Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(aws_audit_manager_control_tower_guardrails): add checks to reqs #6699

Merged
merged 1 commit into from
Feb 3, 2025
Merged

chore(aws_audit_manager_control_tower_guardrails): add checks to reqs #6699

merged 1 commit into from
Feb 3, 2025

Conversation

pedrooot
Copy link
Member

Description

This pull request includes updates to the prowler/compliance/aws/aws_audit_manager_control_tower_guardrails_aws.json file to enhance the compliance checks for various AWS services. The most important changes include adding new checks for EBS volumes, IAM users, RDS instances, and S3 buckets.

Enhancements to compliance checks:

  • Added a check for EBS volume snapshots in the ebs service.
  • Added a check for EBS volume encryption in addition to the default encryption check.
  • Added checks for IAM user hardware MFA and root MFA in addition to the existing console access MFA check. [1] [2] [3]
  • Added checks for S3 bucket public access and account-level public access blocks.
  • Added a check for RDS instance transport encryption in addition to storage encryption.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@pedrooot pedrooot requested review from a team as code owners January 27, 2025 15:31
@codecov Codecov
Copy link

codecov bot commented Jan 27, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.74%. Comparing base (ccdb54d) to head (1dabd6c).
Report is 38 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6699      +/-   ##
==========================================
- Coverage   88.76%   88.74%   -0.03%     
==========================================
  Files        1195     1195              
  Lines       34471    34471              
==========================================
- Hits        30597    30590       -7     
- Misses       3874     3881       +7
Flag Coverage Δ
prowler 88.74% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 88.74% <ø> (-0.03%) ⬇️
api ∅ <ø> (∅)

@MrCloudSec MrCloudSec added backport-to-v4.6 Backport PR to the v4.6 branch backport-to-v5.2 Backport PR to the v5.2 branch labels Feb 3, 2025
@MrCloudSec MrCloudSec changed the title feat(aws_audit_manager_control_tower_guardrails): add checks to reqs chore(aws_audit_manager_control_tower_guardrails): add checks to reqs Feb 3, 2025
@MrCloudSec MrCloudSec merged commit 5f54377 into master Feb 3, 2025
12 of 13 checks passed
@MrCloudSec MrCloudSec deleted the PRWLR-5925-review-compliance-aws-audit-manager-control-tower-guardrails branch February 3, 2025 19:59
@prowler-bot prowler-bot mentioned this pull request Feb 3, 2025
Merged
@prowler-bot prowler-bot added the was-backported The PR was successfully backported to the target branch label Feb 3, 2025
@prowler-bot prowler-bot mentioned this pull request Feb 3, 2025
Merged
@prowler-bot
Copy link
Collaborator

💚 All backports created successfully

Status Branch Result
v4.6
v5.2

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCloudSec MrCloudSec MrCloudSec approved these changes

Assignees
No one assigned
Labels
backport-to-v4.6 Backport PR to the v4.6 branch backport-to-v5.2 Backport PR to the v5.2 branch was-backported The PR was successfully backported to the target branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pedrooot @prowler-bot @MrCloudSec