upd: updated comment field for all policies

non-compatible-policies/ecc-aws-005-rds_not_open_to_large_scope.yml

@@ -1,19 +1,19 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-005-rds_not_open_to_large_scope
-    description: |
-      RDS is open to a large scope
-    resource: aws.rds
-    filters:
-      - type: rds-vpc-filter
-        key: SecurityGroups[].IpPermissions[].IpRanges[].CidrIp
-        op: in
-        value:
-          - "0.0.0.0/0"
-          - "::/0"
-    comment: '0024062000'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-005-rds_not_open_to_large_scope
+    comment: '010024062000'
+    description: |
+      RDS is open to a large scope
+    resource: aws.rds
+    filters:
+      - type: rds-vpc-filter
+        key: SecurityGroups[].IpPermissions[].IpRanges[].CidrIp
+        op: in
+        value:
+          - "0.0.0.0/0"
+          - "::/0"

non-compatible-policies/ecc-aws-010-http_elb_certificate_expire_in_one_week.yml

@@ -1,22 +1,22 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-010-http_elb_certificate_expire_in_one_week
-    description: |
-      Application or Network Load balancer SSL certificate expire in less than a week
-    resource: app-elb
-    filters:
-      - not:
-          - type: value
-            key: Type
-            value: "gateway"
-            op: in
-      - type: appelb-acm-filter
-        key: 'NotAfter'
-        op: lt
-        value: 7
-    comment: '0029022000'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-010-http_elb_certificate_expire_in_one_week
+    comment: '010029022000'
+    description: |
+      Application or Network Load balancer SSL certificate expire in less than a week
+    resource: app-elb
+    filters:
+      - not:
+          - type: value
+            key: Type
+            value: "gateway"
+            op: in
+      - type: appelb-acm-filter
+        key: 'NotAfter'
+        op: lt
+        value: 7

non-compatible-policies/ecc-aws-011-http_elb_certificate_expire_in_one_month.yml

@@ -1,22 +1,22 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-011-http_elb_certificate_expire_in_one_month
-    description: |
-      Application or Network Load balancer SSL certificate expire in less than a month
-    resource: app-elb
-    filters:
-      - not:
-          - type: value
-            key: Type
-            value: "gateway"
-            op: in
-      - type: appelb-acm-filter
-        key: 'NotAfter'
-        op: lt
-        value: 30
-    comment: '0029022000'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-011-http_elb_certificate_expire_in_one_month
+    comment: '010029022000'
+    description: |
+      Application or Network Load balancer SSL certificate expire in less than a month
+    resource: app-elb
+    filters:
+      - not:
+          - type: value
+            key: Type
+            value: "gateway"
+            op: in
+      - type: appelb-acm-filter
+        key: 'NotAfter'
+        op: lt
+        value: 30

non-compatible-policies/ecc-aws-021-ebs-volume_without_recent_snapshot.yml

@@ -1,17 +1,17 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-021-ebs-volume_without_recent_snapshot
-    description: |
-      EBS Volumes without recent snapshots
-    resource: aws.ebs
-    filters:
-      - not:
-          - type: snapshot-age
-            op: le
-            days: 14
-    comment: '0049042000'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-021-ebs-volume_without_recent_snapshot
+    comment: '010049042000'
+    description: |
+      EBS Volumes without recent snapshots
+    resource: aws.ebs
+    filters:
+      - not:
+          - type: snapshot-age
+            op: le
+            days: 14

non-compatible-policies/ecc-aws-052-cloudtrail_enabled_in_all_regions.yml

@@ -1,19 +1,19 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-052-cloudtrail_enabled_in_all_regions
-    resource: aws.account
-    description: |
-      CloudTrail is not enabled in all regions
-    filters:
-      - type: cloudtrails
-        valueList: trailList[?IsMultiRegionTrail == `true`]
-        statusList: statusList[?IsLogging == `true`]
-        selectorList: selectorList[?AdvancedEventSelectors[?FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Management')==`true`]] && !(FieldSelectors[?Field=='readOnly']) && !(FieldSelectors[?Field=='eventSource'])] || EventSelectors[?IncludeManagementEvents==`true` && ReadWriteType=='All']]
-        op: eq
-        value: 0
-    comment: '0016010300'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-052-cloudtrail_enabled_in_all_regions
+    comment: '010016010301'
+    description: |
+      CloudTrail is not enabled in all regions
+    resource: aws.account
+    filters:
+      - type: cloudtrails
+        valueList: trailList[?IsMultiRegionTrail == `true`]
+        statusList: statusList[?IsLogging == `true`]
+        selectorList: selectorList[?AdvancedEventSelectors[?FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Management')==`true`]] && !(FieldSelectors[?Field=='readOnly']) && !(FieldSelectors[?Field=='eventSource'])] || EventSelectors[?IncludeManagementEvents==`true` && ReadWriteType=='All']]
+        op: eq
+        value: 0

non-compatible-policies/ecc-aws-054-iam_policies_full_administrative_privileges.yml

@@ -1,15 +1,15 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-054-iam_policies_full_administrative_privileges
-    description: |
-      IAM policies that allow full "*:*" administrative privileges are in use
-    resource: iam-policy-all
-    filters:
-      - type: used
-      - type: has-allow-all
-    comment: '0022000301'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-054-iam_policies_full_administrative_privileges
+    comment: '010022000301'
+    description: |
+      IAM policies that allow full "*:*" administrative privileges are in use
+    resource: iam-policy-all
+    filters:
+      - type: used
+      - type: has-allow-all

non-compatible-policies/ecc-aws-056-iam_user_with_password_and_unused_access_keys.yml

@@ -1,23 +1,23 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-056-iam_user_with_password_and_unused_access_keys
-    resource: aws.iam-user
-    description: |
-      Access key was created during initial IAM user setup
-    filters:
-      - type: creation-time-aws-iam-user
-        field_name_1: access_key_1_last_rotated
-        field_name_2: CreateDate
-        seconds: 4
-      - type: credential
-        key: password_enabled
-        value: true
-      - type: credential
-        key: access_keys.last_used_date
-        value: null
-    comment: '0033000301'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-056-iam_user_with_password_and_unused_access_keys
+    comment: '010033000301'
+    description: |
+      Access key was created during initial IAM user setup
+    resource: aws.iam-user
+    filters:
+      - type: creation-time-aws-iam-user
+        field_name_1: access_key_1_last_rotated
+        field_name_2: CreateDate
+        seconds: 4
+      - type: credential
+        key: password_enabled
+        value: true
+      - type: credential
+        key: access_keys.last_used_date
+        value: null

non-compatible-policies/ecc-aws-058-ensure_support_role_created_to_manage_incidents.yml

@@ -1,15 +1,15 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-058-ensure_support_role_created_to_manage_incidents
-    resource: aws.account
-    description: |
-      Support role has not been created to manage incidents with AWS Support
-    filters:
-      - type: account-iam-role-light-filter
-        value: AWSSupportAccess
-    comment: '0022000301'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-058-ensure_support_role_created_to_manage_incidents
+    comment: '010022000301'
+    description: |
+      Support role has not been created to manage incidents with AWS Support
+    resource: aws.account
+    filters:
+      - type: account-iam-role-light-filter
+        value: AWSSupportAccess

non-compatible-policies/ecc-aws-067-unauthorized_api_calls_alarm_exists.yml

@@ -1,20 +1,20 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-policies:
-  - name: ecc-aws-067-unauthorized_api_calls_alarm_exists
-    resource: aws.account
-    description: |
-      Log metric filter and alarm do not exist for unauthorized API calls
-    filters:
-      - type: cloudtrails
-        valueList: trailList[?IsMultiRegionTrail == `true`]
-        statusList: statusList[?IsLogging == `true`]
-        selectorList: selectorList[?AdvancedEventSelectors[?FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Management')==`true`]] && !(FieldSelectors[?Field=='readOnly']) && !(FieldSelectors[?Field=='eventSource'])] || EventSelectors[?IncludeManagementEvents==`true` && ReadWriteType=='All']]
-        configurationChangesAlarmList: "\\(\\(\\$\\.errorCode=\"\\*UnauthorizedOperation\"\\) ?\\|\\| ?\\(\\$\\.errorCode=\"AccessDenied\\*\"\\)\\) ?&& ?\\(\\(\\$\\.sourceIPAddress!=(\")?delivery\\.logs\\.amazonaws\\.com(\")?\\) ?&& ?\\(\\$\\.eventName!=(\")?HeadBucket(\")?\\)\\)"
-        op: eq
-        value: 0
-    comment: '0016010300'
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-067-unauthorized_api_calls_alarm_exists
+    comment: '010016010300'
+    description: |
+      Log metric filter and alarm do not exist for unauthorized API calls
+    resource: aws.account
+    filters:
+      - type: cloudtrails
+        valueList: trailList[?IsMultiRegionTrail == `true`]
+        statusList: statusList[?IsLogging == `true`]
+        selectorList: selectorList[?AdvancedEventSelectors[?FieldSelectors[?Field == 'eventCategory' && Equals[?contains(@, 'Management')==`true`]] && !(FieldSelectors[?Field=='readOnly']) && !(FieldSelectors[?Field=='eventSource'])] || EventSelectors[?IncludeManagementEvents==`true` && ReadWriteType=='All']]
+        configurationChangesAlarmList: "\\(\\(\\$\\.errorCode=\"\\*UnauthorizedOperation\"\\) ?\\|\\| ?\\(\\$\\.errorCode=\"AccessDenied\\*\"\\)\\) ?&& ?\\(\\(\\$\\.sourceIPAddress!=(\")?delivery\\.logs\\.amazonaws\\.com(\")?\\) ?&& ?\\(\\$\\.eventName!=(\")?HeadBucket(\")?\\)\\)"
+        op: eq
+        value: 0