Merge pull request #118 from StevenSmiley/cleanup-examples

Cleanup AWS CloudFormation checks examples
aquasecurity · May 16, 2024 · 4b6f7cc · 4b6f7cc
2 parents 7e2b879 + 96fc699
commit 4b6f7cc
Show file tree

Hide file tree

Showing 109 changed files with 143 additions and 438 deletions.
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md
@@ -3,7 +3,7 @@ Enable Cloudtrail in all regions
 
 ```yaml---
 Resources:
-  BadExample:
+  GoodExample:
     Type: AWS::CloudTrail::Trail
     Properties:
       IsLogging: true

diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
@@ -3,7 +3,7 @@ Use Customer managed key
 
 ```yaml---
 Resources:
-  BadExample:
+  GoodExample:
     Type: AWS::CloudTrail::Trail
     Properties:
       IsLogging: true

diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md
@@ -3,7 +3,7 @@ Turn on log validation for Cloudtrail
 
 ```yaml---
 Resources:
-  BadExample:
+  GoodExample:
     Type: AWS::CloudTrail::Trail
     Properties:
       IsLogging: true

diff --git a/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md b/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md
@@ -3,14 +3,14 @@ Enable encryption at rest for DAX Cluster
 
 ```yaml---
 Resources:
-  daxCluster:
+  GoodExample:
     Type: AWS::DAX::Cluster
     Properties:
       ClusterName: "MyDAXCluster"
       NodeType: "dax.r3.large"
       ReplicationFactor: 1
       IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
-      Description: "DAX cluster created with CloudFormation"
+      Description: "DAX cluster with encryption at rest"
       SSESpecification:
         SSEEnabled: true
 

diff --git a/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md
@@ -2,8 +2,6 @@
 Add descriptions for all security groups
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of group description
 Resources:
   GoodSecurityGroup:
     Type: AWS::EC2::SecurityGroup

diff --git a/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md
@@ -2,10 +2,8 @@
 Set a more restrictive cidr range
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of ingress rule
 Resources:
-  BadSecurityGroup:
+  GoodSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: Limits security group egress traffic

diff --git a/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md
@@ -2,8 +2,6 @@
 Add descriptions for all security groups rules
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of SGR description
 Resources:
   GoodSecurityGroup:
     Type: AWS::EC2::SecurityGroup

diff --git a/avd_docs/aws/iam/AVD-AWS-0057/CloudFormation.md b/avd_docs/aws/iam/AVD-AWS-0057/CloudFormation.md
@@ -2,8 +2,6 @@
 Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of policy
 Resources:
   GoodPolicy:
     Type: 'AWS::IAM::Policy'

diff --git a/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md b/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md
@@ -3,7 +3,7 @@ Enable tracing
 
 ```yaml---
 Resources:
-  Function:
+  GoodExample:
     Type: AWS::Lambda::Function
     Properties:
       Handler: index.handler

diff --git a/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md b/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md
@@ -28,7 +28,6 @@ Resources:
       Action: lambda:InvokeFunction
       Principal: s3.amazonaws.com
       SourceArn: "lambda.amazonaws.com"
-  
 
 ```
 

diff --git a/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md
@@ -2,16 +2,13 @@
 Enable audit logging
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Broker:
+  GoodBroker:
     Type: AWS::AmazonMQ::Broker
     Properties:
       Logs:
         Audit: true
 
-
 ```
 
 
diff --git a/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md
@@ -2,16 +2,13 @@
 Enable general logging
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Broker:
+  GoodBroker:
     Type: AWS::AmazonMQ::Broker
     Properties:
       Logs:
         General: true
 
-
 ```
 
 
diff --git a/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md
@@ -2,15 +2,12 @@
 Disable public access when not required
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Broker:
+  GoodBroker:
     Type: AWS::AmazonMQ::Broker
     Properties:
       PubliclyAccessible: false
 
-
 ```
 
 
diff --git a/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md
@@ -2,10 +2,8 @@
 Enable in transit encryption
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::MSK::Cluster
     Properties:
       EncryptionInfo:

diff --git a/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md
@@ -2,10 +2,8 @@
 Enable logging
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::MSK::Cluster
     Properties:
       LoggingInfo:

diff --git a/avd_docs/aws/msk/AVD-AWS-0179/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0179/CloudFormation.md
@@ -2,10 +2,8 @@
 Enable at rest encryption
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::MSK::Cluster
     Properties:
       EncryptionInfo:

diff --git a/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md
@@ -2,17 +2,13 @@
 Enable export logs
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::Neptune::DBCluster
     Properties:
       EnableCloudwatchLogsExports:
         - audit
 
-
-
 ```
 
 
diff --git a/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md
@@ -2,16 +2,13 @@
 Enable encryption of Neptune storage
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::Neptune::DBCluster
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
diff --git a/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md
@@ -2,16 +2,13 @@
 Enable encryption using customer managed keys
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::Neptune::DBCluster
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
diff --git a/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md
@@ -2,15 +2,12 @@
 Explicitly set the retention period to greater than the default
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       BackupRetentionPeriod: 30
 
-
 ```
 
 
diff --git a/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md
@@ -2,16 +2,13 @@
 Use Customer Managed Keys to encrypt Performance Insights data
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       EnablePerformanceInsights: true
       PerformanceInsightsKMSKeyId: "something"
 
-
 ```
 
 
diff --git a/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md
@@ -2,16 +2,13 @@
 Enable encryption for RDS clusters
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of rds sgr
 Resources:
-  Cluster:
+  GoodExample:
     Type: AWS::RDS::DBCluster
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
diff --git a/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md
@@ -2,10 +2,8 @@
 Enable encryption for RDS instances
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of rds sgr
 Resources:
-  Instance:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       StorageEncrypted: true

diff --git a/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md
@@ -2,10 +2,8 @@
 Enable performance insights
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       EnablePerformanceInsights: true

diff --git a/avd_docs/aws/rds/AVD-AWS-0180/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0180/CloudFormation.md
@@ -2,15 +2,12 @@
 Remove the public endpoint from the RDS instance.
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       PubliclyAccessible: false
 
-
 ```
 
 
diff --git a/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md
@@ -2,15 +2,12 @@
 Add descriptions for all security groups and rules
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of redshift sgr
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::Redshift::ClusterSecurityGroup
     Properties:
       Description: "Disallow bad stuff"
 
-
 ```
 
 
diff --git a/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md
@@ -2,16 +2,13 @@
 Enable encryption using CMK
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of redshift cluster
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::Redshift::Cluster
     Properties:
       Encrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
diff --git a/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md
@@ -2,15 +2,12 @@
 Deploy Redshift cluster into a non default VPC
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of redshift cluster
 Resources:
-  Queue:
+  GoodCluster:
     Type: AWS::Redshift::Cluster
     Properties:
       ClusterSubnetGroupName: "my-subnet-group"
 
-
 ```