From eceb609c4dc8bff29e4db447225f17bc4eac4dbb Mon Sep 17 00:00:00 2001
From: Simar <simar@linux.com>
Date: Tue, 9 Apr 2024 17:49:02 -0600
Subject: [PATCH] update docs

---
 .../aws/cloudfront/AVD-AWS-0013/Terraform.md    |  2 +-
 avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md    |  2 +-
 .../cloudtrail/AVD-AWS-0015/CloudFormation.md   |  4 +---
 .../aws/cloudtrail/AVD-AWS-0015/Terraform.md    |  2 +-
 avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md    |  6 ++----
 avd_docs/aws/iam/AVD-AWS-0123/Terraform.md      |  8 ++++----
 .../azure/database/AVD-AZU-0027/Terraform.md    | 17 ++++++++---------
 avd_docs/dockerfile/general/AVD-DS-0017/docs.md |  2 +-
 8 files changed, 19 insertions(+), 24 deletions(-)

diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md b/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
index 87370c92..98151403 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
@@ -4,7 +4,7 @@ Use the most modern TLS/SSL policies available
 ```hcl
  resource "aws_cloudfront_distribution" "good_example" {
    viewer_certificate {
-     cloudfront_default_certificate = false
+     cloudfront_default_certificate = aws_acm_certificate.example.arn
      minimum_protocol_version = "TLSv1.2_2021"
    }
  }
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md b/avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md
index 544f9975..fc83dffe 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md
@@ -1,7 +1,7 @@
 
 You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.
 		
-Note: that setting *minimum_protocol_version = "TLSv1.2_2021"* is only possible when *cloudfront_default_certificate* is false (eg. you are not using the cloudfront.net domain name). 
+Note: that setting *minimum_protocol_version = "TLSv1.2_2021"* is only possible when *cloudfront_default_certificate* is false (eg. you are not using the cloudfront.net domain name) and *ssl_support_method* is *sni-only*. 
 If *cloudfront_default_certificate* is true then the Cloudfront API will only allow setting *minimum_protocol_version = "TLSv1"*, and setting it to any other value will result in a perpetual diff in your *terraform plan*'s. 
 The only option when using the cloudfront.net domain name is to ignore this rule.
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
index d77fd90c..b17b69fe 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
@@ -1,5 +1,5 @@
 
-Use Customer managed key
+Enable encryption at rest
 
 ```yaml---
 Resources:
@@ -15,6 +15,4 @@ Resources:
 
 ```
 
-#### Remediation Links
- - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html#cfn-cloudtrail-trail-kmskeyid
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
index 42edae5a..befbea4f 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
@@ -1,5 +1,5 @@
 
-Use Customer managed key
+Enable encryption at rest
 
 ```hcl
  resource "aws_cloudtrail" "good_example" {
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md
index 88770c40..5f8bc940 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md
@@ -1,8 +1,8 @@
 
-Using Customer managed keys provides comprehensive control over cryptographic keys, enabling management of policies, permissions, and rotation, thus enhancing security and compliance measures for sensitive data and systems.
+Cloudtrail logs should be encrypted at rest to secure the sensitive data. Cloudtrail logs record all activity that occurs in the the account through API calls and would be one of the first places to look when reacting to a breach.
 
 ### Impact
-Using AWS managed keys does not allow for fine grained control
+Data can be freely read if compromised
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
@@ -10,6 +10,4 @@ Using AWS managed keys does not allow for fine grained control
 ### Links
 - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
 
-- https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt
-
 
diff --git a/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md
index a2d54374..c1ac8a8e 100644
--- a/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md
@@ -5,7 +5,7 @@ Use terraform-module/enforce-mfa/aws to ensure that MFA is enforced
 resource "aws_iam_group" "support" {
   name =  "support"
 }
-resource "aws_iam_group_policy" "mfa" {
+resource aws_iam_group_policy mfa {
    
     group = aws_iam_group.support.name
     policy = <<EOF
@@ -33,7 +33,7 @@ EOF
 resource "aws_iam_group" "support" {
   name =  "support"
 }
-resource "aws_iam_policy" "mfa" {
+resource aws_iam_policy mfa {
    
     name = "something"
     policy = <<EOF
@@ -55,7 +55,7 @@ resource "aws_iam_policy" "mfa" {
 }
 EOF
 }
-resource "aws_iam_group_policy_attachment" "attach" {
+resource aws_iam_group_policy_attachment attach {
     group = aws_iam_group.support.name
     policy_arn = aws_iam_policy.mfa.id
 }
@@ -65,7 +65,7 @@ resource "aws_iam_group_policy_attachment" "attach" {
 resource "aws_iam_group" "support" {
   name =  "support"
 }
-resource "aws_iam_group_policy" "mfa" {
+resource aws_iam_group_policy mfa {
   group = aws_iam_group.support.name
   policy = data.aws_iam_policy_document.combined.json
 }
diff --git a/avd_docs/azure/database/AVD-AZU-0027/Terraform.md b/avd_docs/azure/database/AVD-AZU-0027/Terraform.md
index 9170b1bd..81b53090 100644
--- a/avd_docs/azure/database/AVD-AZU-0027/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0027/Terraform.md
@@ -9,18 +9,17 @@ Enable auditing on Azure SQL databases
    version                      = "12.0"
    administrator_login          = "mradministrator"
    administrator_login_password = "tfsecRocks"
- }
-
- resource "azurerm_mssql_server_extended_auditing_policy" "example" {
-  server_id                               = azurerm_sql_server.good_example.id
-  storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
-  storage_account_access_key              = azurerm_storage_account.example.primary_access_key
-  storage_account_access_key_is_secondary = true
-  retention_in_days                       = 6
+ 
+   extended_auditing_policy {
+     storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
+     storage_account_access_key              = azurerm_storage_account.example.primary_access_key
+     storage_account_access_key_is_secondary = true
+     retention_in_days                       = 6
+   }
  }
  
 ```
 
 #### Remediation Links
- - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_extended_auditing_policy
+ - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#extended_auditing_policy
 
diff --git a/avd_docs/dockerfile/general/AVD-DS-0017/docs.md b/avd_docs/dockerfile/general/AVD-DS-0017/docs.md
index 0f12f6db..383a854b 100644
--- a/avd_docs/dockerfile/general/AVD-DS-0017/docs.md
+++ b/avd_docs/dockerfile/general/AVD-DS-0017/docs.md
@@ -8,6 +8,6 @@ The instruction 'RUN <package-manager> update' should always be followed by '<pa
 {{ remediationActions }}
 
 ### Links
-- https://docs.docker.com/develop/develop-images/instructions/#run
+- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run