ramimac · May 29, 2020 21:27
diff --git a/main.tf b/main.tf
 "acm"
  certificate_transparency_disabled

 "cloudformation" 
  stack_with_role
  stack_with_secret_output

 "cloudtrail"
  no_data_logging 
  no_global_services_logging
  no_log_file_validation
  no_logging
  duplicated_global_services_logging
  not_configured

 "cloudwatch" 
  alarm_without_actions

 "config"
  config_recorder_not_configured

 "ebs"
  ebs_default_encryption_disabled
  ebs_volume_unencrypted
  ebs_snapshot_unencrypted

 "ec2"
   disallowed_instance_type 
   instance_with_public_ip 
   instance_with_user_data_secrets
   security_group_opens_all_ports_to_all 
   security_group_opens_all_ports_to_self 
   security_group_opens_icmp_to_all
   security_group_opens_known_port_to_all 
   security_group_opens_plaintext_port 
   security_group_opens_port_range 
   security_group_opens_port_to_all 
   security_group_whitelists_aws_ip_from_banned_region 
   security_group_whitelists_aws 
   ec2_security_group_whitelists_unknown_cidrs 
   ec2_unused_security_group 
   ec2_unneeded_security_group
   ec2_unexpected_security_group
   ec2_overlapping_security_group

 "ecr"
  ecr_scanning_disabled
  ecr_repo_public

 "eks"
  out_of_date
  no_logs
  publicly_accessible
  globally_accessible

 "elasticsearch"
  elasticsearch_logging_disabled
  elasticsearch_open_access

 "elb" 
  no_access_logs

 "elbv2"
  no_access_logs 
  no_deletion_protection 
  older_ssl_policy

 "glacier"
  glacier_public

 "iam" 
  password_policy_minimum_length
  password_policy_no_lowercase_required
  password_policy_no_numbers_required 
  password_policy_no_uppercase_required
  password_policy_no_symbol_required
  password_policy_reuse_enabled 
  password_policy_expiration_threshold 
  managed_allows_passrole
  inline_role_policy 
  inline_group_policy
  inline_user_policy
  assume_role_policy_allows_all 
  assume_role_no_mfa
  admin_iam_policy 
  admin_not_indicated_policy

 "kms"
  key_rotation_disabled
  kms_key_exposed 

 "lightsail" {
  lightsail_in_use

 "rds"
  no_minor_upgrade 
  backup_disabled 
  storage_not_encrypted 
  single_az 
  rds_publicly_accessible

 "redshift"
  parameter_group_ssl_not_required
  parameter_group_logging_disabled 
  cluster_publicly_accessible 
  cluster_no_version_upgrade 
  cluster_database_not_encrypted 

 "s3"
  allow_cleartext 
  no_default_encryption
  no_logging 
  no_versioning 
  website_enabled
  s3_getobject_only 
  s3_public

 "ses"
  no_dkim_enabled
  identity_world_policy

 "sns" 
  topic_world_policy

 "sqs" 
  queue_world_policy 
  sqs_server_side_encryption_disabled
	"acm"
	certificate_transparency_disabled

	"cloudformation"
	stack_with_role
	stack_with_secret_output

	"cloudtrail"
	no_data_logging
	no_global_services_logging
	no_log_file_validation
	no_logging
	duplicated_global_services_logging
	not_configured

	"cloudwatch"
	alarm_without_actions

	"config"
	config_recorder_not_configured

	"ebs"
	ebs_default_encryption_disabled
	ebs_volume_unencrypted
	ebs_snapshot_unencrypted

	"ec2"
	disallowed_instance_type
	instance_with_public_ip
	instance_with_user_data_secrets
	security_group_opens_all_ports_to_all
	security_group_opens_all_ports_to_self
	security_group_opens_icmp_to_all
	security_group_opens_known_port_to_all
	security_group_opens_plaintext_port
	security_group_opens_port_range
	security_group_opens_port_to_all
	security_group_whitelists_aws_ip_from_banned_region
	security_group_whitelists_aws
	ec2_security_group_whitelists_unknown_cidrs
	ec2_unused_security_group
	ec2_unneeded_security_group
	ec2_unexpected_security_group
	ec2_overlapping_security_group

	"ecr"
	ecr_scanning_disabled
	ecr_repo_public

	"eks"
	out_of_date
	no_logs
	publicly_accessible
	globally_accessible

	"elasticsearch"
	elasticsearch_logging_disabled
	elasticsearch_open_access

	"elb"
	no_access_logs

	"elbv2"
	no_access_logs
	no_deletion_protection
	older_ssl_policy

	"glacier"
	glacier_public

	"iam"
	password_policy_minimum_length
	password_policy_no_lowercase_required
	password_policy_no_numbers_required
	password_policy_no_uppercase_required
	password_policy_no_symbol_required
	password_policy_reuse_enabled
	password_policy_expiration_threshold
	managed_allows_passrole
	inline_role_policy
	inline_group_policy
	inline_user_policy
	assume_role_policy_allows_all
	assume_role_no_mfa
	admin_iam_policy
	admin_not_indicated_policy

	"kms"
	key_rotation_disabled
	kms_key_exposed

	"lightsail" {
	lightsail_in_use

	"rds"
	no_minor_upgrade
	backup_disabled
	storage_not_encrypted
	single_az
	rds_publicly_accessible

	"redshift"
	parameter_group_ssl_not_required
	parameter_group_logging_disabled
	cluster_publicly_accessible
	cluster_no_version_upgrade
	cluster_database_not_encrypted

	"s3"
	allow_cleartext
	no_default_encryption
	no_logging
	no_versioning
	website_enabled
	s3_getobject_only
	s3_public

	"ses"
	no_dkim_enabled
	identity_world_policy

	"sns"
	topic_world_policy

	"sqs"
	queue_world_policy
	sqs_server_side_encryption_disabled