diff --git a/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json b/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json index 94c51fdb33d..944a8eebb9f 100644 --- a/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json +++ b/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json @@ -4,9 +4,9 @@ "severity": "MEDIUM", "category": "Secret Management", "descriptionText": "ConfigRule should enforce access keys to be rotated within 90 days.", - "descriptionUrl": "https://docs.amazonaws.cn/en_us/config/latest/developerguide/access-keys-rotated.html", + "descriptionUrl": "https://docs.aws.amazon.com//en_us/config/latest/developerguide/access-keys-rotated.html", "platform": "CloudFormation", "descriptionID": "148d40cb", "cloudProvider": "aws", "cwe": "522" -} \ No newline at end of file +} diff --git a/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json b/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json index 5a6489730a9..60460927818 100644 --- a/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json @@ -4,9 +4,9 @@ "severity": "LOW", "category": "Best Practices", "descriptionText": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", - "descriptionUrl": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", + "descriptionUrl": "https://docs.aws.amazon.com//en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", "platform": "CloudFormation", "descriptionID": "24a6978e", "cloudProvider": "aws", "cwe": "778" -} \ No newline at end of file +} diff --git a/docs/queries/all-queries.md b/docs/queries/all-queries.md index 9da31cf5ac4..d6486509557 100644 --- a/docs/queries/all-queries.md +++ b/docs/queries/all-queries.md @@ -460,7 +460,7 @@ This page contains all queries. |S3 Bucket CloudTrail Logging Disabled
c3ce69fd-e3df-49c6-be78-1db3f802261c|CloudFormation|Medium|Observability|Query details
Documentation
| |S3 Bucket Logging Disabled
4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c|CloudFormation|Medium|Observability|Query details
Documentation
| |VPC FlowLogs Disabled
f6d299d2-21eb-41cc-b1e1-fe12d857500b|CloudFormation|Medium|Observability|Query details
Documentation
| -|High Access Key Rotation Period
800fa019-49dd-421b-9042-7331fdd83fa2|CloudFormation|Medium|Secret Management|Query details
Documentation
| +|High Access Key Rotation Period
800fa019-49dd-421b-9042-7331fdd83fa2|CloudFormation|Medium|Secret Management|Query details
Documentation
| |IAM User With No Group
06933df4-0ea7-461c-b9b5-104d27390e0e|CloudFormation|Low|Access Control|Query details
Documentation
| |Support Has No Role Associated
d71b5fd7-9020-4b2d-9ec8-b3839faa2744|CloudFormation|Low|Access Control|Query details
Documentation
| |EBS Volume Not Attached To Instances
1819ac03-542b-4026-976b-f37addd59f3b|CloudFormation|Low|Availability|Query details
Documentation
| @@ -472,7 +472,7 @@ This page contains all queries. |CDN Configuration Is Missing
e4f54ff4-d352-40e8-a096-5141073c37a2|CloudFormation|Low|Best Practices|Query details
Documentation
| |Cognito UserPool Without MFA
74a18d1a-cf02-4a31-8791-ed0967ad7fdc|CloudFormation|Low|Best Practices|Query details
Documentation
| |Geo Restriction Disabled
7f8843f0-9ea5-42b4-a02b-753055113195|CloudFormation|Low|Best Practices|Query details
Documentation
| -|IAM Access Analyzer Not Enabled
8d29754a-2a18-460d-a1ba-9509f8d359da|CloudFormation|Low|Best Practices|Query details
Documentation
| +|IAM Access Analyzer Not Enabled
8d29754a-2a18-460d-a1ba-9509f8d359da|CloudFormation|Low|Best Practices|Query details
Documentation
| |IAM Password Without Minimum Length
b1b20ae3-8fa7-4af5-a74d-a2145920fcb1|CloudFormation|Low|Best Practices|Query details
Documentation
| |IAM Policies Without Groups
5e7acff5-095b-40ac-9073-ac2e4ad8a512|CloudFormation|Low|Best Practices|Query details
Documentation
| |Lambda Permission Misconfigured
9b83114b-b2a1-4534-990d-06da015e47aa|CloudFormation|Low|Best Practices|Query details
Documentation
| diff --git a/docs/queries/cloudformation-queries.md b/docs/queries/cloudformation-queries.md index f743d743ee6..b6f4624a739 100644 --- a/docs/queries/cloudformation-queries.md +++ b/docs/queries/cloudformation-queries.md @@ -194,7 +194,7 @@ Below are listed queries related to CloudFormation AWS: |S3 Bucket CloudTrail Logging Disabled
c3ce69fd-e3df-49c6-be78-1db3f802261c|Medium|Observability|Query details
Documentation
| |S3 Bucket Logging Disabled
4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c|Medium|Observability|Query details
Documentation
| |VPC FlowLogs Disabled
f6d299d2-21eb-41cc-b1e1-fe12d857500b|Medium|Observability|Query details
Documentation
| -|High Access Key Rotation Period
800fa019-49dd-421b-9042-7331fdd83fa2|Medium|Secret Management|Query details
Documentation
| +|High Access Key Rotation Period
800fa019-49dd-421b-9042-7331fdd83fa2|Medium|Secret Management|Query details
Documentation
| |IAM User With No Group
06933df4-0ea7-461c-b9b5-104d27390e0e|Low|Access Control|Query details
Documentation
| |Support Has No Role Associated
d71b5fd7-9020-4b2d-9ec8-b3839faa2744|Low|Access Control|Query details
Documentation
| |EBS Volume Not Attached To Instances
1819ac03-542b-4026-976b-f37addd59f3b|Low|Availability|Query details
Documentation
| @@ -206,7 +206,7 @@ Below are listed queries related to CloudFormation AWS: |CDN Configuration Is Missing
e4f54ff4-d352-40e8-a096-5141073c37a2|Low|Best Practices|Query details
Documentation
| |Cognito UserPool Without MFA
74a18d1a-cf02-4a31-8791-ed0967ad7fdc|Low|Best Practices|Query details
Documentation
| |Geo Restriction Disabled
7f8843f0-9ea5-42b4-a02b-753055113195|Low|Best Practices|Query details
Documentation
| -|IAM Access Analyzer Not Enabled
8d29754a-2a18-460d-a1ba-9509f8d359da|Low|Best Practices|Query details
Documentation
| +|IAM Access Analyzer Not Enabled
8d29754a-2a18-460d-a1ba-9509f8d359da|Low|Best Practices|Query details
Documentation
| |IAM Password Without Minimum Length
b1b20ae3-8fa7-4af5-a74d-a2145920fcb1|Low|Best Practices|Query details
Documentation
| |IAM Policies Without Groups
5e7acff5-095b-40ac-9073-ac2e4ad8a512|Low|Best Practices|Query details
Documentation
| |Lambda Permission Misconfigured
9b83114b-b2a1-4534-990d-06da015e47aa|Low|Best Practices|Query details
Documentation
| diff --git a/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md b/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md index 59678010aa1..ada780a757e 100644 --- a/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md +++ b/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md @@ -25,7 +25,7 @@ hide: ### Description ConfigRule should enforce access keys to be rotated within 90 days.
-[Documentation](https://docs.amazonaws.cn/en_us/config/latest/developerguide/access-keys-rotated.html) +[Documentation](https://docs.aws.amazon.com/en_us/config/latest/developerguide/access-keys-rotated.html) ### Code samples #### Code samples with security vulnerabilities diff --git a/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md b/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md index 5e429d5b424..988e9886e94 100644 --- a/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md +++ b/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md @@ -25,7 +25,7 @@ hide: ### Description IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
-[Documentation](https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html) +[Documentation](https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html) ### Code samples #### Code samples with security vulnerabilities diff --git a/e2e/fixtures/E2E_CLI_031_RESULT.html b/e2e/fixtures/E2E_CLI_031_RESULT.html index 00f1649e8ff..b08e241c346 100644 --- a/e2e/fixtures/E2E_CLI_031_RESULT.html +++ b/e2e/fixtures/E2E_CLI_031_RESULT.html @@ -60,7 +60,7 @@ Found: 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property
50 ContainerDefinitions:
51 - Name: simple-app
52 Cpu: 10
File: /path/e2e/fixtures/samples/positive.yaml Line 67
Expected: 'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property Found: 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property
66 - ContainerPort: 80
67 - Name: busybox
68 Cpu: 10

IAM Access Analyzer Not Enabled

Platform: CloudFormation -Category: Best Practices
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissionshttps://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
Results (1)
File: /path/e2e/fixtures/samples/positive.yaml +Category: Best Practices
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissionshttps://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
Results (1)
File: /path/e2e/fixtures/samples/positive.yaml Line 9
Expected: 'AWS::AccessAnalyzer::Analyzer' should be set Found: 'AWS::AccessAnalyzer::Analyzer' is undefined
8 Description: Select at two subnets in your selected VPC.
9Resources:
10 ECSCluster:

Secrets Manager Should Specify KmsKeyId

Platform: CloudFormation Category: Secret Management
Secrets Manager Secret should explicitly specify KmsKeyId, this will allow the secret to be shared cross-accounthttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html
Results (1)
File: /path/e2e/fixtures/samples/positive.yaml @@ -82,4 +82,4 @@ -
The KICS project is powered by Checkmarx, global leader of Application Security Testing
\ No newline at end of file +
The KICS project is powered by Checkmarx, global leader of Application Security Testing
diff --git a/e2e/fixtures/E2E_CLI_032_RESULT.json b/e2e/fixtures/E2E_CLI_032_RESULT.json index df191bf70a8..b951b185607 100644 --- a/e2e/fixtures/E2E_CLI_032_RESULT.json +++ b/e2e/fixtures/E2E_CLI_032_RESULT.json @@ -482,7 +482,7 @@ { "query_name": "IAM Access Analyzer Not Enabled", "query_id": "8d29754a-2a18-460d-a1ba-9509f8d359da", - "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", + "query_url": "https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", "severity": "LOW", "platform": "CloudFormation", "cwe": "778", diff --git a/e2e/fixtures/E2E_CLI_040_RESULT.html b/e2e/fixtures/E2E_CLI_040_RESULT.html index 3a4cd3b6cad..131c078087f 100755 --- a/e2e/fixtures/E2E_CLI_040_RESULT.html +++ b/e2e/fixtures/E2E_CLI_040_RESULT.html @@ -60,7 +60,7 @@ Found: 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property
50 ContainerDefinitions:
51 - Name: simple-app
52 Cpu: 10
File: \path\e2e\fixtures\samples\positive.yaml Line 67
Expected: 'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property Found: 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property
66 - ContainerPort: 80
67 - Name: busybox
68 Cpu: 10

IAM Access Analyzer Not Enabled

Platform: CloudFormation -Category: Best Practices
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissionshttps://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
Results (1)
File: \path\e2e\fixtures\samples\positive.yaml +Category: Best Practices
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissionshttps://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
Results (1)
File: \path\e2e\fixtures\samples\positive.yaml Line 9
Expected: 'AWS::AccessAnalyzer::Analyzer' should be set Found: 'AWS::AccessAnalyzer::Analyzer' is undefined
8 Description: Select at two subnets in your selected VPC.
9Resources:
10 ECSCluster:

Secrets Manager Should Specify KmsKeyId

Platform: CloudFormation Category: Secret Management
Secrets Manager Secret should explicitly specify KmsKeyId, this will allow the secret to be shared cross-accounthttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html
Results (1)
File: \path\e2e\fixtures\samples\positive.yaml @@ -82,4 +82,4 @@ -
The KICS project is powered by Checkmarx, global leader of Application Security Testing
\ No newline at end of file +
The KICS project is powered by Checkmarx, global leader of Application Security Testing
diff --git a/e2e/fixtures/E2E_CLI_092_RESULT.json b/e2e/fixtures/E2E_CLI_092_RESULT.json index bddc0661f41..38ece5b260f 100644 --- a/e2e/fixtures/E2E_CLI_092_RESULT.json +++ b/e2e/fixtures/E2E_CLI_092_RESULT.json @@ -141,7 +141,7 @@ { "query_name": "IAM Access Analyzer Not Enabled", "query_id": "8d29754a-2a18-460d-a1ba-9509f8d359da", - "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", + "query_url": "https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", "severity": "LOW", "platform": "CloudFormation", "cwe": "778",