From 53c6fe00ef7664a36a89a646bab6d388a0814e5d Mon Sep 17 00:00:00 2001
From: Astr1k <astr1kyv@gmail.com>
Date: Tue, 27 Jun 2023 13:30:56 +0000
Subject: [PATCH] Added new rules

---
 ...or_all_iam_users_with_console_password.yml |  0
 ..._access_keys_are_rotated_every_90_days.yml |  0
 ...vpc_flow_logging_enabled_for_every_vpc.yml |  0
 ...80-bucket_policy_allows_https_requests.yml | 36 ++++++++++++
 ...ds_retention_backup_is_at_least_7_days.yml |  0
 ...ecc-aws-083-rds_high-availability_zone.yml |  0
 ...r_tls_certificates_expire_in_one_month.yml |  0
 ...or_tls_certificates_expire_in_one_week.yml |  0
 ...ure_ciphers_in_cloudfront_distribution.yml |  0
 ...cc-aws-092-remove_weak_ciphers_for_clb.yml |  0
 policies/ecc-aws-093-clb_uses_https.yml       |  0
 ...re_mfa_is_enabled_for_the_root_account.yml |  0
 ...rdware_mfa_is_enabled_for_root_account.yml |  0
 ...aws-096-credentials_unused_for_45_days.yml |  0
 ...eceive_permissions_only_through_groups.yml |  0
 ...098-iam_password_policy_password_reuse.yml |  0
 .../ecc-aws-099-instance_without_any_tag.yml  |  0
 ...cc-aws-101-clb_access_logging_disabled.yml |  0
 ...-102-ensures_sqs_encryption_is_enabled.yml |  0
 ...nstance_without_termination_protection.yml |  0
 ...c-aws-105-rds_instance_with_no_backups.yml |  0
 ...ws-109-prevent_0-65535_ingress_and_all.yml |  0
 ...s_is_restricted_traffic_to_dns_port_53.yml |  0
 ...s_is_restricted_traffic_to_ftp_port_21.yml |  0
 ..._is_restricted_traffic_to_http_port_80.yml |  0
 ...icted_traffic_to_microsoft_ds_port_445.yml |  0
 ...stricted_traffic_to_mongodb_port_27017.yml |  0
 ...stricted_traffic_to_mysql_db_port_3306.yml |  0
 ...ricted_traffic_to_netbios_ssn_port_139.yml |  0
 ...tricted_traffic_to_oracle_db_port_1521.yml |  0
 ...is_restricted_traffic_to_pop3_port_110.yml |  0
 ...ricted_traffic_to_postgresql_port_5432.yml |  0
 ..._is_restricted_traffic_to_smtp_port_25.yml |  0
 ...s_restricted_traffic_to_telnet_port_23.yml |  0
 ...ecc-aws-124-eks_cluster_version_latest.yml |  0
 ...cc-aws-140-rds_without_tag_information.yml |  0
 .../ecc-aws-141-s3_encrypted_using_kms.yml    | 16 ++++++
 policies/ecc-aws-162-s3_bucket_lifecycle.yml  | 16 ++++++
 .../ecc-aws-163-s3_buckets_without_tags.yml   | 17 ++++++
 ...m_password_policy_one_uppercase_letter.yml |  0
 ...sure_no_root_account_access_key_exists.yml |  0
 ...m_password_policy_one_lowercase_letter.yml |  0
 ...aws-171-iam_password_policy_one_symbol.yml |  0
 ...aws-172-iam_password_policy_one_number.yml |  0
 ...-aws-173-iam_password_min_length_ge_14.yml |  0
 ...m_password_policy_passwd_expires_le_90.yml |  0
 ...-176-cloudtrail_log_validation_enabled.yml |  0
 ...-cloudtrail_integrated_with_cloudwatch.yml |  0
 ...used_for_resource_access_from_instance.yml |  0
 ...ecc-aws-183-config_enabled_all_regions.yml |  0
 ...oudtrail_logs_encrypted_using_KMS_CMKs.yml |  0
 ...cc-aws-185-kms_key_rotation_is_enabled.yml |  0
 ...ecurity_group_ingress_is_restricted_22.yml |  0
 ...urity_group_ingress_is_restricted_3389.yml |  0
 ..._group_every_vpc_restricts_all_traffic.yml |  0
 ...d_connection_between_cloudfront_origin.yml |  0
 ...-eks_cluster_protected_endpoint_access.yml |  0
 ...ecc-aws-196-unused_ec2_security_groups.yml |  0
 ...odebuild_project_source_repo_url_check.yml |  0
 ...ws-198-autoscaling_group_health_checks.yml |  0
 ...c-aws-199-unused_eip_should_be_removed.yml |  0
 ...0-elasticsearch_service_domains_in_vpc.yml |  0
 ...rch_service_domains_encryption_at_rest.yml |  0
 ...-ebs_snapshots_not_publicly_restorable.yml |  0
 ...cc-aws-210-cloud_front_waf_integration.yml |  0
 policies/ecc-aws-212-lambda_in_vpc.yml        |  0
 ...edshift_cluster_prohibit_public_access.yml |  0
 ...ucket_cross_region_replication_enabled.yml | 16 ++++++
 ...ent_variables_contain_text_credentials.yml |  0
 ...19-rds_snapshot_prohibit_public_access.yml |  0
 ...s-221-ec2_managed_ssm_patch_compliance.yml |  0
 policies/ecc-aws-222-ami_public_access.yml    |  0
 ...c-aws-223-ensure_that_sagemaker_in_vpc.yml |  0
 ...subnets_automatic_public_ip_assignment.yml |  0
 ...r_does_not_have_direct_internet_access.yml |  0
 ...tributions_use_custom_ssl_certificates.yml |  0
 ...ributions_with_geo_restriction_enabled.yml |  0
 ...m_has_certificates_single_domain_names.yml |  0
 ...aws-241-acm_has_no_unused_certificates.yml |  0
 ...cloudfront_distribution_access_logging.yml |  0
 ...iled_certificates_are_removed_from_acm.yml |  0
 ...s-245-alb_is_protected_by_waf_regional.yml |  0
 ...3_bucket_versioning_mfa_delete_enabled.yml | 20 +++++++
 ...olicies_instead_of_inline_iam_policies.yml |  0
 ...inbound_rule_permissive_to_all_traffic.yml |  0
 ...ired_certificates_are_removed_from_acm.yml |  0
 ...250-rest_api_gateway_is_set_to_private.yml |  0
 ...-api_key_is_required_on_method_request.yml |  0
 ...ams_encrypted_kms_customer_master_keys.yml |  0
 ...54-kinesis_server_data_at_rest_has_sse.yml |  0
 .../ecc-aws-255-restrict_outbound_traffic.yml |  0
 ...ynamodb_is_encrypted_using_managed_cmk.yml |  0
 policies/ecc-aws-257-efs_is_encrypted.yml     |  0
 ...258-efs_is_encrypted_using_managed_cmk.yml |  0
 ...ache_redis_clusters_encryption_at_rest.yml |  0
 ...s-260-redshift_instances_are_encrypted.yml |  0
 ...s-261-rds_cluster_storage_is_encrypted.yml |  0
 ...c-aws-262-expired_route53_domain_names.yml |  0
 .../ecc-aws-263-enable_elb_access_logs.yml    |  0
 ...curity_policy_of_network_load_balancer.yml |  0
 ...c-aws-267-guardduty_service_is_enabled.yml |  0
 ...ser_for_administrative_and_daily_tasks.yml |  0
 ...aws-276-iam_access_analyzer_is_enabled.yml |  0
 ..._key_available_for_any_single_iam_user.yml |  0
 ...ificates_stored_in_aws_iam_are_removed.yml |  0
 ...ts_configured_with_block_public_access.yml | 14 +++++
 ...ecc-aws-289-ebs_volume_without_encrypt.yml |  0
 .../ecc-aws-290-logging_for_s3_enabled.yml    | 15 +++++
 ...ecc-aws-291-rds_public_access_disabled.yml |  0
 ...pi_gateway_rest_api_encryption_at_rest.yml |  0
 ...gress_is_restricted_traffic_to_port_20.yml |  0
 ...ws-294-clb_connection_draining_enabled.yml |  0
 ...icsearch_domains_audit_logging_enabled.yml |  0
 ..._at_least_three_dedicated_master_nodes.yml |  0
 ...in_connections_encrypted_using_TLS_1_2.yml |  0
 ...s_configured_to_copy_tags_to_snapshots.yml |  0
 ...s_configured_to_copy_tags_to_snapshots.yml |  0
 ...edshift_clusters_audit_logging_enabled.yml |  0
 ...p_addresses_not_assigned_automatically.yml |  0
 ...ress_is_restricted_traffic_to_port_135.yml |  0
 ...ress_is_restricted_traffic_to_port_143.yml |  0
 ...s_is_restricted_traffic_to_mssql_ports.yml |  0
 ...ess_is_restricted_traffic_to_port_4333.yml |  0
 ...ess_is_restricted_traffic_to_port_5500.yml |  0
 ...ess_is_restricted_traffic_to_port_5601.yml |  0
 ...ess_is_restricted_traffic_to_port_8080.yml |  0
 ...traffic_to_elasticsearch_service_ports.yml |  0
 ...tabase_cluster_engine_no_default_ports.yml |  0
 ...319-rds_instances_storage_is_encrypted.yml |  0
 ...320-rds_snapshots_storage_is_encrypted.yml |  0
 ...api_stages_ssl_certificates_configured.yml |  0
 ...ecc-aws-323-rest_api_aws_x_ray_enabled.yml |  0
 ...udfront_default_root_object_configured.yml |  0
 ...-cloudfront_origin_failover_configured.yml |  0
 ...ecc-aws-327-dms_replication_not_public.yml |  0
 ...c-aws-329-dynamodb_tables_pitr_enabled.yml |  0
 ...ws-330-dynamodb_dax_encryption_enabled.yml |  0
 policies/ecc-aws-331-ec2_stopped_instance.yml |  0
 .../ecc-aws-332-ec2_instance_no_public_ip.yml |  0
 ...-aws-333-ec2_service_use_vpc_endpoints.yml |  0
 .../ecc-aws-334-vpc_unused_network_acl.yml    |  0
 ...2_instance_should_not_use_multiple_eni.yml |  0
 ..._networking_modes_and_user_definitions.yml |  0
 policies/ecc-aws-337-efs_in_backup_plan.yml   |  0
 ...talk_enhanced_health_reporting_enabled.yml |  0
 ...c-aws-339-alb_drop_invalid_http_header.yml |  0
 ...ws-341-elb_deletion_protection_enabled.yml |  0
 ...-alb_http_to_https_redirection_enabled.yml |  0
 ...-aws-343-emr_master_nodes_no_public_ip.yml |  0
 ...search_node_to_node_encryption_enabled.yml |  0
 ...ch_error_logging_to_cloudwatch_enabled.yml |  0
 ...s_instance_enhanced_monitoring_enabled.yml |  0
 ...ds_cluster_deletion_protection_enabled.yml |  0
 ...s_instance_deletion_protection_enabled.yml |  0
 ...ecc-aws-349-rds_oracle_logging_enabled.yml |  0
 ...aws-350-rds_postgresql_logging_enabled.yml |  0
 .../ecc-aws-351-rds_mysql_logging_enabled.yml |  0
 ...cc-aws-352-rds_mariadb_logging_enabled.yml | 56 +++++++++++++++++++
 ...aws-353-rds_sql_server_logging_enabled.yml |  0
 ...ecc-aws-354-rds_aurora_logging_enabled.yml |  0
 ...s-355-rds_aurora_mysql_logging_enabled.yml |  0
 ...-rds_aurora_postgresql_logging_enabled.yml |  0
 ...instance_iam_authentication_configured.yml |  0
 ..._cluster_iam_authentication_configured.yml |  0
 ...-rds_aurora_mysql_backtracking_enabled.yml |  0
 ...c-aws-360-rds_cluster_multi_az_enabled.yml |  0
 ...-redshift_cluster_encrypted_in_transit.yml |  0
 ...ift_cluster_automatic_snapshot_enabled.yml |  0
 ...matic_upgrade_to_major_version_enabled.yml |  0
 ...t_cluster_enhanced_vpc_routing_enabled.yml |  0
 ...ecc-aws-368-sns_kms_encryption_enabled.yml |  0
 ...c2_instance_managed_by_systems_manager.yml |  0
 ...ce_association_compliance_status_check.yml |  0
 ...cc-aws-372-ec2_instance_imdsv2_enabled.yml |  0
 ...-373-eks_control_plane_logging_enabled.yml |  0
 ...ters_security_group_traffic_restricted.yml |  0
 .../ecc-aws-375-eks_secrets_encrypted.yml     |  0
 .../ecc-aws-376-ecr_immutable_image_tags.yml  |  0
 ...-ecr_repository_kms_encryption_enabled.yml |  0
 ...378-ecr_image_scanning_on_push_enabled.yml |  0
 ...gresql_log_rotation_age_flag_set_to_60.yml |  0
 ...l_log_rotation_size_flag_set_correctly.yml |  0
 ...gresql_debug_print_parse_flag_disabled.yml |  0
 ...ql_debug_print_rewritten_flag_disabled.yml |  0
 ...tgresql_debug_print_plan_flag_disabled.yml |  0
 ...gresql_debug_pretty_print_flag_enabled.yml |  0
 ...ostgresql_log_connections_flag_enabled.yml |  0
 ...gresql_log_disconnections_flag_enabled.yml |  0
 ...log_error_verbosity_flag_set_correctly.yml |  0
 ...-postgresql_log_hostname_flag_disabled.yml |  0
 ...resql_log_statement_flag_set_correctly.yml |  0
 ...sql_log_destination_flag_set_to_csvlog.yml |  0
 ...ostgresql_log_checkpoints_flag_enabled.yml |  0
 ...postgresql_log_lock_waits_flag_enabled.yml |  0
 ...3-postgresql_log_duration_flag_enabled.yml |  0
 ...fault_route_table_association_disabled.yml |  0
 ...fault_route_table_propagation_disabled.yml |  0
 ...6-rest_api_gateway_is_protected_by_waf.yml |  0
 ...t_api_gateway_contend_encoding_enabled.yml |  0
 ...aws-398-rest_api_gateway_cache_enabled.yml |  0
 ...00-glue_data_catalog_encrypted_at_rest.yml |  0
 ...ncrypted_with_kms_customer_master_keys.yml |  0
 ...c-aws-402-glue_job_bookmarks_encrypted.yml |  0
 ...aws-403-glue_cloudwatch_logs_encrypted.yml |  0
 ...ecc-aws-404-glue_s3_encryption_enabled.yml |  0
 ...05-emr_kerberos_authentication_enabled.yml |  0
 policies/ecc-aws-407-emr_clusters_in_vpc.yml  |  0
 .../ecc-aws-408-emr_logging_to_s3_enabled.yml |  0
 ...cc-aws-409-vpc_unused_internet_gateway.yml |  0
 ...ws-411-unused_virtual_private_gateways.yml |  0
 ...previous_generation_instances_not_used.yml |  0
 ...-aws-414-elasticache_automatic_backups.yml |  0
 ...s-415-elasticache_encrypted_in_transit.yml |  0
 ...lasticache_encrypted_at_rest_using_cmk.yml |  0
 ...418-elasticache_redis_multi_az_enabled.yml |  0
 ...aws-419-elasticache_redis_auth_enabled.yml |  0
 ...ecc-aws-420-elasticache_latest_version.yml |  0
 ...ecc-aws-421-documentdb_logging_enabled.yml | 35 ++++++++++++
 ...s_aurora_mysql_cluster_logging_enabled.yml | 48 ++++++++++++++++
 ...ora_postgresql_cluster_logging_enabled.yml | 33 +++++++++++
 ...ws-425-elasticsearch_slow_logs_enabled.yml |  0
 ...cache_auth_token_rotated_every_90_days.yml |  0
 ...9-elasticsearch_encrypted_with_kms_cmk.yml |  0
 ...-430-autoscaling_group_cooldown_period.yml |  0
 ...c-aws-431-elasticsearch_enforces_https.yml |  0
 ...c-aws-432-elasticsearch_latest_version.yml |  0
 ...3-autoscaling_group_has_associated_elb.yml |  0
 ...cc-aws-434-xray-encrypted_with_kms_cmk.yml |  0
 ...cc-aws-435-workspaces_unused_instances.yml |  0
 ...436-autoscaling_group_utilize_multi_az.yml |  0
 ...s-437-workspaces_instances_are_healthy.yml |  0
 ...oscaling_group_has_valid_configuration.yml |  0
 ...c-aws-439-workspaces_storage_encrypted.yml |  0
 ...up_service_compliant_lifecycle_enabled.yml |  0
 ...ncrypted_with_kms_customer_master_keys.yml |  0
 ...sl_protocols_between_cloudfront_origin.yml |  0
 ...s_mysql_instances_latest_major_version.yml |  0
 ...ecc-aws-447-sqs_encrypted_with_kms_cmk.yml |  0
 ...ont_distribution_fieldlevel_encryption.yml |  0
 .../ecc-aws-449-sqs_not_open_to_everyone.yml  |  0
 ...esql_log_parser_stats_flag_is_disabled.yml |  0
 ...-452-cloudtrail_logs_management_events.yml |  0
 ...s-453-event_bus_is_exposed_to_everyone.yml |  0
 ...gresql_log_planner_stats_flag_disabled.yml |  0
 ...resql_log_executor_stats_flag_disabled.yml |  0
 ...min_error_statement_flag_set_correctly.yml |  0
 ..._not_allow_actions_from_all_principals.yml |  0
 .../ecc-aws-459-config_delivery_failed.yml    |  0
 policies/ecc-aws-461-dms_latest_version.yml   |  0
 ...maker_instances_encrypted_with_kms_cmk.yml |  0
 ...aws-469-dms_auto_minor_version_upgrade.yml |  0
 ...ation_instances_encrypted_with_kms_cmk.yml |  0
 ...acle_audit_sys_operations_flag_enabled.yml |  0
 ...-oracle_audit_trail_flag_set_correctly.yml |  0
 ...s-473-oracle_global_names_flag_enabled.yml |  0
 ...-474-oracle_remote_listener_flag_empty.yml |  0
 ...ailed_login_attempts_flag_is_3_or_less.yml |  0
 ...rror_further_action_flag_set_to_drop_3.yml |  0
 ...col_error_trace_action_flag_set_to_log.yml |  0
 ...rn_server_release_banner_flag_disabled.yml |  0
 ...479-oracle_sql92_security_flag_enabled.yml |  0
 .../ecc-aws-480-oracle_trace_files_public.yml |  0
 ...481-oracle_resource_limit_flag_enabled.yml |  0
 policies/ecc-aws-482-dms_multi_az_enabled.yml |  0
 ...-487-ebs_volume_encrypted_with_kms_cmk.yml |  0
 .../ecc-aws-488-ebs_snapshot_encrypted.yml    |  0
 policies/ecc-aws-489-unused_ebs_volumes.yml   |  0
 .../ecc-aws-490-unused_ec2_access_keys.yml    |  0
 ...l_mode_flag_contains_strict_all_tables.yml |  0
 ...rkspaces_images_not_older_than_90_days.yml |  0
 ...aws-494-workspaces_web_access_disabled.yml |  0
 ...of_file_systems_encrypted_with_kms_cmk.yml |  0
 ...e_delivery_streams_encrypted_using_SSE.yml |  0
 ...-aws-497-lambda_active_tracing_enabled.yml |  0
 ...maker_endpoint_configuration_encrypted.yml |  0
 ...ambda_variables_encrypted_with_kms_cmk.yml |  0
 ...s-501-sagemaker_instance_root_disabled.yml |  0
 ...ker_auto_minor_version_upgrade_enabled.yml |  0
 .../ecc-aws-503-mq_broker_logging_enabled.yml |  0
 ...04-sagemaker_network_isolation_enabled.yml |  0
 ...ute53_domain_automatic_renewal_enabled.yml |  0
 ...-506-mq_broker_not_publicly_accessible.yml |  0
 ...-507-route53_domain_expires_in_30_days.yml |  0
 ...-mq_broker_open_to_all_ports_protocols.yml |  0
 ...d_zone_records_health_check_configured.yml |  0
 ...ws-511-msk_data_encrypted_with_kms_cmk.yml |  0
 ...-512-msk_encryption_in_transit_enabled.yml |  0
 ...-aws-513-route53_query_logging_enabled.yml |  0
 policies/ecc-aws-514-msk_logging_enabled.yml  |  0
 ...ecc-aws-515-rds_encrypted_with_kms_cmk.yml |  0
 ...ecc-aws-516-sns_encrypted_with_kms_cmk.yml |  0
 ...redshift_user_activity_logging_enabled.yml |  0
 ...ws-519-redshift_not_using_default_port.yml |  0
 ...ws-520-redshift_encrypted_with_kms_cmk.yml |  0
 ...1-redshift_parameter_group_require_ssl.yml |  0
 ...-aws-522-route53_transfer_lock_enabled.yml |  0
 ...est_api_gateway_access_logging_enabled.yml |  0
 ...25-ecs_exec_logging_encryption_enabled.yml |  0
 ...26-rest_api_gateway_logs_set_correctly.yml |  0
 ...cc-aws-527-mwaa_encrypted_with_kms_cmk.yml |  0
 ...aling_launch_config_public_ip_disabled.yml |  0
 ...32-glue_connection_passwords_encrypted.yml |  0
 ...ecc-aws-537-fsx_lustre_logging_enabled.yml |  0
 ...8-ds_directory_not_open_to_large_scope.yml |  0
 ...etention_period_set_at_least_to_7_days.yml |  0
 ...42-workspaces_maintenance_mode_enabled.yml |  0
 ...cc-aws-547-cloudtrail_logs_data_events.yml |  0
 ...-workspaces_storage_encrypted_with_cmk.yml |  0
 ...cc-aws-550-ami_without_tag_information.yml |  0
 ...cc-aws-551-ebs_without_tag_information.yml |  0
 ...2-ebs_snapshot_without_tag_information.yml |  0
 ...cc-aws-553-eip_without_tag_information.yml |  0
 ...cc-aws-555-eni_without_tag_information.yml |  0
 ...ternet_gateway_without_tag_information.yml |  0
 ...57-nat_gateway_without_tag_information.yml |  0
 ...58-network_acl_without_tag_information.yml |  0
 ...59-route_table_without_tag_information.yml |  0
 ...security_group_without_tag_information.yml |  0
 ...aws-561-subnet_without_tag_information.yml |  0
 ...ransit_gateway_without_tag_information.yml |  0
 ...way_attachment_without_tag_information.yml |  0
 ...ing_connection_without_tag_information.yml |  0
 ...cc-aws-565-vpc_without_tag_information.yml |  0
 ...6-vpc_endpoint_without_tag_information.yml |  0
 ...cc-aws-567-acm_without_tag_information.yml |  0
 ...s-568-app_flow_without_tag_information.yml |  0
 ..._scaling_group_without_tag_information.yml |  0
 ...rmation_stacks_without_tag_information.yml |  0
 ..._distributions_without_tag_information.yml |  0
 ...578-cloudtrail_without_tag_information.yml |  0
 ...-580-codebuild_without_tag_information.yml |  0
 ...2-dax_clusters_without_tag_information.yml |  0
 ...cc-aws-583-dlm_without_tag_information.yml |  0
 ...cc-aws-584-dms_without_tag_information.yml |  0
 ...cc-aws-585-ecs_without_tag_information.yml |  0
 ...cc-aws-586-eks_without_tag_information.yml |  0
 ...cc-aws-587-efs_without_tag_information.yml |  0
 ...cache_clusters_without_tag_information.yml |  0
 ...-590-beanstalk_without_tag_information.yml |  0
 ...cc-aws-591-elb_without_tag_information.yml |  0
 ...cc-aws-592-emr_without_tag_information.yml |  0
 ...-elasticsearch_without_tag_information.yml |  0
 ...cc-aws-596-fsx_without_tag_information.yml |  0
 ...597-fsx_backup_without_tag_information.yml |  0
 ...ws-599-glacier_without_tag_information.yml |  0
 ...s-600-glue_job_without_tag_information.yml |  0
 ...s-608-iam_user_without_tag_information.yml |  0
 ...s-609-iam_role_without_tag_information.yml |  0
 ...1-msk_clusters_without_tag_information.yml |  0
 ...is_data_stream_without_tag_information.yml |  0
 ...s_video_stream_without_tag_information.yml | 16 ++++++
 ...ws-615-kms_key_without_tag_information.yml |  0
 ...mbda_functions_without_tag_information.yml |  0
 ...tsail_instance_without_tag_information.yml |  0
 ...tch_log_groups_without_tag_information.yml |  0
 ...619-mq_brokers_without_tag_information.yml |  0
 ...c-aws-620-mwaa_without_tag_information.yml |  0
 ...4-qldb_ledgers_without_tag_information.yml |  0
 ...25-rds_cluster_without_tag_information.yml |  0
 ...6-rds_snapshot_without_tag_information.yml |  0
 ...shift_clusters_without_tag_information.yml |  0
 ...aker_instances_without_tag_information.yml |  0
 ...cc-aws-632-sns_without_tag_information.yml |  0
 ...cc-aws-633-sqs_without_tag_information.yml |  0
 ...s-638-mq_broker_active_deployment_mode.yml |  0
 .../ecc-aws-639-mq_broker_latest_version.yml  |  0
 ...s-640-mq_broker_encrypted_with_kms_cmk.yml |  0
 ...streams_shard_level_monitoring_enabled.yml |  0
 ...s-643-qldb_permission_mode_is_standard.yml |  0
 ...s-644-qldb_deletion_protection_enabled.yml |  0
 .../ecc-aws-646-appsync_logging_enabled.yml   | 16 ++++++
 ...ws-649-appsync_cache_encrypted_at_rest.yml | 16 ++++++
 ...650-appsync_cache_encrypted_in_transit.yml | 16 ++++++
 .../ecc-aws-651-appsync_protected_by_waf.yml  | 15 +++++
 ...mwaa_dag_processing_logs_set_correctly.yml |  0
 ...-653-mwaa_scheduler_logs_set_correctly.yml |  0
 ...c-aws-654-mwaa_task_logs_set_correctly.yml |  0
 ...-655-mwaa_webserver_logs_set_correctly.yml |  0
 ...aws-656-mwaa_worker_logs_set_correctly.yml |  0
 ...t_availability_zone_relocation_enabled.yml |  0
 ...aws-664-elasticache_redis_logs_enabled.yml |  0
 ...-665-elasticache_notifications_enabled.yml |  0
 ...669-emr_termination_protection_enabled.yml |  0
 policies/ecc-aws-670-emr_imdsv1_disabled.yml  | 18 ++++++
 ...s-672-glue_spark_ui_monitoring_enabled.yml |  0
 ..._functions_enhanced_monitoring_enabled.yml |  0
 ...ronment_variables_encrypted_in_transit.yml |  0
 ...bda_latest_runtime_environment_version.yml |  0
 ...ecc-aws-681-lambda_concurrency_enabled.yml |  0
 .../ecc-aws-689-bucket_not_dns_compliant.yml  | 18 ++++++
 .../ecc-aws-690-ecs_exec_logging_enabled.yml  |  0
 ...691-fsx_daily_automatic_backup_enabled.yml |  0
 ...-692-fsx_netapp_ontap_multi_az_enabled.yml |  0
 ...x_windows_file_server_multi_az_enabled.yml |  0
 .../ecc-aws-696-alb_desync_mode_check.yml     |  0
 ...ecc-aws-697-api_gw_endpoint_type_check.yml |  0
 ...ng_groups_capacity_rebalancing_enabled.yml |  0
 ...toscaling_launchconfig_requires_imdsv2.yml |  0
 .../ecc-aws-707-clb_desync_mode_check.yml     |  0
 policies/ecc-aws-708-clb-multiple_az.yml      |  0
 ...-clb_cross_zone_load_balancing_enabled.yml |  0
 ...dformation_stack_drift_detection_check.yml |  0
 .../ecc-aws-712-cloudfront_sni_enabled.yml    |  0
 ...watch_log_group_encrypted_with_kms_cmk.yml |  0
 ...-codebuild_project_artifact_encryption.yml |  0
 ...d_project_environment_privileged_check.yml |  0
 ...-719-codebuild_project_logging_enabled.yml |  0
 ...20-codebuild_project_s3_logs_encrypted.yml |  0
 ...dedeploy_auto_rollback_monitor_enabled.yml |  0
 ...ambda_allatonce_traffic_shift_disabled.yml |  0
 ...artifact_bucket_encrypted_with_kms_cmk.yml |  0
 ...watch_log_group_retention_period_check.yml |  0
 ...2_instance_detailed_monitoring_enabled.yml |  0
 .../ecc-aws-739-ec2_token_hop_limit_check.yml |  0
 ...ansit_gateway_auto_vpc_attach_disabled.yml |  0
 ...cr_private_lifecycle_policy_configured.yml |  0
 ...44-ecs_fargate_latest_platform_version.yml |  0
 ...-ecs_task_definition_memory_hard_limit.yml |  0
 ...746-ecs_task_definition_pid_mode_check.yml |  0
 ...1-eks_cluster_oldest_supported_version.yml |  0
 policies/ecc-aws-755-elbv2_multiple_az.yml    |  0
 .../ecc-aws-760-iam_group_has_users_check.yml |  0
 .../ecc-aws-762-lambda_vpc_multi_az_check.yml |  0
 ...-769-opensearch_access_control_enabled.yml |  0
 ...utomatic_minor_version_upgrade_enabled.yml |  0
 ...ws-771-rds_cluster_default_admin_check.yml |  0
 ...s-773-rds_instance_default_admin_check.yml |  0
 ...c-aws-776-redshift_default_admin_check.yml |  0
 ...aws-777-redshift_default_db_name_check.yml |  0
 ..._message_delivery_notification_enabled.yml |  0
 policies/ecc-aws-787-mwaa_latest_version.yml  |  0
 .../ecc-aws-800-dax_ecnrypted_in_transit.yml  |  0
 policies/ecc-aws-808-clb_internet_facing.yml  |  0
 policies/ecc-aws-809-elb_internet_facing.yml  |  0
 ...um_of_2048-bit_key_for_rsa_certificate.yml |  0
 ...active_iam_access_keys_are_not_deleted.yml |  0
 policies/ecc-aws-897-security_hub_enabled.yml |  0
 ...aws-899-s3_event_notifications_enabled.yml |  0
 .../ecc-aws-900-s3_bucket_acl_prohibited.yml  | 16 ++++++
 ...-901-s3_version_lifecycle_policy_check.yml | 19 +++++++
 policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml |  0
 ...04-autoscaling_launch_config_hop_limit.yml |  0
 ...aws-906-ecs_containers_readonly_access.yml |  0
 ...ecc-aws-907-ecs_no_environment_secrets.yml |  0
 ...911-kms_cmk_not_scheduled_for_deletion.yml |  0
 ...cc-aws-917-waf_global_webacl_not_empty.yml |  0
 ...rtificate_transparency_logging_enabled.yml |  0
 ...s-938-cloudfront_encryption_in_transit.yml |  0
 ...aws-939-ebs_default_encryption_enabled.yml |  0
 ...d_acm_certificates_expire_in_one_month.yml |  0
 ...s-949-key_pair_without_tag_information.yml |  0
 ...cc-aws-950-autoscaling_launch_template.yml |  0
 ...c-aws-951-clb_acm_certificate_required.yml |  0
 ...aws-953-lambda_function_settings_check.yml |  0
 ...c-aws-955-ecs_containers_nonprivileged.yml |  0
 ...oudfront_s3_origin_non_existent_bucket.yml |  0
 ...oudfront_origin_access_control_enabled.yml |  0
 .../ecc-aws-962-glue_job_latest_version.yml   |  0
 .../ecc-aws-963-glue_job_logging_enabled.yml  |  0
 459 files changed, 472 insertions(+)
 mode change 100644 => 100755 policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml
 mode change 100644 => 100755 policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml
 mode change 100644 => 100755 policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml
 create mode 100755 policies/ecc-aws-080-bucket_policy_allows_https_requests.yml
 mode change 100644 => 100755 policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml
 mode change 100644 => 100755 policies/ecc-aws-083-rds_high-availability_zone.yml
 mode change 100644 => 100755 policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml
 mode change 100644 => 100755 policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml
 mode change 100644 => 100755 policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml
 mode change 100644 => 100755 policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml
 mode change 100644 => 100755 policies/ecc-aws-093-clb_uses_https.yml
 mode change 100644 => 100755 policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml
 mode change 100644 => 100755 policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml
 mode change 100644 => 100755 policies/ecc-aws-096-credentials_unused_for_45_days.yml
 mode change 100644 => 100755 policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml
 mode change 100644 => 100755 policies/ecc-aws-098-iam_password_policy_password_reuse.yml
 mode change 100644 => 100755 policies/ecc-aws-099-instance_without_any_tag.yml
 mode change 100644 => 100755 policies/ecc-aws-101-clb_access_logging_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-103-instance_without_termination_protection.yml
 mode change 100644 => 100755 policies/ecc-aws-105-rds_instance_with_no_backups.yml
 mode change 100644 => 100755 policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml
 mode change 100644 => 100755 policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml
 mode change 100644 => 100755 policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml
 mode change 100644 => 100755 policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml
 mode change 100644 => 100755 policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml
 mode change 100644 => 100755 policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml
 mode change 100644 => 100755 policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml
 mode change 100644 => 100755 policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml
 mode change 100644 => 100755 policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml
 mode change 100644 => 100755 policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml
 mode change 100644 => 100755 policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml
 mode change 100644 => 100755 policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml
 mode change 100644 => 100755 policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml
 mode change 100644 => 100755 policies/ecc-aws-124-eks_cluster_version_latest.yml
 mode change 100644 => 100755 policies/ecc-aws-140-rds_without_tag_information.yml
 create mode 100755 policies/ecc-aws-141-s3_encrypted_using_kms.yml
 create mode 100755 policies/ecc-aws-162-s3_bucket_lifecycle.yml
 create mode 100755 policies/ecc-aws-163-s3_buckets_without_tags.yml
 mode change 100644 => 100755 policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml
 mode change 100644 => 100755 policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml
 mode change 100644 => 100755 policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml
 mode change 100644 => 100755 policies/ecc-aws-171-iam_password_policy_one_symbol.yml
 mode change 100644 => 100755 policies/ecc-aws-172-iam_password_policy_one_number.yml
 mode change 100644 => 100755 policies/ecc-aws-173-iam_password_min_length_ge_14.yml
 mode change 100644 => 100755 policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml
 mode change 100644 => 100755 policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml
 mode change 100644 => 100755 policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml
 mode change 100644 => 100755 policies/ecc-aws-183-config_enabled_all_regions.yml
 mode change 100644 => 100755 policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml
 mode change 100644 => 100755 policies/ecc-aws-185-kms_key_rotation_is_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml
 mode change 100644 => 100755 policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml
 mode change 100644 => 100755 policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml
 mode change 100644 => 100755 policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml
 mode change 100644 => 100755 policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml
 mode change 100644 => 100755 policies/ecc-aws-196-unused_ec2_security_groups.yml
 mode change 100644 => 100755 policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml
 mode change 100644 => 100755 policies/ecc-aws-198-autoscaling_group_health_checks.yml
 mode change 100644 => 100755 policies/ecc-aws-199-unused_eip_should_be_removed.yml
 mode change 100644 => 100755 policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml
 mode change 100644 => 100755 policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml
 mode change 100644 => 100755 policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml
 mode change 100644 => 100755 policies/ecc-aws-210-cloud_front_waf_integration.yml
 mode change 100644 => 100755 policies/ecc-aws-212-lambda_in_vpc.yml
 mode change 100644 => 100755 policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml
 create mode 100755 policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml
 mode change 100644 => 100755 policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml
 mode change 100644 => 100755 policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml
 mode change 100644 => 100755 policies/ecc-aws-222-ami_public_access.yml
 mode change 100644 => 100755 policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml
 mode change 100644 => 100755 policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml
 mode change 100644 => 100755 policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml
 mode change 100644 => 100755 policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml
 mode change 100644 => 100755 policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml
 mode change 100644 => 100755 policies/ecc-aws-241-acm_has_no_unused_certificates.yml
 mode change 100644 => 100755 policies/ecc-aws-242-cloudfront_distribution_access_logging.yml
 mode change 100644 => 100755 policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml
 mode change 100644 => 100755 policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml
 create mode 100755 policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml
 mode change 100644 => 100755 policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml
 mode change 100644 => 100755 policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml
 mode change 100644 => 100755 policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml
 mode change 100644 => 100755 policies/ecc-aws-251-api_key_is_required_on_method_request.yml
 mode change 100644 => 100755 policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml
 mode change 100644 => 100755 policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml
 mode change 100644 => 100755 policies/ecc-aws-255-restrict_outbound_traffic.yml
 mode change 100644 => 100755 policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-257-efs_is_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml
 mode change 100644 => 100755 policies/ecc-aws-260-redshift_instances_are_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-262-expired_route53_domain_names.yml
 mode change 100644 => 100755 policies/ecc-aws-263-enable_elb_access_logs.yml
 mode change 100644 => 100755 policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml
 mode change 100644 => 100755 policies/ecc-aws-267-guardduty_service_is_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
 mode change 100644 => 100755 policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml
 mode change 100644 => 100755 policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml
 create mode 100755 policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml
 mode change 100644 => 100755 policies/ecc-aws-289-ebs_volume_without_encrypt.yml
 create mode 100755 policies/ecc-aws-290-logging_for_s3_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-291-rds_public_access_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml
 mode change 100644 => 100755 policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml
 mode change 100644 => 100755 policies/ecc-aws-294-clb_connection_draining_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml
 mode change 100644 => 100755 policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml
 mode change 100644 => 100755 policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml
 mode change 100644 => 100755 policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml
 mode change 100644 => 100755 policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml
 mode change 100644 => 100755 policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml
 mode change 100644 => 100755 policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml
 mode change 100644 => 100755 policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml
 mode change 100644 => 100755 policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml
 mode change 100644 => 100755 policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml
 mode change 100644 => 100755 policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml
 mode change 100644 => 100755 policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml
 mode change 100644 => 100755 policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml
 mode change 100644 => 100755 policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml
 mode change 100644 => 100755 policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-324-cloudfront_default_root_object_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-326-cloudfront_origin_failover_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-327-dms_replication_not_public.yml
 mode change 100644 => 100755 policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-331-ec2_stopped_instance.yml
 mode change 100644 => 100755 policies/ecc-aws-332-ec2_instance_no_public_ip.yml
 mode change 100644 => 100755 policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml
 mode change 100644 => 100755 policies/ecc-aws-334-vpc_unused_network_acl.yml
 mode change 100644 => 100755 policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml
 mode change 100644 => 100755 policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml
 mode change 100644 => 100755 policies/ecc-aws-337-efs_in_backup_plan.yml
 mode change 100644 => 100755 policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-339-alb_drop_invalid_http_header.yml
 mode change 100644 => 100755 policies/ecc-aws-341-elb_deletion_protection_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml
 mode change 100644 => 100755 policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-349-rds_oracle_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-350-rds_postgresql_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-351-rds_mysql_logging_enabled.yml
 create mode 100755 policies/ecc-aws-352-rds_mariadb_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-353-rds_sql_server_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-354-rds_aurora_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml
 mode change 100644 => 100755 policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-368-sns_kms_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml
 mode change 100644 => 100755 policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml
 mode change 100644 => 100755 policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-373-eks_control_plane_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml
 mode change 100644 => 100755 policies/ecc-aws-375-eks_secrets_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-376-ecr_immutable_image_tags.yml
 mode change 100644 => 100755 policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml
 mode change 100644 => 100755 policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml
 mode change 100644 => 100755 policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml
 mode change 100644 => 100755 policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml
 mode change 100644 => 100755 policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml
 mode change 100644 => 100755 policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-404-glue_s3_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-407-emr_clusters_in_vpc.yml
 mode change 100644 => 100755 policies/ecc-aws-408-emr_logging_to_s3_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-409-vpc_unused_internet_gateway.yml
 mode change 100644 => 100755 policies/ecc-aws-411-unused_virtual_private_gateways.yml
 mode change 100644 => 100755 policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml
 mode change 100644 => 100755 policies/ecc-aws-414-elasticache_automatic_backups.yml
 mode change 100644 => 100755 policies/ecc-aws-415-elasticache_encrypted_in_transit.yml
 mode change 100644 => 100755 policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-419-elasticache_redis_auth_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-420-elasticache_latest_version.yml
 create mode 100755 policies/ecc-aws-421-documentdb_logging_enabled.yml
 create mode 100755 policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml
 create mode 100755 policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml
 mode change 100644 => 100755 policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-430-autoscaling_group_cooldown_period.yml
 mode change 100644 => 100755 policies/ecc-aws-431-elasticsearch_enforces_https.yml
 mode change 100644 => 100755 policies/ecc-aws-432-elasticsearch_latest_version.yml
 mode change 100644 => 100755 policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml
 mode change 100644 => 100755 policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-435-workspaces_unused_instances.yml
 mode change 100644 => 100755 policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml
 mode change 100644 => 100755 policies/ecc-aws-437-workspaces_instances_are_healthy.yml
 mode change 100644 => 100755 policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml
 mode change 100644 => 100755 policies/ecc-aws-439-workspaces_storage_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml
 mode change 100644 => 100755 policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml
 mode change 100644 => 100755 policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml
 mode change 100644 => 100755 policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml
 mode change 100644 => 100755 policies/ecc-aws-449-sqs_not_open_to_everyone.yml
 mode change 100644 => 100755 policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-452-cloudtrail_logs_management_events.yml
 mode change 100644 => 100755 policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml
 mode change 100644 => 100755 policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml
 mode change 100644 => 100755 policies/ecc-aws-459-config_delivery_failed.yml
 mode change 100644 => 100755 policies/ecc-aws-461-dms_latest_version.yml
 mode change 100644 => 100755 policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml
 mode change 100644 => 100755 policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-473-oracle_global_names_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml
 mode change 100644 => 100755 policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml
 mode change 100644 => 100755 policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml
 mode change 100644 => 100755 policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml
 mode change 100644 => 100755 policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-480-oracle_trace_files_public.yml
 mode change 100644 => 100755 policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-482-dms_multi_az_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-488-ebs_snapshot_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-489-unused_ebs_volumes.yml
 mode change 100644 => 100755 policies/ecc-aws-490-unused_ec2_access_keys.yml
 mode change 100644 => 100755 policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml
 mode change 100644 => 100755 policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml
 mode change 100644 => 100755 policies/ecc-aws-494-workspaces_web_access_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml
 mode change 100644 => 100755 policies/ecc-aws-497-lambda_active_tracing_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-501-sagemaker_instance_root_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-503-mq_broker_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml
 mode change 100644 => 100755 policies/ecc-aws-507-route53_domain_expires_in_30_days.yml
 mode change 100644 => 100755 policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml
 mode change 100644 => 100755 policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-513-route53_query_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-514-msk_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-519-redshift_not_using_default_port.yml
 mode change 100644 => 100755 policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml
 mode change 100644 => 100755 policies/ecc-aws-522-route53_transfer_lock_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-532-glue_connection_passwords_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-537-fsx_lustre_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml
 mode change 100644 => 100755 policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml
 mode change 100644 => 100755 policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-547-cloudtrail_logs_data_events.yml
 mode change 100644 => 100755 policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-550-ami_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-551-ebs_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-553-eip_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-555-eni_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-556-internet_gateway_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-557-nat_gateway_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-558-network_acl_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-559-route_table_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-560-security_group_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-561-subnet_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-562-transit_gateway_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-564-peering_connection_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-565-vpc_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-567-acm_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-568-app_flow_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-578-cloudtrail_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-580-codebuild_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-582-dax_clusters_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-583-dlm_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-584-dms_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-585-ecs_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-586-eks_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-587-efs_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-590-beanstalk_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-591-elb_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-592-emr_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-593-elasticsearch_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-596-fsx_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-597-fsx_backup_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-599-glacier_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-600-glue_job_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-608-iam_user_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-609-iam_role_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-611-msk_clusters_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml
 create mode 100755 policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-615-kms_key_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-616-lambda_functions_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-617-lightsail_instance_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-619-mq_brokers_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-620-mwaa_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-625-rds_cluster_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-626-rds_snapshot_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-627-redshift_clusters_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-632-sns_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-633-sqs_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-638-mq_broker_active_deployment_mode.yml
 mode change 100644 => 100755 policies/ecc-aws-639-mq_broker_latest_version.yml
 mode change 100644 => 100755 policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-643-qldb_permission_mode_is_standard.yml
 mode change 100644 => 100755 policies/ecc-aws-644-qldb_deletion_protection_enabled.yml
 create mode 100755 policies/ecc-aws-646-appsync_logging_enabled.yml
 create mode 100755 policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml
 create mode 100755 policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml
 create mode 100755 policies/ecc-aws-651-appsync_protected_by_waf.yml
 mode change 100644 => 100755 policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml
 mode change 100644 => 100755 policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-664-elasticache_redis_logs_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-665-elasticache_notifications_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-669-emr_termination_protection_enabled.yml
 create mode 100755 policies/ecc-aws-670-emr_imdsv1_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml
 mode change 100644 => 100755 policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml
 mode change 100644 => 100755 policies/ecc-aws-681-lambda_concurrency_enabled.yml
 create mode 100755 policies/ecc-aws-689-bucket_not_dns_compliant.yml
 mode change 100644 => 100755 policies/ecc-aws-690-ecs_exec_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-696-alb_desync_mode_check.yml
 mode change 100644 => 100755 policies/ecc-aws-697-api_gw_endpoint_type_check.yml
 mode change 100644 => 100755 policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml
 mode change 100644 => 100755 policies/ecc-aws-707-clb_desync_mode_check.yml
 mode change 100644 => 100755 policies/ecc-aws-708-clb-multiple_az.yml
 mode change 100644 => 100755 policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml
 mode change 100644 => 100755 policies/ecc-aws-712-cloudfront_sni_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-717-codebuild_project_artifact_encryption.yml
 mode change 100644 => 100755 policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml
 mode change 100644 => 100755 policies/ecc-aws-719-codebuild_project_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml
 mode change 100644 => 100755 policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml
 mode change 100644 => 100755 policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml
 mode change 100644 => 100755 policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-739-ec2_token_hop_limit_check.yml
 mode change 100644 => 100755 policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml
 mode change 100644 => 100755 policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml
 mode change 100644 => 100755 policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml
 mode change 100644 => 100755 policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml
 mode change 100644 => 100755 policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml
 mode change 100644 => 100755 policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml
 mode change 100644 => 100755 policies/ecc-aws-755-elbv2_multiple_az.yml
 mode change 100644 => 100755 policies/ecc-aws-760-iam_group_has_users_check.yml
 mode change 100644 => 100755 policies/ecc-aws-762-lambda_vpc_multi_az_check.yml
 mode change 100644 => 100755 policies/ecc-aws-769-opensearch_access_control_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-771-rds_cluster_default_admin_check.yml
 mode change 100644 => 100755 policies/ecc-aws-773-rds_instance_default_admin_check.yml
 mode change 100644 => 100755 policies/ecc-aws-776-redshift_default_admin_check.yml
 mode change 100644 => 100755 policies/ecc-aws-777-redshift_default_db_name_check.yml
 mode change 100644 => 100755 policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-787-mwaa_latest_version.yml
 mode change 100644 => 100755 policies/ecc-aws-800-dax_ecnrypted_in_transit.yml
 mode change 100644 => 100755 policies/ecc-aws-808-clb_internet_facing.yml
 mode change 100644 => 100755 policies/ecc-aws-809-elb_internet_facing.yml
 mode change 100644 => 100755 policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml
 mode change 100644 => 100755 policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml
 mode change 100644 => 100755 policies/ecc-aws-897-security_hub_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-899-s3_event_notifications_enabled.yml
 create mode 100755 policies/ecc-aws-900-s3_bucket_acl_prohibited.yml
 create mode 100755 policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml
 mode change 100644 => 100755 policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml
 mode change 100644 => 100755 policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml
 mode change 100644 => 100755 policies/ecc-aws-906-ecs_containers_readonly_access.yml
 mode change 100644 => 100755 policies/ecc-aws-907-ecs_no_environment_secrets.yml
 mode change 100644 => 100755 policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml
 mode change 100644 => 100755 policies/ecc-aws-917-waf_global_webacl_not_empty.yml
 mode change 100644 => 100755 policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-938-cloudfront_encryption_in_transit.yml
 mode change 100644 => 100755 policies/ecc-aws-939-ebs_default_encryption_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml
 mode change 100644 => 100755 policies/ecc-aws-949-key_pair_without_tag_information.yml
 mode change 100644 => 100755 policies/ecc-aws-950-autoscaling_launch_template.yml
 mode change 100644 => 100755 policies/ecc-aws-951-clb_acm_certificate_required.yml
 mode change 100644 => 100755 policies/ecc-aws-953-lambda_function_settings_check.yml
 mode change 100644 => 100755 policies/ecc-aws-955-ecs_containers_nonprivileged.yml
 mode change 100644 => 100755 policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml
 mode change 100644 => 100755 policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml
 mode change 100644 => 100755 policies/ecc-aws-962-glue_job_latest_version.yml
 mode change 100644 => 100755 policies/ecc-aws-963-glue_job_logging_enabled.yml

diff --git a/policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml b/policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml b/policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml b/policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-080-bucket_policy_allows_https_requests.yml b/policies/ecc-aws-080-bucket_policy_allows_https_requests.yml
new file mode 100755
index 000000000..28e13c6f3
--- /dev/null
+++ b/policies/ecc-aws-080-bucket_policy_allows_https_requests.yml
@@ -0,0 +1,36 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-080-bucket_policy_allows_https_requests
+    resource: aws.s3
+    description: |
+      S3 Bucket Policy allows HTTP requests
+    filters:
+      - not:
+          - or:
+              - type: has-statement
+                statements:
+                  - Effect: Deny
+                    Action: 's3:*'
+                    Condition:
+                      Bool:
+                        "aws:SecureTransport": "false"
+              - type: has-statement
+                statements:
+                  - Effect: Deny
+                    Action: '*'
+                    Condition:
+                      Bool:
+                        "aws:SecureTransport": "false"
+              - type: has-statement
+                statements:
+                  - Effect: Deny
+                    Action: 's3:GetObject'
+                    Condition:
+                      Bool:
+                        "aws:SecureTransport": "false"
\ No newline at end of file
diff --git a/policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml b/policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-083-rds_high-availability_zone.yml b/policies/ecc-aws-083-rds_high-availability_zone.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml b/policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml b/policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml b/policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml b/policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-093-clb_uses_https.yml b/policies/ecc-aws-093-clb_uses_https.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml b/policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml b/policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-096-credentials_unused_for_45_days.yml b/policies/ecc-aws-096-credentials_unused_for_45_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml b/policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-098-iam_password_policy_password_reuse.yml b/policies/ecc-aws-098-iam_password_policy_password_reuse.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-099-instance_without_any_tag.yml b/policies/ecc-aws-099-instance_without_any_tag.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-101-clb_access_logging_disabled.yml b/policies/ecc-aws-101-clb_access_logging_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml b/policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-103-instance_without_termination_protection.yml b/policies/ecc-aws-103-instance_without_termination_protection.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-105-rds_instance_with_no_backups.yml b/policies/ecc-aws-105-rds_instance_with_no_backups.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml b/policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml b/policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml b/policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml b/policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml b/policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml b/policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml b/policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml b/policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml b/policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml b/policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml b/policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml b/policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml b/policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-124-eks_cluster_version_latest.yml b/policies/ecc-aws-124-eks_cluster_version_latest.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-140-rds_without_tag_information.yml b/policies/ecc-aws-140-rds_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-141-s3_encrypted_using_kms.yml b/policies/ecc-aws-141-s3_encrypted_using_kms.yml
new file mode 100755
index 000000000..7ec8ea104
--- /dev/null
+++ b/policies/ecc-aws-141-s3_encrypted_using_kms.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-141-s3_encrypted_using_kms
+    description: |
+      S3 is not using a KMS key for encryption
+    resource: s3
+    filters:
+      - type: bucket-encryption
+        state: false
+        crypto: aws:kms
diff --git a/policies/ecc-aws-162-s3_bucket_lifecycle.yml b/policies/ecc-aws-162-s3_bucket_lifecycle.yml
new file mode 100755
index 000000000..427168edc
--- /dev/null
+++ b/policies/ecc-aws-162-s3_bucket_lifecycle.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-162-s3_bucket_lifecycle
+    description: |
+      S3 Bucket life cycle is not configured
+    resource: s3
+    filters:
+      - type: value
+        key: Lifecycle
+        value: null
diff --git a/policies/ecc-aws-163-s3_buckets_without_tags.yml b/policies/ecc-aws-163-s3_buckets_without_tags.yml
new file mode 100755
index 000000000..60311c395
--- /dev/null
+++ b/policies/ecc-aws-163-s3_buckets_without_tags.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-163-s3_buckets_without_tags
+    description: |
+      S3 Buckets without tags 
+    resource: s3
+    filters:
+      - not:
+          - type: value
+            key: Tags[0]
+            value: present
diff --git a/policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml b/policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml b/policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml b/policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-171-iam_password_policy_one_symbol.yml b/policies/ecc-aws-171-iam_password_policy_one_symbol.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-172-iam_password_policy_one_number.yml b/policies/ecc-aws-172-iam_password_policy_one_number.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-173-iam_password_min_length_ge_14.yml b/policies/ecc-aws-173-iam_password_min_length_ge_14.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml b/policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml b/policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml b/policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml b/policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-183-config_enabled_all_regions.yml b/policies/ecc-aws-183-config_enabled_all_regions.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml b/policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-185-kms_key_rotation_is_enabled.yml b/policies/ecc-aws-185-kms_key_rotation_is_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml b/policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml b/policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml b/policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml b/policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml b/policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-196-unused_ec2_security_groups.yml b/policies/ecc-aws-196-unused_ec2_security_groups.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml b/policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-198-autoscaling_group_health_checks.yml b/policies/ecc-aws-198-autoscaling_group_health_checks.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-199-unused_eip_should_be_removed.yml b/policies/ecc-aws-199-unused_eip_should_be_removed.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml b/policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml b/policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml b/policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-210-cloud_front_waf_integration.yml b/policies/ecc-aws-210-cloud_front_waf_integration.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-212-lambda_in_vpc.yml b/policies/ecc-aws-212-lambda_in_vpc.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml b/policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml b/policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml
new file mode 100755
index 000000000..3c16522df
--- /dev/null
+++ b/policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-216-s3_bucket_cross_region_replication_enabled
+    description: |
+      S3 bucket cross-region replication is disabled
+    resource: s3
+    filters:
+      - type: value
+        key: Replication
+        value: null
diff --git a/policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml b/policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml b/policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml b/policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-222-ami_public_access.yml b/policies/ecc-aws-222-ami_public_access.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml b/policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml b/policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml b/policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml b/policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml b/policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml b/policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-241-acm_has_no_unused_certificates.yml b/policies/ecc-aws-241-acm_has_no_unused_certificates.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-242-cloudfront_distribution_access_logging.yml b/policies/ecc-aws-242-cloudfront_distribution_access_logging.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml b/policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml b/policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml b/policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml
new file mode 100755
index 000000000..dd80cb546
--- /dev/null
+++ b/policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled
+    description: |
+      S3 bucket versioning MFA delete is disabled
+    resource: s3
+    filters:
+      - or:
+          - type: value
+            key: Versioning.MFADelete
+            value: Disabled
+          - type: value
+            key: Versioning.MFADelete
+            value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml b/policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml b/policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml b/policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml b/policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-251-api_key_is_required_on_method_request.yml b/policies/ecc-aws-251-api_key_is_required_on_method_request.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml b/policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml b/policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-255-restrict_outbound_traffic.yml b/policies/ecc-aws-255-restrict_outbound_traffic.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml b/policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-257-efs_is_encrypted.yml b/policies/ecc-aws-257-efs_is_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml b/policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml b/policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-260-redshift_instances_are_encrypted.yml b/policies/ecc-aws-260-redshift_instances_are_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml b/policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-262-expired_route53_domain_names.yml b/policies/ecc-aws-262-expired_route53_domain_names.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-263-enable_elb_access_logs.yml b/policies/ecc-aws-263-enable_elb_access_logs.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml b/policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-267-guardduty_service_is_enabled.yml b/policies/ecc-aws-267-guardduty_service_is_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml b/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml b/policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml b/policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml b/policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml b/policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml
new file mode 100755
index 000000000..314ae93b7
--- /dev/null
+++ b/policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-280-s3_buckets_configured_with_block_public_access
+    resource: aws.s3
+    description: |
+      S3 Buckets are not configured with 'Block public access' bucket settings
+    filters:
+      - type: check-public-block
\ No newline at end of file
diff --git a/policies/ecc-aws-289-ebs_volume_without_encrypt.yml b/policies/ecc-aws-289-ebs_volume_without_encrypt.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-290-logging_for_s3_enabled.yml b/policies/ecc-aws-290-logging_for_s3_enabled.yml
new file mode 100755
index 000000000..67506e238
--- /dev/null
+++ b/policies/ecc-aws-290-logging_for_s3_enabled.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-290-logging_for_s3_enabled
+    description: |
+      Logging for S3 bucket is disabled
+    resource: s3
+    filters:
+      - type: bucket-logging
+        op: disabled
\ No newline at end of file
diff --git a/policies/ecc-aws-291-rds_public_access_disabled.yml b/policies/ecc-aws-291-rds_public_access_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml b/policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml b/policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-294-clb_connection_draining_enabled.yml b/policies/ecc-aws-294-clb_connection_draining_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml b/policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml b/policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml b/policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml b/policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml b/policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml b/policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml b/policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml b/policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml b/policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml b/policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml b/policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml b/policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml b/policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml b/policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml b/policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml b/policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml b/policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml b/policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml b/policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml b/policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-324-cloudfront_default_root_object_configured.yml b/policies/ecc-aws-324-cloudfront_default_root_object_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-326-cloudfront_origin_failover_configured.yml b/policies/ecc-aws-326-cloudfront_origin_failover_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-327-dms_replication_not_public.yml b/policies/ecc-aws-327-dms_replication_not_public.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml b/policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml b/policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-331-ec2_stopped_instance.yml b/policies/ecc-aws-331-ec2_stopped_instance.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-332-ec2_instance_no_public_ip.yml b/policies/ecc-aws-332-ec2_instance_no_public_ip.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml b/policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-334-vpc_unused_network_acl.yml b/policies/ecc-aws-334-vpc_unused_network_acl.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml b/policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml b/policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-337-efs_in_backup_plan.yml b/policies/ecc-aws-337-efs_in_backup_plan.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml b/policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-339-alb_drop_invalid_http_header.yml b/policies/ecc-aws-339-alb_drop_invalid_http_header.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-341-elb_deletion_protection_enabled.yml b/policies/ecc-aws-341-elb_deletion_protection_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml b/policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml b/policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml b/policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml b/policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml b/policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml b/policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml b/policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-349-rds_oracle_logging_enabled.yml b/policies/ecc-aws-349-rds_oracle_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-350-rds_postgresql_logging_enabled.yml b/policies/ecc-aws-350-rds_postgresql_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-351-rds_mysql_logging_enabled.yml b/policies/ecc-aws-351-rds_mysql_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-352-rds_mariadb_logging_enabled.yml b/policies/ecc-aws-352-rds_mariadb_logging_enabled.yml
new file mode 100755
index 000000000..31e4b323e
--- /dev/null
+++ b/policies/ecc-aws-352-rds_mariadb_logging_enabled.yml
@@ -0,0 +1,56 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-352-rds_mariadb_logging_enabled
+    resource: aws.rds
+    description: |
+      MariaDB database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: mariadb
+          - or:
+              - not:
+                  - type: db-option-groups
+                    key: length(Options[].OptionSettings[?Name == 'SERVER_AUDIT_EVENTS' && Value == `CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL`].Value[])
+                    op: eq
+                    value: 1
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-parameter
+                    key: general_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: slow_query_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: log_output
+                    op: eq
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-353-rds_sql_server_logging_enabled.yml b/policies/ecc-aws-353-rds_sql_server_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-354-rds_aurora_logging_enabled.yml b/policies/ecc-aws-354-rds_aurora_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml b/policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml b/policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml b/policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml b/policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml b/policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml b/policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml b/policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml b/policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml b/policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml b/policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-368-sns_kms_encryption_enabled.yml b/policies/ecc-aws-368-sns_kms_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml b/policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml b/policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml b/policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-373-eks_control_plane_logging_enabled.yml b/policies/ecc-aws-373-eks_control_plane_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml b/policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-375-eks_secrets_encrypted.yml b/policies/ecc-aws-375-eks_secrets_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-376-ecr_immutable_image_tags.yml b/policies/ecc-aws-376-ecr_immutable_image_tags.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml b/policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml b/policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml b/policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml b/policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml b/policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml b/policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml b/policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml b/policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml b/policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml b/policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml b/policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml b/policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml b/policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml b/policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml b/policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml b/policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml b/policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml b/policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml b/policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml b/policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml b/policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml b/policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml b/policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml b/policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml b/policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml b/policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-404-glue_s3_encryption_enabled.yml b/policies/ecc-aws-404-glue_s3_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml b/policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-407-emr_clusters_in_vpc.yml b/policies/ecc-aws-407-emr_clusters_in_vpc.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-408-emr_logging_to_s3_enabled.yml b/policies/ecc-aws-408-emr_logging_to_s3_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-409-vpc_unused_internet_gateway.yml b/policies/ecc-aws-409-vpc_unused_internet_gateway.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-411-unused_virtual_private_gateways.yml b/policies/ecc-aws-411-unused_virtual_private_gateways.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml b/policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-414-elasticache_automatic_backups.yml b/policies/ecc-aws-414-elasticache_automatic_backups.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-415-elasticache_encrypted_in_transit.yml b/policies/ecc-aws-415-elasticache_encrypted_in_transit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml b/policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml b/policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-419-elasticache_redis_auth_enabled.yml b/policies/ecc-aws-419-elasticache_redis_auth_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-420-elasticache_latest_version.yml b/policies/ecc-aws-420-elasticache_latest_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-421-documentdb_logging_enabled.yml b/policies/ecc-aws-421-documentdb_logging_enabled.yml
new file mode 100755
index 000000000..e82911e32
--- /dev/null
+++ b/policies/ecc-aws-421-documentdb_logging_enabled.yml
@@ -0,0 +1,35 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-421-documentdb_logging_enabled
+    resource: aws.rds-cluster
+    description: |
+      DocumentDB logging is not enabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: 'docdb'
+          - not:
+              - and:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: profiler
+                  - type: db-cluster-parameter
+                    key: audit_logs
+                    value: enabled
+                  - type: db-cluster-parameter
+                    key: profiler
+                    value: enabled
\ No newline at end of file
diff --git a/policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml b/policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml
new file mode 100755
index 000000000..f9b2f793f
--- /dev/null
+++ b/policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml
@@ -0,0 +1,48 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled
+    resource: aws.rds-cluster
+    description: |
+      Aurora-MySQL cluster logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-mysql
+          - not:
+              - and:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-cluster-parameter
+                    key: general_log
+                    value: 1
+                  - type: db-cluster-parameter
+                    key: slow_query_log
+                    value: 1
+                  - type: db-cluster-parameter
+                    key: log_output
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml b/policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml
new file mode 100755
index 000000000..d407d456b
--- /dev/null
+++ b/policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml
@@ -0,0 +1,33 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled
+    resource: aws.rds-cluster
+    description: |
+      Aurora-PostgreSQL cluster logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-postgresql
+          - or:
+              - type: db-cluster-parameter
+                key: log_min_duration_statement
+                value: absent
+              - type: db-cluster-parameter
+                key: log_min_duration_statement
+                value: -1
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: postgresql
+                  - type: db-cluster-parameter
+                    key: log_statement
+                    value: all
\ No newline at end of file
diff --git a/policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml b/policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml b/policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml b/policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-430-autoscaling_group_cooldown_period.yml b/policies/ecc-aws-430-autoscaling_group_cooldown_period.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-431-elasticsearch_enforces_https.yml b/policies/ecc-aws-431-elasticsearch_enforces_https.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-432-elasticsearch_latest_version.yml b/policies/ecc-aws-432-elasticsearch_latest_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml b/policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml b/policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-435-workspaces_unused_instances.yml b/policies/ecc-aws-435-workspaces_unused_instances.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml b/policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-437-workspaces_instances_are_healthy.yml b/policies/ecc-aws-437-workspaces_instances_are_healthy.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml b/policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-439-workspaces_storage_encrypted.yml b/policies/ecc-aws-439-workspaces_storage_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml b/policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml b/policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml b/policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml b/policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml b/policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml b/policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-449-sqs_not_open_to_everyone.yml b/policies/ecc-aws-449-sqs_not_open_to_everyone.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml b/policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-452-cloudtrail_logs_management_events.yml b/policies/ecc-aws-452-cloudtrail_logs_management_events.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml b/policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml b/policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml b/policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml b/policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml b/policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-459-config_delivery_failed.yml b/policies/ecc-aws-459-config_delivery_failed.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-461-dms_latest_version.yml b/policies/ecc-aws-461-dms_latest_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml b/policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml b/policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml b/policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml b/policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml b/policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-473-oracle_global_names_flag_enabled.yml b/policies/ecc-aws-473-oracle_global_names_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml b/policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml b/policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml b/policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml b/policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml b/policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml b/policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-480-oracle_trace_files_public.yml b/policies/ecc-aws-480-oracle_trace_files_public.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml b/policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-482-dms_multi_az_enabled.yml b/policies/ecc-aws-482-dms_multi_az_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml b/policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-488-ebs_snapshot_encrypted.yml b/policies/ecc-aws-488-ebs_snapshot_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-489-unused_ebs_volumes.yml b/policies/ecc-aws-489-unused_ebs_volumes.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-490-unused_ec2_access_keys.yml b/policies/ecc-aws-490-unused_ec2_access_keys.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml b/policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml b/policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-494-workspaces_web_access_disabled.yml b/policies/ecc-aws-494-workspaces_web_access_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml b/policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml b/policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-497-lambda_active_tracing_enabled.yml b/policies/ecc-aws-497-lambda_active_tracing_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml b/policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml b/policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-501-sagemaker_instance_root_disabled.yml b/policies/ecc-aws-501-sagemaker_instance_root_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml b/policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-503-mq_broker_logging_enabled.yml b/policies/ecc-aws-503-mq_broker_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml b/policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml b/policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml b/policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-507-route53_domain_expires_in_30_days.yml b/policies/ecc-aws-507-route53_domain_expires_in_30_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml b/policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml b/policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml b/policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml b/policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-513-route53_query_logging_enabled.yml b/policies/ecc-aws-513-route53_query_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-514-msk_logging_enabled.yml b/policies/ecc-aws-514-msk_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml b/policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml b/policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml b/policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-519-redshift_not_using_default_port.yml b/policies/ecc-aws-519-redshift_not_using_default_port.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml b/policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml b/policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-522-route53_transfer_lock_enabled.yml b/policies/ecc-aws-522-route53_transfer_lock_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml b/policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml b/policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml b/policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml b/policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml b/policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-532-glue_connection_passwords_encrypted.yml b/policies/ecc-aws-532-glue_connection_passwords_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-537-fsx_lustre_logging_enabled.yml b/policies/ecc-aws-537-fsx_lustre_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml b/policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml b/policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml b/policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-547-cloudtrail_logs_data_events.yml b/policies/ecc-aws-547-cloudtrail_logs_data_events.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml b/policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-550-ami_without_tag_information.yml b/policies/ecc-aws-550-ami_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-551-ebs_without_tag_information.yml b/policies/ecc-aws-551-ebs_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml b/policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-553-eip_without_tag_information.yml b/policies/ecc-aws-553-eip_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-555-eni_without_tag_information.yml b/policies/ecc-aws-555-eni_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-556-internet_gateway_without_tag_information.yml b/policies/ecc-aws-556-internet_gateway_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-557-nat_gateway_without_tag_information.yml b/policies/ecc-aws-557-nat_gateway_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-558-network_acl_without_tag_information.yml b/policies/ecc-aws-558-network_acl_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-559-route_table_without_tag_information.yml b/policies/ecc-aws-559-route_table_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-560-security_group_without_tag_information.yml b/policies/ecc-aws-560-security_group_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-561-subnet_without_tag_information.yml b/policies/ecc-aws-561-subnet_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-562-transit_gateway_without_tag_information.yml b/policies/ecc-aws-562-transit_gateway_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml b/policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-564-peering_connection_without_tag_information.yml b/policies/ecc-aws-564-peering_connection_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-565-vpc_without_tag_information.yml b/policies/ecc-aws-565-vpc_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml b/policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-567-acm_without_tag_information.yml b/policies/ecc-aws-567-acm_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-568-app_flow_without_tag_information.yml b/policies/ecc-aws-568-app_flow_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml b/policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml b/policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml b/policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-578-cloudtrail_without_tag_information.yml b/policies/ecc-aws-578-cloudtrail_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-580-codebuild_without_tag_information.yml b/policies/ecc-aws-580-codebuild_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-582-dax_clusters_without_tag_information.yml b/policies/ecc-aws-582-dax_clusters_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-583-dlm_without_tag_information.yml b/policies/ecc-aws-583-dlm_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-584-dms_without_tag_information.yml b/policies/ecc-aws-584-dms_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-585-ecs_without_tag_information.yml b/policies/ecc-aws-585-ecs_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-586-eks_without_tag_information.yml b/policies/ecc-aws-586-eks_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-587-efs_without_tag_information.yml b/policies/ecc-aws-587-efs_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml b/policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-590-beanstalk_without_tag_information.yml b/policies/ecc-aws-590-beanstalk_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-591-elb_without_tag_information.yml b/policies/ecc-aws-591-elb_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-592-emr_without_tag_information.yml b/policies/ecc-aws-592-emr_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-593-elasticsearch_without_tag_information.yml b/policies/ecc-aws-593-elasticsearch_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-596-fsx_without_tag_information.yml b/policies/ecc-aws-596-fsx_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-597-fsx_backup_without_tag_information.yml b/policies/ecc-aws-597-fsx_backup_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-599-glacier_without_tag_information.yml b/policies/ecc-aws-599-glacier_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-600-glue_job_without_tag_information.yml b/policies/ecc-aws-600-glue_job_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-608-iam_user_without_tag_information.yml b/policies/ecc-aws-608-iam_user_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-609-iam_role_without_tag_information.yml b/policies/ecc-aws-609-iam_role_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-611-msk_clusters_without_tag_information.yml b/policies/ecc-aws-611-msk_clusters_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml b/policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml b/policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml
new file mode 100755
index 000000000..5e295d75e
--- /dev/null
+++ b/policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-614-kinesis_video_stream_without_tag_information
+    description: |
+      Amazon Kinesis video stream without tag information
+    resource: kinesis-video
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-615-kms_key_without_tag_information.yml b/policies/ecc-aws-615-kms_key_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-616-lambda_functions_without_tag_information.yml b/policies/ecc-aws-616-lambda_functions_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-617-lightsail_instance_without_tag_information.yml b/policies/ecc-aws-617-lightsail_instance_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml b/policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-619-mq_brokers_without_tag_information.yml b/policies/ecc-aws-619-mq_brokers_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-620-mwaa_without_tag_information.yml b/policies/ecc-aws-620-mwaa_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml b/policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-625-rds_cluster_without_tag_information.yml b/policies/ecc-aws-625-rds_cluster_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-626-rds_snapshot_without_tag_information.yml b/policies/ecc-aws-626-rds_snapshot_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-627-redshift_clusters_without_tag_information.yml b/policies/ecc-aws-627-redshift_clusters_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml b/policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-632-sns_without_tag_information.yml b/policies/ecc-aws-632-sns_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-633-sqs_without_tag_information.yml b/policies/ecc-aws-633-sqs_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-638-mq_broker_active_deployment_mode.yml b/policies/ecc-aws-638-mq_broker_active_deployment_mode.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-639-mq_broker_latest_version.yml b/policies/ecc-aws-639-mq_broker_latest_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml b/policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml b/policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-643-qldb_permission_mode_is_standard.yml b/policies/ecc-aws-643-qldb_permission_mode_is_standard.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-644-qldb_deletion_protection_enabled.yml b/policies/ecc-aws-644-qldb_deletion_protection_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-646-appsync_logging_enabled.yml b/policies/ecc-aws-646-appsync_logging_enabled.yml
new file mode 100755
index 000000000..ad3900c31
--- /dev/null
+++ b/policies/ecc-aws-646-appsync_logging_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-646-appsync_logging_enabled
+    description: |
+      Appsync logging disabled
+    resource: aws.graphql-api
+    filters:
+      - type: value
+        key: logConfig
+        value: absent
diff --git a/policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml b/policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml
new file mode 100755
index 000000000..0706da186
--- /dev/null
+++ b/policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-649-appsync_cache_encrypted_at_rest
+    description: |
+      Appsync cache is not encrypted at rest
+    resource: aws.graphql-api
+    filters:
+     - type: api-cache
+       key: 'atRestEncryptionEnabled'
+       value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml b/policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml
new file mode 100755
index 000000000..799881243
--- /dev/null
+++ b/policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-650-appsync_cache_encrypted_in_transit
+    description: |
+      Appsync cache is not encrypted in transit
+    resource: aws.graphql-api
+    filters:
+     - type: api-cache
+       key: 'transitEncryptionEnabled'
+       value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-651-appsync_protected_by_waf.yml b/policies/ecc-aws-651-appsync_protected_by_waf.yml
new file mode 100755
index 000000000..d79b0187d
--- /dev/null
+++ b/policies/ecc-aws-651-appsync_protected_by_waf.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-651-appsync_protected_by_waf
+    description: |
+      Appsync is not protected by WAF
+    resource: graphql-api
+    filters:
+      - type: wafv2-enabled
+        state: false
\ No newline at end of file
diff --git a/policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml b/policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml b/policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml b/policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml b/policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml b/policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml b/policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-664-elasticache_redis_logs_enabled.yml b/policies/ecc-aws-664-elasticache_redis_logs_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-665-elasticache_notifications_enabled.yml b/policies/ecc-aws-665-elasticache_notifications_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-669-emr_termination_protection_enabled.yml b/policies/ecc-aws-669-emr_termination_protection_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-670-emr_imdsv1_disabled.yml b/policies/ecc-aws-670-emr_imdsv1_disabled.yml
new file mode 100755
index 000000000..d906ab951
--- /dev/null
+++ b/policies/ecc-aws-670-emr_imdsv1_disabled.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-670-emr_imdsv1_disabled
+    description: |
+      EMR clusters imdsv1 enabled
+    resource: aws.emr-security-configuration
+    filters:
+      - not:
+        - type: value
+          key: SecurityConfiguration.InstanceMetadataServiceConfiguration.MinimumInstanceMetadataServiceVersion
+          op: eq
+          value: 2
diff --git a/policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml b/policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml b/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml b/policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml b/policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-681-lambda_concurrency_enabled.yml b/policies/ecc-aws-681-lambda_concurrency_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-689-bucket_not_dns_compliant.yml b/policies/ecc-aws-689-bucket_not_dns_compliant.yml
new file mode 100755
index 000000000..ecbbf6f37
--- /dev/null
+++ b/policies/ecc-aws-689-bucket_not_dns_compliant.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-689-bucket_not_dns_compliant
+    description: |
+      S3 bucket is not DNS compliant
+    resource: s3
+    filters:
+      - not:
+          - type: value
+            key: Name
+            op: regex
+            value: '^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$'
diff --git a/policies/ecc-aws-690-ecs_exec_logging_enabled.yml b/policies/ecc-aws-690-ecs_exec_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml b/policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml b/policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml b/policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-696-alb_desync_mode_check.yml b/policies/ecc-aws-696-alb_desync_mode_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-697-api_gw_endpoint_type_check.yml b/policies/ecc-aws-697-api_gw_endpoint_type_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml b/policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml b/policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-707-clb_desync_mode_check.yml b/policies/ecc-aws-707-clb_desync_mode_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-708-clb-multiple_az.yml b/policies/ecc-aws-708-clb-multiple_az.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml b/policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml b/policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-712-cloudfront_sni_enabled.yml b/policies/ecc-aws-712-cloudfront_sni_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml b/policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-717-codebuild_project_artifact_encryption.yml b/policies/ecc-aws-717-codebuild_project_artifact_encryption.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml b/policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-719-codebuild_project_logging_enabled.yml b/policies/ecc-aws-719-codebuild_project_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml b/policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml b/policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml b/policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml b/policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml b/policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml b/policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-739-ec2_token_hop_limit_check.yml b/policies/ecc-aws-739-ec2_token_hop_limit_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml b/policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml b/policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml b/policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml b/policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml b/policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml b/policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-755-elbv2_multiple_az.yml b/policies/ecc-aws-755-elbv2_multiple_az.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-760-iam_group_has_users_check.yml b/policies/ecc-aws-760-iam_group_has_users_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-762-lambda_vpc_multi_az_check.yml b/policies/ecc-aws-762-lambda_vpc_multi_az_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-769-opensearch_access_control_enabled.yml b/policies/ecc-aws-769-opensearch_access_control_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml b/policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-771-rds_cluster_default_admin_check.yml b/policies/ecc-aws-771-rds_cluster_default_admin_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-773-rds_instance_default_admin_check.yml b/policies/ecc-aws-773-rds_instance_default_admin_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-776-redshift_default_admin_check.yml b/policies/ecc-aws-776-redshift_default_admin_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-777-redshift_default_db_name_check.yml b/policies/ecc-aws-777-redshift_default_db_name_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml b/policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-787-mwaa_latest_version.yml b/policies/ecc-aws-787-mwaa_latest_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-800-dax_ecnrypted_in_transit.yml b/policies/ecc-aws-800-dax_ecnrypted_in_transit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-808-clb_internet_facing.yml b/policies/ecc-aws-808-clb_internet_facing.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-809-elb_internet_facing.yml b/policies/ecc-aws-809-elb_internet_facing.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml b/policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml b/policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-897-security_hub_enabled.yml b/policies/ecc-aws-897-security_hub_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-899-s3_event_notifications_enabled.yml b/policies/ecc-aws-899-s3_event_notifications_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-900-s3_bucket_acl_prohibited.yml b/policies/ecc-aws-900-s3_bucket_acl_prohibited.yml
new file mode 100755
index 000000000..defc60f9c
--- /dev/null
+++ b/policies/ecc-aws-900-s3_bucket_acl_prohibited.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-900-s3_bucket_acl_prohibited
+    description: |
+      S3 access control lists (ACLs) are used to manage user access to buckets
+    resource: aws.s3
+    filters:
+    - not:
+      - type: ownership
+        value: BucketOwnerEnforced
diff --git a/policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml b/policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml
new file mode 100755
index 000000000..eeec8ad84
--- /dev/null
+++ b/policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-901-s3_version_lifecycle_policy_check
+    description: |
+      S3 buckets with versioning enabled do not have lifecycle policies configured
+    resource: aws.s3
+    filters:
+      - type: value
+        key: Versioning.Status
+        value: Enabled
+      - type: value
+        key: Lifecycle
+        value: null
diff --git a/policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml b/policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml b/policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-906-ecs_containers_readonly_access.yml b/policies/ecc-aws-906-ecs_containers_readonly_access.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-907-ecs_no_environment_secrets.yml b/policies/ecc-aws-907-ecs_no_environment_secrets.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml b/policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-917-waf_global_webacl_not_empty.yml b/policies/ecc-aws-917-waf_global_webacl_not_empty.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml b/policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-938-cloudfront_encryption_in_transit.yml b/policies/ecc-aws-938-cloudfront_encryption_in_transit.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-939-ebs_default_encryption_enabled.yml b/policies/ecc-aws-939-ebs_default_encryption_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml b/policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-949-key_pair_without_tag_information.yml b/policies/ecc-aws-949-key_pair_without_tag_information.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-950-autoscaling_launch_template.yml b/policies/ecc-aws-950-autoscaling_launch_template.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-951-clb_acm_certificate_required.yml b/policies/ecc-aws-951-clb_acm_certificate_required.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-953-lambda_function_settings_check.yml b/policies/ecc-aws-953-lambda_function_settings_check.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-955-ecs_containers_nonprivileged.yml b/policies/ecc-aws-955-ecs_containers_nonprivileged.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml b/policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml b/policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-962-glue_job_latest_version.yml b/policies/ecc-aws-962-glue_job_latest_version.yml
old mode 100644
new mode 100755
diff --git a/policies/ecc-aws-963-glue_job_logging_enabled.yml b/policies/ecc-aws-963-glue_job_logging_enabled.yml
old mode 100644
new mode 100755