_alarm_exists
  • 710bdbb - added policy ecc-aws-095-aws_config_configuration_changes_alarm_exists
  • 1b7779f - added policy ecc-aws-081-console_auth_failure_alarm_exists
  • 0d01684 - added policy ecc-aws-097-network_access_control_lists_changes_alarm_exists
  • e664fca - added policy ecc-aws-100-vpc_changes_alarm_exists
  • 4e3e5ff - added policy ecc-aws-096-security_group_changes_alarm_exists
  • 8ce9cd5 - added policy ecc-aws-078-root_usage_alarm_exists
  • cc9c290 - added policy ecc-aws-098-network_gateways_changes_alarm_exists
  • bac0064 - added policy ecc-aws-099-route_table_changes_alarm_exists
  • dfd9278 - added policy ecc-aws-595-reserved_redshift_node_payment_failed
  • 897fbc2 - added policy ecc-aws-596-reserved_redshift_node_payment_pending
  • 33a6486 - added policy ecc-aws-587-elasticsearch_reserved_instance_payment_failed
  • 004e5ea - added policy ecc-aws-588-elasticsearch_reserved_instance_payment_pending
  • 7ac3dee - added policy ecc-aws-592-reserved_rds_instance_payment_pending
  • 092f994 - added policy ecc-aws-589-elasticsearch_reserved_instance_recent_purchases
  • a47b972 - added policy ecc-aws-593-reserved_rds_instance_recent_purchases
  • ce87620 - added policy ecc-aws-597-reserved_redshift_node_recent_purchases
  • 1f3b9fc - added policy ecc-aws-218-secrets_manager_rotation_enabled
  • 7428c6c - added policy ecc-aws-219-secrets_manager_successful_rotation_check
  • efd83c8 - added policy ecc-aws-220-secrets_manager_unused_secret

🔧 Updates

  • 84be271 - re-index all policies
  • 1fb3342 - added index(comment) to all rules
  • 0b6311c - updated policy ecc-aws-548-ebs_volumes_are_of_type_gp3_instead_of_gp2
  • ea93aa3 - updated comment field for all policies
  • cd33519 - updated policy 043
  • 63631e0 - updated policy 499
  • ee05e81 - updated policies 040, 283, 310, 434, 461, 508
  • a638744 - split permissions into two files
  • 0dd9539 - updated a number of policies (see the list in the commit message)
  • a1f8c6a - updated policies 272, 283, 310, 461, 497, 508
  • da86c3c - update iam/All-permission_*.json files
  • 6f9805f - update terraforms 001-288 to provider version 5
  • 0bba04a - update terraforms 289-347 to provider version 5
  • 169df56 - update terraform to provider version 5 for policies 348, 349, 366, 377, 378, 379, 458, 462, 469, 471, 472, 489, 490, 517, 531
  • 5575d28 - update terraform to provider version 5 for policies 386, 387, 388, 374, 491, 492, 493, 494, 520, 521, 365, 510, 506, 505, 534
  • 4d0821b - update terraforms to provider version 5 for a number of policies (see the list in the commit message)
  • 750679f - update terraforms to provider version 5 for a number of policies (see the list in the commit message)
  • 989598f - update iam permissions for policies 396 and 476

🩹 Policy Fixes

  • 595a1b0 - fixed policy 298
  • 0047710 - fixed policy ecc-aws-258-emr_at_rest_and_in_transit_encryption_enabled
  • b2bd85e - fixed policy 258

🩹 Terraform Fixes

  • 5dd197c - fixed a number of terraform files for policies (see the list in the commit message)
  • ca732c4 - fixed terraform for policy ecc-aws-258-emr_at_rest_and_in_transit_encryption_enabled
  • 3910835 - fixed terraform for policy 258
  • 5efb4ac - fixed terraforms for policies 040, 283, 310, 434, 461
  • 001a77f - fixed terraform for policies 052, 127, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 304, 305, 306, 307, 362, 394, 425, 444, 446, 447, 448, 508
  • 3608353 - fixed terraform for policy 186
  • f333850 - fix terraform for policies 383, 384, 385, 474, 475, 476, 479, 488, 513, 514, 529, 552, 503, 504, 461

🩹 Test Fixes

  • a9870e4 - fixed tests for policy 490
  • e54a209 - fixed tests for policy 111
  • e3ad0f1 - fixed tests for policy 258
  • 5e27957 - fixed tests for policies 040, 283, 310, 434, 461, 508

📝 Documentation Changes

  • 55363ec - added README.md for non-compatible-policies

➖ Deletions

  • 205475a - delete terraform for policy 016

📂 Other Changes

new_rules_from_sprint

New rules

Added issue templates

Public rules

Assets 2
Loading