Revert "Max-Request Update"

This reverts commit b651809.

Author: DhiyaneshGeek

cloud/aws/cloudformation/stack-notification-disabled.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure that your Amazon CloudFormation stacks are using SNS topics to send notifications when important events occur.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-notification.html
-    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html
   impact: |
     Disabling CloudFormation Stack Notifications can lead to reduced visibility into stack events and errors, delaying the detection of issues and hindering effective monitoring of changes and deployments in the cloud environment.
   remediation: |
     Enable CloudFormation Stack Notifications by configuring SNS (Simple Notification Service) topics for your CloudFormation stack. This will ensure real-time alerts on stack events, including updates, errors, and resource creation, providing better monitoring and visibility.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-notification.html
+    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html
   tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config
 
 variables:

cloud/aws/cloudformation/stack-policy-not-inuse.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure your AWS CloudFormation stacks are using policies as a fail-safe mechanism in order to prevent accidental updates to stack resources.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-policy.html
-    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html
   impact: |
     Lack of a CloudFormation Stack Policy allows unrestricted modifications to stack resources, increasing the risk of unintended or harmful changes.
   remediation: |
     Implement a CloudFormation Stack Policy to restrict updates to critical resources, defining explicit rules for which resources can be modified during stack updates.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-policy.html
+    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html
   tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config
 
 variables:

cloud/aws/cloudformation/stack-termination-disabled.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure that Termination Protection safety feature is enabled for your Amazon CloudFormation stacks in order to protect them from being accidentally deleted.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/stack-termination-protection.html
-    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
   impact: |
     Disabled termination protection increases the risk of accidental deletion of critical CloudFormation stacks.
   remediation: |
     Enable termination protection for critical CloudFormation stacks by setting TerminationProtection to true in the stack settings, preventing accidental deletions.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/stack-termination-protection.html
+    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
   tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-compress-object.yaml

@@ -6,15 +6,13 @@ info:
   severity: low
   description: |
     Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are configured to automatically compress content for web requests that include "Accept-Encoding: gzip" in the request header, in order to increase the websites/web applications performance and reduce bandwidth costs.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/compress-objects-automatically.html
-    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html
   impact: |
     Disabling "Compress Objects Automatically" in CloudFront can lead to increased data transfer costs and slower page load times, negatively impacting user experience and performance.
   remediation: |
     Enable "Compress Objects Automatically" in CloudFront to reduce data transfer sizes, enhance loading speeds, and improve overall performance for end users.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/compress-objects-automatically.html
+    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-custom-certificates.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure that your Amazon CloudFront distributions are configured to use a custom SSL/TLS certificate instead of the default one.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html
-    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
   impact: |
     Failing to use custom SSL/TLS certificates in CloudFront can result in trust issues with end users, exposing your web content to man-in-the-middle attacks and potentially damaging your brand's reputation due to untrusted connection warnings.
   remediation: |
     Configure your Amazon CloudFront distribution to use custom SSL/TLS certificates to ensure secure and trusted connections for your users, enhancing data protection and maintaining brand integrity.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html
+    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-geo-restriction.yaml

@@ -6,15 +6,13 @@ info:
   severity: info
   description: |
     Ensure that geographic restriction is enabled for your Amazon CloudFront CDN distributions in order to allow or block viewers from specific locations (countries) from accessing your web content.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/geo-restriction.html
-    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
   impact: |
     Not enabling Geo Restriction in CloudFront exposes content to users from unauthorized regions, increasing the risk of content misuse, compliance violations, and potential security threats.
   remediation: |
     Enable Geo Restriction in CloudFront to control access to content based on geographic locations, ensuring only authorized users from designated regions can access specific resources.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/geo-restriction.html
+    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
-    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
   impact: |
     Insecure SSL protocols for CloudFront origins can expose sensitive data to interception and compromise, increasing the risk of man-in-the-middle attacks.
   remediation: |
     Configure your CloudFront distribution to enforce the use of secure SSL/TLS protocols (TLS 1.2 or higher) for all origins and disable support for outdated protocols like SSLv3 and TLS 1.0/1.1.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
+    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-integrated-waf.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure that all your Amazon CloudFront distributions are integrated with the Amazon Web Application Firewall (WAF) service to protect against application-layer attacks that can compromise the security of your websites/web applications or place unnecessary load on them
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html
-    - http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
   impact: |
     Lack of integration between CloudFront and a Web Application Firewall (WAF) increases vulnerability to web-based attacks, including DDoS, SQL injection, and cross-site scripting (XSS).
   remediation: |
     Integrate CloudFront with an appropriate Web Application Firewall (WAF) to filter and monitor HTTP requests, providing enhanced protection against common web threats.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html
+    - http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-logging-disabled.yaml

@@ -6,15 +6,13 @@ info:
   severity: medium
   description: |
     Ensure that access (standard) logging is enabled for your Amazon CloudFront distributions in order to track all viewer requests for the web content delivered through the Content Delivery Network (CDN).
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-logging-enabled.html
-    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
   impact: |
     Disabling CloudFront logging reduces visibility into traffic patterns, hinders incident response and forensic analysis, compromises compliance efforts, and limits troubleshooting capabilities, increasing security risks.
   remediation: |
     Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-logging-enabled.html
+    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables:

cloud/aws/cloudfront/cloudfront-origin-shield.yaml

@@ -6,15 +6,13 @@ info:
   severity: info
   description: |
     Ensure that the Origin Shield performance optimization feature is enabled for all your Amazon CloudFront distributions in order to help reduce the load on your distribution's origin, improve its availability, and reduce its operating costs.
-  reference:
-    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/enable-origin-shield.html
-    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
   impact: |
     Not enabling CloudFront Origin Shield can lead to increased load on your origin server, higher latency, and greater costs due to more frequent requests during traffic spikes.
   remediation: |
     Enable CloudFront Origin Shield for your distributions to optimize cache efficiency, reduce load on your origin server, and improve content delivery performance during high traffic periods.
-  metadata:
-    max-request: 2
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/enable-origin-shield.html
+    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
   tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 
 variables: