diff --git a/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md b/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md index 305f601b..2fc2ffb3 100644 --- a/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md +++ b/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md @@ -18,7 +18,6 @@ Resources: Format: json ApiId: !Ref GoodApi StageName: GoodApiStage - ``` diff --git a/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md b/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md index 500bb0a4..ab570c4a 100644 --- a/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md +++ b/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md @@ -11,7 +11,6 @@ Resources: ResultConfiguration: EncryptionConfiguration: EncryptionOption: SSE_KMS - ``` diff --git a/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md b/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md index 0b72109f..d5691727 100644 --- a/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md +++ b/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md @@ -12,7 +12,6 @@ Resources: ResultConfiguration: EncryptionConfiguration: EncryptionOption: SSE_KMS - ``` diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md index c9f86384..a89e81c3 100644 --- a/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md +++ b/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md @@ -16,7 +16,6 @@ Resources: Origins: - DomainName: https://some.domain Id: somedomain1 - ``` diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md index 74f6b814..485a3188 100644 --- a/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md +++ b/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md @@ -17,7 +17,6 @@ Resources: - DomainName: https://some.domain Id: somedomain1 WebACLId: waf_id - ``` diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md index 75e02ab7..3999dd5d 100644 --- a/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md +++ b/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md @@ -17,7 +17,6 @@ Resources: - DomainName: https://some.domain Id: somedomain1 WebACLId: waf_id - ``` diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md index 9521b3b0..e710df16 100644 --- a/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md +++ b/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md @@ -18,7 +18,6 @@ Resources: Id: somedomain1 ViewerCertificate: MinimumProtocolVersion: TLSv1.2_2021 - ``` diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md index 05004545..03b661fc 100644 --- a/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md +++ b/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md @@ -11,7 +11,6 @@ Resources: S3BucketName: CloudtrailBucket S3KeyPrefix: /trailing TrailName: Cloudtrail - ``` diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md index acc0c76c..760070b7 100644 --- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md +++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md @@ -12,7 +12,6 @@ Resources: S3BucketName: CloudtrailBucket S3KeyPrefix: /trailing TrailName: Cloudtrail - ``` #### Remediation Links diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md index 75511d89..30906da3 100644 --- a/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md +++ b/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md @@ -12,7 +12,6 @@ Resources: S3BucketName: CloudtrailBucket S3KeyPrefix: /trailing TrailName: Cloudtrail - ``` diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md index 1886b781..88d0fbfa 100644 --- a/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md +++ b/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md @@ -15,7 +15,6 @@ Resources: IsLogging: true S3BucketName: my-bucket TrailName: Cloudtrail - ``` diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md index 123bdf95..d30c3281 100644 --- a/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md +++ b/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:* TrailName: Cloudtrail - ``` diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md index 44145127..a2cba797 100644 --- a/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md +++ b/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md @@ -17,7 +17,6 @@ Resources: IsLogging: true S3BucketName: my-bucket TrailName: Cloudtrail - ``` diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md index dfb8906f..a67e8a51 100644 --- a/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md +++ b/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md @@ -9,7 +9,6 @@ Resources: KmsKeyId: arn:aws:kms:us-west-2:111122223333:key/lambdalogging LogGroupName: aws/lambda/goodExample RetentionInDays: 30 - ``` diff --git a/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md b/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md index 16241d32..eaf54814 100644 --- a/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md +++ b/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md @@ -26,7 +26,6 @@ Resources: Packaging: String Path: String Type: String - ``` diff --git a/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md b/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md index 0d24f1e2..4bac7fb2 100644 --- a/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md +++ b/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md @@ -9,7 +9,6 @@ Resources: AccountAggregationSources: - AllAwsRegions: true ConfigurationAggregatorName: GoodAccountLevelAggregation - ``` ```yaml Resources: @@ -19,7 +18,6 @@ Resources: ConfigurationAggregatorName: GoodAccountLevelAggregation OrganizationAggregationSource: AllAwsRegions: true - ``` diff --git a/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md b/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md index 7fbaf488..aa782b89 100644 --- a/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md +++ b/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md @@ -23,7 +23,6 @@ Resources: DBInstanceClass: db.r5.large DBInstanceIdentifier: sample-cluster-instance-0 PreferredMaintenanceWindow: sat:06:54-sat:07:24 - ``` diff --git a/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md b/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md index 08ad5fdf..2e236aad 100644 --- a/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md +++ b/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md @@ -24,7 +24,6 @@ Resources: DBInstanceClass: db.r5.large DBInstanceIdentifier: sample-cluster-instance-0 PreferredMaintenanceWindow: sat:06:54-sat:07:24 - ``` diff --git a/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md b/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md index 63cfd7be..e2c67c99 100644 --- a/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md +++ b/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md @@ -23,7 +23,6 @@ Resources: DBInstanceClass: db.r5.large DBInstanceIdentifier: sample-cluster-instance-0 PreferredMaintenanceWindow: sat:06:54-sat:07:24 - ``` diff --git a/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md b/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md index adfd0051..ed1e79c1 100644 --- a/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md +++ b/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md @@ -13,7 +13,6 @@ Resources: ReplicationFactor: 1 SSESpecification: SSEEnabled: true - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md index cc1c0393..2989ebab 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md @@ -12,7 +12,6 @@ Resources: Encrypted: true ImageId: ami-123456 InstanceType: t2.small - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md index f15d5bab..9a923a08 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: ImageId: ami-123456 InstanceType: t2.small - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md index 4260df09..b92dbd7c 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md @@ -10,7 +10,6 @@ Resources: Encrypted: true KmsKeyId: alias/volumeEncrypt Size: 100 - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md index 43f00fb5..98036223 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md @@ -10,7 +10,6 @@ Resources: Encrypted: true KmsKeyId: alias/volumeEncrypt Size: 100 - ``` ```yaml Resources: @@ -21,7 +20,6 @@ Resources: Encrypted: true KmsKeyId: MyStack:Key Size: 100 - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md index 4dbaaeca..12db6e17 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md @@ -17,7 +17,6 @@ Resources: ImageId: ami-79fd7eee KeyName: testkey UserData: export SSM_PATH=/database/creds - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md index 53e94533..5ca4cb66 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md @@ -10,7 +10,6 @@ Resources: SecurityGroupEgress: - CidrIp: 127.0.0.1/32 IpProtocol: "-1" - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md index 3556be29..53211631 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md @@ -20,7 +20,6 @@ Resources: Protocol: 6 Ref: NetworkACL RuleAction: allow - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md index 5d4151a1..05bde048 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md @@ -14,7 +14,6 @@ Resources: SecurityGroupEgress: - CidrIp: 127.0.0.1/32 IpProtocol: "6" - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md index 18e281de..72edb44b 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md @@ -19,7 +19,6 @@ Resources: NetworkAclId: !Ref NetworkACL Protocol: 6 RuleAction: allow - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md index 1e57d753..3ab2fff4 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md @@ -10,7 +10,6 @@ Resources: SecurityGroupIngress: - CidrIp: 127.0.0.1/32 IpProtocol: "6" - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md index f128ed9d..e8ed2cc0 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md @@ -11,7 +11,6 @@ Resources: - CidrIp: 127.0.0.1/32 Description: Can connect to loopback IpProtocol: "-1" - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md index 619769e2..94a5b28e 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md @@ -29,7 +29,6 @@ Resources: Path: / Roles: - MyAdminRole - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md index 0cf1c0f9..373dbb58 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md @@ -9,7 +9,6 @@ Resources: MetadataOptions: HttpEndpoint: enabled HttpTokens: required - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md index 935b453d..45367feb 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md @@ -17,7 +17,6 @@ Resources: ImageId: ami-79fd7eee KeyName: testkey UserData: export SSM_PATH=/database/creds - ``` diff --git a/avd_docs/aws/ec2/AVD-AWS-0164/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0164/CloudFormation.md index aa32a5f5..c763f07e 100644 --- a/avd_docs/aws/ec2/AVD-AWS-0164/CloudFormation.md +++ b/avd_docs/aws/ec2/AVD-AWS-0164/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::EC2::Subnet Properties: VpcId: vpc-123456 - ``` diff --git a/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md index c5c3cb41..6c98b508 100644 --- a/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md +++ b/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md @@ -13,7 +13,6 @@ Resources: ScanOnPush: true ImageTagImmutability: IMMUTABLE RepositoryName: test-repository - ``` diff --git a/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md index 1b80685c..a56f54a9 100644 --- a/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md +++ b/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md @@ -13,7 +13,6 @@ Resources: ScanOnPush: false ImageTagMutability: IMMUTABLE RepositoryName: test-repository - ``` diff --git a/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md index 723f22c0..183d77aa 100644 --- a/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md +++ b/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md @@ -29,7 +29,6 @@ Resources: - arn:aws:iam::123456789012:user/Alice Sid: AllowPushPull Version: "2012-10-17" - ``` diff --git a/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md index de18242d..9090c0a5 100644 --- a/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md +++ b/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md @@ -13,7 +13,6 @@ Resources: ScanOnPush: false ImageTagImmutability: IMMUTABLE RepositoryName: test-repository - ``` diff --git a/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md b/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md index 325200b9..ae8926e0 100644 --- a/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md +++ b/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md @@ -10,7 +10,6 @@ Resources: ClusterSettings: - Name: containerInsights Value: enabled - ``` diff --git a/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md b/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md index 23d8e278..4919fc7a 100644 --- a/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md +++ b/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md @@ -38,7 +38,6 @@ Resources: FilesystemId: fs1 TransitEncryption: ENABLED Name: jenkins-home - ``` diff --git a/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md b/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md index f8986994..4ec86e4f 100644 --- a/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md +++ b/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md @@ -38,7 +38,6 @@ Resources: FilesystemId: fs1 TransitEncryption: ENABLED Name: jenkins-home - ``` diff --git a/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md b/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md index b4ad313f..c198b669 100644 --- a/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md +++ b/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md @@ -13,7 +13,6 @@ Resources: - TransitionToIA: AFTER_60_DAYS PerformanceMode: generalPurpose ThroughputMode: bursting - ``` diff --git a/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md b/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md index f967be2f..abf243c2 100644 --- a/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md +++ b/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md @@ -20,7 +20,6 @@ Resources: - subnet-e7e761ac RoleArn: arn:aws:iam::012345678910:role/eks-service-role-good-example Version: "1.14" - ``` diff --git a/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md b/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md index 60321533..d7bc3ea7 100644 --- a/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md +++ b/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md @@ -19,7 +19,6 @@ Resources: Properties: CacheSecurityGroupName: GoodExampleCacheGroup EC2SecurityGroupName: GoodExampleEc2SecurityGroup - ``` diff --git a/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md b/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md index 221d3ef7..f5cbc39c 100644 --- a/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md +++ b/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md @@ -15,7 +15,6 @@ Resources: - us-west-2a - us-west-2b SnapshotRetentionLimit: 7 - ``` diff --git a/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md b/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md index a056675f..f704284b 100644 --- a/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md +++ b/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md @@ -21,7 +21,6 @@ Resources: SnapshotRetentionLimit: 5 SnapshotWindow: 10:00-12:00 TransitEncryptionEnabled: true - ``` diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md index bdd6b577..bc1cfa17 100644 --- a/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md +++ b/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md @@ -26,7 +26,6 @@ Resources: LogPublishingOptions: AUDIT_LOGS: Enabled: true - ``` diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md index 6e1174a6..83a3ba99 100644 --- a/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md +++ b/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md @@ -25,7 +25,6 @@ Resources: KmsKeyId: alias/kmskey NodeToNodeEncryptionOptions: Enabled: true - ``` diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md index 072c6430..3c86328b 100644 --- a/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md +++ b/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md @@ -25,7 +25,6 @@ Resources: EncryptionAtRestOptions: Enabled: true KmsKeyId: alias/kmskey - ``` diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md index aff4b28b..45931475 100644 --- a/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md +++ b/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md @@ -23,7 +23,6 @@ Resources: EncryptionAtRestOptions: Enabled: true KmsKeyId: alias/kmskey - ``` diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md index 1372ca38..77525c6d 100644 --- a/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md +++ b/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md @@ -25,7 +25,6 @@ Resources: EncryptionAtRestOptions: Enabled: true KmsKeyId: alias/kmskey - ``` diff --git a/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md b/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md index 733212f2..a9168ff8 100644 --- a/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md +++ b/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md @@ -15,7 +15,6 @@ Resources: Tags: - Key: Environment Value: Production - ``` diff --git a/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md b/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md index 721d23a7..705033c3 100644 --- a/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md +++ b/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md @@ -21,7 +21,6 @@ Resources: SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036 - ``` diff --git a/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md b/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md index d528b026..0719998d 100644 --- a/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md +++ b/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md @@ -29,7 +29,6 @@ Resources: FunctionName: !Ref GoodExample Principal: s3.amazonaws.com SourceArn: lambda.amazonaws.com - ``` diff --git a/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md index fbe7c864..c1a8075c 100644 --- a/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md +++ b/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: Logs: Audit: true - ``` diff --git a/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md index 0b6b547b..b4db611b 100644 --- a/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md +++ b/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: Logs: General: true - ``` diff --git a/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md index b97e0915..56e37761 100644 --- a/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md +++ b/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::AmazonMQ::Broker Properties: PubliclyAccessible: false - ``` diff --git a/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md index b7dfc92d..c59275b7 100644 --- a/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md +++ b/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md @@ -9,7 +9,6 @@ Resources: EncryptionInfo: EncryptionInTransit: ClientBroker: TLS - ``` diff --git a/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md index 59b09c74..963ce1ff 100644 --- a/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md +++ b/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md @@ -10,7 +10,6 @@ Resources: BrokerLogs: S3: Enabled: true - ``` diff --git a/avd_docs/aws/msk/AVD-AWS-0179/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0179/CloudFormation.md index 1f0970ef..39b8a5ed 100644 --- a/avd_docs/aws/msk/AVD-AWS-0179/CloudFormation.md +++ b/avd_docs/aws/msk/AVD-AWS-0179/CloudFormation.md @@ -9,7 +9,6 @@ Resources: EncryptionInfo: EncryptionAtRest: DataVolumeKMSKeyId: foo-bar-key - ``` diff --git a/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md index 7107c65a..6e8c2936 100644 --- a/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md +++ b/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: EnableCloudwatchLogsExports: - audit - ``` diff --git a/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md index 548a7c61..38b24f3f 100644 --- a/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md +++ b/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: KmsKeyId: something StorageEncrypted: true - ``` diff --git a/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md index 31a49289..2d18d48a 100644 --- a/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md +++ b/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: KmsKeyId: something StorageEncrypted: true - ``` diff --git a/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md index c8fc8ee4..ffc3ff62 100644 --- a/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md +++ b/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::RDS::DBInstance Properties: BackupRetentionPeriod: 30 - ``` diff --git a/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md index d9b8234e..ce1df400 100644 --- a/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md +++ b/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: EnablePerformanceInsights: true PerformanceInsightsKMSKeyId: something - ``` diff --git a/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md index 2701ae96..a9f16d61 100644 --- a/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md +++ b/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: KmsKeyId: something StorageEncrypted: true - ``` diff --git a/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md index 3d2ca0bb..3e7d2a89 100644 --- a/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md +++ b/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: KmsKeyId: something StorageEncrypted: true - ``` diff --git a/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md index 68866a1b..eee0f221 100644 --- a/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md +++ b/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: EnablePerformanceInsights: true PerformanceInsightsKMSKeyId: something - ``` diff --git a/avd_docs/aws/rds/AVD-AWS-0180/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0180/CloudFormation.md index 3f435909..f15c763a 100644 --- a/avd_docs/aws/rds/AVD-AWS-0180/CloudFormation.md +++ b/avd_docs/aws/rds/AVD-AWS-0180/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::RDS::DBInstance Properties: PubliclyAccessible: false - ``` diff --git a/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md index 6f950329..3914462f 100644 --- a/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md +++ b/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::Redshift::ClusterSecurityGroup Properties: Description: Disallow bad stuff - ``` diff --git a/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md index 201b3b8e..2567ce11 100644 --- a/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md +++ b/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: Encrypted: true KmsKeyId: something - ``` diff --git a/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md index f1f622aa..b8106555 100644 --- a/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md +++ b/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md @@ -7,7 +7,6 @@ AWSTemplateFormatVersion: "2010-09-09" Description: Good example of redshift sgr Resources: null - ``` diff --git a/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md index b8021740..58fe2cc4 100644 --- a/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md +++ b/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::Redshift::Cluster Properties: ClusterSubnetGroupName: my-subnet-group - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md index f295de47..bd24144e 100644 --- a/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md @@ -11,7 +11,6 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md index 59566684..75953e46 100644 --- a/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md @@ -11,7 +11,6 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md index 1d5ae66e..85f5c1ff 100644 --- a/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md @@ -11,7 +11,6 @@ Resources: - BucketKeyEnabled: true ServerSideEncryptionByDefault: SSEAlgorithm: AES256 - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md index 4ebd5e5d..0ab131bb 100644 --- a/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md @@ -9,7 +9,6 @@ Resources: LoggingConfiguration: DestinationBucketName: logging-bucket LogFilePrefix: accesslogs/ - ``` ```yaml Resources: @@ -29,7 +28,6 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md index c5d0a735..f2bc3c71 100644 --- a/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: VersioningConfiguration: Status: Enabled - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md index b7682e42..e44ecaf4 100644 --- a/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md @@ -12,7 +12,6 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md index 30d3f127..0d7fb01f 100644 --- a/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md @@ -7,7 +7,6 @@ Resources: Type: AWS::S3::Bucket Properties: AccessControl: Private - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md index a3619ac8..fe86121f 100644 --- a/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md @@ -11,7 +11,6 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md index 65fda929..4082bb9b 100644 --- a/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md @@ -12,7 +12,6 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true - ``` diff --git a/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md index e61b1766..582b36da 100644 --- a/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md +++ b/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md @@ -12,7 +12,6 @@ Resources: ServerSideEncryptionByDefault: KMSMasterKeyID: kms-arn SSEAlgorithm: aws:kms - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md index c62666e0..554d5412 100644 --- a/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md @@ -13,7 +13,6 @@ Resources: Name: Good SAM API example StageName: Prod TracingEnabled: false - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md index 036d8132..1cb3a02c 100644 --- a/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md @@ -9,7 +9,6 @@ Resources: Name: Good SAM API example StageName: Prod TracingEnabled: true - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md index 1ab7c12f..cde11c9f 100644 --- a/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md @@ -11,7 +11,6 @@ Resources: Name: Good SAM API example StageName: Prod TracingEnabled: false - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md index b44b804a..5ec16b6b 100644 --- a/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md @@ -14,7 +14,6 @@ Resources: Name: Good SAM API example StageName: Prod TracingEnabled: false - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md index 80c2372a..82a7756a 100644 --- a/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md @@ -12,7 +12,6 @@ Resources: Name: Good SAM API example StageName: Prod Tracing: Activey - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md index c46dabe5..ba9584c7 100644 --- a/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md @@ -16,7 +16,6 @@ Resources: Role: arn:aws:iam::123456123456:role/service-role/my-sample-role Tracing: Enabled: true - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md index 3b23e844..4c49ccc9 100644 --- a/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md @@ -9,7 +9,6 @@ Resources: SSESpecification: SSEEnabled: true TableName: GoodTable - ``` diff --git a/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md index b395aa20..b93d1562 100644 --- a/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md +++ b/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md @@ -15,7 +15,6 @@ Resources: ImageUri: account-id.dkr.ecr.region.amazonaws.com/ecr-repo-name:image-name PackageType: Image Tracing: Active - ``` diff --git a/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md b/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md index d7723a30..30520d22 100644 --- a/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md +++ b/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: KmsMasterKeyId: some-key TopicName: blah - ``` diff --git a/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md b/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md index f223a207..90c4d85c 100644 --- a/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md +++ b/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md @@ -8,7 +8,6 @@ Resources: Properties: KmsMasterKeyId: some-key TopicName: blah - ``` diff --git a/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md b/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md index e7012487..f3afc1f5 100644 --- a/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md +++ b/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md @@ -12,7 +12,6 @@ Resources: Properties: KmsMasterKeyId: some-key QueueName: my-queue - ``` diff --git a/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md b/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md index 9873b2d4..f3ae86dc 100644 --- a/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md +++ b/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md @@ -27,7 +27,6 @@ Resources: Resource: arn:aws:sqs:us-east-2:444455556666:queue2 Queues: - !Ref MyQueue - ``` diff --git a/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md b/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md index d88830d3..e7fd4e44 100644 --- a/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md +++ b/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md @@ -12,7 +12,6 @@ Resources: Properties: KmsMasterKeyId: some-key QueueName: my-queue - ``` diff --git a/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md b/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md index 3f242e27..8accf2e6 100644 --- a/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md +++ b/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md @@ -14,7 +14,6 @@ Resources: KmsKeyId: my-key-id Name: blah SecretString: don't tell anyone - ``` diff --git a/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md b/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md index 83dbe34d..cab10eb9 100644 --- a/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md +++ b/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md @@ -9,7 +9,6 @@ Resources: RootVolumeEncryptionEnabled: true UserName: admin UserVolumeEncryptionEnabled: true - ``` ```yaml Resources: @@ -19,7 +18,6 @@ Resources: RootVolumeEncryptionEnabled: true UserName: admin UserVolumeEncryptionEnabled: true - ``` diff --git a/checks/cloud/aws/apigateway/enable_access_logging.yaml b/checks/cloud/aws/apigateway/enable_access_logging.yaml index 0247a130..3fdc3f2a 100644 --- a/checks/cloud/aws/apigateway/enable_access_logging.yaml +++ b/checks/cloud/aws/apigateway/enable_access_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good Example of ApiGateway @@ -18,7 +18,7 @@ cloudformation: ApiId: !Ref GoodApi StageName: GoodApiStage bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad Example of ApiGateway diff --git a/checks/cloud/aws/athena/enable_at_rest_encryption.yaml b/checks/cloud/aws/athena/enable_at_rest_encryption.yaml index 9a3157a6..3ae2ec13 100644 --- a/checks/cloud/aws/athena/enable_at_rest_encryption.yaml +++ b/checks/cloud/aws/athena/enable_at_rest_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Athena::WorkGroup @@ -11,7 +11,7 @@ cloudformation: EncryptionConfiguration: EncryptionOption: SSE_KMS bad: - - | + - |- Resources: BadExample: Type: AWS::Athena::WorkGroup diff --git a/checks/cloud/aws/athena/no_encryption_override.yaml b/checks/cloud/aws/athena/no_encryption_override.yaml index 0a2b459e..e6675291 100644 --- a/checks/cloud/aws/athena/no_encryption_override.yaml +++ b/checks/cloud/aws/athena/no_encryption_override.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Athena::WorkGroup @@ -12,7 +12,7 @@ cloudformation: EncryptionConfiguration: EncryptionOption: SSE_KMS bad: - - | + - |- Resources: BadExample: Type: AWS::Athena::WorkGroup diff --git a/checks/cloud/aws/cloudfront/enable_logging.yaml b/checks/cloud/aws/cloudfront/enable_logging.yaml index 155f0663..90f8cea4 100644 --- a/checks/cloud/aws/cloudfront/enable_logging.yaml +++ b/checks/cloud/aws/cloudfront/enable_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudFront::Distribution @@ -16,7 +16,7 @@ cloudformation: - DomainName: https://some.domain Id: somedomain1 bad: - - | + - |- Resources: BadExample: Type: AWS::CloudFront::Distribution diff --git a/checks/cloud/aws/cloudfront/enable_waf.yaml b/checks/cloud/aws/cloudfront/enable_waf.yaml index 3c51aea8..158e5337 100644 --- a/checks/cloud/aws/cloudfront/enable_waf.yaml +++ b/checks/cloud/aws/cloudfront/enable_waf.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudFront::Distribution @@ -17,7 +17,7 @@ cloudformation: Id: somedomain1 WebACLId: waf_id bad: - - | + - |- Resources: BadExample: Type: AWS::CloudFront::Distribution diff --git a/checks/cloud/aws/cloudfront/enforce_https.yaml b/checks/cloud/aws/cloudfront/enforce_https.yaml index a6604a0b..ab514fcf 100644 --- a/checks/cloud/aws/cloudfront/enforce_https.yaml +++ b/checks/cloud/aws/cloudfront/enforce_https.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudFront::Distribution @@ -17,7 +17,7 @@ cloudformation: Id: somedomain1 WebACLId: waf_id bad: - - | + - |- Resources: BadExample: Type: AWS::CloudFront::Distribution diff --git a/checks/cloud/aws/cloudfront/use_secure_tls_policy.yaml b/checks/cloud/aws/cloudfront/use_secure_tls_policy.yaml index 64297e61..5a66cca3 100644 --- a/checks/cloud/aws/cloudfront/use_secure_tls_policy.yaml +++ b/checks/cloud/aws/cloudfront/use_secure_tls_policy.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudFront::Distribution @@ -18,7 +18,7 @@ cloudformation: ViewerCertificate: MinimumProtocolVersion: TLSv1.2_2021 bad: - - | + - |- Resources: BadExample: Type: AWS::CloudFront::Distribution diff --git a/checks/cloud/aws/cloudtrail/enable_all_regions.yaml b/checks/cloud/aws/cloudtrail/enable_all_regions.yaml index 1fbd4e2d..bc9010b5 100644 --- a/checks/cloud/aws/cloudtrail/enable_all_regions.yaml +++ b/checks/cloud/aws/cloudtrail/enable_all_regions.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudTrail::Trail @@ -11,7 +11,7 @@ cloudformation: S3KeyPrefix: /trailing TrailName: Cloudtrail bad: - - | + - |- Resources: BadExample: Type: AWS::CloudTrail::Trail diff --git a/checks/cloud/aws/cloudtrail/enable_log_validation.yaml b/checks/cloud/aws/cloudtrail/enable_log_validation.yaml index e4db3539..b622f2b5 100644 --- a/checks/cloud/aws/cloudtrail/enable_log_validation.yaml +++ b/checks/cloud/aws/cloudtrail/enable_log_validation.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudTrail::Trail @@ -12,7 +12,7 @@ cloudformation: S3KeyPrefix: /trailing TrailName: Cloudtrail bad: - - | + - |- Resources: BadExample: Type: AWS::CloudTrail::Trail diff --git a/checks/cloud/aws/cloudtrail/encryption_customer_key.yaml b/checks/cloud/aws/cloudtrail/encryption_customer_key.yaml index 1eb2c8d0..0ddc5086 100644 --- a/checks/cloud/aws/cloudtrail/encryption_customer_key.yaml +++ b/checks/cloud/aws/cloudtrail/encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::CloudTrail::Trail @@ -12,7 +12,7 @@ cloudformation: S3KeyPrefix: /trailing TrailName: Cloudtrail bad: - - | + - |- Resources: BadExample: Type: AWS::CloudTrail::Trail diff --git a/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.yaml b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.yaml index bc4843d4..3f3fc43a 100644 --- a/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.yaml +++ b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExampleTrail: Type: AWS::CloudTrail::Trail @@ -8,7 +8,7 @@ cloudformation: CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:* TrailName: Cloudtrail bad: - - | + - |- Resources: BadExampleTrail: Type: AWS::CloudTrail::Trail diff --git a/checks/cloud/aws/cloudtrail/no_public_log_access.yaml b/checks/cloud/aws/cloudtrail/no_public_log_access.yaml index 84a4a686..4a40f64e 100644 --- a/checks/cloud/aws/cloudtrail/no_public_log_access.yaml +++ b/checks/cloud/aws/cloudtrail/no_public_log_access.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExampleBucket: Type: AWS::S3::Bucket @@ -15,7 +15,7 @@ cloudformation: S3BucketName: my-bucket TrailName: Cloudtrail bad: - - | + - |- Resources: BadExampleBucket: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/cloudtrail/require_bucket_access_logging.yaml b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.yaml index 59b595e1..693767de 100644 --- a/checks/cloud/aws/cloudtrail/require_bucket_access_logging.yaml +++ b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExampleBucket: Type: AWS::S3::Bucket @@ -17,7 +17,7 @@ cloudformation: S3BucketName: my-bucket TrailName: Cloudtrail bad: - - | + - |- Resources: BadExampleBucket: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/cloudwatch/log_group_customer_key.yaml b/checks/cloud/aws/cloudwatch/log_group_customer_key.yaml index 92c136f0..a81f086d 100644 --- a/checks/cloud/aws/cloudwatch/log_group_customer_key.yaml +++ b/checks/cloud/aws/cloudwatch/log_group_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Logs::LogGroup @@ -9,7 +9,7 @@ cloudformation: LogGroupName: aws/lambda/goodExample RetentionInDays: 30 bad: - - | + - |- Resources: BadExample: Type: AWS::Logs::LogGroup diff --git a/checks/cloud/aws/codebuild/enable_encryption.yaml b/checks/cloud/aws/codebuild/enable_encryption.yaml index 8a0ea6e0..249af063 100644 --- a/checks/cloud/aws/codebuild/enable_encryption.yaml +++ b/checks/cloud/aws/codebuild/enable_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodProject: Type: AWS::CodeBuild::Project @@ -26,7 +26,7 @@ cloudformation: Path: String Type: String bad: - - | + - |- Resources: GoodProject: Type: AWS::CodeBuild::Project @@ -51,7 +51,7 @@ cloudformation: Packaging: String Path: String Type: String - - | + - |- Resources: GoodProject: Type: AWS::CodeBuild::Project diff --git a/checks/cloud/aws/config/aggregate_all_regions.yaml b/checks/cloud/aws/config/aggregate_all_regions.yaml index 7f72a63f..2f278dfa 100644 --- a/checks/cloud/aws/config/aggregate_all_regions.yaml +++ b/checks/cloud/aws/config/aggregate_all_regions.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Config::ConfigurationAggregator @@ -8,7 +8,7 @@ cloudformation: AccountAggregationSources: - AllAwsRegions: true ConfigurationAggregatorName: GoodAccountLevelAggregation - - | + - |- Resources: GoodExample: Type: AWS::Config::ConfigurationAggregator @@ -17,7 +17,7 @@ cloudformation: OrganizationAggregationSource: AllAwsRegions: true bad: - - | + - |- Resources: BadExample: Type: AWS::Config::ConfigurationAggregator diff --git a/checks/cloud/aws/documentdb/enable_log_export.yaml b/checks/cloud/aws/documentdb/enable_log_export.yaml index fb39b52e..3798b04f 100644 --- a/checks/cloud/aws/documentdb/enable_log_export.yaml +++ b/checks/cloud/aws/documentdb/enable_log_export.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::DocDB::DBCluster @@ -23,7 +23,7 @@ cloudformation: DBInstanceIdentifier: sample-cluster-instance-0 PreferredMaintenanceWindow: sat:06:54-sat:07:24 bad: - - | + - |- Resources: BadExample: Type: AWS::DocDB::DBCluster diff --git a/checks/cloud/aws/documentdb/enable_storage_encryption.yaml b/checks/cloud/aws/documentdb/enable_storage_encryption.yaml index 96c24cbb..8f2f8a48 100644 --- a/checks/cloud/aws/documentdb/enable_storage_encryption.yaml +++ b/checks/cloud/aws/documentdb/enable_storage_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::DocDB::DBCluster @@ -24,7 +24,7 @@ cloudformation: DBInstanceIdentifier: sample-cluster-instance-0 PreferredMaintenanceWindow: sat:06:54-sat:07:24 bad: - - | + - |- Resources: BadExample: Type: AWS::DocDB::DBCluster diff --git a/checks/cloud/aws/documentdb/encryption_customer_key.yaml b/checks/cloud/aws/documentdb/encryption_customer_key.yaml index 7384e8ea..89a05160 100644 --- a/checks/cloud/aws/documentdb/encryption_customer_key.yaml +++ b/checks/cloud/aws/documentdb/encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::DocDB::DBCluster @@ -23,7 +23,7 @@ cloudformation: DBInstanceIdentifier: sample-cluster-instance-0 PreferredMaintenanceWindow: sat:06:54-sat:07:24 bad: - - | + - |- Resources: BadExample: Type: AWS::DocDB::DBCluster diff --git a/checks/cloud/aws/dynamodb/enable_at_rest_encryption.yaml b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.yaml index 3fe2851d..f306afb5 100644 --- a/checks/cloud/aws/dynamodb/enable_at_rest_encryption.yaml +++ b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::DAX::Cluster @@ -13,7 +13,7 @@ cloudformation: SSESpecification: SSEEnabled: true bad: - - | + - |- Resources: BadExample: Type: AWS::DAX::Cluster diff --git a/checks/cloud/aws/ec2/add_description_to_security_group.yaml b/checks/cloud/aws/ec2/add_description_to_security_group.yaml index 2c1d0362..1374e41c 100644 --- a/checks/cloud/aws/ec2/add_description_to_security_group.yaml +++ b/checks/cloud/aws/ec2/add_description_to_security_group.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodSecurityGroup: Type: AWS::EC2::SecurityGroup @@ -10,7 +10,7 @@ cloudformation: - CidrIp: 127.0.0.1/32 IpProtocol: "-1" bad: - - | + - |- Resources: BadSecurityGroup: Type: AWS::EC2::SecurityGroup diff --git a/checks/cloud/aws/ec2/add_description_to_security_group_rule.yaml b/checks/cloud/aws/ec2/add_description_to_security_group_rule.yaml index ccb3ab17..fcd6befc 100644 --- a/checks/cloud/aws/ec2/add_description_to_security_group_rule.yaml +++ b/checks/cloud/aws/ec2/add_description_to_security_group_rule.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodSecurityGroup: Type: AWS::EC2::SecurityGroup @@ -11,7 +11,7 @@ cloudformation: Description: Can connect to loopback IpProtocol: "-1" bad: - - | + - |- Resources: BadSecurityGroup: Type: AWS::EC2::SecurityGroup diff --git a/checks/cloud/aws/ec2/as_enable_at_rest_encryption.yaml b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.yaml index 1c6f8c61..f5faf328 100644 --- a/checks/cloud/aws/ec2/as_enable_at_rest_encryption.yaml +++ b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::AutoScaling::LaunchConfiguration @@ -12,7 +12,7 @@ cloudformation: ImageId: ami-123456 InstanceType: t2.small bad: - - | + - |- Resources: BadExample: Type: AWS::AutoScaling::LaunchConfiguration diff --git a/checks/cloud/aws/ec2/as_enforce_http_token_imds.yaml b/checks/cloud/aws/ec2/as_enforce_http_token_imds.yaml index 219924cb..e5c6fec3 100644 --- a/checks/cloud/aws/ec2/as_enforce_http_token_imds.yaml +++ b/checks/cloud/aws/ec2/as_enforce_http_token_imds.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::AutoScaling::LaunchConfiguration @@ -9,7 +9,7 @@ cloudformation: HttpEndpoint: enabled HttpTokens: required bad: - - | + - |- Resources: BadExample: Type: AWS::AutoScaling::LaunchConfiguration diff --git a/checks/cloud/aws/ec2/as_no_secrets_in_user_data.yaml b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.yaml index cec1037d..c6e1bf1b 100644 --- a/checks/cloud/aws/ec2/as_no_secrets_in_user_data.yaml +++ b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::EC2::LaunchTemplate @@ -29,7 +29,7 @@ cloudformation: Roles: - MyAdminRole bad: - - | + - |- Resources: BadExample: Type: AWS::EC2::LaunchTemplate diff --git a/checks/cloud/aws/ec2/enable_at_rest_encryption.yaml b/checks/cloud/aws/ec2/enable_at_rest_encryption.yaml index 23f9411d..6b5e5d33 100644 --- a/checks/cloud/aws/ec2/enable_at_rest_encryption.yaml +++ b/checks/cloud/aws/ec2/enable_at_rest_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::EC2::Instance @@ -17,7 +17,7 @@ cloudformation: KeyName: testkey UserData: export SSM_PATH=/database/creds bad: - - | + - |- Resources: BadExample: Type: AWS::EC2::Instance diff --git a/checks/cloud/aws/ec2/enable_volume_encryption.yaml b/checks/cloud/aws/ec2/enable_volume_encryption.yaml index dc32ee20..d6d0ca7d 100644 --- a/checks/cloud/aws/ec2/enable_volume_encryption.yaml +++ b/checks/cloud/aws/ec2/enable_volume_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: DeletionPolicy: Snapshot @@ -10,7 +10,7 @@ cloudformation: KmsKeyId: alias/volumeEncrypt Size: 100 bad: - - | + - |- Resources: BadExample: DeletionPolicy: Snapshot diff --git a/checks/cloud/aws/ec2/encryption_customer_key.yaml b/checks/cloud/aws/ec2/encryption_customer_key.yaml index 01b6ec5b..b2134873 100644 --- a/checks/cloud/aws/ec2/encryption_customer_key.yaml +++ b/checks/cloud/aws/ec2/encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: DeletionPolicy: Snapshot @@ -9,7 +9,7 @@ cloudformation: Encrypted: true KmsKeyId: alias/volumeEncrypt Size: 100 - - | + - |- Resources: GoodExample: DeletionPolicy: Snapshot @@ -19,7 +19,7 @@ cloudformation: KmsKeyId: MyStack:Key Size: 100 bad: - - | + - |- Resources: BadExample: DeletionPolicy: Snapshot diff --git a/checks/cloud/aws/ec2/no_excessive_port_access.yaml b/checks/cloud/aws/ec2/no_excessive_port_access.yaml index 40e048e7..61326eee 100644 --- a/checks/cloud/aws/ec2/no_excessive_port_access.yaml +++ b/checks/cloud/aws/ec2/no_excessive_port_access.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of excessive ports @@ -20,7 +20,7 @@ cloudformation: Ref: NetworkACL RuleAction: allow bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of excessive ports diff --git a/checks/cloud/aws/ec2/no_public_egress_sgr.yaml b/checks/cloud/aws/ec2/no_public_egress_sgr.yaml index cabec3d3..3825b610 100644 --- a/checks/cloud/aws/ec2/no_public_egress_sgr.yaml +++ b/checks/cloud/aws/ec2/no_public_egress_sgr.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of egress rule @@ -14,7 +14,7 @@ cloudformation: - CidrIp: 127.0.0.1/32 IpProtocol: "6" bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of egress rule diff --git a/checks/cloud/aws/ec2/no_public_ingress_acl.yaml b/checks/cloud/aws/ec2/no_public_ingress_acl.yaml index 78a699d1..746fc877 100644 --- a/checks/cloud/aws/ec2/no_public_ingress_acl.yaml +++ b/checks/cloud/aws/ec2/no_public_ingress_acl.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Godd example of excessive ports @@ -19,7 +19,7 @@ cloudformation: Protocol: 6 RuleAction: allow bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of excessive ports diff --git a/checks/cloud/aws/ec2/no_public_ingress_sgr.yaml b/checks/cloud/aws/ec2/no_public_ingress_sgr.yaml index a895d179..67f93e12 100644 --- a/checks/cloud/aws/ec2/no_public_ingress_sgr.yaml +++ b/checks/cloud/aws/ec2/no_public_ingress_sgr.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodSecurityGroup: Type: AWS::EC2::SecurityGroup @@ -10,7 +10,7 @@ cloudformation: - CidrIp: 127.0.0.1/32 IpProtocol: "6" bad: - - | + - |- Resources: BadSecurityGroup: Type: AWS::EC2::SecurityGroup diff --git a/checks/cloud/aws/ec2/no_public_ip.yaml b/checks/cloud/aws/ec2/no_public_ip.yaml index b55d0cf0..3f56e0ef 100644 --- a/checks/cloud/aws/ec2/no_public_ip.yaml +++ b/checks/cloud/aws/ec2/no_public_ip.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::AutoScaling::LaunchConfiguration @@ -8,7 +8,7 @@ cloudformation: ImageId: ami-123456 InstanceType: t2.small bad: - - | + - |- Resources: BadExample: Type: AWS::AutoScaling::LaunchConfiguration diff --git a/checks/cloud/aws/ec2/no_public_ip_subnet.yaml b/checks/cloud/aws/ec2/no_public_ip_subnet.yaml index 3f4679a1..c9b05380 100644 --- a/checks/cloud/aws/ec2/no_public_ip_subnet.yaml +++ b/checks/cloud/aws/ec2/no_public_ip_subnet.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::EC2::Subnet Properties: VpcId: vpc-123456 bad: - - | + - |- Resources: BadExample: Type: AWS::EC2::Subnet diff --git a/checks/cloud/aws/ec2/no_secrets_in_user_data.yaml b/checks/cloud/aws/ec2/no_secrets_in_user_data.yaml index e7946824..7a9d3602 100644 --- a/checks/cloud/aws/ec2/no_secrets_in_user_data.yaml +++ b/checks/cloud/aws/ec2/no_secrets_in_user_data.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::EC2::Instance @@ -17,7 +17,7 @@ cloudformation: KeyName: testkey UserData: export SSM_PATH=/database/creds bad: - - | + - |- Resources: BadExample: Type: AWS::EC2::Instance diff --git a/checks/cloud/aws/ecr/enable_image_scans.yaml b/checks/cloud/aws/ecr/enable_image_scans.yaml index 47865e27..fbfe41a4 100644 --- a/checks/cloud/aws/ecr/enable_image_scans.yaml +++ b/checks/cloud/aws/ecr/enable_image_scans.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECR::Repository @@ -13,7 +13,7 @@ cloudformation: ImageTagImmutability: IMMUTABLE RepositoryName: test-repository bad: - - | + - |- Resources: BadExample: Type: AWS::ECR::Repository diff --git a/checks/cloud/aws/ecr/enforce_immutable_repository.yaml b/checks/cloud/aws/ecr/enforce_immutable_repository.yaml index 5ae8c5bb..fdde6e8f 100644 --- a/checks/cloud/aws/ecr/enforce_immutable_repository.yaml +++ b/checks/cloud/aws/ecr/enforce_immutable_repository.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECR::Repository @@ -13,7 +13,7 @@ cloudformation: ImageTagMutability: IMMUTABLE RepositoryName: test-repository bad: - - | + - |- Resources: BadExample: Type: AWS::ECR::Repository diff --git a/checks/cloud/aws/ecr/no_public_access.yaml b/checks/cloud/aws/ecr/no_public_access.yaml index 17945278..03892ae4 100644 --- a/checks/cloud/aws/ecr/no_public_access.yaml +++ b/checks/cloud/aws/ecr/no_public_access.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECR::Repository @@ -29,7 +29,7 @@ cloudformation: Sid: AllowPushPull Version: "2012-10-17" bad: - - | + - |- Resources: BadExample: Type: AWS::ECR::Repository diff --git a/checks/cloud/aws/ecr/repository_customer_key.yaml b/checks/cloud/aws/ecr/repository_customer_key.yaml index 12853bd9..0fdc3fc6 100644 --- a/checks/cloud/aws/ecr/repository_customer_key.yaml +++ b/checks/cloud/aws/ecr/repository_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECR::Repository @@ -13,7 +13,7 @@ cloudformation: ImageTagImmutability: IMMUTABLE RepositoryName: test-repository bad: - - | + - |- Resources: BadExample: Type: AWS::ECR::Repository diff --git a/checks/cloud/aws/ecs/enable_container_insight.yaml b/checks/cloud/aws/ecs/enable_container_insight.yaml index ff0930f9..1e5a3426 100644 --- a/checks/cloud/aws/ecs/enable_container_insight.yaml +++ b/checks/cloud/aws/ecs/enable_container_insight.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECS::Cluster @@ -10,7 +10,7 @@ cloudformation: - Name: containerInsights Value: enabled bad: - - | + - |- Resources: BadExample: Type: AWS::ECS::Cluster diff --git a/checks/cloud/aws/ecs/enable_in_transit_encryption.yaml b/checks/cloud/aws/ecs/enable_in_transit_encryption.yaml index 3ea49d77..e6232b00 100644 --- a/checks/cloud/aws/ecs/enable_in_transit_encryption.yaml +++ b/checks/cloud/aws/ecs/enable_in_transit_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECS::Cluster @@ -38,7 +38,7 @@ cloudformation: TransitEncryption: ENABLED Name: jenkins-home bad: - - | + - |- Resources: BadExample: Type: AWS::ECS::Cluster diff --git a/checks/cloud/aws/ecs/no_plaintext_secrets.yaml b/checks/cloud/aws/ecs/no_plaintext_secrets.yaml index 3847ac1c..663ffc85 100644 --- a/checks/cloud/aws/ecs/no_plaintext_secrets.yaml +++ b/checks/cloud/aws/ecs/no_plaintext_secrets.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ECS::Cluster @@ -38,7 +38,7 @@ cloudformation: TransitEncryption: ENABLED Name: jenkins-home bad: - - | + - |- Resources: BadExample: Type: AWS::ECS::Cluster diff --git a/checks/cloud/aws/efs/enable_at_rest_encryption.yaml b/checks/cloud/aws/efs/enable_at_rest_encryption.yaml index 87202cd8..2e177974 100644 --- a/checks/cloud/aws/efs/enable_at_rest_encryption.yaml +++ b/checks/cloud/aws/efs/enable_at_rest_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::EFS::FileSystem @@ -13,7 +13,7 @@ cloudformation: PerformanceMode: generalPurpose ThroughputMode: bursting bad: - - | + - |- Resources: BadExample: Type: AWS::EFS::FileSystem diff --git a/checks/cloud/aws/eks/encrypt_secrets.yaml b/checks/cloud/aws/eks/encrypt_secrets.yaml index 8f8c6e32..cb85f505 100644 --- a/checks/cloud/aws/eks/encrypt_secrets.yaml +++ b/checks/cloud/aws/eks/encrypt_secrets.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::EKS::Cluster @@ -20,7 +20,7 @@ cloudformation: RoleArn: arn:aws:iam::012345678910:role/eks-service-role-good-example Version: "1.14" bad: - - | + - |- Resources: BadExample: Type: AWS::EKS::Cluster diff --git a/checks/cloud/aws/elasticache/add_description_for_security_group.yaml b/checks/cloud/aws/elasticache/add_description_for_security_group.yaml index 0cc58f1c..b395acc1 100644 --- a/checks/cloud/aws/elasticache/add_description_for_security_group.yaml +++ b/checks/cloud/aws/elasticache/add_description_for_security_group.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExampleCacheGroup: Type: AWS::ElastiCache::SecurityGroup @@ -19,7 +19,7 @@ cloudformation: CacheSecurityGroupName: GoodExampleCacheGroup EC2SecurityGroupName: GoodExampleEc2SecurityGroup bad: - - | + - |- Resources: BadExampleCacheGroup: Type: AWS::ElastiCache::SecurityGroup diff --git a/checks/cloud/aws/elasticache/enable_backup_retention.yaml b/checks/cloud/aws/elasticache/enable_backup_retention.yaml index a08daba9..675710aa 100644 --- a/checks/cloud/aws/elasticache/enable_backup_retention.yaml +++ b/checks/cloud/aws/elasticache/enable_backup_retention.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ElastiCache::CacheCluster @@ -15,7 +15,7 @@ cloudformation: - us-west-2b SnapshotRetentionLimit: 7 bad: - - | + - |- Resources: BadExample: Type: AWS::ElastiCache::CacheCluster diff --git a/checks/cloud/aws/elasticache/enable_in_transit_encryption.yaml b/checks/cloud/aws/elasticache/enable_in_transit_encryption.yaml index cc05c5df..3ca21e9c 100644 --- a/checks/cloud/aws/elasticache/enable_in_transit_encryption.yaml +++ b/checks/cloud/aws/elasticache/enable_in_transit_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::ElastiCache::ReplicationGroup @@ -21,7 +21,7 @@ cloudformation: SnapshotWindow: 10:00-12:00 TransitEncryptionEnabled: true bad: - - | + - |- Resources: BadExample: Type: AWS::ElastiCache::ReplicationGroup diff --git a/checks/cloud/aws/elasticsearch/enable_domain_encryption.yaml b/checks/cloud/aws/elasticsearch/enable_domain_encryption.yaml index 919eeeec..4e461f21 100644 --- a/checks/cloud/aws/elasticsearch/enable_domain_encryption.yaml +++ b/checks/cloud/aws/elasticsearch/enable_domain_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Elasticsearch::Domain @@ -23,7 +23,7 @@ cloudformation: Enabled: true KmsKeyId: alias/kmskey bad: - - | + - |- Resources: BadExample: Type: AWS::Elasticsearch::Domain diff --git a/checks/cloud/aws/elasticsearch/enable_domain_logging.yaml b/checks/cloud/aws/elasticsearch/enable_domain_logging.yaml index 2ced8e92..a2b98fe8 100644 --- a/checks/cloud/aws/elasticsearch/enable_domain_logging.yaml +++ b/checks/cloud/aws/elasticsearch/enable_domain_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Elasticsearch::Domain @@ -26,7 +26,7 @@ cloudformation: AUDIT_LOGS: Enabled: true bad: - - | + - |- Resources: BadExample: Type: AWS::Elasticsearch::Domain diff --git a/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.yaml b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.yaml index 0c907702..3e7f1968 100644 --- a/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.yaml +++ b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Elasticsearch::Domain @@ -25,7 +25,7 @@ cloudformation: NodeToNodeEncryptionOptions: Enabled: true bad: - - | + - |- Resources: BadExample: Type: AWS::Elasticsearch::Domain diff --git a/checks/cloud/aws/elasticsearch/enforce_https.yaml b/checks/cloud/aws/elasticsearch/enforce_https.yaml index fff22fed..28f9d11b 100644 --- a/checks/cloud/aws/elasticsearch/enforce_https.yaml +++ b/checks/cloud/aws/elasticsearch/enforce_https.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Elasticsearch::Domain @@ -25,7 +25,7 @@ cloudformation: Enabled: true KmsKeyId: alias/kmskey bad: - - | + - |- Resources: BadExample: Type: AWS::Elasticsearch::Domain diff --git a/checks/cloud/aws/elasticsearch/use_secure_tls_policy.yaml b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.yaml index f1205121..837d1aaf 100644 --- a/checks/cloud/aws/elasticsearch/use_secure_tls_policy.yaml +++ b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Elasticsearch::Domain @@ -25,7 +25,7 @@ cloudformation: Enabled: true KmsKeyId: alias/kmskey bad: - - | + - |- Resources: BadExample: Type: AWS::Elasticsearch::Domain diff --git a/checks/cloud/aws/kinesis/enable_in_transit_encryption.yaml b/checks/cloud/aws/kinesis/enable_in_transit_encryption.yaml index 80643cf1..39b70c76 100644 --- a/checks/cloud/aws/kinesis/enable_in_transit_encryption.yaml +++ b/checks/cloud/aws/kinesis/enable_in_transit_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Kinesis::Stream @@ -15,7 +15,7 @@ cloudformation: - Key: Environment Value: Production bad: - - | + - |- Resources: BadExample: Type: AWS::Kinesis::Stream diff --git a/checks/cloud/aws/lambda/enable_tracing.yaml b/checks/cloud/aws/lambda/enable_tracing.yaml index d7166516..2f0becae 100644 --- a/checks/cloud/aws/lambda/enable_tracing.yaml +++ b/checks/cloud/aws/lambda/enable_tracing.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Lambda::Function @@ -21,7 +21,7 @@ cloudformation: - subnet-071f712345678e7c8 - subnet-07fd123456788a036 bad: - - | + - |- Resources: BadExample: Type: AWS::Lambda::Function diff --git a/checks/cloud/aws/lambda/restrict_source_arn.yaml b/checks/cloud/aws/lambda/restrict_source_arn.yaml index c5345322..13d6edb2 100644 --- a/checks/cloud/aws/lambda/restrict_source_arn.yaml +++ b/checks/cloud/aws/lambda/restrict_source_arn.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Lambda::Function @@ -29,7 +29,7 @@ cloudformation: Principal: s3.amazonaws.com SourceArn: lambda.amazonaws.com bad: - - | + - |- Resources: BadExample: Type: AWS::Lambda::Function diff --git a/checks/cloud/aws/mq/enable_audit_logging.yaml b/checks/cloud/aws/mq/enable_audit_logging.yaml index 585d3997..71c511b0 100644 --- a/checks/cloud/aws/mq/enable_audit_logging.yaml +++ b/checks/cloud/aws/mq/enable_audit_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodBroker: Type: AWS::AmazonMQ::Broker @@ -8,7 +8,7 @@ cloudformation: Logs: Audit: true bad: - - | + - |- Resources: BadBroker: Type: AWS::AmazonMQ::Broker diff --git a/checks/cloud/aws/mq/enable_general_logging.yaml b/checks/cloud/aws/mq/enable_general_logging.yaml index 8072d7a9..1907a255 100644 --- a/checks/cloud/aws/mq/enable_general_logging.yaml +++ b/checks/cloud/aws/mq/enable_general_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodBroker: Type: AWS::AmazonMQ::Broker @@ -8,7 +8,7 @@ cloudformation: Logs: General: true bad: - - | + - |- Resources: BadBroker: Type: AWS::AmazonMQ::Broker diff --git a/checks/cloud/aws/mq/no_public_access.yaml b/checks/cloud/aws/mq/no_public_access.yaml index 4dc51127..9c8223cb 100644 --- a/checks/cloud/aws/mq/no_public_access.yaml +++ b/checks/cloud/aws/mq/no_public_access.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodBroker: Type: AWS::AmazonMQ::Broker Properties: PubliclyAccessible: false bad: - - | + - |- Resources: BadBroker: Type: AWS::AmazonMQ::Broker diff --git a/checks/cloud/aws/msk/enable_at_rest_encryption.yaml b/checks/cloud/aws/msk/enable_at_rest_encryption.yaml index 91afa7e3..598484ab 100644 --- a/checks/cloud/aws/msk/enable_at_rest_encryption.yaml +++ b/checks/cloud/aws/msk/enable_at_rest_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::MSK::Cluster @@ -9,7 +9,7 @@ cloudformation: EncryptionAtRest: DataVolumeKMSKeyId: foo-bar-key bad: - - | + - |- Resources: BadCluster: Type: AWS::MSK::Cluster diff --git a/checks/cloud/aws/msk/enable_in_transit_encryption.yaml b/checks/cloud/aws/msk/enable_in_transit_encryption.yaml index ec101310..8f73dfa9 100644 --- a/checks/cloud/aws/msk/enable_in_transit_encryption.yaml +++ b/checks/cloud/aws/msk/enable_in_transit_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::MSK::Cluster @@ -9,7 +9,7 @@ cloudformation: EncryptionInTransit: ClientBroker: TLS bad: - - | + - |- Resources: BadCluster: Type: AWS::MSK::Cluster diff --git a/checks/cloud/aws/msk/enable_logging.yaml b/checks/cloud/aws/msk/enable_logging.yaml index 29b1ff6a..aec1a6a2 100644 --- a/checks/cloud/aws/msk/enable_logging.yaml +++ b/checks/cloud/aws/msk/enable_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::MSK::Cluster @@ -10,7 +10,7 @@ cloudformation: S3: Enabled: true bad: - - | + - |- Resources: BadCluster: Type: AWS::MSK::Cluster diff --git a/checks/cloud/aws/neptune/enable_log_export.yaml b/checks/cloud/aws/neptune/enable_log_export.yaml index 3fe9a87d..e0f23f79 100644 --- a/checks/cloud/aws/neptune/enable_log_export.yaml +++ b/checks/cloud/aws/neptune/enable_log_export.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::Neptune::DBCluster @@ -8,7 +8,7 @@ cloudformation: EnableCloudwatchLogsExports: - audit bad: - - | + - |- Resources: BadCluster: Type: AWS::Neptune::DBCluster diff --git a/checks/cloud/aws/neptune/enable_storage_encryption.yaml b/checks/cloud/aws/neptune/enable_storage_encryption.yaml index 9ffccc7a..cd5625bb 100644 --- a/checks/cloud/aws/neptune/enable_storage_encryption.yaml +++ b/checks/cloud/aws/neptune/enable_storage_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::Neptune::DBCluster @@ -8,7 +8,7 @@ cloudformation: KmsKeyId: something StorageEncrypted: true bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example diff --git a/checks/cloud/aws/neptune/encryption_customer_key.yaml b/checks/cloud/aws/neptune/encryption_customer_key.yaml index a411cc06..c5a0c748 100644 --- a/checks/cloud/aws/neptune/encryption_customer_key.yaml +++ b/checks/cloud/aws/neptune/encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::Neptune::DBCluster @@ -8,7 +8,7 @@ cloudformation: KmsKeyId: something StorageEncrypted: true bad: - - | + - |- Resources: BadCluster: Type: AWS::Neptune::DBCluster diff --git a/checks/cloud/aws/rds/disable_public_access.yaml b/checks/cloud/aws/rds/disable_public_access.yaml index 8929a5ce..349df531 100644 --- a/checks/cloud/aws/rds/disable_public_access.yaml +++ b/checks/cloud/aws/rds/disable_public_access.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::RDS::DBInstance Properties: PubliclyAccessible: false bad: - - | + - |- Resources: BadExample: Type: AWS::RDS::DBInstance diff --git a/checks/cloud/aws/rds/enable_performance_insights.yaml b/checks/cloud/aws/rds/enable_performance_insights.yaml index 6a814696..14e6146a 100644 --- a/checks/cloud/aws/rds/enable_performance_insights.yaml +++ b/checks/cloud/aws/rds/enable_performance_insights.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::RDS::DBInstance @@ -8,7 +8,7 @@ cloudformation: EnablePerformanceInsights: true PerformanceInsightsKMSKeyId: something bad: - - | + - |- Resources: BadExample: Type: AWS::RDS::DBInstance diff --git a/checks/cloud/aws/rds/encrypt_cluster_storage_data.yaml b/checks/cloud/aws/rds/encrypt_cluster_storage_data.yaml index 6541012a..b5547977 100644 --- a/checks/cloud/aws/rds/encrypt_cluster_storage_data.yaml +++ b/checks/cloud/aws/rds/encrypt_cluster_storage_data.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::RDS::DBCluster @@ -8,7 +8,7 @@ cloudformation: KmsKeyId: something StorageEncrypted: true bad: - - | + - |- Resources: BadExample: Type: AWS::RDS::DBCluster diff --git a/checks/cloud/aws/rds/encrypt_instance_storage_data.yaml b/checks/cloud/aws/rds/encrypt_instance_storage_data.yaml index f2cf8b49..0a58697e 100644 --- a/checks/cloud/aws/rds/encrypt_instance_storage_data.yaml +++ b/checks/cloud/aws/rds/encrypt_instance_storage_data.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::RDS::DBInstance @@ -8,7 +8,7 @@ cloudformation: KmsKeyId: something StorageEncrypted: true bad: - - | + - |- Resources: BadExample: Type: AWS::RDS::DBInstance diff --git a/checks/cloud/aws/rds/performance_insights_encryption_customer_key.yaml b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.yaml index a2e7a6a9..b2a57af8 100644 --- a/checks/cloud/aws/rds/performance_insights_encryption_customer_key.yaml +++ b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::RDS::DBInstance @@ -8,7 +8,7 @@ cloudformation: EnablePerformanceInsights: true PerformanceInsightsKMSKeyId: something bad: - - | + - |- Resources: BadExample: Type: AWS::RDS::DBInstance diff --git a/checks/cloud/aws/rds/specify_backup_retention.yaml b/checks/cloud/aws/rds/specify_backup_retention.yaml index 908c5bbe..647abe11 100644 --- a/checks/cloud/aws/rds/specify_backup_retention.yaml +++ b/checks/cloud/aws/rds/specify_backup_retention.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::RDS::DBInstance Properties: BackupRetentionPeriod: 30 bad: - - | + - |- Resources: BadExample: Type: AWS::RDS::DBInstance diff --git a/checks/cloud/aws/redshift/add_description_to_security_group.yaml b/checks/cloud/aws/redshift/add_description_to_security_group.yaml index e8770ee0..205300f4 100644 --- a/checks/cloud/aws/redshift/add_description_to_security_group.yaml +++ b/checks/cloud/aws/redshift/add_description_to_security_group.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Redshift::ClusterSecurityGroup Properties: Description: Disallow bad stuff bad: - - | + - |- Resources: BadExample: Type: AWS::Redshift::ClusterSecurityGroup diff --git a/checks/cloud/aws/redshift/encryption_customer_key.yaml b/checks/cloud/aws/redshift/encryption_customer_key.yaml index a22fe66c..b75eb34c 100644 --- a/checks/cloud/aws/redshift/encryption_customer_key.yaml +++ b/checks/cloud/aws/redshift/encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Redshift::Cluster @@ -8,7 +8,7 @@ cloudformation: Encrypted: true KmsKeyId: something bad: - - | + - |- Resources: BadExample: Type: AWS::Redshift::Cluster diff --git a/checks/cloud/aws/redshift/no_classic_resources.yaml b/checks/cloud/aws/redshift/no_classic_resources.yaml index f93a05cc..73e93596 100644 --- a/checks/cloud/aws/redshift/no_classic_resources.yaml +++ b/checks/cloud/aws/redshift/no_classic_resources.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of redshift sgr Resources: null bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of redshift sgr diff --git a/checks/cloud/aws/redshift/use_vpc.yaml b/checks/cloud/aws/redshift/use_vpc.yaml index 03d1b7de..cb1eb5ef 100644 --- a/checks/cloud/aws/redshift/use_vpc.yaml +++ b/checks/cloud/aws/redshift/use_vpc.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodCluster: Type: AWS::Redshift::Cluster Properties: ClusterSubnetGroupName: my-subnet-group bad: - - | + - |- Resources: BadCluster: Type: AWS::Redshift::Cluster diff --git a/checks/cloud/aws/s3/block_public_acls.yaml b/checks/cloud/aws/s3/block_public_acls.yaml index f5b591d9..b9847808 100644 --- a/checks/cloud/aws/s3/block_public_acls.yaml +++ b/checks/cloud/aws/s3/block_public_acls.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -11,7 +11,7 @@ cloudformation: IgnorePublicAcls: true RestrictPublicBuckets: true bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/block_public_policy.yaml b/checks/cloud/aws/s3/block_public_policy.yaml index a453e9ac..7dfc421c 100644 --- a/checks/cloud/aws/s3/block_public_policy.yaml +++ b/checks/cloud/aws/s3/block_public_policy.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -11,7 +11,7 @@ cloudformation: IgnorePublicAcls: true RestrictPublicBuckets: true bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/enable_bucket_encryption.yaml b/checks/cloud/aws/s3/enable_bucket_encryption.yaml index 5753f905..78187f70 100644 --- a/checks/cloud/aws/s3/enable_bucket_encryption.yaml +++ b/checks/cloud/aws/s3/enable_bucket_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -11,7 +11,7 @@ cloudformation: ServerSideEncryptionByDefault: SSEAlgorithm: AES256 bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/enable_bucket_logging.yaml b/checks/cloud/aws/s3/enable_bucket_logging.yaml index e0a5412d..5bcf3bc7 100644 --- a/checks/cloud/aws/s3/enable_bucket_logging.yaml +++ b/checks/cloud/aws/s3/enable_bucket_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -8,7 +8,7 @@ cloudformation: LoggingConfiguration: DestinationBucketName: logging-bucket LogFilePrefix: accesslogs/ - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -27,7 +27,7 @@ cloudformation: IgnorePublicAcls: true RestrictPublicBuckets: true bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/enable_versioning.yaml b/checks/cloud/aws/s3/enable_versioning.yaml index 7a12b4a5..3bbf0b08 100644 --- a/checks/cloud/aws/s3/enable_versioning.yaml +++ b/checks/cloud/aws/s3/enable_versioning.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -8,7 +8,7 @@ cloudformation: VersioningConfiguration: Status: Enabled bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/encryption_customer_key.yaml b/checks/cloud/aws/s3/encryption_customer_key.yaml index 6817c3bf..a886f9ea 100644 --- a/checks/cloud/aws/s3/encryption_customer_key.yaml +++ b/checks/cloud/aws/s3/encryption_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -12,7 +12,7 @@ cloudformation: KMSMasterKeyID: kms-arn SSEAlgorithm: aws:kms bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/ignore_public_acls.yaml b/checks/cloud/aws/s3/ignore_public_acls.yaml index 5ac9b864..c2b7570c 100644 --- a/checks/cloud/aws/s3/ignore_public_acls.yaml +++ b/checks/cloud/aws/s3/ignore_public_acls.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -12,7 +12,7 @@ cloudformation: IgnorePublicAcls: true RestrictPublicBuckets: true bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/no_public_access_with_acl.yaml b/checks/cloud/aws/s3/no_public_access_with_acl.yaml index d9816893..8b359ea5 100644 --- a/checks/cloud/aws/s3/no_public_access_with_acl.yaml +++ b/checks/cloud/aws/s3/no_public_access_with_acl.yaml @@ -1,13 +1,13 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket Properties: AccessControl: Private bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/s3/no_public_buckets.yaml b/checks/cloud/aws/s3/no_public_buckets.yaml index 999c69fd..2180a21f 100644 --- a/checks/cloud/aws/s3/no_public_buckets.yaml +++ b/checks/cloud/aws/s3/no_public_buckets.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -11,7 +11,7 @@ cloudformation: IgnorePublicAcls: true RestrictPublicBuckets: true bad: - - | + - |- Resources: BadExample: Properties: diff --git a/checks/cloud/aws/s3/specify_public_access_block.yaml b/checks/cloud/aws/s3/specify_public_access_block.yaml index 54a73ae8..c54a16f5 100644 --- a/checks/cloud/aws/s3/specify_public_access_block.yaml +++ b/checks/cloud/aws/s3/specify_public_access_block.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::S3::Bucket @@ -12,7 +12,7 @@ cloudformation: IgnorePublicAcls: true RestrictPublicBuckets: true bad: - - | + - |- Resources: BadExample: Type: AWS::S3::Bucket diff --git a/checks/cloud/aws/sam/api_use_secure_tls_policy.yaml b/checks/cloud/aws/sam/api_use_secure_tls_policy.yaml index e3e001e9..6332262e 100644 --- a/checks/cloud/aws/sam/api_use_secure_tls_policy.yaml +++ b/checks/cloud/aws/sam/api_use_secure_tls_policy.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Serverless::Api @@ -11,7 +11,7 @@ cloudformation: StageName: Prod TracingEnabled: false bad: - - | + - |- Resources: BadExample: Type: AWS::Serverless::Api diff --git a/checks/cloud/aws/sam/enable_api_access_logging.yaml b/checks/cloud/aws/sam/enable_api_access_logging.yaml index 3fd2c84f..08cf2b00 100644 --- a/checks/cloud/aws/sam/enable_api_access_logging.yaml +++ b/checks/cloud/aws/sam/enable_api_access_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Serverless::Api @@ -14,7 +14,7 @@ cloudformation: StageName: Prod TracingEnabled: false bad: - - | + - |- Resources: BadExample: Type: AWS::Serverless::Api diff --git a/checks/cloud/aws/sam/enable_api_cache_encryption.yaml b/checks/cloud/aws/sam/enable_api_cache_encryption.yaml index 44316f25..40c226ef 100644 --- a/checks/cloud/aws/sam/enable_api_cache_encryption.yaml +++ b/checks/cloud/aws/sam/enable_api_cache_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Serverless::Api @@ -13,7 +13,7 @@ cloudformation: StageName: Prod TracingEnabled: false bad: - - | + - |- Resources: BadExample: Type: AWS::Serverless::Api @@ -21,7 +21,7 @@ cloudformation: Name: Bad SAM API example StageName: Prod TracingEnabled: false - - | + - |- Resources: BadExample: Type: AWS::Serverless::Api diff --git a/checks/cloud/aws/sam/enable_api_tracing.yaml b/checks/cloud/aws/sam/enable_api_tracing.yaml index 247c4167..cdb80417 100644 --- a/checks/cloud/aws/sam/enable_api_tracing.yaml +++ b/checks/cloud/aws/sam/enable_api_tracing.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Serverless::Api @@ -9,7 +9,7 @@ cloudformation: StageName: Prod TracingEnabled: true bad: - - | + - |- Resources: BadExample: Type: AWS::Serverless::Api @@ -17,7 +17,7 @@ cloudformation: Name: Bad SAM API example StageName: Prod TracingEnabled: false - - | + - |- Resources: BadExample: Type: AWS::Serverless::Api diff --git a/checks/cloud/aws/sam/enable_function_tracing.yaml b/checks/cloud/aws/sam/enable_function_tracing.yaml index 70753f67..4dd9dd06 100644 --- a/checks/cloud/aws/sam/enable_function_tracing.yaml +++ b/checks/cloud/aws/sam/enable_function_tracing.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodFunction: Type: AWS::Serverless::Function @@ -15,7 +15,7 @@ cloudformation: PackageType: Image Tracing: Active bad: - - | + - |- Resources: BadFunction: Type: AWS::Serverless::Function diff --git a/checks/cloud/aws/sam/enable_http_api_access_logging.yaml b/checks/cloud/aws/sam/enable_http_api_access_logging.yaml index e333f1b3..aa8a825c 100644 --- a/checks/cloud/aws/sam/enable_http_api_access_logging.yaml +++ b/checks/cloud/aws/sam/enable_http_api_access_logging.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::Serverless::HttpApi @@ -12,7 +12,7 @@ cloudformation: StageName: Prod Tracing: Activey bad: - - | + - |- Resources: BadExample: Type: AWS::Serverless::HttpApi diff --git a/checks/cloud/aws/sam/enable_state_machine_tracing.yaml b/checks/cloud/aws/sam/enable_state_machine_tracing.yaml index 9c1ac331..cadd5d38 100644 --- a/checks/cloud/aws/sam/enable_state_machine_tracing.yaml +++ b/checks/cloud/aws/sam/enable_state_machine_tracing.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodStateMachine: Type: AWS::Serverless::StateMachine @@ -16,7 +16,7 @@ cloudformation: Tracing: Enabled: true bad: - - | + - |- Resources: BadStateMachine: Type: AWS::Serverless::StateMachine @@ -31,7 +31,7 @@ cloudformation: Role: arn:aws:iam::123456123456:role/service-role/my-sample-role Tracing: Enabled: false - - | + - |- Resources: BadStateMachine: Type: AWS::Serverless::StateMachine diff --git a/checks/cloud/aws/sam/enable_table_encryption.yaml b/checks/cloud/aws/sam/enable_table_encryption.yaml index 97c945f1..9377dd16 100644 --- a/checks/cloud/aws/sam/enable_table_encryption.yaml +++ b/checks/cloud/aws/sam/enable_table_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodFunction: Type: AWS::Serverless::SimpleTable @@ -9,7 +9,7 @@ cloudformation: SSEEnabled: true TableName: GoodTable bad: - - | + - |- Resources: BadFunction: Type: AWS::Serverless::SimpleTable @@ -17,7 +17,7 @@ cloudformation: SSESpecification: SSEEnabled: false TableName: Bad Table - - | + - |- Resources: BadFunction: Type: AWS::Serverless::SimpleTable diff --git a/checks/cloud/aws/sns/enable_topic_encryption.yaml b/checks/cloud/aws/sns/enable_topic_encryption.yaml index 9ffc0009..f9a762d2 100644 --- a/checks/cloud/aws/sns/enable_topic_encryption.yaml +++ b/checks/cloud/aws/sns/enable_topic_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodTopic: Type: AWS::SQS::Topic @@ -8,7 +8,7 @@ cloudformation: KmsMasterKeyId: some-key TopicName: blah bad: - - | + - |- Resources: BadTopic: Type: AWS::SNS::Topic diff --git a/checks/cloud/aws/sns/topic_encryption_with_cmk.yaml b/checks/cloud/aws/sns/topic_encryption_with_cmk.yaml index 0f6ae981..923e20e0 100644 --- a/checks/cloud/aws/sns/topic_encryption_with_cmk.yaml +++ b/checks/cloud/aws/sns/topic_encryption_with_cmk.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodTopic: Type: AWS::SQS::Topic @@ -8,7 +8,7 @@ cloudformation: KmsMasterKeyId: some-key TopicName: blah bad: - - | + - |- Resources: BadTopic: Type: AWS::SNS::Topic diff --git a/checks/cloud/aws/sqs/enable_queue_encryption.yaml b/checks/cloud/aws/sqs/enable_queue_encryption.yaml index d7782595..116e8a81 100644 --- a/checks/cloud/aws/sqs/enable_queue_encryption.yaml +++ b/checks/cloud/aws/sqs/enable_queue_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of queue @@ -12,7 +12,7 @@ cloudformation: KmsMasterKeyId: some-key QueueName: my-queue bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of queue diff --git a/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.yaml b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.yaml index a16797b0..6057d674 100644 --- a/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.yaml +++ b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of queue policy @@ -27,7 +27,7 @@ cloudformation: Queues: - !Ref MyQueue bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of queue policy diff --git a/checks/cloud/aws/sqs/queue_encryption_with_cmk.yaml b/checks/cloud/aws/sqs/queue_encryption_with_cmk.yaml index 6cb378f7..00e827df 100644 --- a/checks/cloud/aws/sqs/queue_encryption_with_cmk.yaml +++ b/checks/cloud/aws/sqs/queue_encryption_with_cmk.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of queue @@ -12,7 +12,7 @@ cloudformation: KmsMasterKeyId: some-key QueueName: my-queue bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of queue diff --git a/checks/cloud/aws/ssm/secret_use_customer_key.yaml b/checks/cloud/aws/ssm/secret_use_customer_key.yaml index 3e18d2a1..88e95961 100644 --- a/checks/cloud/aws/ssm/secret_use_customer_key.yaml +++ b/checks/cloud/aws/ssm/secret_use_customer_key.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Good example of ingress rule @@ -14,7 +14,7 @@ cloudformation: Name: blah SecretString: don't tell anyone bad: - - | + - |- AWSTemplateFormatVersion: "2010-09-09" Description: Bad example of secret diff --git a/checks/cloud/aws/workspaces/enable_disk_encryption.yaml b/checks/cloud/aws/workspaces/enable_disk_encryption.yaml index 563042bf..d8766746 100644 --- a/checks/cloud/aws/workspaces/enable_disk_encryption.yaml +++ b/checks/cloud/aws/workspaces/enable_disk_encryption.yaml @@ -1,6 +1,6 @@ cloudformation: good: - - | + - |- Resources: GoodExample: Type: AWS::WorkSpaces::Workspace @@ -8,7 +8,7 @@ cloudformation: RootVolumeEncryptionEnabled: true UserName: admin UserVolumeEncryptionEnabled: true - - | + - |- Resources: GoodExample: Type: AWS::WorkSpaces::Workspace @@ -17,7 +17,7 @@ cloudformation: UserName: admin UserVolumeEncryptionEnabled: true bad: - - | + - |- Resources: BadExample: Type: AWS::WorkSpaces::Workspace @@ -25,7 +25,7 @@ cloudformation: RootVolumeEncryptionEnabled: false UserName: admin UserVolumeEncryptionEnabled: false - - | + - |- Resources: BadExample: Type: AWS::WorkSpaces::Workspace diff --git a/cmd/avd_generator/main_test.go b/cmd/avd_generator/main_test.go index d27e1c38..e415478b 100644 --- a/cmd/avd_generator/main_test.go +++ b/cmd/avd_generator/main_test.go @@ -37,9 +37,9 @@ resource "aws_rds_cluster" "good_example" { require.NoError(t, err) assert.Contains(t, string(b), `Resources: GoodExample: + Type: AWS::RDS::DBInstance Properties: BackupRetentionPeriod: 30 - Type: AWS::RDS::DBInstance `) // check rego policies @@ -54,7 +54,7 @@ resource "aws_db_instance" "good_example" { require.NoError(t, err) assert.Contains(t, string(b), `Resources: GoodExample: + Type: AWS::RDS::DBInstance Properties: - PubliclyAccessible: false - Type: AWS::RDS::DBInstance`) + PubliclyAccessible: false`) } diff --git a/internal/examples/examples.go b/internal/examples/examples.go index e0c93813..cd569fac 100644 --- a/internal/examples/examples.go +++ b/internal/examples/examples.go @@ -80,10 +80,14 @@ func (e ProviderExamples) IsEmpty() bool { } func (b blockString) MarshalYAML() (interface{}, error) { + value := string(b) + if len(value) > 0 && value[len(value)-1] == '\n' { + value = value[:len(value)-1] // Remove last '\n' + } return &yaml.Node{ Kind: yaml.ScalarNode, Style: yaml.LiteralStyle, - Value: string(b), + Value: value, }, nil }