Merge pull request #20 from epam/added_index

upd: added index(comment) to all rules

non-compatible-policies/ecc-aws-005-rds_not_open_to_large_scope.yml

@@ -16,3 +16,4 @@ policies:
         value:
           - "0.0.0.0/0"
           - "::/0"
+    comment: '0024062000'

non-compatible-policies/ecc-aws-010-http_elb_certificate_expire_in_one_week.yml

@@ -19,4 +19,4 @@ policies:
         key: 'NotAfter'
         op: lt
         value: 7
-
+    comment: '0029022000'

non-compatible-policies/ecc-aws-011-http_elb_certificate_expire_in_one_month.yml

@@ -19,4 +19,4 @@ policies:
         key: 'NotAfter'
         op: lt
         value: 30
-
+    comment: '0029022000'

non-compatible-policies/ecc-aws-021-ebs-volume_without_recent_snapshot.yml

@@ -14,4 +14,4 @@ policies:
           - type: snapshot-age
             op: le
             days: 14
-
+    comment: '0049042000'

non-compatible-policies/ecc-aws-052-cloudtrail_enabled_in_all_regions.yml

@@ -16,4 +16,4 @@ policies:
         selectorList: selectorList[?AdvancedEventSelectors[?FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Management')==`true`]] && !(FieldSelectors[?Field=='readOnly']) && !(FieldSelectors[?Field=='eventSource'])] || EventSelectors[?IncludeManagementEvents==`true` && ReadWriteType=='All']]
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-054-iam_policies_full_administrative_privileges.yml

@@ -12,4 +12,4 @@ policies:
     filters:
       - type: used
       - type: has-allow-all
-
+    comment: '0022000301'

non-compatible-policies/ecc-aws-056-iam_user_with_password_and_unused_access_keys.yml

@@ -20,4 +20,4 @@ policies:
       - type: credential
         key: access_keys.last_used_date
         value: null
-
+    comment: '0033000301'

non-compatible-policies/ecc-aws-058-ensure_support_role_created_to_manage_incidents.yml

@@ -12,4 +12,4 @@ policies:
     filters:
       - type: account-iam-role-light-filter
         value: AWSSupportAccess
-
+    comment: '0022000301'

non-compatible-policies/ecc-aws-067-unauthorized_api_calls_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "\\(\\(\\$\\.errorCode=\"\\*UnauthorizedOperation\"\\) ?\\|\\| ?\\(\\$\\.errorCode=\"AccessDenied\\*\"\\)\\) ?&& ?\\(\\(\\$\\.sourceIPAddress!=(\")?delivery\\.logs\\.amazonaws\\.com(\")?\\) ?&& ?\\(\\$\\.eventName!=(\")?HeadBucket(\")?\\)\\)"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-068-s3_bucket_cloudtrail_logs_not_publicly_accessible.yml

@@ -27,4 +27,4 @@ policies:
             key: PublicAccessBlockConfiguration.RestrictPublicBuckets
             op: eq
             value: false
-
+    comment: '0040010300'

non-compatible-policies/ecc-aws-069-s3_bucket_should_not_allow_all_actions_from_all_principals.yml

@@ -15,3 +15,4 @@ policies:
           - Effect: Allow
             Action: '*'
             Principal: '*'
+    comment: '0033042001'

non-compatible-policies/ecc-aws-077-sign_in_without_mfa_alarm_exist.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "\\(\\$\\.eventName ?= ?\"ConsoleLogin\"\\) ?&& ?\\(\\$\\.additionalEventData.MFAUsed ?!= ?\"Yes\"\\) ?&& ?\\(\\$\\.userIdentity\\.type ?= ?\"IAMUser\"\\) ?&& ?\\(\\$.responseElements\\.ConsoleLogin ?= ?\"Success\"\\)"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-078-root_usage_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.userIdentity\\.type ?= ?\"Root\" ?(\\))? ?\\&\\& ?(\\(?) ?\\$\\.userIdentity\\.invokedBy NOT EXISTS ?(\\))? ?&& ?(\\()? ?\\$\\.eventType ?!= ?\"AwsServiceEvent\" ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-079-iam_policy_changes_alarm_exist.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName=DeleteGroupPolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DeleteRolePolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DeleteUserPolicy(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=PutGroupPolicy(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=PutRolePolicy(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=PutUserPolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=CreatePolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DeletePolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=CreatePolicyVersion ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DeletePolicyVersion(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=AttachRolePolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DetachRolePolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=AttachUserPolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DetachUserPolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=AttachGroupPolicy ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName=DetachGroupPolicy ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-080-cloudtrail_configuration_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?CreateTrail(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?UpdateTrail(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteTrail(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?StartLogging(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?StopLogging(\")? ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-081-console_auth_failure_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?ConsoleLogin(\")? ?(\\))? ?&& ?(\\()? ?\\$\\.errorMessage ?= ?(\")?Failed authentication(\")? ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-082-cmk_key_disabling_or_deletion_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventSource ?= ?(\")?kms\\.amazonaws\\.com(\")? ?(\\))? ?&& ?\\((\\()? ?\\$\\.eventName ?= ?(\")?DisableKey(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?ScheduleKeyDeletion(\")? ?(\\))?\\)"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-084-cloudtrail_bucket_logging_enabled.yml

@@ -12,4 +12,4 @@ policies:
     filters:
       - type: cloudtrail-s3-logging
         enabled: false
-
+    comment: '0019010300'

non-compatible-policies/ecc-aws-086-lambda_with_admin_privileges.yml

@@ -21,4 +21,4 @@ policies:
           - key: Action
             op: eq
             value: "*"
-
+    comment: '0033030400'

non-compatible-policies/ecc-aws-094-s3_bucket_policy_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventSource ?= ?(\")?s3\\.amazonaws\\.com(\")? ?(\\))? ?&& ?\\((\\()? ?\\$\\.eventName ?= ?(\")?PutBucketAcl(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?PutBucketPolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?PutBucketCors(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?PutBucketLifecycle(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?PutBucketReplication(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteBucketPolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteBucketCors(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteBucketLifecycle(\")? ?(\\)) ?\\|\\| ?(\\() ?\\$\\.eventName ?= ?(\")?DeleteBucketReplication(\")? ?(\\))? ?\\)"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-095-aws_config_configuration_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventSource ?= ?(\")?config\\.amazonaws\\.com(\")? ?(\\))? ?&& ?\\((\\()? ?\\$\\.eventName ?= ?(\")?StopConfigurationRecorder(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteDeliveryChannel(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?PutDeliveryChannel(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?PutConfigurationRecorder(\")? ?(\\))? ?\\)"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-096-security_group_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?AuthorizeSecurityGroupIngress(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?AuthorizeSecurityGroupEgress(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?RevokeSecurityGroupIngress(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?RevokeSecurityGroupEgress(\")? ?(\\))? ?\\|\\| ?(\\()?\\$\\.eventName ?= ?(\")?CreateSecurityGroup(\")? ?(\\))? ?\\|\\| ?(\\()?\\$\\.eventName ?= ?(\")?DeleteSecurityGroup(\")? ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-097-network_access_control_lists_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?CreateNetworkAcl(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?CreateNetworkAclEntry(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteNetworkAcl(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteNetworkAclEntry(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?ReplaceNetworkAclEntry(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?ReplaceNetworkAclAssociation(\")? ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-098-network_gateways_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?CreateCustomerGateway(\")?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteCustomerGateway(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?AttachInternetGateway(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?CreateInternetGateway(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteInternetGateway(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DetachInternetGateway(\")? ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-099-route_table_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?CreateRoute(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?CreateRouteTable(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?ReplaceRoute(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?ReplaceRouteTableAssociation(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteRouteTable(\")? ?(\\))? ?\\|\\| ?(\\()?\\$\\.eventName ?= ?(\")?DeleteRoute(\")? ?(\\)) ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DisassociateRouteTable(\")? ?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-100-vpc_changes_alarm_exists.yml

@@ -17,4 +17,4 @@ policies:
         configurationChangesAlarmList: "(\\()? ?\\$\\.eventName ?= ?(\")?CreateVpc(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteVpc(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?ModifyVpcAttribute(\")? ?(\\)) ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?AcceptVpcPeeringConnection(\")? ?(\\))? ?\\|\\| ?(\\()?\\$\\.eventName ?= ?(\")?CreateVpcPeeringConnection(\")?(\\))? ?\\|\\| ?(\\()?\\$\\.eventName ?= ?(\")?DeleteVpcPeeringConnection(\")? ?(\\)) ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?RejectVpcPeeringConnection(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?AttachClassicLinkVpc(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DetachClassicLinkVpc(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DisableVpcClassicLink(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?EnableVpcClassicLink(\")?(\\))?"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-105-kinesis_streams_keys_are_rotated.yml

@@ -19,3 +19,4 @@ policies:
             key: EncryptionType
             op: eq
             value: NONE
+    comment: '0029052000'

non-compatible-policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml

@@ -14,3 +14,4 @@ policies:
         key: Encrypted
         op: eq
         value: false
+    comment: '0043082000'

non-compatible-policies/ecc-aws-118-ecs_cluster_have_empty_roles_for_service_task_definitions.yml

@@ -11,4 +11,4 @@ policies:
     resource: ecs-service
     filters:
       - type: ecs-task-definition-filter
-
+    comment: '0033082000'

non-compatible-policies/ecc-aws-131-instance_with_unencrypted_service_is_exposed_to_public_internet.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 9200, 9300, 11211, 27017, 61620, 9090, 22, 389, 1521, 2483, 6379, 7000, 7199, 8888, 9042, 9160, 3389
         egress: false
         cidr: ["0.0.0.0/0", "::/0"]
+    comment: '0040092000'

non-compatible-policies/ecc-aws-132-public_instance_with_sensitive_service_is_exposed_to_entire_internet.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 135, 636, 1433, 2383, 2484, 3306, 5432, 7001, 9000, 11214, 11215, 23, 445, 25, 110, 137, 138, 139, 161, 53, 3000, 3020, 4505, 4506, 8000, 8080, 5500, 5900, 1434, 2382, 8140, 27018, 61621
         egress: false
         cidr: ["0.0.0.0/0", "::/0"]
+    comment: '0040032000'

non-compatible-policies/ecc-aws-134-clb_with_sensitive_service_is_exposed_to_entire_internet.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 135, 636, 2383, 2484, 3306, 5432, 7001, 9000, 11214, 11215, 23, 445, 25, 110, 137, 138, 139, 161, 53, 3000, 3020, 4505, 4506, 8000, 8080, 5500, 5900, 1434, 2382, 8140, 27018, 61621, 1433
         egress: false
         cidr: ["0.0.0.0/0", "::/0"]
+    comment: '0040022000'

non-compatible-policies/ecc-aws-135-clb_with_unencrypted_service_is_exposed_to_public_internet.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 22, 3389, 9090, 389, 1521, 2483, 6379, 7000, 7199, 8888, 9042, 9160, 9200, 9300, 11211, 27017, 61620
         egress: false
         cidr: ["0.0.0.0/0", "::/0"]
+    comment: '0040022000'

non-compatible-policies/ecc-aws-136-alb_with_sensitive_service_is_exposed_to_entire_internet.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 61621, 8140, 2382, 1434, 5900, 5500, 8080, 8000, 4506, 4505, 3020, 3000, 53, 161, 139, 138, 137, 110, 25, 445, 23, 11215, 27018, 11214, 9000, 7001, 5432, 3306, 2484, 2383, 1433, 636, 135
         egress: false
         cidr: ["0.0.0.0/0", "::/0"]
+    comment: '0040022000'

non-compatible-policies/ecc-aws-137-alb_with_unencrypted_service_is_exposed_to_public_internet.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 22, 3389, 9090, 389, 1521, 2483, 6379, 7000, 7199, 8888, 9042, 9160, 9200, 9300, 11211, 27017, 61620
         egress: false
         cidr: ["0.0.0.0/0", "::/0"]
+    comment: '0040022000'

non-compatible-policies/ecc-aws-143-bucket_object-level_logging_for_write_enabled.yml

@@ -16,4 +16,4 @@ policies:
         selectorList: selectorList[?EventSelectors[?DataResources[?Type=='AWS::S3::Object' && Values==['arn:aws:s3']] && (ReadWriteType=='All' || ReadWriteType=='WriteOnly' )] || AdvancedEventSelectors[?FieldSelectors[?Equals[?contains(@, 'AWS::S3::Object')==`true`] && Field == 'resources.type'] && FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Data')==`true`]] && !(FieldSelectors[?Field=='resources.ARN']) && ( !(FieldSelectors[?Field=='readOnly']) || (FieldSelectors[?contains(values(@), 'readOnly') && Equals[?contains(@, 'true')==`false`]] ))]]
         op: eq
         value: 0
-
+    comment: '0019010300'

non-compatible-policies/ecc-aws-144-bucket_object-level_logging_for_read_enabled.yml

@@ -16,4 +16,4 @@ policies:
         selectorList: selectorList[?EventSelectors[?DataResources[?Type=='AWS::S3::Object'] && (ReadWriteType=='All' || ReadWriteType=='ReadOnly' )] || AdvancedEventSelectors[?FieldSelectors[? Equals[?contains(@, 'AWS::S3::Object')==`true`] && Field == 'resources.type'] && FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Data')==`true`]] && ( !(FieldSelectors[?Field=='readOnly']) || (FieldSelectors[?contains(values(@), 'readOnly') && Equals[?contains(@, 'true')==`true`]] ))]]
         op: eq
         value: 0
-
+    comment: '0019010300'

non-compatible-policies/ecc-aws-145-organizations_changes_alarm_exists.yml

@@ -24,4 +24,4 @@ policies:
         configurationChangesAlarmList: "{ ?(\\()? ?\\$\\.eventSource ?= ?organizations\\.amazonaws\\.com(\\))? ?&& ?\\( ?(\\()? ?\\$\\.eventName ?= ?(\")?AcceptHandshake(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?AttachPolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?CreateAccount(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?CreateOrganizationalUnit(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?CreatePolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeclineHandshake(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteOrganization(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeleteOrganizationalUnit(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DeletePolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DetachPolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?DisablePolicyType(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?EnablePolicyType(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?InviteAccountToOrganization(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?LeaveOrganization(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?MoveAccount(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?RemoveAccountFromOrganization(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?UpdatePolicy(\")? ?(\\))? ?\\|\\| ?(\\()? ?\\$\\.eventName ?= ?(\")?UpdateOrganizationalUnit(\")? ?(\\))? ?\\) ?}"
         op: eq
         value: 0
-
+    comment: '0016010300'

non-compatible-policies/ecc-aws-146-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports.yml

@@ -15,3 +15,4 @@ policies:
         required-ports: 22,3389
         cidr: 0.0.0.0/0
         rule-action: allow
+    comment: '0024020300'

non-compatible-policies/ecc-aws-154-elasticsearch_domains_have_at_least_three_data_nodes.yml

@@ -27,4 +27,4 @@ policies:
                 op: eq
               - not:
                   - type: elasticsearch-domain-filter
-
+    comment: '0050052000'

non-compatible-policies/ecc-aws-159-rds_critical_cluster_events_notification_exists.yml

@@ -15,4 +15,4 @@ policies:
         key: SourceType=='db-cluster' && SourceIdsList==null && ( EventCategoriesList==null || (EventCategoriesList.contains(@, 'failure')==`true` && EventCategoriesList.contains(@'maintenance')==`true`)) && Enabled==`true`
         value: true
         op: eq
-
+    comment: '0032062000'

non-compatible-policies/ecc-aws-160-rds_database_instance_events_notification_exists.yml

@@ -15,4 +15,4 @@ policies:
         key: SourceType=='db-instance' && SourceIdsList==null && ( EventCategoriesList==null || (EventCategoriesList.contains(@, 'configuration change')==`true` && EventCategoriesList.contains(@, 'failure')==`true` && EventCategoriesList.contains(@, 'maintenance')==`true`)) && Enabled==`true`
         value: true
         op: eq
-
+    comment: '0032062000'

non-compatible-policies/ecc-aws-161-rds_database_parameter_group_events_notification_exists.yml

@@ -15,4 +15,4 @@ policies:
         key: SourceType=='db-parameter-group' && SourceIdsList==null && ( EventCategoriesList==null || EventCategoriesList.contains(@, 'configuration change')==`true`) && Enabled==`true`
         value: true
         op: eq
-
+    comment: '0032062000'

non-compatible-policies/ecc-aws-162-rds_database_security_group_events_notification_exists.yml

@@ -15,4 +15,4 @@ policies:
         key: SourceType=='db-security-group' && Enabled==`true` && SourceIdsList==null && ( EventCategoriesList==null || length(EventCategoriesList[])==`2`)
         value: true
         op: eq
-
+    comment: '0032062000'

non-compatible-policies/ecc-aws-163-rds_database_instance_engine_no_default_ports.yml

@@ -14,3 +14,4 @@ policies:
         required-ports: 1433, 1521, 3306, 5432
       - type: vpc-security-group-inbound-ports
         required-ports: 1433, 1521, 3306, 5432
+    comment: '0024062000'

non-compatible-policies/ecc-aws-182-dynamodb_tables_autoscaling_enabled.yml

@@ -16,4 +16,4 @@ policies:
         value: 0
       - type: auto-scaling
         enabled: false
-
+    comment: '0005062000'

non-compatible-policies/ecc-aws-218-secrets_manager_rotation_enabled.yml

@@ -17,3 +17,4 @@ policies:
           - type: value
             key: RotationEnabled
             value: absent
+    comment: '0028092000'

non-compatible-policies/ecc-aws-219-secrets_manager_successful_rotation_check.yml

@@ -18,4 +18,4 @@ policies:
               - type: value
                 key: LastRotatedDate
                 value: present
-
+    comment: '0028092000'

non-compatible-policies/ecc-aws-220-secrets_manager_unused_secret.yml

@@ -19,3 +19,4 @@ policies:
           - type: value
             key: LastAccessedDate
             value: empty
+    comment: '0002092000'

non-compatible-policies/ecc-aws-251-appflow_encrypted_with_kms_cmk.yml

@@ -14,4 +14,4 @@ policies:
         key: KeyManager
         op: eq
         value: AWS
-
+    comment: '0045142000'

non-compatible-policies/ecc-aws-262-vpc_endpoint_manual_acceptance.yml

@@ -14,4 +14,4 @@ policies:
         key: AcceptanceRequired
         op: eq
         value: false
-
+    comment: '0024022000'

non-compatible-policies/ecc-aws-264-elasticache_no_default_ports.yml

@@ -12,4 +12,4 @@ policies:
     filters:
       - type: redis-memcache-filter
         port: ["11211", "6379"]
-
+    comment: '0024062000'

non-compatible-policies/ecc-aws-269-elasticache_not_using_default_vpc.yml

@@ -14,4 +14,4 @@ policies:
         key: IsDefault
         op: eq
         value: true
-
+    comment: '0024062000'

non-compatible-policies/ecc-aws-274-rds_aurora_cluster_logging_enabled.yml

@@ -48,4 +48,4 @@ policies:
                     parameters:
                       - key: log_output
                         value: FILE
-
+    comment: '0019062000'

non-compatible-policies/ecc-aws-278-iam_access_analyzer_findings_are_reviewed_and_resolved.yml

@@ -11,4 +11,4 @@ policies:
       IAM Access Analyzer findings are not reviewed and resolved
     filters:
       - type: analyzer-findings-filter
-
+    comment: '0016002000'

non-compatible-policies/ecc-aws-292-elastic_beanstalk_access_logs_enabled.yml

@@ -18,3 +18,4 @@ policies:
         key: LoadBalancerType
         op: eq
         value: "application"
+    comment: '0019030400'

non-compatible-policies/ecc-aws-294-elastic_beanstalk_notifications_enabled.yml

@@ -12,4 +12,4 @@ policies:
     filters:
       - not:
           - type: describe-configuration-settings-filter
-
+    comment: '0032032000'

non-compatible-policies/ecc-aws-297-elastic_beanstalk_managed_platform_updates.yml

@@ -14,3 +14,4 @@ policies:
         key: ManagedActionsEnabled
         op: eq
         value: "false"
+    comment: '0021030400'

non-compatible-policies/ecc-aws-301-sqs_dead_letter_queue_enabled.yml

@@ -11,4 +11,4 @@ policies:
     resource: sqs
     filters:
       - type: redrive-policy-sqs-filter
-
+    comment: '0023142000'