From bdf4e70f65d298074a46a5407d559d2a3a2a872f Mon Sep 17 00:00:00 2001 From: Vladyslav Yevsiukov Date: Mon, 24 Jul 2023 09:02:56 +0000 Subject: [PATCH] new: added a number of terraform files for policies (see the list in the commit message) 081, 088, 089, 100, 175, 178, 180, 182, 192, 193, 194, 204, 205, 206, 207, 208, 209, 211, 213, 224, 225, 226, 227, 228, 229, 230, 239, 244, 252, 265, 266, 268, 269, 270, 271, 282, 283, 284, 285, 296, 301, 302, 303, 304, 305, 328, 365, 366, 367, 399, 406, 410, 412, 417, 422, 426, 441, 443, 446, 450, 523, 528, 541, 543, 545, 546, 549, 642, 661, 662, 663, 678, 695, 711, 722, 743, 915, 916 --- .../green/provider.tf | 20 +++ .../green/rds.tf | 33 +++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/081-policy.json | 15 +++ .../red/provider.tf | 20 +++ .../red/rds.tf | 33 +++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/provider.tf | 20 +++ .../red1/rds.tf | 33 +++++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../green/certificate.tf | 122 +++++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/88-policy.json | 19 +++ .../red/certificate.tf | 122 +++++++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/certificate.tf | 122 +++++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/89-policy.json | 19 +++ .../red/certificate.tf | 122 +++++++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/ebs.tf | 12 ++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../iam/100-policy.json | 15 +++ .../red/ebs.tf | 5 + .../red/provider.tf | 21 +++ .../red/terraform.tfvars | 3 + .../red/variables.tf | 14 ++ .../green/cloudtrail.tf | 57 ++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/cloudtrail.tf | 64 +++++++++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/175-policy.json | 16 +++ .../red/cloudtrail.tf | 53 ++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/iam.tf | 37 ++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/178-policy.json | 14 ++ .../red/iam.tf | 35 +++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/iam.tf | 12 ++ .../green/provider.tf | 13 ++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/180-policy.json | 16 +++ .../red/iam.tf | 20 +++ .../red/provider.tf | 13 ++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/iam.tf | 25 ++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/182-policy.json | 14 ++ .../red/iam.tf | 18 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green_full/cw.tf | 30 +++++ .../green_full/iam.tf | 47 +++++++ .../green_full/provider.tf | 20 +++ .../green_full/sns.tf | 18 +++ .../green_full/terraform.tfvars | 4 + .../green_full/trail.tf | 61 +++++++++ .../green_full/variables.tf | 19 +++ .../iam/192-policy.json | 20 +++ .../red/cw.tf | 26 ++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red0/provider.tf | 20 +++ .../red0/terraform.tfvars | 2 + .../red0/trail.tf | 59 +++++++++ .../red0/variables.tf | 9 ++ .../red1/cw.tf | 56 ++++++++ .../red1/provider.tf | 20 +++ .../red1/terraform.tfvars | 2 + .../red1/trail.tf | 60 +++++++++ .../red1/variables.tf | 9 ++ .../red2/cw.tf | 68 ++++++++++ .../red2/provider.tf | 20 +++ .../red2/terraform.tfvars | 3 + .../red2/trail.tf | 60 +++++++++ .../red2/variables.tf | 13 ++ .../red3/cw.tf | 81 ++++++++++++ .../red3/provider.tf | 20 +++ .../red3/terraform.tfvars | 3 + .../red3/trail.tf | 60 +++++++++ .../red3/variables.tf | 13 ++ .../red4/cw.tf | 82 ++++++++++++ .../red4/provider.tf | 20 +++ .../red4/sns.tf | 3 + .../red4/terraform.tfvars | 3 + .../red4/trail.tf | 61 +++++++++ .../red4/variables.tf | 13 ++ .../green/cloudtrail.tf | 64 +++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/193-policy.json | 28 ++++ .../red/cloudtrail.tf | 64 +++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/provider.tf | 20 +++ .../green/s3.tf | 74 +++++++++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/194-policy.json | 14 ++ .../red/provider.tf | 20 +++ .../red/s3.tf | 39 ++++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 62 +++++++++ .../green/variables.tf | 19 +++ .../iam/204-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/trail.tf | 60 +++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 62 +++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 62 +++++++++ .../green/variables.tf | 19 +++ .../iam/205-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 60 +++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 60 +++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 52 ++++++++ .../green/variables.tf | 19 +++ .../iam/206-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 51 ++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 51 ++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 34 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 62 +++++++++ .../green/variables.tf | 19 +++ .../iam/207-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 60 +++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 60 +++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 62 +++++++++ .../green/variables.tf | 19 +++ .../iam/208-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 60 +++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 62 +++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 34 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 62 +++++++++ .../green/variables.tf | 19 +++ .../iam/209-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 60 +++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 60 +++++++++ .../red1/variables.tf | 19 +++ .../green/cloudtrail.tf | 81 ++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/211-policy.json | 18 +++ .../red/cloudtrail.tf | 57 ++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/func.py | 9 ++ .../green/func.zip | Bin 0 -> 299 bytes .../green/lambda.tf | 51 ++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/212-policy.json | 14 ++ .../red/func.py | 9 ++ .../red/func.zip | Bin 0 -> 299 bytes .../red/lambda.tf | 45 +++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 69 ++++++++++ .../green/variables.tf | 19 +++ .../iam/224-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 62 +++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 35 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 70 ++++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 34 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 17 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 70 ++++++++++ .../green/variables.tf | 19 +++ .../iam/225-policy.json | 20 +++ .../red/cw.tf | 9 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 3 + .../red/trail.tf | 63 +++++++++ .../red/variables.tf | 14 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 17 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 71 ++++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 34 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 69 ++++++++++ .../green/variables.tf | 19 +++ .../iam/226-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 67 ++++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 69 ++++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 34 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 71 ++++++++++ .../green/variables.tf | 19 +++ .../iam/227-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 3 + .../red/trail.tf | 65 +++++++++ .../red/variables.tf | 14 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 72 ++++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 17 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 71 ++++++++++ .../green/variables.tf | 19 +++ .../iam/228-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 3 + .../red/trail.tf | 69 ++++++++++ .../red/variables.tf | 14 ++ .../red1/cw.tf | 35 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 17 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 71 ++++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 34 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 69 ++++++++++ .../green/variables.tf | 19 +++ .../iam/229-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 67 ++++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 34 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 69 ++++++++++ .../red1/variables.tf | 19 +++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 69 ++++++++++ .../green/variables.tf | 19 +++ .../iam/230-policy.json | 20 +++ .../red/cw.tf | 8 ++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 2 + .../red/trail.tf | 67 ++++++++++ .../red/variables.tf | 9 ++ .../red1/cw.tf | 35 +++++ .../red1/iam.tf | 47 +++++++ .../red1/provider.tf | 20 +++ .../red1/sns.tf | 18 +++ .../red1/terraform.tfvars | 4 + .../red1/trail.tf | 69 ++++++++++ .../red1/variables.tf | 19 +++ .../green/kinesis.tf | 12 ++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/239-policy.json | 17 +++ .../red/kinesis.tf | 18 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/ecs.tf | 123 ++++++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/244-policy.json | 18 +++ .../red/ecs.tf | 121 +++++++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/acs.tf | 52 ++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/252-policy.json | 13 ++ .../red/acs.tf | 30 +++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/ec2.tf | 114 ++++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/265-policy.json | 15 +++ .../red/ec2.tf | 97 ++++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/ec2.tf | 108 +++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/266-policy.json | 15 +++ .../red/ec2.tf | 98 ++++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/elb.tf | 102 +++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/268-policy.json | 16 +++ .../red/elb.tf | 91 +++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/elb.tf | 103 +++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/269-policy.json | 16 +++ .../red/elb.tf | 90 +++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/alb.tf | 97 ++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/270-policy.json | 16 +++ .../red/alb.tf | 85 ++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/alb.tf | 97 ++++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/271-policy.json | 16 +++ .../red/alb.tf | 85 ++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/cloudtrail.tf | 91 +++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/cloudtrail.tf | 94 +++++++++++++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/282-policy.json | 14 ++ .../red/cloudtrail.tf | 79 +++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/cloudtrail.tf | 103 +++++++++++++++ .../red1/provider.tf | 20 +++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../green/cloudtrail.tf | 90 +++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/cloudtrail.tf | 95 ++++++++++++++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/283-policy.json | 14 ++ .../red/cloudtrail.tf | 81 ++++++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/cloudtrail.tf | 108 +++++++++++++++ .../red1/provider.tf | 20 +++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../green/cw.tf | 35 +++++ .../green/iam.tf | 47 +++++++ .../green/provider.tf | 20 +++ .../green/sns.tf | 18 +++ .../green/terraform.tfvars | 4 + .../green/trail.tf | 59 +++++++++ .../green/variables.tf | 19 +++ .../iam/284-policy.json | 21 +++ .../red/cw.tf | 35 +++++ .../red/iam.tf | 47 +++++++ .../red/provider.tf | 20 +++ .../red/sns.tf | 3 + .../red/terraform.tfvars | 3 + .../red/trail.tf | 59 +++++++++ .../red/variables.tf | 14 ++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 15 +++ .../iam/285-policy.json | 14 ++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 34 +++++ .../green/es.tf | 19 +++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/es.tf | 19 +++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/296-policy.json | 12 ++ .../red/es.tf | 19 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/es.tf | 19 +++ .../red1/provider.tf | 20 +++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../green/cluster.tf | 31 +++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../green1/cluster.tf | 38 ++++++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 3 + .../green1/variables.tf | 14 ++ .../iam/301-policy.json | 16 +++ .../red/cluster.tf | 36 +++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 3 + .../red/variables.tf | 14 ++ .../green/provider.tf | 20 +++ .../green/rds.tf | 39 ++++++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../green1/provider.tf | 20 +++ .../green1/rds.tf | 46 +++++++ .../green1/terraform.tfvars | 3 + .../green1/variables.tf | 14 ++ .../iam/302-policy.json | 16 +++ .../red/provider.tf | 20 +++ .../red/rds.tf | 42 ++++++ .../red/terraform.tfvars | 3 + .../red/variables.tf | 14 ++ .../green/provider.tf | 20 +++ .../green/rds.tf | 24 ++++ .../green/rds_pg.tf | 20 +++ .../green/sg.tf | 23 ++++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../green1/provider.tf | 20 +++ .../green1/rds.tf | 24 ++++ .../green1/rds_pg.tf | 24 ++++ .../green1/sg.tf | 23 ++++ .../green1/terraform.tfvars | 3 + .../green1/variables.tf | 14 ++ .../iam/303-policy.json | 16 +++ .../red/provider.tf | 20 +++ .../red/rds_pg.tf | 46 +++++++ .../red/sg.tf | 24 ++++ .../red/terraform.tfvars | 3 + .../red/variables.tf | 14 ++ .../green/provider.tf | 20 +++ .../green/rds.tf | 24 ++++ .../green/sg.tf | 23 ++++ .../green/sns.tf | 15 +++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../green1/provider.tf | 20 +++ .../green1/rds.tf | 24 ++++ .../green1/sg.tf | 24 ++++ .../green1/sns.tf | 20 +++ .../green1/terraform.tfvars | 3 + .../green1/variables.tf | 14 ++ .../iam/304-policy.json | 16 +++ .../red/provider.tf | 20 +++ .../red/rds.tf | 24 ++++ .../red/sg.tf | 24 ++++ .../red/sns.tf | 19 +++ .../red/terraform.tfvars | 3 + .../red/variables.tf | 14 ++ .../green/provider.tf | 20 +++ .../green/rds.tf | 68 ++++++++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/305-policy.json | 15 +++ .../red/provider.tf | 20 +++ .../red/rds.tf | 69 ++++++++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/provider.tf | 20 +++ .../red1/rds.tf | 42 ++++++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../green/dynamodb.tf | 40 ++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/dynamodb.tf | 15 +++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/328-policy.json | 16 +++ .../red/dynamodb.tf | 17 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/lambda.tf | 52 ++++++++ .../green/lambda_password_rotator.zip | Bin 0 -> 2154 bytes .../green/provider.tf | 19 +++ .../green/secretsmanager.tf | 34 +++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/365-policy.json | 13 ++ .../red/provider.tf | 19 +++ .../red/secretsmanager.tf | 9 ++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/iam.tf | 104 +++++++++++++++ .../green/lambda.tf | 29 +++++ .../green/lambda_function.zip | Bin 0 -> 48064 bytes .../green/provider.tf | 19 +++ .../green/rds.tf | 21 +++ .../green/secretsmanager.tf | 40 ++++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 74 +++++++++++ .../iam/366-policy.json | 13 ++ .../red/lambda.tf | 52 ++++++++ .../red/lambda_function.zip | Bin 0 -> 2110 bytes .../red/provider.tf | 20 +++ .../red/secretsmanager.tf | 34 +++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/provider.tf | 19 +++ .../green/secretsmanager.tf | 35 +++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/367-policy.json | 13 ++ .../red/provider.tf | 19 +++ .../red/secretsmanager.tf | 9 ++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/399-bucket-file.csv | 3 + .../green/appflow.tf | 46 +++++++ .../green/provider.tf | 19 +++ .../green/s3.tf | 74 +++++++++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/399-policy.json | 14 ++ .../red/399-bucket-file.csv | 3 + .../red/appflow.tf | 45 +++++++ .../red/provider.tf | 19 +++ .../red/s3.tf | 63 +++++++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/emr.tf | 72 ++++++++++ .../green/iam.tf | 74 +++++++++++ .../green/my-certs.zip | Bin 0 -> 2572 bytes .../green/provider.tf | 19 +++ .../green/s3.tf | 33 +++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 49 +++++++ .../iam/406-policy.json | 14 ++ .../red/emr.tf | 31 +++++ .../red/iam.tf | 52 ++++++++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 49 +++++++ .../red1/emr.tf | 62 +++++++++ .../red1/iam.tf | 74 +++++++++++ .../red1/my-certs.zip | Bin 0 -> 2572 bytes .../red1/provider.tf | 19 +++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../red1/vpc.tf | 49 +++++++ .../green/nlb.tf | 12 ++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 20 +++ .../iam/410-policy.json | 13 ++ .../red/nlb.tf | 12 ++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 20 +++ .../green/elasticache.tf | 8 ++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/412-policy.json | 14 ++ .../red/elasticache.tf | 8 ++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/elasticache.tf | 15 +++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 16 +++ .../iam/417-policy.json | 16 +++ .../red/elasticache.tf | 7 + .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/provider.tf | 19 +++ .../green/rds.tf | 57 ++++++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/422-policy.json | 13 ++ .../red/provider.tf | 19 +++ .../red/rds.tf | 53 ++++++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/iam.tf | 27 ++++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/426-policy.json | 14 ++ .../red/iam.tf | 52 ++++++++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/beanstalk.tf | 91 +++++++++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/441-policy.json | 18 +++ .../red/beanstalk.tf | 25 ++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/beanstalk.tf | 32 +++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../iam/443-policy.json | 19 +++ .../red/beanstalk.tf | 21 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/beanstalk.tf | 42 ++++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/446-policy.json | 15 +++ .../red/beanstalk.tf | 21 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/provider.tf | 19 +++ .../green/sqs.tf | 21 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/450-policy.json | 15 +++ .../red/provider.tf | 19 +++ .../red/sqs.tf | 7 + .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/cloudtrail.tf | 17 +++ .../green/kms.tf | 57 ++++++++ .../green/provider.tf | 20 +++ .../green/s3.tf | 90 +++++++++++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/cloudtrail.tf | 19 +++ .../green1/kms.tf | 57 ++++++++ .../green1/provider.tf | 20 +++ .../green1/s3.tf | 89 +++++++++++++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/523-policy.json | 15 +++ .../red/cloudtrail.tf | 17 +++ .../red/provider.tf | 20 +++ .../red/s3.tf | 80 ++++++++++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/cloudtrail.tf | 22 ++++ .../red1/provider.tf | 20 +++ .../red1/s3.tf | 81 ++++++++++++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../red2/cloudtrail.tf | 18 +++ .../red2/provider.tf | 20 +++ .../red2/s3.tf | 81 ++++++++++++ .../red2/terraform.tfvars | 2 + .../red2/variables.tf | 9 ++ .../green/kinesis.tf | 18 +++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/528-policy.json | 15 +++ .../red/kinesis.tf | 5 + .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/cloudwatch.tf | 21 +++ .../green/iam.tf | 25 ++++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 73 +++++++++++ .../green/workspace.tf | 52 ++++++++ .../green1/cloudwatch.tf | 24 ++++ .../green1/provider.tf | 19 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/541-policy.json | 15 +++ .../red/cloudwatch.tf | 12 ++ .../red/iam.tf | 25 ++++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 73 +++++++++++ .../red/workspace.tf | 51 ++++++++ .../green/iam.tf | 25 ++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 102 +++++++++++++++ .../green/workspace.tf | 62 +++++++++ .../iam/543-policy.json | 16 +++ .../red/iam.tf | 25 ++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 86 ++++++++++++ .../red/workspace.tf | 42 ++++++ .../green/iam.tf | 25 ++++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 84 ++++++++++++ .../green/workspace.tf | 21 +++ .../iam/545-policy.json | 16 +++ .../red/iam.tf | 25 ++++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 72 ++++++++++ .../red/workspace.tf | 20 +++ .../green/iam.tf | 25 ++++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 86 ++++++++++++ .../green/workspace.tf | 31 +++++ .../iam/546-policy.json | 15 +++ .../red/iam.tf | 25 ++++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 84 ++++++++++++ .../red/workspace.tf | 31 +++++ .../green/api.tf | 43 ++++++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/549-policy.json | 10 ++ .../red/api.tf | 14 ++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red1/api.tf | 19 +++ .../red1/provider.tf | 19 +++ .../red1/terraform.tfvars | 2 + .../red1/variables.tf | 9 ++ .../green/provider.tf | 20 +++ .../green/s3.tf | 35 +++++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/642-policy.json | 14 ++ .../red/provider.tf | 20 +++ .../red/s3.tf | 29 +++++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/beanstalk.tf | 26 ++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/661-policy.json | 15 +++ .../red/beanstalk.tf | 21 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/beanstalk.tf | 26 ++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/662-policy.json | 15 +++ .../red/beanstalk.tf | 21 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/elastic_beanstalk.tf | 21 +++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/663-policy.json | 14 ++ .../red/elastic_beanstalk.tf | 21 +++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/func.py | 8 ++ .../green/func.zip | Bin 0 -> 299 bytes .../green/lambda.tf | 52 ++++++++ .../green/provider.tf | 20 +++ .../green/sign.tf | 21 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/678-policy.json | 15 +++ .../red/func.py | 9 ++ .../red/func.zip | Bin 0 -> 299 bytes .../red/lambda.tf | 51 ++++++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/fsx.tf | 15 +++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/vpc.tf | 10 ++ .../iam/695-policy.json | 13 ++ .../red/fsx.tf | 10 ++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/vpc.tf | 10 ++ .../green/cloudformation.tf | 59 +++++++++ .../green/provider.tf | 19 +++ .../green/terraform.tfvars | 3 + .../green/variables.tf | 14 ++ .../iam/711-policy.json | 13 ++ .../red/cloudformation.tf | 42 ++++++ .../red/provider.tf | 19 +++ .../red/terraform.tfvars | 3 + .../red/variables.tf | 14 ++ .../red1/cloudformation.tf | 61 +++++++++ .../red1/provider.tf | 19 +++ .../red1/terraform.tfvars | 3 + .../red1/variables.tf | 14 ++ .../red2/cloudformation.tf | 24 ++++ .../red2/provider.tf | 19 +++ .../red2/terraform.tfvars | 3 + .../red2/variables.tf | 14 ++ .../red3/cloudformation.tf | 19 +++ .../red3/provider.tf | 19 +++ .../red3/terraform.tfvars | 2 + .../red3/variables.tf | 9 ++ .../green/codedeploy.tf | 27 ++++ .../green/iam.tf | 24 ++++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green1/codedeploy.tf | 26 ++++ .../green1/iam.tf | 24 ++++ .../green1/provider.tf | 20 +++ .../green1/terraform.tfvars | 2 + .../green1/variables.tf | 9 ++ .../iam/722-policy.json | 16 +++ .../red/codedeploy.tf | 27 ++++ .../red/iam.tf | 24 ++++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/ecs.tf | 8 ++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../iam/743-policy.json | 14 ++ .../red/ecs.tf | 8 ++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/waf.tf | 34 +++++ .../iam/915-policy.json | 13 ++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/waf.tf | 18 +++ .../green/provider.tf | 20 +++ .../green/terraform.tfvars | 2 + .../green/variables.tf | 9 ++ .../green/waf.tf | 34 +++++ .../iam/916-policy.json | 13 ++ .../red/provider.tf | 20 +++ .../red/terraform.tfvars | 2 + .../red/variables.tf | 9 ++ .../red/waf.tf | 4 + 1075 files changed, 24083 insertions(+) create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/green/provider.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/green/rds.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/green/terraform.tfvars create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/green/variables.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/iam/081-policy.json create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red/provider.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red/rds.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red/terraform.tfvars create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red/variables.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/provider.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/rds.tf create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/variables.tf create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/certificate.tf create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/provider.tf create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/terraform.tfvars create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/variables.tf create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/iam/88-policy.json create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/certificate.tf create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/provider.tf create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/terraform.tfvars create mode 100644 terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/variables.tf create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/certificate.tf create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/provider.tf create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/terraform.tfvars create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/variables.tf create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/iam/89-policy.json create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/certificate.tf create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/provider.tf create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/terraform.tfvars create mode 100644 terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/variables.tf create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/ebs.tf create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/provider.tf create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/terraform.tfvars create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/variables.tf create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/iam/100-policy.json create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/ebs.tf create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/provider.tf create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/terraform.tfvars create mode 100644 terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/variables.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/cloudtrail.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/provider.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/terraform.tfvars create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/variables.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/cloudtrail.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/provider.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/variables.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/iam/175-policy.json create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/cloudtrail.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/provider.tf create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/terraform.tfvars create mode 100644 terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/variables.tf create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/iam.tf create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/provider.tf create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/terraform.tfvars create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/variables.tf create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/iam/178-policy.json create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/red/iam.tf create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/red/provider.tf create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/red/terraform.tfvars create mode 100644 terraform/ecc-aws-178-iam_policies_full_administrative_privileges/red/variables.tf create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/green/iam.tf create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/green/provider.tf create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/green/terraform.tfvars create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/green/variables.tf create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/iam/180-policy.json create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/red/iam.tf create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/red/provider.tf create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/red/terraform.tfvars create mode 100644 terraform/ecc-aws-180-iam_user_with_password_and_unused_access_keys/red/variables.tf create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/green/iam.tf create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/green/provider.tf create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/green/terraform.tfvars create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/green/variables.tf create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/iam/182-policy.json create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/red/iam.tf create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/red/provider.tf create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/red/terraform.tfvars create mode 100644 terraform/ecc-aws-182-ensure_support_role_created_to_manage_incidents/red/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/cw.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/iam.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/sns.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/trail.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/green_full/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/iam/192-policy.json create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red0/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red0/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red0/trail.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red0/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red2/cw.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red2/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red2/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red2/trail.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red2/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red3/cw.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red3/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red3/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red3/trail.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red3/variables.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red4/cw.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red4/provider.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red4/sns.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red4/terraform.tfvars create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red4/trail.tf create mode 100644 terraform/ecc-aws-192-unauthorized_api_calls_alarm_exists/red4/variables.tf create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/green/cloudtrail.tf create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/green/provider.tf create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/green/terraform.tfvars create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/green/variables.tf create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/iam/193-policy.json create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/red/cloudtrail.tf create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/red/provider.tf create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/red/terraform.tfvars create mode 100644 terraform/ecc-aws-193-s3_bucket_cloudtrail_logs_not_publicly_accessible/red/variables.tf create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/green/provider.tf create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/green/s3.tf create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/green/terraform.tfvars create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/green/variables.tf create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/iam/194-policy.json create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/red/provider.tf create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/red/s3.tf create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/red/terraform.tfvars create mode 100644 terraform/ecc-aws-194-s3_bucket_should_not_allow_all_actions_from_all_principals/red/variables.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/cw.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/iam.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/provider.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/sns.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/terraform.tfvars create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/trail.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/green/variables.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/iam/204-policy.json create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red/cw.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red/iam.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red/provider.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red/terraform.tfvars create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red/trail.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red/variables.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/cw.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/iam.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/provider.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/sns.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/trail.tf create mode 100644 terraform/ecc-aws-204-sign_in_without_mfa_alarm_exist/red1/variables.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/iam/205-policy.json create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-205-root_usage_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/cw.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/iam.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/provider.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/sns.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/terraform.tfvars create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/trail.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/green/variables.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/iam/206-policy.json create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/cw.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/iam.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/provider.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/sns.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/terraform.tfvars create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/trail.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red/variables.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/cw.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/iam.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/provider.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/sns.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/trail.tf create mode 100644 terraform/ecc-aws-206-iam_policy_changes_alarm_exist/red1/variables.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/iam/207-policy.json create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-207-cloudtrail_configuration_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/iam/208-policy.json create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-208-console_auth_failure_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/iam/209-policy.json create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-209-cmk_key_disabling_or_deletion_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/green/cloudtrail.tf create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/iam/211-policy.json create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/red/cloudtrail.tf create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-211-cloudtrail_bucket_logging_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/green/func.py create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/green/func.zip create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/green/lambda.tf create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/green/provider.tf create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/green/terraform.tfvars create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/green/variables.tf create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/iam/212-policy.json create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/red/func.py create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/red/func.zip create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/red/lambda.tf create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/red/provider.tf create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/red/terraform.tfvars create mode 100644 terraform/ecc-aws-213-lambda_with_admin_privileges/red/variables.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/iam/224-policy.json create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-224-s3_bucket_policy_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/iam/225-policy.json create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-225-aws_config_configuration_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/iam/226-policy.json create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-226-security_group_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/iam/227-policy.json create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-227-network_access_control_lists_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/iam/228-policy.json create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-228-network_gateways_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/iam/229-policy.json create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-229-route_table_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/iam/230-policy.json create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/cw.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/iam.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/provider.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/sns.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/trail.tf create mode 100644 terraform/ecc-aws-230-vpc_changes_alarm_exists/red1/variables.tf create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/green/kinesis.tf create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/green/provider.tf create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/green/terraform.tfvars create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/green/variables.tf create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/iam/239-policy.json create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/red/kinesis.tf create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/red/provider.tf create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/red/terraform.tfvars create mode 100644 terraform/ecc-aws-239-kinesis_streams_keys_are_rotated/red/variables.tf create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/ecs.tf create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/provider.tf create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/terraform.tfvars create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/variables.tf create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/iam/244-policy.json create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/ecs.tf create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/provider.tf create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/terraform.tfvars create mode 100644 terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/variables.tf create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/acs.tf create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/provider.tf create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/terraform.tfvars create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/variables.tf create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/iam/252-policy.json create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/red/acs.tf create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/red/provider.tf create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/red/terraform.tfvars create mode 100644 terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/red/variables.tf create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/green/ec2.tf create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/green/provider.tf create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/green/terraform.tfvars create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/green/variables.tf create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/iam/265-policy.json create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/red/ec2.tf create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/red/provider.tf create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/red/terraform.tfvars create mode 100644 terraform/ecc-aws-265-instance_with_unencrypted_service_is_exposed_to_public_internet/red/variables.tf create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/green/ec2.tf create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/green/provider.tf create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/green/terraform.tfvars create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/green/variables.tf create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/iam/266-policy.json create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/red/ec2.tf create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/red/provider.tf create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/red/terraform.tfvars create mode 100644 terraform/ecc-aws-266-public_instance_with_sensitive_service_is_exposed_to_entire_internet/red/variables.tf create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/green/elb.tf create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/green/provider.tf create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/green/terraform.tfvars create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/green/variables.tf create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/iam/268-policy.json create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/red/elb.tf create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/red/provider.tf create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/red/terraform.tfvars create mode 100644 terraform/ecc-aws-268-clb_with_sensitive_service_is_exposed_to_entire_internet/red/variables.tf create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/green/elb.tf create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/green/provider.tf create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/green/terraform.tfvars create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/green/variables.tf create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/iam/269-policy.json create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/red/elb.tf create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/red/provider.tf create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/red/terraform.tfvars create mode 100644 terraform/ecc-aws-269-clb_with_unencrypted_service_is_exposed_to_public_internet/red/variables.tf create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/green/alb.tf create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/green/provider.tf create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/green/terraform.tfvars create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/green/variables.tf create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/iam/270-policy.json create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/red/alb.tf create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/red/provider.tf create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/red/terraform.tfvars create mode 100644 terraform/ecc-aws-270-alb_with_sensitive_service_is_exposed_to_entire_internet/red/variables.tf create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/green/alb.tf create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/green/provider.tf create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/green/terraform.tfvars create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/green/variables.tf create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/iam/271-policy.json create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/red/alb.tf create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/red/provider.tf create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/red/terraform.tfvars create mode 100644 terraform/ecc-aws-271-alb_with_unencrypted_service_is_exposed_to_public_internet/red/variables.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green/cloudtrail.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green1/cloudtrail.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green1/provider.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/green1/variables.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/iam/282-policy.json create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red/cloudtrail.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red1/cloudtrail.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red1/provider.tf create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-282-bucket_object-level_logging_for_write_enabled/red1/variables.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green/cloudtrail.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green1/cloudtrail.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green1/provider.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/green1/variables.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/iam/283-policy.json create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red/cloudtrail.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red1/cloudtrail.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red1/provider.tf create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-283-bucket_object-level_logging_for_read_enabled/red1/variables.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/cw.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/iam.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/provider.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/sns.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/trail.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/green/variables.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/iam/284-policy.json create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/cw.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/iam.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/provider.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/sns.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/trail.tf create mode 100644 terraform/ecc-aws-284-organizations_changes_alarm_exists/red/variables.tf create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/green/provider.tf create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/green/terraform.tfvars create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/green/variables.tf create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/green/vpc.tf create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/iam/285-policy.json create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/red/provider.tf create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/red/terraform.tfvars create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/red/variables.tf create mode 100644 terraform/ecc-aws-285-no_acls_allow_ingress_for_everyone_to_remote_server_administration_ports/red/vpc.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green/es.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green/provider.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green/terraform.tfvars create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green/variables.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green1/es.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green1/provider.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/green1/variables.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/iam/296-policy.json create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red/es.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red/provider.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red/terraform.tfvars create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red/variables.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red1/es.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red1/provider.tf create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-296-elasticsearch_domains_have_at_least_three_data_nodes/red1/variables.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green/cluster.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green/provider.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green/variables.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green1/cluster.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green1/provider.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/green1/variables.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/iam/301-policy.json create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/red/cluster.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/red/provider.tf create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-301-rds_critical_cluster_events_notification_exists/red/variables.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green/provider.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green/rds.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green/variables.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green1/provider.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green1/rds.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/green1/variables.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/iam/302-policy.json create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/red/provider.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/red/rds.tf create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-302-rds_database_instance_events_notification_exists/red/variables.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green/provider.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green/rds.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green/rds_pg.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green/sg.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green/variables.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green1/provider.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green1/rds.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green1/rds_pg.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green1/sg.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/green1/variables.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/iam/303-policy.json create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/red/provider.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/red/rds_pg.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/red/sg.tf create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-303-rds_database_parameter_group_events_notification_exists/red/variables.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green/provider.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green/rds.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green/sg.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green/sns.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green/terraform.tfvars create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green/variables.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green1/provider.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green1/rds.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green1/sg.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green1/sns.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/green1/variables.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/iam/304-policy.json create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/red/provider.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/red/rds.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/red/sg.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/red/sns.tf create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/red/terraform.tfvars create mode 100644 terraform/ecc-aws-304-rds_database_security_group_events_notification_exists/red/variables.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/green/provider.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/green/rds.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/green/terraform.tfvars create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/green/variables.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/iam/305-policy.json create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red/provider.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red/rds.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red/terraform.tfvars create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red/variables.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red1/provider.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red1/rds.tf create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-305-rds_database_instance_engine_no_default_ports/red1/variables.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green/dynamodb.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green1/dynamodb.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green1/provider.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/green1/variables.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/iam/328-policy.json create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/red/dynamodb.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-328-dynamodb_tables_autoscaling_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/lambda.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/lambda_password_rotator.zip create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/secretsmanager.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/iam/365-policy.json create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/red/secretsmanager.tf create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-365-secrets_manager_rotation_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/iam.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/lambda.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/lambda_function.zip create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/provider.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/rds.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/secretsmanager.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/terraform.tfvars create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/variables.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/vpc.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/iam/366-policy.json create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/red/lambda.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/red/lambda_function.zip create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/red/provider.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/red/secretsmanager.tf create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/red/terraform.tfvars create mode 100644 terraform/ecc-aws-366-secrets_manager_successful_rotation_check/red/variables.tf create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/green/provider.tf create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/green/secretsmanager.tf create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/green/terraform.tfvars create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/green/variables.tf create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/iam/367-policy.json create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/red/provider.tf create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/red/secretsmanager.tf create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/red/terraform.tfvars create mode 100644 terraform/ecc-aws-367-secrets_manager_unused_secret/red/variables.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/green/399-bucket-file.csv create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/green/appflow.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/green/provider.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/green/s3.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/green/terraform.tfvars create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/green/variables.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/iam/399-policy.json create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/red/399-bucket-file.csv create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/red/appflow.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/red/provider.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/red/s3.tf create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/red/terraform.tfvars create mode 100644 terraform/ecc-aws-399-appflow_encrypted_with_kms_cmk/red/variables.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/emr.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/iam.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/my-certs.zip create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/s3.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/vpc.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/iam/406-policy.json create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/emr.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/iam.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/vpc.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/emr.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/iam.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/my-certs.zip create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/provider.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/variables.tf create mode 100644 terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/vpc.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/nlb.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/provider.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/terraform.tfvars create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/variables.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/vpc.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/iam/410-policy.json create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/nlb.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/provider.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/terraform.tfvars create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/variables.tf create mode 100644 terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/vpc.tf create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/green/elasticache.tf create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/green/provider.tf create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/green/terraform.tfvars create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/green/variables.tf create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/iam/412-policy.json create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/red/elasticache.tf create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/red/provider.tf create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/red/terraform.tfvars create mode 100644 terraform/ecc-aws-412-elasticache_no_default_ports/red/variables.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/elasticache.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/provider.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/terraform.tfvars create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/variables.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/vpc.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/iam/417-policy.json create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/elasticache.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/provider.tf create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/terraform.tfvars create mode 100644 terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/variables.tf create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/rds.tf create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/iam/422-policy.json create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/rds.tf create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/iam.tf create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/provider.tf create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/terraform.tfvars create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/variables.tf create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/iam/426-policy.json create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/iam.tf create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/provider.tf create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/terraform.tfvars create mode 100644 terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/variables.tf create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/beanstalk.tf create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/iam/441-policy.json create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/beanstalk.tf create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/beanstalk.tf create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/iam/443-policy.json create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/beanstalk.tf create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/beanstalk.tf create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/provider.tf create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/terraform.tfvars create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/variables.tf create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/iam/446-policy.json create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/beanstalk.tf create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/provider.tf create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/terraform.tfvars create mode 100644 terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/variables.tf create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/sqs.tf create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/iam/450-policy.json create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/sqs.tf create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/cloudtrail.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/kms.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/s3.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/cloudtrail.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/kms.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/provider.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/s3.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/variables.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/iam/523-policy.json create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/cloudtrail.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/s3.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/cloudtrail.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/provider.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/s3.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/variables.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/cloudtrail.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/provider.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/s3.tf create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/terraform.tfvars create mode 100644 terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/variables.tf create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/cloudwatch.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/iam.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/provider.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/terraform.tfvars create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/variables.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/vpc.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/workspace.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green1/cloudwatch.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green1/provider.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/green1/variables.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/iam/541-policy.json create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/cloudwatch.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/iam.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/provider.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/terraform.tfvars create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/variables.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/vpc.tf create mode 100644 terraform/ecc-aws-541-workspaces_cloudwatch_integration/red/workspace.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/green/iam.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/green/provider.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/green/terraform.tfvars create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/green/variables.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/green/vpc.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/green/workspace.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/iam/543-policy.json create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/red/iam.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/red/provider.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/red/terraform.tfvars create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/red/variables.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/red/vpc.tf create mode 100644 terraform/ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic/red/workspace.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/green/iam.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/green/provider.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/green/terraform.tfvars create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/green/variables.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/green/vpc.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/green/workspace.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/iam/545-policy.json create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/red/iam.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/red/provider.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/red/terraform.tfvars create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/red/variables.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/red/vpc.tf create mode 100644 terraform/ecc-aws-545-workspaces_api_requests_flow_through_vpc_endpoint/red/workspace.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/green/iam.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/green/provider.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/green/terraform.tfvars create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/green/variables.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/green/vpc.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/green/workspace.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/iam/546-policy.json create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/red/iam.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/red/provider.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/red/terraform.tfvars create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/red/variables.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/red/vpc.tf create mode 100644 terraform/ecc-aws-546-workspaces_radius_server_uses_strongest_security_protocol/red/workspace.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/green/api.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/iam/549-policy.json create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red/api.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red1/api.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red1/provider.tf create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-549-api_gateway_http_api_and_websocket_api_logs_not_enabled/red1/variables.tf create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/green/s3.tf create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/iam/642-policy.json create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/red/s3.tf create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-642-s3_bucket_object_lock_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/green/beanstalk.tf create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/green/provider.tf create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/green/variables.tf create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/iam/661-policy.json create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/red/beanstalk.tf create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/red/provider.tf create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-661-elastic_beanstalk_imdsv1_disabled/red/variables.tf create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/green/beanstalk.tf create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/iam/662-policy.json create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/red/beanstalk.tf create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-662-elastic_beanstalk_x_ray_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/green/elastic_beanstalk.tf create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/iam/663-policy.json create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/red/elastic_beanstalk.tf create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-663-elastic_beanstalk_connection_draining_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/func.py create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/func.zip create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/lambda.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/sign.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/iam/678-policy.json create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/red/func.py create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/red/func.zip create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/red/lambda.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-678-lambda_code_signing_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/green/fsx.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/green/provider.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/green/terraform.tfvars create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/green/variables.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/green/vpc.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/iam/695-policy.json create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/red/fsx.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/red/provider.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/red/terraform.tfvars create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/red/variables.tf create mode 100644 terraform/ecc-aws-695-fsx_openzfs_copy_tags_to_snapshots/red/vpc.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/green/cloudformation.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/green/provider.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/green/terraform.tfvars create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/green/variables.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/iam/711-policy.json create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red/cloudformation.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red/provider.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red/terraform.tfvars create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red/variables.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red1/cloudformation.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red1/provider.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red1/terraform.tfvars create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red1/variables.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red2/cloudformation.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red2/provider.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red2/terraform.tfvars create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red2/variables.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red3/cloudformation.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red3/provider.tf create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red3/terraform.tfvars create mode 100644 terraform/ecc-aws-711-cloudformation_stack_notification_check/red3/variables.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green/codedeploy.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green/iam.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green/provider.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green/terraform.tfvars create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green/variables.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green1/codedeploy.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green1/iam.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green1/provider.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green1/terraform.tfvars create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/green1/variables.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/iam/722-policy.json create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/red/codedeploy.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/red/iam.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/red/provider.tf create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/red/terraform.tfvars create mode 100644 terraform/ecc-aws-722-codedeploy_ec2_minimum_healthy_hosts_configured/red/variables.tf create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/green/ecs.tf create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/green/provider.tf create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/green/terraform.tfvars create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/green/variables.tf create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/iam/743-policy.json create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/red/ecs.tf create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/red/provider.tf create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/red/terraform.tfvars create mode 100644 terraform/ecc-aws-743_ecs_container_insights_enabled/red/variables.tf create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/green/provider.tf create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/green/terraform.tfvars create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/green/variables.tf create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/green/waf.tf create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/iam/915-policy.json create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/red/provider.tf create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/red/terraform.tfvars create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/red/variables.tf create mode 100644 terraform/ecc-aws-915-waf_global_rule_not_empty/red/waf.tf create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/provider.tf create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/terraform.tfvars create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/variables.tf create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/waf.tf create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/iam/916-policy.json create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/provider.tf create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/terraform.tfvars create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/variables.tf create mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/waf.tf diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/provider.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/provider.tf new file mode 100644 index 000000000..b79eba152 --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-081-rds_not_open_to_large_scope" + ComplianceStatus = "Green" + } + } +} diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/rds.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/rds.tf new file mode 100644 index 000000000..b30592e0d --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/rds.tf @@ -0,0 +1,33 @@ +resource "aws_security_group" "this" { + name = "081_security_group_green" + description = "Restrict inbound traffic" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["89.162.139.30/32"] + } +} + +resource "random_password" "this" { + length = 12 + special = true + numeric = true + override_special = "!#$%*()-_=+[]{}:?" +} + +resource "aws_db_instance" "this" { + identifier = "database-081-green" + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t2.micro" + allocated_storage = 20 + storage_type = "gp2" + db_name = "database081green" + username = "root" + password = random_password.this.result + parameter_group_name = "default.mysql5.7" + skip_final_snapshot = true + vpc_security_group_ids = ["${aws_security_group.this.id}"] +} \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/terraform.tfvars b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/variables.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/iam/081-policy.json b/terraform/ecc-aws-081-rds_not_open_to_large_scope/iam/081-policy.json new file mode 100644 index 000000000..10c5af4ac --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/iam/081-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "tag:GetResources", + "rds:DescribeDBInstances", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroupRules" + ], + "Resource": "*" + } + ] +} diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/provider.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/provider.tf new file mode 100644 index 000000000..7c277a426 --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-081-rds_not_open_to_large_scope" + ComplianceStatus = "Red" + } + } +} diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/rds.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/rds.tf new file mode 100644 index 000000000..6c70bb15f --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/rds.tf @@ -0,0 +1,33 @@ +resource "aws_security_group" "this" { + name = "081_security_group_red" + description = "Allow all inbound traffic" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "random_password" "this" { + length = 12 + special = true + numeric = true + override_special = "!#$%*()-_=+[]{}:?" +} + +resource "aws_db_instance" "this" { + identifier = "database-081-red" + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t2.micro" + allocated_storage = 20 + storage_type = "gp2" + db_name = "database081red" + username = "root" + password = random_password.this.result + parameter_group_name = "default.mysql5.7" + skip_final_snapshot = true + vpc_security_group_ids = ["${aws_security_group.this.id}"] +} \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/terraform.tfvars b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/variables.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/provider.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/provider.tf new file mode 100644 index 000000000..0927a82a0 --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-081-rds_not_open_to_large_scope" + ComplianceStatus = "Red1" + } + } +} diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/rds.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/rds.tf new file mode 100644 index 000000000..0e0b0fe42 --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/rds.tf @@ -0,0 +1,33 @@ +resource "aws_security_group" "this" { + name = "081_security_group_red1" + description = "Allow all inbound traffic" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "random_password" "this" { + length = 12 + special = true + numeric = true + override_special = "!#$%*()-_=+[]{}:?" +} + +resource "aws_db_instance" "this" { + identifier = "database-081-red1" + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t2.micro" + allocated_storage = 20 + db_name = "database081red1" + storage_type = "gp2" + username = "root" + password = random_password.this.result + parameter_group_name = "default.mysql5.7" + skip_final_snapshot = true + vpc_security_group_ids = ["${aws_security_group.this.id}"] +} \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/terraform.tfvars b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/variables.tf b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-081-rds_not_open_to_large_scope/red1/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/certificate.tf b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/certificate.tf new file mode 100644 index 000000000..d948f6d2e --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/certificate.tf @@ -0,0 +1,122 @@ +resource "aws_instance" "this" { + ami = data.aws_ami.this.id + instance_type = "t2.micro" + vpc_security_group_ids = [aws_security_group.this.id] + subnet_id = aws_subnet.subnet1.id +} + +data "aws_ami" "this" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm*"] + } +} + +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.2.0/24" + availability_zone = "us-east-1b" +} + +resource "aws_security_group" "this" { + name = "088_security_group_green" + description = "Allow inbound traffic" + vpc_id = aws_vpc.this.id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb" "this" { + name = "088-lb-https-green" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.this.id] + subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] +} + +resource "aws_lb_target_group" "this" { + name = "088-lb-target-group-green" + port = 80 + protocol = "HTTP" + vpc_id = aws_vpc.this.id +} + +resource "aws_lb_target_group_attachment" "this" { + target_group_arn = aws_lb_target_group.this.arn + target_id = aws_instance.this.id + port = 80 +} + +resource "aws_lb_listener" "this" { + load_balancer_arn = aws_lb.this.arn + port = "443" + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_arn = aws_acm_certificate.this.arn + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.this.arn + } +} + +resource "aws_lb_listener_certificate" "this" { + listener_arn = aws_lb_listener.this.arn + certificate_arn = aws_acm_certificate.this.arn +} + + +resource "tls_private_key" "this" { + algorithm = "RSA" +} + +resource "tls_self_signed_cert" "this" { + private_key_pem = tls_private_key.this.private_key_pem + + subject { + common_name = "example.com" + organization = "ACME Examples, Inc" + } + + validity_period_hours = 192 + + allowed_uses = [ + "key_encipherment", + "digital_signature", + "server_auth", + ] +} + +resource "aws_acm_certificate" "this" { + private_key = tls_private_key.this.private_key_pem + certificate_body = tls_self_signed_cert.this.cert_pem +} \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/provider.tf b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/provider.tf new file mode 100644 index 000000000..765939e09 --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-088-http_load_balancer_certificate_expire_in_one_week" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/terraform.tfvars b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/variables.tf b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/iam/88-policy.json b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/iam/88-policy.json new file mode 100644 index 000000000..616e71607 --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/iam/88-policy.json @@ -0,0 +1,19 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListenerCertificates", + "acm:DescribeCertificate", + "tag:GetResources", + "ec2:DescribeRegions" + ], + "Resource": "*" + } + ] +} diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/certificate.tf b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/certificate.tf new file mode 100644 index 000000000..5a4612187 --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/certificate.tf @@ -0,0 +1,122 @@ +resource "aws_instance" "this" { + ami = data.aws_ami.this.id + instance_type = "t2.micro" + vpc_security_group_ids = [aws_security_group.this.id] + subnet_id = aws_subnet.subnet1.id +} + +data "aws_ami" "this" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm*"] + } +} + +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.2.0/24" + availability_zone = "us-east-1b" +} + +resource "aws_security_group" "this" { + name = "088_security_group_red" + description = "Allow inbound traffic" + vpc_id = aws_vpc.this.id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb" "this" { + name = "088-lb-https-red" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.this.id] + subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] +} + +resource "aws_lb_target_group" "this" { + name = "088-lb-target-group-red" + port = 80 + protocol = "HTTP" + vpc_id = aws_vpc.this.id +} + +resource "aws_lb_target_group_attachment" "this" { + target_group_arn = aws_lb_target_group.this.arn + target_id = aws_instance.this.id + port = 80 +} + +resource "aws_lb_listener" "this" { + load_balancer_arn = aws_lb.this.arn + port = "443" + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_arn = aws_acm_certificate.this.arn + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.this.arn + } +} + +resource "aws_lb_listener_certificate" "this" { + listener_arn = aws_lb_listener.this.arn + certificate_arn = aws_acm_certificate.this.arn +} + + +resource "tls_private_key" "this" { + algorithm = "RSA" +} + +resource "tls_self_signed_cert" "this" { + private_key_pem = tls_private_key.this.private_key_pem + + subject { + common_name = "example.com" + organization = "ACME Examples, Inc" + } + + validity_period_hours = 144 + + allowed_uses = [ + "key_encipherment", + "digital_signature", + "server_auth", + ] +} + +resource "aws_acm_certificate" "this" { + private_key = tls_private_key.this.private_key_pem + certificate_body = tls_self_signed_cert.this.cert_pem +} diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/provider.tf b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/provider.tf new file mode 100644 index 000000000..20b2c36f5 --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-088-http_load_balancer_certificate_expire_in_one_week" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/terraform.tfvars b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/variables.tf b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-088-http_elb_certificate_expire_in_one_week/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/certificate.tf b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/certificate.tf new file mode 100644 index 000000000..abc3bba8b --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/certificate.tf @@ -0,0 +1,122 @@ +resource "aws_instance" "this" { + ami = data.aws_ami.this.id + instance_type = "t2.micro" + vpc_security_group_ids = [aws_security_group.this.id] + subnet_id = aws_subnet.subnet1.id +} + +data "aws_ami" "this" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm*"] + } +} + +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.2.0/24" + availability_zone = "us-east-1b" +} + +resource "aws_security_group" "this" { + name = "089_security_group_green" + description = "Allow inbound traffic" + vpc_id = aws_vpc.this.id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb" "this" { + name = "089-lb-green" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.this.id] + subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] +} + +resource "aws_lb_target_group" "this" { + name = "089-lb-target-group-green" + port = 80 + protocol = "HTTP" + vpc_id = aws_vpc.this.id +} + +resource "aws_lb_target_group_attachment" "this" { + target_group_arn = aws_lb_target_group.this.arn + target_id = aws_instance.this.id + port = 80 +} + +resource "aws_lb_listener" "this" { + load_balancer_arn = aws_lb.this.arn + port = "443" + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_arn = aws_acm_certificate.this.arn + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.this.arn + } +} + +resource "aws_lb_listener_certificate" "this" { + listener_arn = aws_lb_listener.this.arn + certificate_arn = aws_acm_certificate.this.arn +} + + +resource "tls_private_key" "this" { + algorithm = "RSA" +} + +resource "tls_self_signed_cert" "this" { + private_key_pem = tls_private_key.this.private_key_pem + + subject { + common_name = "example.com" + organization = "ACME Examples, Inc" + } + + validity_period_hours = 800 + + allowed_uses = [ + "key_encipherment", + "digital_signature", + "server_auth", + ] +} + +resource "aws_acm_certificate" "this" { + private_key = tls_private_key.this.private_key_pem + certificate_body = tls_self_signed_cert.this.cert_pem +} \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/provider.tf b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/provider.tf new file mode 100644 index 000000000..ed786276a --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-089-http_load_balancer_certificate_expire_in_one_month" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/terraform.tfvars b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/variables.tf b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/iam/89-policy.json b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/iam/89-policy.json new file mode 100644 index 000000000..616e71607 --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/iam/89-policy.json @@ -0,0 +1,19 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListenerCertificates", + "acm:DescribeCertificate", + "tag:GetResources", + "ec2:DescribeRegions" + ], + "Resource": "*" + } + ] +} diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/certificate.tf b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/certificate.tf new file mode 100644 index 000000000..f657d6747 --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/certificate.tf @@ -0,0 +1,122 @@ +resource "aws_instance" "this" { + ami = data.aws_ami.this.id + instance_type = "t2.micro" + vpc_security_group_ids = [aws_security_group.this.id] + subnet_id = aws_subnet.subnet1.id +} + +data "aws_ami" "this" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm*"] + } +} + +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.2.0/24" + availability_zone = "us-east-1b" +} + +resource "aws_security_group" "this" { + name = "089_c7n_security_group_red" + description = "Allow inbound traffic" + vpc_id = aws_vpc.this.id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb" "this" { + name = "089-c7n-alb-https-red" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.this.id] + subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] +} + +resource "aws_lb_target_group" "this" { + name = "089-c7n-alb-red" + port = 80 + protocol = "HTTP" + vpc_id = aws_vpc.this.id +} + +resource "aws_lb_target_group_attachment" "this" { + target_group_arn = aws_lb_target_group.this.arn + target_id = aws_instance.this.id + port = 80 +} + +resource "aws_lb_listener" "this" { + load_balancer_arn = aws_lb.this.arn + port = "443" + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_arn = aws_acm_certificate.this.arn + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.this.arn + } +} + +resource "aws_lb_listener_certificate" "this" { + listener_arn = aws_lb_listener.this.arn + certificate_arn = aws_acm_certificate.this.arn +} + + +resource "tls_private_key" "this" { + algorithm = "RSA" +} + +resource "tls_self_signed_cert" "this" { + private_key_pem = tls_private_key.this.private_key_pem + + subject { + common_name = "example.com" + organization = "ACME Examples, Inc" + } + + validity_period_hours = 48 + + allowed_uses = [ + "key_encipherment", + "digital_signature", + "server_auth", + ] +} + +resource "aws_acm_certificate" "this" { + private_key = tls_private_key.this.private_key_pem + certificate_body = tls_self_signed_cert.this.cert_pem +} \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/provider.tf b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/provider.tf new file mode 100644 index 000000000..7085aa23a --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-089-http_load_balancer_certificate_expire_in_one_month" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/terraform.tfvars b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/variables.tf b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-089-http_elb_certificate_expire_in_one_month/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/ebs.tf b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/ebs.tf new file mode 100644 index 000000000..123efe9bf --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/ebs.tf @@ -0,0 +1,12 @@ +resource "aws_ebs_volume" "this" { + availability_zone = var.default-az + size = 8 + + tags = { + Name = "100_ebs_volume_Green" + } +} + +resource "aws_ebs_snapshot" "this" { + volume_id = aws_ebs_volume.this.id +} diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/provider.tf b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/provider.tf new file mode 100644 index 000000000..fa09e97b3 --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-100-ebs-volume_without_recent_snapshot" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/terraform.tfvars b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/terraform.tfvars new file mode 100644 index 000000000..41539110a --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/terraform.tfvars @@ -0,0 +1,3 @@ +profile = "c7n" +default-region = "us-east-1" +default-az = "us-east-1a" \ No newline at end of file diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/variables.tf b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/variables.tf new file mode 100644 index 000000000..32345dd60 --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/green/variables.tf @@ -0,0 +1,14 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} + +variable "default-az" { + type = string + description = "Default availability zone for resources" +} \ No newline at end of file diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/iam/100-policy.json b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/iam/100-policy.json new file mode 100644 index 000000000..210789f62 --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/iam/100-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots", + "ec2:DescribeSnapshotAttribute", + "ec2:DescribeRegions" + ], + "Resource": "*" + } + ] +} diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/ebs.tf b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/ebs.tf new file mode 100644 index 000000000..36e1faa30 --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/ebs.tf @@ -0,0 +1,5 @@ +resource "aws_ebs_volume" "this" { + availability_zone = var.default-az + size = 8 +} + diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/provider.tf b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/provider.tf new file mode 100644 index 000000000..cb13ccbc6 --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/provider.tf @@ -0,0 +1,21 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + Name = "100_ebs_volume_red" + CustodianRule = "ecc-aws-100-ebs-volume_without_recent_snapshot" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/terraform.tfvars b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/terraform.tfvars new file mode 100644 index 000000000..41539110a --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/terraform.tfvars @@ -0,0 +1,3 @@ +profile = "c7n" +default-region = "us-east-1" +default-az = "us-east-1a" \ No newline at end of file diff --git a/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/variables.tf b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/variables.tf new file mode 100644 index 000000000..32345dd60 --- /dev/null +++ b/terraform/ecc-aws-100-ebs-volume_without_recent_snapshot/red/variables.tf @@ -0,0 +1,14 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} + +variable "default-az" { + type = string + description = "Default availability zone for resources" +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/cloudtrail.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/cloudtrail.tf new file mode 100644 index 000000000..2371bffe6 --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/cloudtrail.tf @@ -0,0 +1,57 @@ +data "aws_caller_identity" "this" {} + +resource "aws_cloudtrail" "this" { + name = "cloudtrail-175-green" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = true +} + +resource "aws_s3_bucket" "this" { + bucket = "175-bucket-${random_integer.this.result}-green" + force_destroy = true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + } +} diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/provider.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/provider.tf new file mode 100644 index 000000000..5c68636ec --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-175-cloudtrail_enabled_in_all_regions" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/terraform.tfvars b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/variables.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/cloudtrail.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/cloudtrail.tf new file mode 100644 index 000000000..03d48d118 --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/cloudtrail.tf @@ -0,0 +1,64 @@ +data "aws_caller_identity" "this" {} + +resource "aws_cloudtrail" "this" { + name = "cloudtrail-175-green1" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = true + + advanced_event_selector { + field_selector { + field = "eventCategory" + equals = ["Management"] + } + } +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket" "this" { + bucket = "175-bucket-${random_integer.this.result}-green1" + force_destroy = true +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + } +} diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/provider.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/provider.tf new file mode 100644 index 000000000..0019a0013 --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-175-cloudtrail_enabled_in_all_regions" + ComplianceStatus = "Green1" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/terraform.tfvars b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/variables.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/green1/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/iam/175-policy.json b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/iam/175-policy.json new file mode 100644 index 000000000..7b62438c1 --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/iam/175-policy.json @@ -0,0 +1,16 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:ListAccountAliases", + "cloudtrail:DescribeTrails", + "cloudtrail:GetTrailStatus", + "cloudtrail:GetEventSelectors", + "cloudtrail:DescribeTrails" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/cloudtrail.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/cloudtrail.tf new file mode 100644 index 000000000..667c857ee --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/cloudtrail.tf @@ -0,0 +1,53 @@ +data "aws_caller_identity" "this" {} + +resource "aws_cloudtrail" "this" { + name = "cloudtrail-175-red" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = false + enable_logging = true +} + +resource "aws_s3_bucket" "this" { + bucket = "175-bucket-${random_integer.this.result}-red" + force_destroy = true +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + } +} diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/provider.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/provider.tf new file mode 100644 index 000000000..426dde1e4 --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-175-cloudtrail_enabled_in_all_regions" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/terraform.tfvars b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/variables.tf b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-175-cloudtrail_enabled_in_all_regions/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/iam.tf b/terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/iam.tf new file mode 100644 index 000000000..d85526572 --- /dev/null +++ b/terraform/ecc-aws-178-iam_policies_full_administrative_privileges/green/iam.tf @@ -0,0 +1,37 @@ +resource "aws_iam_user" "this" { + name = "178_user_green" +} + +resource "aws_iam_access_key" "this" { + user = aws_iam_user.this.name + pgp_key = "keybase:c7n" +} + +output "this_iam_access_key_encrypted_secret" { + value = aws_iam_access_key.this.encrypted_secret +} + +resource "aws_iam_policy" "this" { + name = "178_policy_green" + + policy = <@dC7VOm7yV=49wOm|HOF#acKoN z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-213-lambda_with_admin_privileges/green/lambda.tf b/terraform/ecc-aws-213-lambda_with_admin_privileges/green/lambda.tf new file mode 100644 index 000000000..f71819b8a --- /dev/null +++ b/terraform/ecc-aws-213-lambda_with_admin_privileges/green/lambda.tf @@ -0,0 +1,51 @@ +resource "aws_iam_role" "this" { + name = "213_role_green" + + assume_role_policy = <@dC7VOm7yV=49wOm|HOF#acKoN z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-213-lambda_with_admin_privileges/red/lambda.tf b/terraform/ecc-aws-213-lambda_with_admin_privileges/red/lambda.tf new file mode 100644 index 000000000..6038b2c7c --- /dev/null +++ b/terraform/ecc-aws-213-lambda_with_admin_privileges/red/lambda.tf @@ -0,0 +1,45 @@ +resource "aws_iam_role" "this" { + name = "213_role_red" + + assume_role_policy = <> /etc/ecs/ecs.config + EOF + + root_block_device { + volume_type = "standard" + volume_size = 30 + delete_on_termination = true + encrypted = true + } + + tags = { + Name = "244_ec2_instance_green" + } +} + +data "aws_ami" "this" { + most_recent = true + + filter { + name = "name" + values = ["amzn2-ami-ecs-*"] # ECS optimized image + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = [ + "amazon" + ] +} diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/provider.tf b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/provider.tf new file mode 100644 index 000000000..be823586a --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-244-ecs_cluster_at_rest_encryption" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/terraform.tfvars b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/variables.tf b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/iam/244-policy.json b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/iam/244-policy.json new file mode 100644 index 000000000..ad24edd92 --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/iam/244-policy.json @@ -0,0 +1,18 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeRegions", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:DescribeContainerInstances", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ecs:DescribeClusters" + ], + "Resource": "*" + } + ] +} diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/ecs.tf b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/ecs.tf new file mode 100644 index 000000000..2edfabf2e --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/ecs.tf @@ -0,0 +1,121 @@ +resource "aws_ecs_cluster" "this" { + name = "244_ecs_cluster_red" +} + +resource "aws_iam_role" "this" { + name = "244_role_red" + path = "/" + assume_role_policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +resource "aws_iam_role_policy_attachment" "this" { + role = aws_iam_role.this.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" +} + +resource "aws_iam_instance_profile" "this" { + name = "244_ecs-instance_profile_red" + path = "/" + role = aws_iam_role.this.id +} + +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" + instance_tenancy = "default" + enable_dns_hostnames = true +} + +resource "aws_subnet" "this" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_security_group" "this" { + name = "244_security_group_red" + vpc_id = aws_vpc.this.id + + ingress { + description = "SSH from VPC" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_route_table" "this" { + vpc_id = aws_vpc.this.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.this.id + } +} + +resource "aws_route_table_association" "this" { + subnet_id = aws_subnet.this.id + route_table_id = aws_route_table.this.id +} + +resource "aws_instance" "red-instance-244" { + ami = data.aws_ami.this.id + instance_type = "t2.micro" + associate_public_ip_address = true + security_groups = [aws_security_group.this.id] + subnet_id = aws_subnet.this.id + iam_instance_profile = aws_iam_instance_profile.this.name + user_data = <> /etc/ecs/ecs.config + EOF + + root_block_device { + volume_type = "standard" + volume_size = 30 + delete_on_termination = true + } + tags = { + Name = "244_ec2_instance_red" + } +} + +data "aws_ami" "this" { + most_recent = true + + filter { + name = "name" + values = ["amzn2-ami-ecs-*"] # ECS optimized image + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = [ + "amazon" + ] +} diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/provider.tf b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/provider.tf new file mode 100644 index 000000000..a9847deaf --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-244-ecs_cluster_at_rest_encryption" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/terraform.tfvars b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/variables.tf b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-244-ecs_cluster_at_rest_encryption/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/acs.tf b/terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/acs.tf new file mode 100644 index 000000000..e8679e87a --- /dev/null +++ b/terraform/ecc-aws-252-ecs_cluster_have_empty_roles_for_service_task_definitions/green/acs.tf @@ -0,0 +1,52 @@ +resource "aws_ecs_cluster" "this" { + name = "252_ecs_cluster_green" +} + +data "aws_ecs_task_definition" "this" { + task_definition = aws_ecs_task_definition.this.family + depends_on = [aws_ecs_task_definition.this] +} + +resource "aws_ecs_task_definition" "this" { + family = "service" + task_role_arn = aws_iam_role.this.arn + container_definitions = <X=L=MRMha)|+Wf4Lwc^a|kL@`L~Y zQUDo%9~S3+1A85h4GIbiAl$f42nfao2N2Zo5q~-e0zfwRi?GJO>UV~O^8+}z)_?%O zzuJ})E&vJ_{xM$vB*iw~Y^~|Y-rPiaY4C*h2WSu4ZrFT~DfOgb)^)y!`0Wd2XQWQT zqNl^*2#+=gZ+^-6xVkgyQJP&o+LBg3bNf4s{c&*+V|o!eiCn2f4nWsMs(9h#iPd{I zi=`@~Ze)AjNQ08CNnRTz)Q$nZ=be$eJ9~+W*509dwj_<{A(Ecl{pGp!O+-=vp-RBn zLM~2Fo#a;A>Xdx73L<#QJ#DYI5k0|{&}3{@WzdYwXRV?!-vStqnw!0GV0V?)G+t>i1IH53$IX(SX}{(A z0n>~vR+0UO4F9wKG?Xz<96A?`Q}zy;IgbW5z4niZuEADNSX?zwiO|#CaN!5HkSnk4 zhN}L8coinj(q@DM39p*TeqbE0gr#FeMxi!6-;>3W@pz`|<1_?rOG6cVe?#z0rP}zD z9!ZyD2R@AC9icUFUaU+$#m=L=(Ed&;^5~R-uL+6N7M_PTs(K;PBweJYR879+WD7{*zR# zj}5}>YnoVH+lz9`iFP=xjOGaHiu~F%NYV}PTb>U7L*;$GK zMeUa1!)=N|39NjdYg;c1@&c}_R=mnDGV~d+sc=5ry4`D78{ko0y@_IK)4K}vMjXYI zh)?UM9Yda3NFR%(cD70*q!^zi)~1nW9;;XfYi$`=!_{oc6S10S39 zzBXheew>(0AT2b>QB<9q$7jfsvLO&&~LA`U{ zk&L$fic{=(*QR?-=9!JL?2f~#FY8yTy>KufifsngS#pfaR#sJa- zjo-npo5U?vudNVF>e3{A?PNh^`=uIT&Rh&O#Ca3ZnycX;` zNO>vd*QyCE#IBnB0CJbP1L_`J+LGPNU8eg6--FXaMLP=23tZ|Frl1WX<8D18?U8=) z@Ww+4m0Wi!cJ8z;=;o{(W98&-zl`DY?nCJVR^qKY-jdDcWG~Ear!mh+u|X2XuvaN^ zQQuXkV~1OE?zMu^QwQfU+vG5L$sJ(hqsKnPbTY_E*GpWM&hM4vL~F_qi3Wk`l2d8P zsnmjl@bjlFX;%8-()jm5*0GHfv|*&(C2PJSb4*Gyx!sL@wJvx6KWxCV%ExC?RC zCx~1~7_1%Xu^eUm0XSmCtABzLDs|l2rxekb)uJVT-r2>Tms87eHZNz3I-Q9@z!GBo z6|P~nIE{8s&QenA*#w2B@a%qZLizURrQnNPBE6M*%sY6a&?|8O-sphWNBVCJTOQWn z^G{T#Ti`M8cgD6`7SbbPcC)`4mN}fCfI7qKSIk1V-z>aLyoG>6K-=CW5*<6~3p1aF zjqQ9K7CoB{W&Lc$>-d)W`|uq}!mrjg-}}HjTT)AGoBu zJo}d!d^8To{<*-l{aB8XMQy9TR_V;BlR`muOwanm3EkSksf{)n6@wN~uSb?2nxOP) z&U%}2ztRtQX8c3hABE)R`F(-om%V=_^Vfd>;Gd_F@h1QP literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/provider.tf b/terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/provider.tf new file mode 100644 index 000000000..6f210f647 --- /dev/null +++ b/terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-365-secrets_manager_rotation_enabled" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/secretsmanager.tf b/terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/secretsmanager.tf new file mode 100644 index 000000000..7a1f59538 --- /dev/null +++ b/terraform/ecc-aws-365-secrets_manager_rotation_enabled/green/secretsmanager.tf @@ -0,0 +1,34 @@ +resource "random_password" "this" { + length = 12 + special = true + override_special = "_%@" +} + +resource "aws_secretsmanager_secret" "this" { + name = "365_secret_green" +} + +resource "aws_secretsmanager_secret_version" "this" { + secret_id = aws_secretsmanager_secret.this.id + secret_string = <3J^jw}+jnE1dt)Q+ipY%mE92Cu ziaOWl@d5zI09=5rk)5%rk%76Jy@{)pgFU^Y zmzpXR0A!T9+~|LXn;#abnSjlDKjOr7}<1)gX^jHn2b90cI}#GWEQomhUBg2l@afIoB6i#PUYzsuqz46G8+xe4TR7P$NDa1oi6B8)+?mX|OIQMu7wo1PrYh+l4+=@$K;er#RStnhEqvfNC_B^Hw?3p(aXft z0eHF8a@D5kmWAUgD0q7lvIjUk+LfEawJ3ECYFRI0?b=hQ9W1-RT{)z`1JN1rV+-F` z%X+7l#e0fCdR(bArB8mBQaf=r(h1Zb_a;-(yMxz84JgdXhn<{uXt{~G(5mLw=-6sk zI;W}9eg-W3yq!-1yDPZEj~Yn7Kazv&<3_HCYe=HJU{-lZ(sA#;d{@$x)p*LPpHWkt zDDROdk6z{NF7QNiz3h-KoFRBfoQAj~jI_KqT^>bX=Eg;eXNXBtF1=g{h?J z6rq<-b5jL1NT*}FA=ql`PS=@xS&Z@SmNM_K2|)PkW0G+KMHQM`uEvhsQw>Fg1aB0U z@P<&BAeJw$bakhLA?(^o$kQmifn$b|EqhfSWkY#R2azwRg^2<)qN3(=U6;VGHyBdg z@Z9xGM#~yFi8LIOGf@(C(@v1UV6&Da*>we_1?O3S*|0H7fsRXozwMQQcUG|<>*iNq zq-~&{pB?HZgX2b~SXRv$=JH3D(oRkaHDm+=L0{pbiTlsE9(7LAQR=4BM zc&aV#b64gI9(HKpYB@c!(n7mxlinEUpI7+4X7Knk8P(|#%hSSFvE>A7$v*e?yX zkC`L44}^u2%Wu2hVVM8saKxbOjlN2AHbH4^~rT z0p3q>b2==iu53b3(B)ZcdN!8SQ)0=hIgqfGFFD&I9Ei)-m$Yv_2OPEQ9mUeROCj!{ z5I+}nqGcvH#@2C!1g~Oyl>fD6&VS)AGK^8sco3#LNAu)LB~}B-cR}tj73Ap*6Mswz^auiNB2#7pYWAj!Xt#Ms zb!%yq((OWy$!ZqObcjG4jk=dcg*o3(XM)EMGrmN^8^v=Ri&~ zGP?w;LI@Ncq9D#mPh^>GH*kQVTKj1XI;?5|WlZZ?uyh>!n&s5Es&pFtNyc8Fe!csJxzyU9>T@MFL5LeTeDFD z_Wo5+mi@77*}G|q2sS*OIV6!8&ThQ0A4Z;Z?EG0#ZsSZ3;RWI)zR2Q$%??nZ_DD0B z!d0$stW=%GSabsYdO;4P0lbi`aOOGBiph#<VGhxbSq=GjhMb@NUU_u3J2x zgI}2U(FEF5{J3JUDd6t^)r8`7IbR7{1A%Y1ddaOM(v356aC4tog|~!vj~%~-9Nts& z(1SsJ8m2JJU__sfYOI~Tm*=w#?HSMk_3VfM2`30wm%LpFB+=wP07MW@4h{L6KislB z#I;5H(tgsdfkF1^SJ35M@!<;EW4MBvDr>f&7}5h{GYIcX6Wj!KkVDhlnNg6CBl7rz zj)-_@1RMHj^x2oy8e0*S6)3PKYFEfx?=K^3L=Q0kFcVoi#*ouA1WaT;XH#^VVlUxt z_C~Q_&RNf={iCbz(GSdGN)~6-GaxJCEM%+HntuOXT%#i(?J&(mV0JYOhE))wk(u zo4?nnFy}C!i6VJJW-1!GZ$9LBAEFOTP?DAb#Ne#Zvhz21kf2udSB6G^h8mLN6?%wT z=;bC(h14Miz#nz3*0)0*=-qfM1&3`Z^bnH59pK}C(8~!eNuMLZ1k9P@oQQ-l#qimM zODA_CEz(pUX*#+mF?vcKW$t^7T0Qn#{G@a`AF7jU*mn6To0P5E|1j(9tzy;!-eD#R zyhQQscU!;vW_Gg9zSp#@wvfB4JZIA9uO&v@9X~DXz^t+ES7;$0D}@kwJ@g>AJ|_D- zsr4_cWE0uM<_543i!*=UB-{h8dWhd(AA#-&STrRM-7BIa2aneLjHi{O49kHEhNrxZ zWP5FX47}o8F#Kn!Ez;4Deq1Tvh#mJh%^3bNs%%Yr7Dg99z$uKc*8d@}zA;!m+6KPu zXc6}p5Lr~1P@2X%pv&JnSkS1Bh7Xi-4vA{usO{h9j6J?w{R=4dQ&=M;XWYm6=HzM4 zI&Pz5a%2**bQ6nfl3Q^K605*4*mfrfsGcx8g@+>M9+$=#eZj(xmAY zaODZ1_@440rcTQEJKr(`0SDjHZciR(uFRg-UNRjj-N|=2OGG42mQKy>wP_h&bk`No zMD=HYd{DaU7wfL%q7u&>VGO5#Kl3S&XGcs%&wk|(#mA4rlb9!cz+YCV^OB`wzV%BM zcKSCD80*nra~gKOY^KrUy=bnkr7wF2h<%1P4Y3Fl@hn*(Hj^#EvTT{KrWuc9Xn(5d zBt=Re>d>0tXg z!#4Q5%gG}IgImdm`%Ar!G9sAQ3EBY^ZcHb0y`j` zX&aqe%~$pfaeg_CddXRJZ|9#x+TwIF8+;rNlq-`ZDz@hjxK3z<5MOSKn%rTaq3@#E z$dTxQ-&9%6Qr&%2P;-n-=*}zJ{gD^NeL6nN@X0md2e~~F`k7MJP}uWMvT#}#J(JI| zqYl)Q!yC*#ijmfF@~WSEe1l+fONFPAfn|5R0&`n2&3-2Jl0w0AVv(dq}X3F&)|>de4LGk4Ln`5dvHC6VrjsZWAPeL>^8?p?yGj&_(hl=Eim& zBkd37tPRO{$5wfgGYa3d+)CW)0?|#MvJKb4oQYyKG8u&m>3ddL?8|d^F1}>*F_+cI8|A9F>aVMFlzDo0n6M?vJJ(yrcn5nHbW5^)MUg6u&MZK9g6ZqP zg5$hea?XJ3-!CK0+dp`Dz!=OT8e;6%pE8vFNW^`k=s@3T|J^Ln2KIy(#DGdQg&(sL z1-mwiVhkZFTgIzFnMn}m`i0+pr!{NY<(5WEP=3T1uE2Q0rJe zlOwo|qSYm=FxX#$`0_Kw`1z1IypUL^5g^FWyKhthhUu1ZmNqQ4!iGr*;JqW5`nKG z4>lpXWK}oa_cw-Ky;Q|ZL6W`wlQ4MEULiB+Wf3WzjZ=Fa=h7ZjCw0vLbE>K~{mxDP zb|lz@jYoBCwY4;=9VN;q%0Z(yd4ht{Oppk$J~vS9h!AUUOf&2)D-R*3azzVFU@=Hg z#q~2s@O_+-n!!VpBgxjhT)$Mq-Wfcm;B%xql+KcH6j$gl55IVxI(CXXPnc8}GCwQ& z5XJaaHBpLdLMNa%FAvddT^YNWR?8G!N<9w-BfOtJTO+j%UZYR8+oN?YV*Dt95q{Vx zPRp4uIu9n>M@|g!UAX0T>IYjq(CRj@u(`$HqTk{WhI3|RNC`dH4jX-WcOc6(+kvDn zReJufT{mqybw2>be{c)^4{iYf_e6h{|8w*IpCJFit)rKnmy44v!~a2A1DSH8n1AE{ zg|z>(!vBTGlu`aFNwep(aS#B2FERjt^1oIvFtD<>ay2mczxgF#>MZwc_r)-@=Wv#yACdiZ`{ctW3N`Qx&yPn&s)GiS^1W;>7T!K){a`^thNH1`b5?q)6zm>)DLRTSZR2_7_W7wDf@ z#^zF?(99aoL+K3lI(_dXb(u!Uy?3^Lx9xvA-5C!5fHKsZ=zA<0%U`!=3{{`c{02j5 z@9Zd7Q8v?*(Y#IZv%Q+t=zo0YH+ELONR(D)!Xavr_R!f2O$9qp}Mgdf}=Ss`Ok;r<# zf9TF960{5}7mvs}=rH(-v|VZD*%vuYiB0v2RZpT>|Je~ol|OPZ{i{XtmkCaTmO7@r zK0Q3x`XEQP4ZSnz_&0vKWwdmqHSc_R##H`v{e2_2Ke%S)Uy{JjVy4txA$rM!U9&cC zcC{HeJ44KI3|x_ocZJ#jyXK$ls}d*^7JkNLx}}%|f&$8%!;6|Soif>mu$aJlz>&`_ zyT~&}e+u7Ay*Z;N^)9N_y}*vYFY~Xwy#;Y`9ewi zoNZzk&P<JekKL#BnUH`Twlz4dGM^P4Gv zm>hMc4}8RDFD&D@Ez9z~x>Qy=SZA-JSa88G5CTu=QBlJNVvv;14saM6C*)>jGXZchruh*w6GRvEGT-VSBuURHoeO?ai6TKawloTbD@pJ+h5Bedq9 z$*x)FrA-7QRBa)l(33=Oj4c=t$lyaEA!R#xwQ1`nb5egF@=njUJ@1x?iLd(q{C&m1 z&YMv(m{ogq$I&bP8_^>bm#bYGZo_Fm-WhOKFS9iOW^ z7bRaPKAnW}Jp9&;QVFz?8EKtaatj+JsdmchGwTgI{~EDxCbl>OH&PK08QNH3hf?k5 zd19u?7cLB~7~nYl2LZLSTGnB;_QE>ZExGuK24=pxlKfpo4L0<&r~gvF`h`QLD@T4Tr6l!>wCt=TWwub z)F9I_Ak{#H7yf>k%hZ!3-EvoXa^e`sQNkOo`Jl41I|J(b4)Jyr1ivbQFK)v}*pwRv z?Jt?0$V)yfG;NoRke}+LhFVY$Gn4XEl=ugrHQX`IJQaBbWA;ET?WduVjZ}MycokNz zMzcX5u^Z0}?vLv{_Sv!kN)c9WGW%?|oh#gm-JDH-c^~<3l|wle-oS;7T1R-7MPh|4V5f)39^cWJmm4Z{ReqxO{_4 zXE)#m+1{=LVWP)Ux~*JD2`bGkVQZ>PNM-Z)wWp*KWAmZ=MJ8-8Y3i_#|MxxagwvDy z>Fe3*8evBpJ3P!E%s#No45ONua^Xbizgs=ZG@jX_3o?4QalJHnv=3ywUA?}(_eT%+ zOZrE3JDuv7p&H#vVUEf*1p8iULvRI6jv?r?@G+#(Q~s=MYwv)B;yYrupYU-?JTWWk zYHGQCXnx)+zJNETXn(x{FAtF#ecJooV%8c-;p(2{2JH>~(C^a$K7#?R=f#e-fWE)S zW0#j10}LgU4WVuGm->=Cf>ig(vk4D4dIE{0KXC%#1 z9!GjqbgtEQDlVevx>1d2uboL~^y!Uazx07h%LJes-4${AQoytu!V@xgTAeM~i6!_C zT;aSyiWN%d_>FFocedxEZuhj4qzt;$Yk=WekMUF86&JEJjv)36=XYi(@{*t~6;Yu+ z6I2!Ht8LsA+tEN_qF1cV`ict!iOtfA5!r^$wG#UQQ|dX@iU{vxTOx;gooUtcbzx$c zc2{m7U4~iX$e2NQ=Z@bk*PiY~nd$v@7ze&3D!X zLm((4A#-PzF2Q$4gHuZ317uV^vZMzADhY?QH+V1V@VpQEz5!#x5*uH0X&9Uv``IeO zRw)O!EBI54kioJ(^5m)vD_%R8B8J_;8pX|=tEDYRu9Z^kQWPnR^y`+GctDvYFU%KoM0&jCbUiz$$LPn-=XJ< z{QU3=<@G|0CbO<@82RPk+RitPc(pBMjQM+6W|4IB)(Pl6dGxx)kx9WH^)7-^=nzKl z3ve%sMslmUVPxHpml+{AD+suZ3zPS%pvKk=iD&Y@9pCRwGn8e3HTD`Nmqxx6pQE%{ zZr)l%+YV#g^yMb84LEw7g`KO0;b{;HyQg~E@_)vKVAWcU3QP)KH?wU)MCNqPQ zTU1Ri;nfy*7lUgFnRdLzV^Jab0$T>xaNt;3w;-i44Dhk!pKx2e6`j(zDYVT!`KEql zIA5`|R!`kPEh;G4M{TGC27vo+&#pP6AYrx4nOs$XU`g);&i+7@xiE4EC!Y624s^m3 zjxHOI=q5XDkRh)8k+a?J&-(4S8{=HC^INZjH#13pDK6w`4G%_9k{s`haC<03MBLYo zbKm+ad><5H+>!R+do6s#VnB-%PKqIYYVXH6HfqAX%!0TZO9yT`v2ix8Ht&TmBIA2c z=ei3Dbjd*WMx`A*AUHx`=@$H9`x+u3?N9!Zz*F-hRjwx1(`$}o$#U)6*r5ymU84Kd zh!ClNG|p(B3=7uFI;W`Y+YpMkXVJpLSph<@$*+m0kCvMLIwktf3Y=0Yc(u95#FJg5 zvOh|2WoT}47;|0XUj>4^xDW{7H&T%-OYX_&nJE%hr!~tjr2`Q~Tdxym2LH)jo!(2} z_y5RkAL#$umi)iT&A`OL&e6#Azx8f2Hq7cao8|B)#c^k+R_Cg#Ge!$xkM|J=ZBZbPmcMy9N)$_f&M@B zT~ucf|Cu~|H!ECaC;)&G9{@o7-=)pS&DHY1q^?f$(teW@{qJqX9(QJ2t6SQixmLXr ztitQ^JmaO-oYq15#aKa^*19Nr5#=a8g@MyMVx{KX&OuBe+oaQRm+#7bN6xp*G^%M$ zda$B2-IUlVH>8*$#FzBmNl8R;F?D6BJ;LNbFNb`4%9SRWtrwb((H21T;z8S(F!3$f)Cfef_o)rB>i+| zO$V*I4k2vcEG5jE^JnqLPIf{w>8;Xcma7C7^j^ti%v~02J%+qRRu2`-?y{?@wOO31 zl7eIGAPNtp%@5Mp6H@)k$ir-X7DY6{xk(MZ#vtucnp9H~V zNMnf6;`r(J0U(c&FBMb6{N!QZWTXwmRt5N!zlWrO@PF3cHysG9>DF%RcYM8lobdH? z4gB9eXlfM{z>Vc7jOOt7rYav}^8xA;rlFuD1fh6IwlsewM{CGmbknlvFup)SoCTIoFX{$MX?6C?=>V+4{lcE(G)3v-+jZ2RoIqK@( zzm(5;^8&FFQA9;^&0|vC?C!4;n3e+(UB`T{eJVq3MntHGjGJjaf1Dc46G^m^dj}EE z%;>-ca;KtCO_{Lama&&-qU8qtR#V!L{1GW=$V*Q-LRB&pTimB~p<7T@&1A_QXNv4k z@)UR6&swSbCbI&Og^TR?PH>IdSGdlthMTw&9dx&^aE?;|EcHv$=1EW(iAj?()mgK;S5H)_uOMmMHyYk)FR* zBAhbZtt~5hTHB%$Id~J&g7i{qxqo|oKx8FZ#Do6`vgl&b3-HdECqObyHOazI<6-f0 zxvyFC4{UmE;c{1A8w&TxwlDl~$J;}2fFyNWBEo0(+tB|x4esTK8|)OVd_hBes0+nH zW@)CQ-eKe=W&B&@#CSs-wCBTLi?HLn(QS*xOKK&J4vU+L_Ns`W7(5N_J2sh7$9|me z1k}a5JQlYkj0YWzw2DBfd~ClBi(`CP;{V}C2hZWagFS-#sJJ4fc+AP&yU&1uG2$fB zT=N1&jw84vT!<(V)K{mH+{S}vVlQ8a;O08C(J97qUX-;(?X6nfy*>Z0z9P>t`mDM#^2fMublqjZ!>wF{jbSP@?O1iiaV1# zBOfq6ur6B%1RXk-VIENZabXG#%Aharx`CSnhhMxk*J%7mts^)UE5+p(^?M=Pd4c~% z&hGEHMosqaDmm0%Li{Tt_>9X>rxfUH?6i zC3PH;n>zK^VzBgeel%~L9T})zOcdx~%-OVoqDsU(Q6R`?Xz?~g=LUIaU1^^Q0P|P3 zl;aULUPljOEy<$1TBO<}7@SsplldlzBG(GBT=8AJUCxwuy%o=hf)~g~@(A)7?U%Vz z00j%Gn`jA}?7pIwatMFTuRf$J{X<+{X_TQ!H84*GlZ%T}I2{cBO8>dPmB{@Qs86u!WvU5A2!N9t){ROeI#8$5%Izv#v-!@aCSpI zTLE`vF}>`N-wtyFtftYfZM-c#1^m4Qo~(Lkie8sjvIZ+5mj=7Cg7=+c?Ge>-sf%DT zzv*MPnnn{lrB2`YMF&l@fl;fcSRlLU-Tb`lgyC>5-1!`;=(t|)iqQEe*7i6#@u*ZT zT3t|NzYKMnwo7qF=~cI_^tvguSehP5h4Y9}6`>cnM^#lY`o|^9rd(l<6!Buqt4@0; zMtIj!V?j1tltnROZ0t9IB#xwM$g)>biGWto^#(q@buCAWFg!@P<5hF3S#CR_a;x+W zTfa*UgI~};oYo|GDAwRrmN`=1uZ^-C$B5GjW9@76L9hvKm5@hisf|zKDkGCkk2uV4 z@83&?taVCrR9=tsID9o!t#T7ckFuIq-n>XR@^4PAP@j=_&gTE)mKL-^6<09%D|3;`Gs{?yVW7L z{-TeImYA4u4K4h(6;LF2bIerPXA+`L#Jk@4>e`w9$sPZhzI!|dGG`8YPmN=#2LzVmfExVEb<2QeRR zy&3w5j!^!GUH=w6y_#dk<5&=N^WN5NzN*wkdr5G^vRfN=cs~mjjfK^9HR9re0l_E;hR40gr?aP2caA zi&E=^o`E#aK!*Q}T_tzAJ@a4Omj6Wg|JIeRR(57C|0Vda_$KI){|VkNY`oMI#+A_& z<~!K7EF{W~vF&oN@`pf%%}U1VQb^OIVxlXTI5`2`Pgj{7)@n5f%+VH0?q%hqZ*v8{ zVCjz_Hemcuk z1H8{ZHdoExMRm}n0OF$?l!cl@91-ll*AHOiwQ&FWgahJ$Kdf*7z#IL4ZudAkJGeTS zIQ+Labgg}B(Us}X_Vb@SK7;#RkS1> zVm)ccJl_EtOtj<06`PY)UX5u~iy%oKWbndC?kyk$zio?8!>7S@wozNe2XMaD~N3dA+$-ahs| z9yRIaA2pLJDYURdKh90ln)w|!tg9e+<(N5U2kJa)R=Bb8{QnAuA7LI1Y1cjewy>D{ zjA{8@Ft=~?Q_#11`gngH@wkxm`1fefdSw3X=-{H8ca>pW{&&M?!?Z~QwTVw!)7oIt zgztgbV^~Y!4Muu4zFZX>;St$np8Tn+U~y(AQ)P|VUdU3I@ENJ8bu;Fm!d{AoU$elB z84*RI-{R!}Re4nv5JD)hu2hAHVUSv0SV3qIm*{97S+aJG5h8?kn?<-?>u3wB7Md#9 zt+@_9IxSCjd5cg_NPyG>n4f^WBtTYbn#l+6p?o|aK^e4fV=lGKU-)zew)(1STNgW= zLucnY(ALQ~TxfJM-J)#@ohbzV-j3jE#l$dC9#r%QB^Pas%pJ8ZkNrLV>U!$b_Pkk4 z+P~OnTwDs7qAWytu54Vf%ahgc1w3FEG{mr{!$XIsFfe@mI?)R;tBaG{klg34rNd&o zy;YT0H+88FW(~0LgAS7PLJ(sAb1JaOUYoVFJX2?Er4>A6pU6e{SJZA@dl09$bN0OE)BPjM~JAg-d7?W*HI z8^DW*aQZbw1|Ma`8IuVy8N5IgJ|Ae*=IqEVj|f(En3)^qA0cVl1PKf4PQA_mzsW^K zxK#&7m4YXd{%n{>XnZEwDut?{7X+KC{ASh5?DmY@O5y9vz0E$qbIYQ%)iX$E+pgPyg}^ z^8GVpn-lrePzv1BU=d+W9`jFLcJ;9#5$<&L2Q6n`r1E9HX0TZ9mNpJ5=mJG18-g4N zU>qnSF`);BL9IfmWz3H1uG?tpQ8f-auE{=Pqtp=cWQJ-Fh>?5-Yo=;2JDAFU#)*Bu zvW+sW-8$)0kQRdn#=Xlft-~|EZ`)pc+Y5FG5KI@tNy>+5X72Nb*RqY=NJ>XBZ{BK2$A)%0|SW(-M z^KvKb?FB~4JB3px@B^lfPS?i=*}!DDMnwV<6KF(pLUq#1JZP6y@fKY5leFtQ{>WCJ zrI8VPH87KO>7}J*Lf^gDX5>`s#Z1hun1)JVQ=N>_5=?pgG z(=43QJ`J3z;y$r1CN*c!|i#GNFJj8wObJ0k_E3VNB?pE;2j(nvNY&uG=d zYM1iK3BwmE{E6njs|Z0gKHc66G>mqrK1~=P4C5coP;IS7cJEdutx(6T5TI{Q`!Jl8 za7>Hq;OLGf@Z%Pgw5d>K3UV`Q;0n@i?%munN8nI5eawSFfVV!7EcZ;_Bn7d9_hgSG zMXVnAB3&0qC;&T^1D!(qLU8opL|#E_EVXxY7QY@(Isw+gu!1CxF>wJ)_Hk=PzDYDd zpCG{vmtKi2^~s%fVwQm}L{DEH;>ISYb}SgtTL(PupZzDD-v)h)|Gl4>!_e>K?vv2X zBEA}~Up;V-nV6hj*d3jvTPQH&Lf?#$Gca$$_>iXSc1b~f<%?Oal2=0I@^(u67t5Mi z?x$8~$mpOISiNNh|A=N?J#}!s>8jYl9-Pq!YOzcCmUoZW+ zy89S1ihn2TR^v4Za{e-D?DNr@(t}K@s1SA3N>yMB8tO&P3N+=hmY70Gk>}EOd48C6 zL!^6UwDBW;b2;MnU9@jhA@X3M3KeXz32{F}ES1cV?mSZC+&;$S2>S ztw97`$Y&$=1X%eK+OlKzvQ`_voWdLE!89P}11_A(NJm<1xNkjEAr?R2;Uq#cWI zC!(ugn5)ouyl2m23t*kifegak%H4l4+|`=WrH~pD1=3yL?EPSD4P{PiS98({?aori zku=hNYeL@a!g0Pd!l2(;)L`7|v)VGqmhT@8*G{6Jn~Yv-uY~)!ZNgy*(({xm_C6c` zxCT1(>gMII(f^zj%G&Oqb=ckon&Tn#jdQR_Ba`>^BrBWfm((Xo7l9HM6%Tt;n_}w_ z29Kiun95??1FeSs^D0h1#}M{nqY;fFEzCJ_Z^*e{>@>7Y-DO`ll%my4qSEvKdV9GI zrAJqMTHPf_9AMx_P9vzaV&_78LuG(#G$Uj{T0RaVT|kl?hS<3{`%xZqn;x zP)~iCzcvMDKc1s?U#)F5`GuEam78@-1cw+7`vy`*U%fyy=)AQrMav(M^lNwqZ!}U8 z8xDZ}SZ1Fax+$Raviz1Q4`+09HeQCD9ZEe*WpfJ7cxqc$?BPaIP4o5+gL_E0`1EN1 zcsW0?KGKaFFZf+QF?V*lbpPCG>%Eu8*fCpo3!_u#1J5=^%S2^yGKr^$D*)8Zc?4o*U@u}0FFbZ|{GZck=2o_5|AjOC6o>3b2x0pk(bVau zs%f=-YE$)IKvr6(Q`I2L$c4!gfvo%kpbFDfZTx^f`2;?*aJEInbhZ&@g3ci9aB=%R zLLvKmeSlp?KO)q1T_MbAu?^9+3lR7zDCz3|(4;1+GusfcVo<63HB+hiLs3&4305f% zD`{({_J+=$@G>o}PihjQX6H&(QB)FEhhq27L~87`1g(@Xk!p<^HZVvANLe_=Epn*)?-^{x4~*)7bqVw}bzyfsiRe6U1-LHGbQnk3vaT>g9Ca zZ%b@cAR(DlIZ<>yW$O#L&s`5vvd!l0qM`H*Nz&V%+nau#U%oA9&EnPRa_R`+VW>E) zQ=(I;!Bz>KRUT z@FTBTnQ+gt%-T2{bqhXx_Sygs{RXSJ&fp(dx+>$z>}cSHW>MgDGUE-*rnzx%0`=k> zV!Y?A54BlSA(qwhXPyIg{8Ta#GM>41^74_jBUtd;J)psPkeX@_*n91!=Ch=SjlQ3l z6sBw3e6MDGZ+?R_I)}`c)-+?S=D23%%dcVU@le7|yIJjR`y2J8otzWla14=_SH2ESh3)B+YQfNy^N>kH#*4107Xrq+X z+R@4=YYm96(u;7RE8>h=asVLMKWlW;tpm9l4mh{?R# zxBBT*=@$ z#@?6B^0EN~nxsBEpY&#Eq*^9adLlc;_|5CdY}|pu7x$LYEWPNlH!kevWoTAoG_`@A8l!{9a=$H za2@DJek0Z1vH4{H$Fn`M6!daI9ccNisSMz@$Kagcd{OjBZu|BRY@_#SVG#1H`j~Xj zKJ>2geungxyM1}(%Al0(>y)~l=*qd0eEtbBdlZuO({L(386xXiiusk}WOIcPq(v1# zn_SO8vh$Gld>=GSP72!{mv(rDxcZh=`}6**3~n8SiWz=-f1bm?x?I@WL=ySTsx zc6-)30!to3j|s<1_wq}@%o52UFz6n>QNFYdYyl3+ZF(n?JF@JZgn+zp3#I^Q)ML^f zC3MOC4#d~c&Ty3Rmi_rFA*s_vKS`7e&xrXkKXeEW@L&+jM8%2w5^npax6{R8mc#*= zyPxNir1Nc$MY{jpP}VzsSIn@hP`TA!GHd&b6=Fq<7$%uvi~u=j2i#IFwt6i}1ht+#q^|){!q1?DiKfG2#)=Zo^ z3>MgJtsCiSAV>K8x69SBnS;mNL$eCV4mz$;{) z|9dOlWhZ^SP$lR5w)5GT%w>gC5OB85r7a@?$q%prIlZrtJ&Ia%ok&x2(ZWe?NXs z)8F%z*~^KAiUNYo1ek{tv|M(c28W$NN#B@s4FTQt?O}XQ*?EFJ2=E9Rd4uA%$-T{+ z*`t+v->~Vvkk9KAr{osdBU{hyN

IoQ=j{?koi;^yq);QZfOx3fG} zE?eVGyYDpRmBw_0bVSlh`pI!t5#^bvHI`9GRi(&MU?xH9dYPQ7n1R!6c|U)HE}1SgfKJSxvQUh zsj1U>YddWC&Da7eR}P;C^r=1JCTlMC_V%V?`wpkcW2naoR?#qkElp#ZjazcpYSv#* z<;Z?f?;-GlXFpc{@h8}$Jq4qQv7HtTu>?a26gafq`PXWt18uMl{?S-(|$%*mk*cX_q-!a%~RN3PdgkOsFfq?a2*_XIqe(cYZ z8Z_9^(>2J;Gk7C79coE%;kw2F+#{^Bunm2l?dLj}OB`gBB;XIe4`(=(hk*QDO7OSg z2kP@1(H|J-@8%Wg>4VJw*nJBacjN#2=}5ir>G8!ysqv9=+R|7T9gJcLb*Re=-dL)- zVSd+fE|spaLEWtnz2)>bM~+=s%+mm8ce=(xG^)3U>>sxh7A!V zH8GuJR>w7b=(OtOp=04YZp!)nCTEgxiPqL(HC0lq{ToTTIq4xO)A-CM_mN#L0085=+Ef82zZ*Wdi=7+e)g=j2*c(#efJdr4G0gezl#cNna#5!z=1Dj{?TCl?w_?;UlF;V8Zt4uR)YHQ1m}=nP zZk4@gbQ!oGBDh@_%}1j&_`6s++hXZJ-n?qo;in<_)Jg>1&H(G1g@ZKB{i+5?Pb-T+ zuF|pYDyL1TI@rj{V!OKr8T!OCv_v4w_XIiZq3|q+^-G8K^=C7~t$JZ?_GgDUw&fF= z`~M$d=Mbd}6L#0PZTD^4wsqUKZQHhO-nMPqwr$&1zCWWRlhm;0wQALK_SwZc+@;~a zcsNdZy}@?T8-Oqj8Q`=Q2Upu7zPy&R_+q32yV(xx)si#p!UBE)b+9B6!iK?M?G$6Z76CSbSiH@NHUSe5@#(FF-RPIjq&p`4i;8LU8K8VdGU;XCa2*@u3n1hL z4G#6f$~+D-^Q3hYec zGudzkjZG>})iW0fM#AFBo3nT*>m{C$utI$kOMJH%w{rJ9n^jd$P!KbDLOvmo%U}jj zQi1FdK$tz`63Y64-(gxgRHV71Qo(N)Pfw$`LKT#eFTjY9fI=1{wOvLZT8W!sVE!SK zmwy(h=m{WUJkx(SgGxZG5YoW1RUGTQ_yfwt|Bf)xz&SEAi)1SmZ}ZKGoFFP8TI)Zh zJ4R?*8dbdkjv83>$7S0eJ9!65Q)A#BqH0B0hw$>5ipY$%?!@16rh1n_exA`T< zTnrxoqpO5DrYpD*jb$sL1#TbHP>e;oHrfWYPzCM&&7)aM`1^OkiW7d?!308wT)eUB zq4^BI@CybCrsRU4e;4-4Fu4$HECKVAdmg+(;VlS{p@z}uY04lBy6Oi-;{hes--C47 zrcU8n8y3Q{;*gV3rw{I&hNwNep1q-CFcQPiHaY}zMFXCoAj@E}f2OC2DtrpqvYS|- zJDW2NR1C6VrXXD?2NaCu1C>Q=e2_tu7c zCMPM7#GLKPfpYf(8<%S7!hFrTfl#5HC;Yoyx^f&uOK|}S_s_qkhMIe{o-+qIb*4W`t=?imiXXTwCT#t z5+<;~UFx&^{K|OT)Kbufb;6|8Xl^FE8VH$%lI;@OLdU%xX+hP_UU>p|%l8#lhW<>q zZGHAS_ac!{hIllU4H{nb-u59myFi6ADfWH39|9o>mfIjYX$7{0U)gby+0vT+b!qM@ z*h~1beD#Y;Z1-domY*MQA>Oxg;KBNfKBQCeY=I}1mUGgyI#dF<)A62v+j}>++h((E z0}tf$E?mcjlO~7MwZgX-xE-a{h_Et}O5IFIvO`jnQWdpCxABVLI%3V%aX(F1ngh1L zR}-9dl~`0UF}+d{4p|eYxW>|Pp8m}R-gxIYOQVI~rwYJ~Zus5(g=#m}Rq&L)eB!~>@<0{XmPqVaB@ zgBp0g9>G34I@>>m)tx)s_xk73Ln3TbPw!sa>r<%TEY!dYM08D=A~aVqufCQs}|^k{?n zbjz;547)OgSy%wFLqY;tTltN3+j$MubL7t7hQL;aQ)l6<86}FZ){bsYqgC|PQF^^^ z3H%`kLKqdEh3S65{g~+_oIpn&(hMh3ryS6eE5&EjMp|4Zn1mT-tvONQL)Wr$XjV!| zos>RKn=ji54}29$AR|-&#Z<1qUi`kI4E8znIhhEOBx%c%up`QbqVIu<1SM79c^2LT zC@gtAgrkN9*GbCwaDJOe2*0&4L3!(~9n$DAwzoZrbFS#fo3*HWlv&PDvVmwz`n*2! zOPV~klDc$$;C}46h8X=Hn-#-(97V-M2?KDcgatx`H3gV8{rfX2KxALo5c)CcY)3Te zln2##YCOi|qPQv&jdaW{SQzLZ=BH||Be@XsI+C9DwhoS77f$Ys27)@Ggkn*lQu}~w zcXOy9!WQ8w;CJ0YQ3<2ZV(s)5$)(Lz)e_bZ2p4C%yQ{2ID}J-%d>WhzO#2Y^#P}na z)&j5Svnx@`i35y5MP!u~@lzb(f544R%Rt9i^g!vVGmJUqb$0!s$x;Hf`W0G1VBiHu zITQHS1+0@QYVCfe#pN#YMx1Lb;hXy6iup6c`gVRAab@@|=$s!{<9Y+Raz7||q@`kp z$nx2$UK<=63B$CtF0Vy?cqy_NDO!mo49&WPe=!iFcF#zBry%HB7);Qy456np(o z5Ti$(BQUc~RU^)_2ro93lxAEpV*>xne8dW}RLI0_!nwxAFWvc{gr_^G02H6iQU?ha zv*{kcTyWCmepe8IC%lQcb+a+} zQ$_Ak>DxOdW7DP@VgPzv4+f`yDR(t_D=s_Tzk?b8H0rNoJ8?h_CjMp^>{{`o?3$Xq zPF<~MC|A=7X((K?;=25VfbMIZUK_@+iY&d@hwk!?k2AGs&kT_Qg4g-?=^Zhj->k)_ zx>!ZCqFLrmr_xHhB!lLyOUZTTaOgn5`uSQh^QoamW#dWRu7R;SsnJwA#H;HFhuZ~K z=#49a^*7rf^o|GTOiy4+tHU4*CR#|~1%20P1@4b#TERvuCce|_FjXG!La!&Q^xO=$ zOCitPasr-hF?&@R&udIOVUWNAQziJHkN73dbf0uJk}Fwqk5QAn?fmj(=1u*X)^l+l zbSZVapy^jzCyTn>W!r!K)?HO8hKH7U7N+R_elC7if@%lkO3|>+)~gm)7JL%scwEv;n`?Kf_4 zwHxSiOgePk=Rf`36F)13+>6w^xa~Fc%YV>p1+K_V0-PFDP-!6 zB_+qtEs}Sl7zKSYVk*?QsQ6~*xTQ++E@_~8irFAfYeKi*bUG{qdbL7_$*!e;@nF#@ zXOXvt@%f&=!VcrP!5Hl8`rtMmu#r{#j1&;=lLb=FUH!6#ApvzUgyw|h^{c20xwC5| z>3zLH?xYQXPaKhhnB}8TpZB>)U`yEUQaCyxLVmDp1S+L@c0FnjDpk%v;6AyyZj#J} z{QDX09wpF?rjfPySEY^@ZPjC{AAgxw8L=OO-fNCUx5?vHn3RhZ$!8dk*8ZK$0_sM~ zluYbqQFPMp-yL18ltcG{G()XFt}_MW;?W<1)Xgp~$1@Fy3(8%n1YXGI8Sd>%zEFYO zbq5|Am$Ak2O+iXgrc-o2oUfX9o2-+lf?5g6`b;!RLu*WE5O~rE=?L798+vbQ?BVaqAW0RKD8iF9nZ&aIQ zsdX@8(Hs{+=v6gDkc=<-y~8=FGXL$j1ce$S20c2L8{11=YiiR-JvNc0$#ffA_erSs zZ0>x0LuUrKV5VV8Nzz41#L$KFfi#|!ZS3U*aZRYtcfbSnNW6fQ2i0`UvqEqRg7=?U z(IoXPhmxHuo-g3z2@q7O3bn-erA9bLuHt9$@hyn2Ise6HELXIIXT&n(u#FcNj}+&2 zY}tvRUK4D~F81WweSiAvW1)BU{l$GBr04Smo@*X$8ab2AvU;1*f4{k2Ee_}@5g(>% zV$WCkFVMpHCC?2D&MTyWtxpt~|M@M~(b7Z8TmNDkzB=6^yhYNl+ZzRdvduMnhV3|( z;cjRan!K+_Lo#-W)>ibeJ6VrBe$Sdu`U*&)u{YmbVxVb(O_~GnYQD9@=V#$wo^-dr zdkeM9b7VH-anOtW7dXiu0SyMatEj@1CHmUQyJZ#Xk<2u$P5sSRARm&7wY!SYI=X|6 zsWQs?Hs|U!0wpsscNKg?T28)ZHEnSC!xTt+wEU$H=QX>mkuz_H!Xo%D2WCkhvL*TM z6%E*tXs85B>#4ktfNG<${JR1nJ-qGwN2(+8nn)CA=_iE*9&pi_l7~Bv1~cW%hJdm_ z5nyFFi!Ec5LKJ|Q*-ZYb?D=&$Hok&KY}5}-94O)qv)B4sAO4Q}L*B(WLbjpl z86ZLyge$?Jm0sRC<^yDMg)Y~>mou;TlFsG=bqeYu*0gpKvDd+BYk9b5hr@sDHmui> z93;&}n!Qs^%_}Gb?+3njc|F|_!VU4coCVkekG9r=zu*2WKKie+=b8c+5@)=^)slza zm)_j78%fh;*KyR)bEOFB>>P>DDDKD01S;9DWW*0bZdm$g|KI77k)5rpiKDa0|92F&t?A{o_#fc6n`;FBwp7~uF9IjZ*;Hg;xK+R@v=_eGQkU4fxTR*RN# z>IAj4Q1O+{0XkgM4=Rx6Tf(yP3;QNtj(Y}-b;^U~l z@sgy2C$x-h#)Hu{xT->>Ec6SI2F*TVwrsavphdmg^`jD5iL+$yky3#UXjHN#)L(v- z2U#CuQ571MX#Hh+zCFM^_+?Dk%jzi&8?oDym5Dk>{B@lHGGBJIrD#oaW2^6H|BP96 zh~pwmEmul8!k@^xOY|BJ<_ z2{!i+ps95TfW!FHL7_l_Y>#GjRB3@VYI=ku#7o33;ERjSdG8%fxD`orbK@%pI-bY< zG#-vDpr@#LCkWQ;xE4SY{2zOO5q1qS3+0f;oc~WQXQ0RmqlS@o&)5NqSRX$~Ox6Ey zm_P7O0BsaK8A_#v=Da!lH|UcX&9ovpZEnCj0gU<*UfRMR;^>gIf#LZ!;*{0<2G|2B z5QS_;W2T-imgkeu{E;AF*4!wrVu`bU{w19x`|j=NX3muzU@QmoCNP%cIcIF}K46Tu zxETF8=OhN&U2)Yz7S@oGinMBxW+O#BGD_iBtqVK(Ui=Lj#&2=#*uXKV)9Ww|EfBYr zyjM|XFF#7P%k}by_>S#s`io}i=NaM$Q+QhvqTdS*Ihm&)w4#x+cN=*lZ!=c3K4LHhbh0VNZ<=h>db`)FSRZbn$5;Z1W*EO{xH~hZ1nKTD=eek00`XM- zPy`RmsI{S>ax_(uyqRzV_P09&nO)b%_C9GgYQ2nTOfwO%!H2`{`QG=}j32&@dGXc%-Y!5yZvQ zOPgl5va%b^0qO!DEK|I=3#}vdnBhzh%<>FVa{!YFG?2BeW=vBwVKC7yQdo}%PzGpZ zLE{eK)y-zig>|6glq zUC)~C%iZSY&d|CihT^6vQnnb<`r72T2cpckCVNYLc=sk+ zzFu#XpuK5BpFg->Zi^4CM4gH_eQrMa588)4QQ1Os4%gY8@Q#1P-dP(0=<^8P#DBN~ zzDi4e`0}e!*WBz|zN7c_BOQ8lX~8mvV^R=Q*B>A$v^zT08u)M`gW?F&hV2tQ4|&3g zc`Kd$kJqJix6$SwVosC(Qd(o-eat}y5)bD|k&q%Um_tW!f^sgOwEY5Gn5e#$k2&HV z_-c`r8$vs?U>>$CbMat2L5!Au?~CAr7cUK<^bizzR-EI1+vzx+&Yazmi}`fm#8*BH z+qf_2wW0Z~cQZ$$|AXaFWT;3{CS3+QM0@}u!W>Kl{_VlV$?6H1H(*3*ry#NQPjZH= z9oEsv=kfdLy22izL_oJ0ZOL`9EUlG%u-*nSf_U?r7@o99r4#O-wbCE-I?Xy@6a+ zXGh5rUdzn+4gjLfOz+)v#=kr!O-iH8AgHgq1ZkIH;dTxa*NZ#>#BYd&!-O=I?dY)v zYPE2~PHTTLaah(}N8S6Y8()o1w4@6DU8SwpFsPZ99fy-i(Q^OU_KAev^l7o?UEb13 zdir^}%Bas#G{aWJWfMELP4;`_)}HY#khz(Uf+j@hYZy^1|Wh=2Ic(J_jgFx z0yPMK87PaUkhlXZhhZ+FvQcIQg#f$teHDeLTWbAXoKnHv*_Z*kPom{6P;VV5lSN-g zM*NI4Q7_UuP%W9UgoI!U)0Z)h%n$si57>x$~%NHb|@+8O}<{NfR z!Wn6IruG%iN%+`Cz^HD(>k@8ddo4|XK_ zrh9GfSRu7;+F>QkIbyZ;fg$Y4&fH0ztBORe&bA?Le&`xUoLTHi?(my|QHgmS5`$&Z z+ioa40uAkXu+N?Xv&0d<{{e`1fN46{z(i&sb{39up_k|r4Wli&Yd*g7^6~MvhV5Ws z+8Vy>(|Qcq2&@Piovl(I#s_WQUnp_;vV}|sYTpi&T*lS5To5Cj z$EThvI>g6z=J(K0Whm8k@es6^H>O1T_TH|7q$H0OJ$LZ3^5N3C~dCqGuL<%aQ@N?m^vQKIdzJsDpa+tIn)rzeqc_u(DDVtao-O}Rhu_ac< zX(u~stx?dbq(0ppe-=_^iXBkGE(uG&2M^s!vH2-};Nn|@qKvi*Rla-iwP9QPy0`{- zwZJ&8db#*`IUI_gX@F)vZqpduFm%*Y>AN|5_3)#C!{waz%a|#QnU62pSYwmgZOgh< z6Y3TOuu|u-w1r#`vOwco?g*hoUr1LQ}?Wqeam#+Uo zTc&_`fCQ(+?Rw{reo~)41I83~UT$5bPQ9!ln(ackox8TX2xRSeL{XXd|a@vnf0rO*@Q##%tC_uxPi7kjVqCNq`0`~{V>b6 zMmn}|qhu3_kuQ=xk6*@QOg)>fx3l&~90x}nm$rS6o9(+Vd1*rVng-)RZMSCH7ECuC zZH>e~{A`F|)%9^OsPeHeYf8293~KnYUNnyf*f(gM$*=1D_|Wg^=o#K0pJBt9>rJC0 ztBvP>c=2(>LHSj)%F^n*B^{rW$$x0+Ct8U%KbALZK&hE#Po-viRp4HA(ZcR!d8)GI~(u1z@U)rj@Bk7r`K;Sg(Bg9EUVhCKF%MQTK|7!FM$AEua_rvE8}WY*)AhG;#$;`~0)v`7C^2B{pagmJ@xNV6L)d~c1pEBH?gkkT`I!n` zU)ar|z7CBtRq=_W#@5tJXZ6AQwuG%*yxnFGL+B?g!g<= zMpL(5^)E54p`ao4ss-`kI3EuH^0eIm{*@h_@PP*D7JZCCxUgRMr=O3@TA#W-!yX0$ zfq}<1m=dOO+jTbhK9!h85;P@lMFK=-1$j)n=3mUPb2gkj5NAK}F9Xya$8i9B)0Mf) z$cCeUHy-J0EOJrs_FyVGWfdi-umwagV>k~M)ObWGu)1fyBb=he=@Va$1(Cu`L>+HS zK(_gfLOO@p<}x%3eOu_Vzbv)%2ZIhM)@Skciqb~)-02K^q5)HcK0G`;TA?2Lk>E)l zrQcloL^X%mp-AmKTShi37J1{jRcrI9qcfwg+xiZ9m3^THV~(#m{@vu=#`b?5?wMWK zTI}muvBt^ygAbwGy;+bZje&T=Gw&vUR=3vSi?Hbjjn}xId^ZRDlx_jPX@F+VdWtsyiakobdGZ))hQyO(n){xK+)d=5iMEW{tHAp zNZmCzAW3CV0qiyidehM>#BZUI#pqL$GbrFSQK2xOQNjI!vE---eAP)b)_B`>%RVjg zt79qGhXGr7O;-bH1+utZK-}vdr%wxl+}sc|8Bdd%O`Go3@Nj0E?}~+D#TV(x zU&P05Sa-@b1lrv(Kk6%sqXNZGq&HR9oFT^2whhVDUpP5O%52%NAKgr5f0yT?ZG%^X z`cQUcH8Mp|vGi`RBYZ>d6GacmQxB4kWerK(fiy zGf~cuUWU>2uS8uOMN%#*E{C1;-%ly<;wn5&FI5Kt9m111JH5xT(A@FL$bZg%!F6b(J zqp?>muaD=~z={IxAcuW7f&cXE=T&z!j0xZPitY>>14Hms(r_2Ss7$IQ*t#4%rP{=| zeKU12_Gs$&fZI;3ke|#aU5oNHxh?cn!4_jYv^<$E(L-6Tdu)Qp)QFmNqD7q{b{N6} z=j(d(!XItdxa&mPebgyo2GZG#u!LIqy5aZb`L~I_aDhjP#Y$-{ad5o*x*@3{@T)0jLw($l(Te=Lbm-TjO!32@lc=eVDs(nReWNu-+g(JRh z(CQy51HluKYnU#z*gCZpax8^tIwH@Ad5YN zoPY^^VulS(qMFVh$B~rNJpmnlL`fxva&0O2E`h)Cq_2j5GscRL@)-rZl^8o0nv#sd zs|GRf_G(`Nq0dL}i|C{A99WXcV#`195>(@jRP@6S_9z7bVJQh-E(XCc6&CC9X=;-7 zdaJe##+fhcR$odNsO9n))JgTwb}bq9mt~%;;5Lc|AEg9N?`$G&hMxRQ{Q;SwlzyON zn}*gM>%o1Q2Jh12VZ>7lp+YNC6%^mq+JQIOW$ya+h`f%$tRPL4S2Pkt{6R3sjK!sG z!b4En*;AqDSB7mE1B>tW14RtHvG^}DU@5XU4iPzbL}_?!k$3pP%1!y2sDix0Wr#{4 zl&cQ8U2Qy#lhZlFd!8w{5rRh{g6o8WU@?d1mG{O=`F(j=Rv@61zeUpiE)NIS88+Z3 zI1S=zk(BA@pv+c3@uKm0=nS2Xtx)4kV5JnmVfqh3`#Pwg;KnwBJI3g#Oxr9QJHd=c z83gVr@=>aZXo~i7=N}t`6Slznf-}q1{THJD@dKX>k?KGml-JgOnwXH91eZi`C4*Q- zDF$vytOl{1;C+$TBAyCq2N~r4AnUVP05$1mDc*#^K2cCaOlIJYQKRe^0M{uaqC|>3 zGdO~LOTk2aUKWw-S+izBI*GGT#R}yB@pXo9XpP{cTOuYb04eW7q#UP%eaQS~}g2($g3yQyIrDG;LF z$Hz04PW2lvBNHii`(9l@i}m06yL1*z#vwP+R~%7|INddNQ4Jar{|V84sI5tPG+!>9 z^Yl-868AkSJow66JWpxR_$k{~>DvPa-ve!a(|TeNn`m>I3rSWFN%_>r4k*fk2Puy< z{KIpdT@URLFG`Dt8Gaa(gJgFlVkC+H;{36fM~W-+w+lbczQIxdSpF5Rtn1vL4H>z! zxJM$ALf&6^Si7MyGuI(&&+C+EgVDS%5&Dw+yEX37m8#@#`u5OlXg_* zmsU0>JW`w@pR5tzCzI07zXvYy}z4w@lS!(=NKSUk$Z&{ zvF`i$5ku{belFEg<}}JAFmbcgZ^2C{wauIsAgb(hW^}@t|um zqp5J3Hk(6Ie3C^}XcYDcCRHKhgvYYeuJzCrqk?{gojms2%-|Be0Y#PL;dtPJu0~Zn z&bZ~#_fe?J(-Pp?%9q!BUSjTsUb(JmeHGP8?^aHTAFe)t|EfNdt*;vS$m-4gfM;{~ zg{^Kr*(T>``@9x38YTETHggrLfRFcsvtPTES=q+R#-*6yK{iJb6H`g3(z7 ziWC=szt*4weE)5UP9HT7dox}v4EKdylnRudWSOF01}T*VCDQfEu^ivvi#$D;z-mRu zz98~1=>qsF348M zs5b)y;+Vb&_&*1!%NdyptnUDs>-a+=ALjj{t0*r~%;h~9fCbVS0^kgt#xmXV2M^z% zuVHciy%wf`PqLFnC25k&@o;;;-Xo~L2x=f#z=GEDlBp`>#WZlaNyl$FEyT+Xw=wOx zEvp+x`M9;^O!TjHW!&`YINJa>>{Y1|G=eTXYK^Q-{&Rj1IAPr%lMAwl6_6uQeKY3) zs@PuPZbp7$+|ZSB7r3RCEX<(8(WhjOR| z_t@{oq1$amHDV2aqzA<2!>f^AK&o{wH$pSOssF)E zzaabQT84H;PE4U`7h@TfDU>P418-NKO_hWlmtvhnQ7PFENR9SW;oQus#*#KcNN=<( zKeoKr@oEw01^K2Jr$^{;%s!%ouw?9rCuM4MJ!yhO%4roKaoRL4Vh(9s427S5M_yi|`=9^x282I5_9e1$ zD%Vg6CT(5IUrXUm(Qm=F`it(CKF{GmZQJTk9kGaI~>xDdqQSdhr(TxQeiz)g%h= zgShHKK<>b|R%=%xBLQ`udA^{gNCVKub;2NPeSmsMrB3-F|JM7N=f14jB9f!Vez8}( z$?fymsoUY@d`J(z&Qw~5GbZp!?Yc}lg(Sh500w%NA;w~f4{8vff~}lYt$A2#jZG%A zJoL*L&Y2&We9c`HVeXVjl+XuGHd&2@E7+xrfa{HHFZ`7SRLKO|un=j#GZw#NC6s~K zB+Q9(L+{DeBN}hU8;y`SJbW>o$NUpNwlPjHhauXh7QFC9q2I@L^&9m}nUxrkiJP8q z+JPr8b}g2hzT=4q#_G)w7I3M{v5A2Kpc$-=XA%dq7alG;CcK%)g>hia5t>P;+E&~8 zUnpE64%Z9rk}Z6wSspX_@hUE&rcMXJdsJkiD6bSk$$9!D)x26E9=&FY9>Lx$Rgsjk zO_IOXYdiHZzxA?T1hxNg4XUVnjF$1e<`}JGtfBvi?E#0+X)+M2dL@zhH&c(OveSlB zqMZ#H&5>bGfVRrNIVuK@;_=`WMMJPE)FA*;^sP}i8hLK_h<(uWXLm-lw~0a9fj^n9+O=e~RQYa0`?CgAt+zAt3YI@(gZ}GE(W6P2NZ|n@!Tf z#&nx@^=`FAb-Pc5>$wh^9@fU`<+fUd_HdD6)ZHoU7L9p{YpGeXjlx0J)}&0GoT!_& zosfVuy&s0FubnoFVHL4Cm1+)gnm>cbAwglSXz?(~jCX}I4d~Wd3Z3qxb8U4>DG*rc zGjSqN!U}xqXdV!nA>(pG)`~@~`C3_S?Bkx|jWJIs0E1;TZQt=dxv$M9xQOk?7sk3Rh&aB@$oC7o}yro!Q## zDI<=YXID>acm3?yeM5KEqPSE?=Ba&l7>}O;bvN9KtNo3EiarsxYR{-f@8YdhC$x`I z@8!*=$d@;B=*15tw}B+`ZgP5*!v&53HXt}N(N%7D@w#}kL-=kvyWBfz~ov3vmdk9><&V0X*|gcx3izp_TXm}mn}gP>mvy@zw%XE3A=y> zoG^~$hD&D&SJJ1p7I_>4H(ct168L0yzq7)GaNUy7%7r1S?q8JG)#H@IW4-P6d*?2D z`kC;Y+8yTUq3637oE;?@rM13~Ysfqk;X3_BLV+R8)VpnWUY?Xy7a?A10BBe`7zADp zX2*!Fe1OKH@p&OaHqVK7b{ zDiuZYfml$XgGSBq4%E2@Kny-mywy!;g*N!2cSAxU7?dJCjhGiA}p^+L>MvT2`yJ&mW z_68#Br?j(oNhniK|5h~mCTnf_n({(w?8CX%nTI@`G4IyI=5KTe&% z@>_L-eHB^;QAYsPi;QzC@R*=ex`mW#OD$1YM%dU&f1MNLQ+PVuVROg53Y)7mmk|1w zhH}1i>*L*>*3bp&WJ@CPalGqb6|u)c)r^jO9)H-=QvkinMYm7BL$?nU^=`rxwyShC zy5jQuce+zQ7%((W#|RrC8shsVJ6n}M_hI94n0p%^?vp;vF&MEoYYsCPr~IxVvxwh^KrWTqVU7j>UQgL)m9rH=e=)waOKDj9F4fkKL_8NBAuCPZY&qaC-5L5 zN*O99G=283MD}s*Jcp2vbC^2IJgt<}a?bpsI{$0PCX)Pa`-#*-swUF1K!O|+s$v7F zHx9yq1K(ZSy5m3-vd&p`%hCp{kN*0mWT-4_sAyD!d)++si(YuTsHm!{^7(2ANYuKV z9NizhWz;IHjW(a3X%PPdxei1%<@>F##^k8&CqKy2T9-wfpGixENLOA)h2*m#lvr~} zy?E@k2ps!{p@D!}nAx5^$y?Dgn7a!KInNN+a3z8^vWgzcW{Oa;RkUrw8|PrAYG!ISA@T-4-eF zKdmJH46@7&Zb4e`gZsX|JN+4LOzLf(TC99L)azHtb9)nTblH+vQTLDA--yfo;i?L)F8q z|1>Hwb;zq;tgm~(E7E;8 zJxa=OT_c}G60gKN4K}6Jz;mv+jfbeS6B+ex#f{MX3Eu3 zw$B=IOp{6NE`VA9dmcK;HccO9lb5tZFI6oF;my@}5i;Q)f`j$BM4Mg{!mX)q9j9Q7 zKgS~dCd&M^ztFrl@K5eEZ7*lLJo56h$M476zyr>++wawv&+U_Z{Zp)cnFmd2xM}s= z{_?v8e!AxEzx%eI+U}j<{qu3Z*Fbn&X1Xu(?5mCBOJdh$bat0=*5uL0C%@#Y2-_Gz zB!+a$V?>&5!$7y)P#QIg2p+LdDi}{&_W;h&diAs}#S$hKqTX(K2-1y_ld!NFIEd|F z``FM$l}Q9-CL@Qg-=0nPz>?yDM2}tBaxb7)v1{x#DTtfpc({}v5_gs{C2BZmSW$a| zJBW*R^iC$A?r`Y~?BCh|nbpI+#Cx{;oxIA#M-LkxS zP6l6DcUC|PVSl^16!Scr%yU%9(owib)Jdm^nvEf)ypFm_?jrXzWGh35f)8#-We<>> z_y(RuC>mi}z^F=taSZ=*nJF9%**eoI0@Mw_ zb`i_HQeGx{ZzkSoo$;VA0fx-p8K9F{L&k0)tWj06iea-vCx-xe1upHwUTMw4l!qP( zR0DoUeyzcUcN%f1yJCDDv!os-1=3y&!siGob1z5hh>Fdu=X?z`I)}Op!#Z^o05(em z20q=dq?1?)&jQDUdJuXEiS9WmF}uCUcBSL8V^Kld)7W~;4dW3E(35vrH_;#KG27Bt z&ZePx6XVAyGsrJfitUnCg|E(Es|jOow&n8buf+EHMwfvg6awo;e=4R`+h5@ILWO&=_{oH$Q| z`ga4~ujjgwh!7;g=I$44`JJU+p`j%lrwo!Y)3I%H!1n%a$@!00c6dbcYp)>e{NCjA zt)cchtMpWDm2~u#a_d8f$Q9DPNmG4LnAX#>e4i7QHm=&0aFHF^ts!NLlGDlwG*8Bv zP%(|V9+y;{!)hKHy}kWsL_Q#Fy;V94VTF5rml-|*{E5OEfAgQ%RbAY!bJR?iP#ckI z4I8PAjA@iJ41Z$_*Cz@F@iEq2=;?JG-QMDXSR1c+>semJUs5_n`!)D-$g5d4_=s#+ zxOAAC+dYi@vb@;-zUe<7%;)@MwIL0xd+mtfoJ-775-mKi`kM7CI$I18-tC=R?vOC<+Y9MoG zBd7kd)kD45`L+T$%~-flaciwc;LD0Vy$dwbZH0M=7#(=92-befprm^ttTneT=xBGa z7bSsH5Y!^Fuj;Z%Vc73=)SF+)t^01!s_cx5 z$sV67{>>I;u6%X7%!CHJz$I{n4^dsb2Bh5GY=FF1cLHyl+n+gDb-T#1&R~1}1k}yqLYPo_MBcY*tRM#d?#5)i4fdVa>CT!ld7?Ht4(&%|#Ogi4U=(T-`f_l0HCm|P5K4lAQF#%_lx z8?m%e<2w;9U4=GBjOy{7i5n|D@6j_?%R{)SrBV=8tIEfAVO|k1+}F0U!~*S@WrxD& zb;D#mBj-EI`4){^xfv-ORJ(dnVx<58sHDqt)eerY?F7kq*cf=(DPTR53c8~4;t>en zwR#aa%3S_&CTn6<6P$!w?UQ@EVE#BEi=h{Q(4}^zguDN^zLe4|fIW+#26s6(b9!jK zUe-#u*Y4YNh`9iX*i1c(kIJ$V5^kZ@>`F$%$pQtA)Tfsw!#>EfknVTS2IztYG ziT%Vl9EW)L71X31>ys2?=sg8%1BaD5a@62gduUA%Mm%9VMkE{Sx^wcZ%8*h$RQi1Y zrj@sA9hwARut!;D%Z1HS97qD1MyDUxfZr4ZE;NS#o zgt7D)fD@R;HFLt<({=6CH@os_!;-NdDyskt3hnk*yrG5$W6(pFfopi?>2Op zHQQ%?H>qJE2ECg5KO#%7m3_e4V<{fT?K?VxPkV2iC3LU4Nr!)1LMHs{#bj%2&~jwg4151tP7WM=@?d*~djo@S#yo(o}D=r@3Pp`P=H zDSHCF495JBWp5A%l4U;3MsvZ0JgUu$VVBnvhG@1M)Tn1zN=6DeIwt3%0@#32*6{n}Wui*Z)*afL;bw9&w}3gvIQ_xJfBi!-5Grqyv&4iBt8a<^ zH3%ZG;2&IC#cFo9j;y>jzkhL{9#E=}yPd7xPv9q?M6(E&bV?Z$(FuP__v6QFM*(gH zUTxi=6qYrCc81%agl>7y4(mTlj!iwg>Plg@K+K-$1(ERt?51L)nB(~8iY@<}v8qBv zIe`dwXDkA3ju{cnF6TcQVaooI8@J$t%RsAQ# z`*=b|rovAl&r!vRQ>#1>pAeb^PSUzw&=KJUpPGXIl4@L&8N(;&&94-+_t^haMO{o0 zWXWpl>(o;5VjN|&c95b^9-C2`0)E#(yfBMB16Y51dX#+OWNAEuw#nhHM9TGRh{dZg zV(8SMZPpR)kZ{0y2Z6*-KB}bCtC6hleDSp;Z5E<$#vt7k^araSK2Q?EgOQCrKjRs%Vry(=8}1KR49!#NIDi_*p{vrOiZUH=gr&XLIiGx!FnLMrFlg z6*%#!=^*Ct?U&uHV#D!eQ^As2H$cM_w{J*+Gv|D~YBPd% z3vR?ogm_@wgYH4rNTq{8F-VlhCmFB+$M4S~nr=lc#4uVsDRjYgk=BxJfgEnB`GZZA zi`rIX77Et#To&OK(tzeI2?F6_cY+hINH2OBn)E;VzwSt}aNM2NEZA{7s~PaOVzW>$PIfqxaYSuKIh)MyU*=&_def~XRc?h{P9-JQ8lY-))+N@7G?{(QFU<$$#UNTix6_+{DnWb zCOjYKdK6vpywn+vvD=3KNWy?3l}NH#TpwMK(efNw(m-Xfmu!RSGm1u&=t{#z%bnuJ zfJb$c6cnaX+W;5hQ$NcS5b5l?kPyk4{ls(};F)6NBo|36S$-SmVJEVM0-9Zai+%Vs zx(>vO16y>t3Ny-(VSd-kSp%L;u{QjSgM%=&N!Z`O=IwdTHK_aPmYi2qz(_T`VTsAe zl}&x!VAOl%b!>}N(w=FEUwdhuND9LhN(09^5C)sJ+zhJK=^%$nL&L2~$$TKDXElx= zpyA>n`Lcm7QIUyCRtjRa<@=yPW$Kk`EDxuwcDYvzu#0ucCHbeJ4abyraj>#ASQ}6s z{QkX{ycO&yI6R$B`((hTK3EYAWV_aUbi!#k~NLUY_GFxs{0Zqq+i_|5lcd!Gn3%frw zr_dPdd+TLcTJu{Pw~*>nFpPlgC$q@*7X7!X4ixki!MT!7pyq0`CetSE1^XQ4duY_XRCBL3{278_I`7^` zW)c|yrgT`;VXrpbZhhK1`xb@W$-yTjNSDa``SpPfnRXAGXw(7` z0B&D8*2BzJjhso_Lf!$t0zh1a5w>;n0{M#bXyRIQqFFJQb@B5?)zIpsJ|Gyj}-*^v1PGk=Vve$_Dc z^kTyhek{wxMHgc#z>-u21K*Cb=vFALAReXcU7UB4y84SqO9(ArQ!jOZ8nq-ihO`kB zRcPOB2o=1 zhLy$Ek*DEgZ})E68w;x@L~_SVK>B2-y?P&n-Ar*5}0@%zvEet z%{Xl#)MvEHL5WXI4CGnu$$yb%5hMD1*SJ_s@L}d;@k7`xI0qMx=Ozyq4>u<>=2$vP zNmYb5;s{Cjc6?~lICl4CBUOJ!nN4VzMwD$)V3DE43$z_)ML)}p^rMXpp?ED!&T`YZ zCI+uoGH&+9m7jS8?K1Yv4urB#@a8w0Eat(u=84GXbpx?Z#}$jBwyvsRa>BfAqjb7> zkhYRoc)A!v5M(%kr{wq-bSrI+X9Q0;lV(_VHPOv689QgJQBzS?(RPV(Vwk42ustUq<5-O%$Cj7_zxQq4<=z zO+e@)@JjH#tm;>ir?o3l&iVHO$lB0-|7KaW%FinTY@TZ!o1g)g)Dr>;AI9wXswwV`!ORn%x2q^cab?Fb1h|HX z31p@t#aiGY7AzwGzE%&nvi~eNrUxUM8AdaRQ#b2Ji1LgOs%UaPH-)KN;efb-Q0r3` zo_y)U^0LX9?OpEQ8|!}0Vu>CVs4yYmc~U(o)GZI}!y;tu?WBGHjUq@X%-33dz)%VW>K$Hqw8ZZ7u$>P zG+O1Q*lvd0(KRBaB?LyGlK} zK!WX=Y^*SRfi&Dj}8>A85aI)f{v zhmsmUhMBV2kkL9vm@%qIOZd;fCMrE|0L=CmJTmOd$btSfeqe*$q29W$PaRpwtURKWuI2Bz{VuI;3dYqg04Zu~|qyqQeZpp7x_UZq7) z>YaRiI94b^Y7&y{GYDUxnZ~RL|bQ=&$4>6V*3k^52u) z9#q%JS1u*iQPRc6Rw|ddSFVISO_$xv-%<#6r@IQ^_ZzAl-M-$hfMNSfSsnxtJfvf+ zW}BS)!SQsy{n(|=_5qdIDhF=Uc|M%%mxAX6J7{O~4m@a2d;{+vXC1VwBP0RoSS@1a z8@Foo=2LUHA4=al#2|*Cv5O~e20@v0@cqtCHp`V3P(cyi(4!>wMhsza1|ajrh}Ovor| zQGgc@!pJPkg>!VS>~*9>#z#Ss1-r(QH-2=xl}@o0DR83%1E3c*||x1Cmeb<``xCfrD}^Xz42 zc%_dQCR;qVY|I*Mh8K)dCDXLDFiXGvNI(udBf8cf3@WDN+cx}lS&P~_uYBI>N-5bhS4m~vzs z68f!Oq=v9Y=$F${V9Wwe;YG4mp@xGMD(Lt`zLa;`t`xh92ACd6w z7tuMoi(#EoU@uzJF0tX1XEdSLC7Kseoj&1O@tskxpPL)3nP5wZ1-mKGs4g2bed^Sm zAaj<|o)It~k;|r!ax~SCvTps>JLD3SP!ZGrvC>Z6{KpREa#HcW+hLV2`|4DiuuWBL zg>dwAQI8?u4|%h~g5{zm@Nvp2Qal3RSR`654FAaoE5AOUE-y$|F zWFBl#NVerMR!_nqKfc7cRcjn9ek#wZb`MGZdTYdwbbObB8Rdnaf(EgeA9$|s9DGFq zzZS0mGM8>LCUL?A<-jR-Q#XG3fv;KN++|F8OP2XZuv;sMbcbrods6?jVs=M$lfdsq zNR^6o$EUMY0@k#uJu1}U*3h#vI72Mr{MD;!-QE#;^Fgxkrsz+W$lc|TOb+N^*Wfcm zabN`>qmKOHi0m4$GOqc{rD^9VZmJ?wnKi53Q|uL-jxJGdjw#d`g+3RrsT^uXd!mdP ze}}53m~z9Btfc;OFuJkEkKPncC08L1<=#GGsjuhK^SFkJz6N!~L6IR2q#lE2NfPBe z>K@Cmd7?L>Hr=bwE_TRg`H?2tQ+;SAo|VrXUV~_+N)66{(!jQ178uB>Y!(=URak_N zi!4pzNsX%{rbHiYTCqbvKgwES|4zn6HgIlxK>`k`)-mP0p{8YWCV<};cW<;*3r>Hp zh3)m2Utn6vkFuO?ThQW{l!r| znYDUT6E@|ODJ(QG&y;moB|Sx=^aOj><`X$$dUHWUylWBdGxY1w>K=&+=FJzM10gv*|9VG~w0pbbA z(u?Xjf@Hnw_&0_usmX#lqzK`k3D+_3jW`+|@~Z=RW%Lz1)Te++7;t2z#@s3FAP^v> zM~h|xyuzeVQABihkb3r6sO5o6`bcNZk#0zYQ_+q*!xX#>BTX0Pdr9QK=+D)t$P40W z5M)r`J0ssU#1O@>3$HyNzT>i--3;UIY^IMjV zj+wQYqmIsBq_qDvH4LG8-B{6k6{X+B2MB+QRS=R_7LwOdP~=loQuqtDQH%ua*LStM zdoECs96#mt8oDqginNv`*zCj$A1HZv{=i$TNlsROPazh$DJm8cg<#_J-Xbe+1Va)T zdTI5Xr*6^60Wvpb`VN`Ale5d72HM)wI7oEe93r&(OMyM;7f=v}a z48f=)V}G+m%XL|juhT%Ybsb=uiz+Q-*ge^W$eGanz5XY%iwhJ8C_rQ>Jbaj&7nbXt zZa}|Uz;+wtApYF~3-1@kZ!I7!$tUs`H_j~0j`%LWaC!^L)1%wXL~fhs$^^(qhb-3n z=7Vs_mg(GxHaOGb&a?gzkX*rIyLc0kVzzw;6eaK&isX%y%97i<*Rbt6C-Z80ns7UU zo%;xy36e!WIfPFXYKS?~(yDtN5$lS}fR`q7j-Nl*SHzA0=7kCcn@!tZ88vQn{}|P{ z7V-|;f`d|}UfV*Xcp<{?Us7S)w_d1?zu%$bdpqO({w~FYBn5R8)ntYK;$EdR7B2*Fytp!e|I7Xi zhgo1o6^^iH@Tsd|&7KqN+%#dOU#5bKaM^hOMOC!EJBG|iXLpWUmN-hF_O+0+Kuf}DjW!_v-Tt$V8dVHcid6Uv@|FAzHMl99o~G1 z(>btnkHgKsIp%0S94jWve6sjdU$ZuRVyLOEqZa^>WZ@^8#- zQS+a?9(jRyCPo)BuByRf`mHjalE>2&_?&wyj`^Hb8nh11rJA`gKPP}XUtVW02Z7TW zG!!>d^&JwIh1a%oN8Ewp3GBLc?M{WcS!zX|Fl@Ll#?*(y60Z!b3a1aF4C>>oJ?+s% zv|C$ugdvmiH}zAvN#ti}HA2;oO~jmdPJ@?@>_ifIN4}ah@KwO5yqR{kYFcjhj)P9R zx13JRSj5*+c$cp9egrSlR5ZBS48Dp=S~&;@rZx3_+nXVh$S!6>!EV9yNHy--oi3Bo z_Yc+62)Xm1VGeTn4##TqT1%r+A=;O8(9&2n+FVy1-t2~bUgm0%Jm{P~=!AHt-AENj zpI4%^y@-1?yFDi8E&C&;NFy^NjV!vKAsSr!P#s;dkQDY~7Au(G7bt`zK}1JaNv}c{ znbEs=e=)0w(o`?&LQK6ynbE;JFQ;uYjxN8mq@22{2~Ab!-qcvf>DvK@J6^Z%F<^Sska;0mD?TYZ_GbNIx~Vy-mQ}?-P{SX2E==;i{n}qq-G|TA$?V-WukE4cUoqe!Amk0&)s5KoE{q zkU@BYBlXXeh*%^Z`vhe85zcnP(uWu>C`J<(D|Yis#O04uRMz{mDXLwnbZ+&HhE4dI z8j(3lSln`by9Feaa|)s^37|%--B*{VrGWwj$jLX+@#G6fmk_wiA|>bUd<8D%?IzE6w* zndrW*u-Q`bBF((wNYj2`am7TK?N_*fPmYQ;1X%Lo{m*Q(RKS_i*}}2dsX7^PF0ZD# ziBy`geDmSHP4JyVq7-uw`D?~du;@Vek+PUB&?TW?&2VYY+a@?fcnSM3myn7fTwh0X z1h~Q96RFUG;p|cpQglNL`KR0o57u-vqRIK6gAB>~YKA~%hL}o>9W0vhr{&Lj=&Wt6 z+QApfo!phHFhat*%4vX{8f8>xgc3cGjT)wp0(-Q^LY?R(;|n5q^|1+7vzUOPoQqejSI}6E(KzlW^6oPf`3zH(Kz>!Z${&?Vda{Dg-<8d}c zLk)dDOOi-^Nh+YQ&8u_kUkcP3fL9oM)*FW6Q;k0pZoaI z_EUlocBsl`=WNYbGekTi9uQOj#DlB4F+>#c9U@bt&NCF4l7DR2kRR6?SOk*&A~ zAUjfRia#6_@D4q=01~GZ+`LSA;=|~ICs`d*eq=~2LV7^ej~G3(jqfP_?JZS5a&kT8 zbyHl>M&s?fB=pe0M(D%Ox;IjW98hsWdTK+$AqBBPy!p{N_!%#QjXOs_cJGP~21O<% zFoGY7X90;@)3NLX(IWWjrPidDgx zlWXS-kU?s&^TLmj&T~5Bl(B}f(2bMsS8BWjpvO=>n`##o7D|g6a4>_;uillrf*f>I zz1-|CgxX)XKMp8Zb2bBSP;{t@$m;o3gvzp4TNU#spgj9Na~xMw2PTBdw6cLBxE@%2 zex5E<;8waODIslT<|AB2owzYK(a#enZovDVpStRrww0gUdIbjprIgYscLPW?zE_`) zc~qF7TVONJIc0B3o~!A~O-xwQ0L#V>i(iXbqqzBblo8{4lr8L`ME~256FLxH0OmsV zq(ox6tpf9sSYDXW63z_yVnDbkKfzMMPbRd$mVD#*p*?k^*fs$Ovj_gL(^o3mT{cJtj<(^9`+gAT7u;JjB_R%(wwW(99 zZux%Q>6j=8qmi0B6E-0G+!>qTUe(AHURB1mz1`4YKr2uwNbl@vE(3}QpzQ>~V1{7q zY70MeCWIYck;R}SbX_%_ctYTh5%>Ox`?coXdKW{~*?pwe@`Wp7OY2Au#KJ+Of+(l8 zo|3ef3R^Plcl8lVh851Hsp8U-Rd~`Av3s9pV5%IgE5G zr=ev0d9)Pr=p_y0Fvs_Z+OAAdFc2tyV6k6G8In$zUA}KVG;jpVz^tl?$f+P82vV_@ z4?r(f=uGZ-*O+0fw~WX-9tmg;QFQB?CF-)$NwS(8a%GB*Y@CB9CGNA5(-p3R~?29)M*qlWTWxoZgo%3nB9`C{8c* z%Ov=%PFA|8tr*QOWEH=bcej@3~XoB}X0=5Ea5&y^kI%Wc7#m z#_?Nrxg|7!%g*@oC~1u#8kh1|FEx|xNazf@?A?H|PbXup3F-l6z3LbR&uqeIPETAT&3ji;e%IF$ruNL>?VJQwzJeo0g+7O^3al{G?qSA&D zr;s_)zVhbmd`v{oL>LTh9JG%s3YrQFZ4pXU>*RePiVMftE4Iy|6jY|vo)=)N^y95< z5+SYnEo!owGC`1jQyd<7ulztl7GkT8o*1!>^Hhh_$Zq|l&2y+XNyuwk*8Bu!E`rKS z$!qZsygOBAY4s;rHJko(ap5ST7}h;uI|;}#GQN}URkq{A=E}@UH!=1Cuh8g3E zl6Dc`_UMv`7_yyx9QqpaV4zod1N&tCC<#rl;EjwkOj6fD)lxQ+_})Va)sckCH3`)y zpZ4eG%qn%MZBQhoho>*6!?Dwe?~)t{#mVRJdUGXQ)i-FBdqNi1$lQ;d;0m-dUt=}m zJ{XEEtFu22ba|%h@=4ivnz7p)Da+t5_{W0b=veGJI&#>~U-n~yj2<27{X1T%t9SJ z86in|5g$MVrF+5;pF1FP8@DFFqv5=l!Yg@oZG_oiMdzWY&x0yiVHlh4&m0O;$o(c!RJcfU9Z*LSVbpt!in z4mRJ*$27Zj%A%N1Y#EV&tLDD<3b(=U2%6@BkBXmypCp*%pl@=7xsksyA_?U!c7{*x z!>JP!o^kxc7AA03BHXJ-1$+igOux%qUZ$NNNYQ=3)ZqHO%wM2mF$wg)is{L885$^Vl^~sQ zJ9h8`8ug%WVhxJP&tRAmLZK4~+9MCIiF5&w8zSWNH_JCF;`?(*!gT;0dDt}l$Y50{ z&va`WC)_O_t$>t_c~`r*1(VWI_d6xYRQ3{Ur7hT*i$F(M@Kb-dz)_$;z&osR)!wtn zHFrsfp?csyUg(VPnueiWSCc&}C+}Fv%sOXjB`Ctf4cbr6)=&auD3iZHg{VT_ugVMM z#2;->l;z`~JT_nka#d0j%IY|LaZ}>

lH}n!$I%HlQd!JmHT-Og~=niYH90b~)WW37of%$+EfiMcaog{g(c6?P$LXUmd4fnzuftVIf5VPyO)$7~L`_fc5!>0pw+Pwvrff%L@Dz#VrVxEfM0Axz?t zg&dm>pOFQI!Xt7p=o)A4e7Ew8xOqjz4x+zUGvG(@!(kMg=L|yRVun0V^Th8W7KkO; zYgO{93$MJ&xhh+Q@o%TLN+=LqwrJM86J{+=aKZ%WcC4-b>iEYPvBEQ+U|;O16zzdFzD4Fh&@&Gx>OGtU2_TvXaW zxRYkRws8bNTJ?$^v8R!6s+?cOOg?BGD9Y{xk!!je;=BE+>39^&izld>syyuooG=O? z==>1K*3eF2R7hftK-JVVdicVZ3$r#1RarMnp3y1FABecW>-lbx=k2+R=k@G<^XF-Uu_`;DUVvO(!q0*>JZ@He|3NO48%1xH-gIl8Cq<4JZy--%CB?k z=FKmzy-spe?pOf!Q~logn0;dV>1fQs1#NoFa`mQ9md!<7^5SB)PnY+D^JvrugM=$7 zi;B^@bQ!f;RVw|CWH@;ol5MdyidTRM2jDTj@NWqF;^JFXN@!vI5Z4|?THy%@W=@=r z;0hh$5}{%Oo?#@u?7ml@NN6Edg{T0W?VmUXlrB2VJwIeJ$RKa_Jxr6e=GUn&lkuMu z5h9xa`8g=41v~JH-S?n+(&_+8pyhin>%Vtv7?yd7L!&Z3o^u+ zYn!)K8oLJKu5+GZC31BFq=dN!($?ul&2Y-E?Bh*ji=X%~Xfb&|27;*+%`r>|leR6( zR@k9y{2@g>M|#RCw<M&+I*elXPy3y|X$@i_$q<{uq94l+N7;W%sCCc8)JzGAG(szfL zv3@ZQxoVyu!2kyq_=JrTt%bjAb{hM)%p(%GCTLze4(cMlmVWn#HDNpWB2p4K$%flh zBt-BkdDm4|sqV+z0DG~?i92=5UEQJkbFuiseMk*x2P+`a81l@an~>*QDz3;`1GqbV z_0e(8Ofe4-2YsX$@2rgmLiK7Sjq-lZmoaRM>T8R~y}5?@vX&wp#>t!OG}sTZG-A9m zWyd&DO?pOw)T+f=GzUMnx3!&GFu3SrLzDpdUfkJ z&gz%(W~S@Gur~)Qzw+_Ez$BSxD#%2&JViXHr859xnJI`n_e2g%8Ko^3$7qvNU{%_XA8^lwmT&^Ke3hPr{m z;Z#lXoQGTkPh+*5M1v4)WAf0#*b*K&og{ zW(*V&DHX6cfb?}V>xKlY^OUr{V z8y|FU)~=~Z)IGAlnR(3&`1*7sHr9S<$&p(v|v3jndlO3#IM>0aP0{P1K22gr;NMZfH0VKtQq!s_d{#Nom(JOTDUnW&l zcV=*tEP>irg;oRXGIZyclur{jDwqni=6DYgD+3c^s`>f=og8Yvji*n0*f8){Teb6y z`Ri(ZiD@3}-E`MvS=C)n=rLYYwrS7f2AQWJi}1Q~P_S9qU9WC?@IvouT6J%r9pO>( zDBehGB2RZ`A<9b1Q0*=ht^BH9ZHSs*O%^Eljj$~m6$(SXGNq(xj5lDS z7*W`sGv?hEBb}aUaG2gE7h}hV%GPTBuIR$>Qa@C`;hL#pJ#w%?q^X3xXrJ1nw9b2g z(F`o(#-3oBQo7!y-NOB`Hka;fUb82=QMDbnk-+{|HP@TvgNUeM&QEP!#v0O~D1C?% z8IV{8yNogX_^R9NyJIyDW!V6&7k6ton6Rt4C#IhqaYo%51l~kuan0?&jX6t6<=3r;}?j3!n{ox(` zU!KuFYx#$7^z-=9c+`8?lP4ko0MbvjeDK4A`;+#IfAk%k!Tp!uLf8vI*>~aa>30nB zFW?`jKY<-=3@nV^h1&ny0Dptr;yw#@^=`uLcWeG^*ayF4?4QU6HdeNJ|BT!Edo{*& zGQ*aK001Dv{llDpHrRvT9L`T%Jts%g|Dd)eiwDmRe>D611@{Zpmh?}mlcSmCe*jg; z7;Q><2b#W{;Mb~By@#*;cOP&xvoiW;%HO|dfG%NxB_Om&&++UKbb!(A^$z@uUaxcbI)Xd;{K{E^Y_rd=6?Peouc&%`j<@5e~c3aQ luj|C0OCYNKZ3%y_8vk7ZpkROWb@cbYp!e5klKMY>{XZ2-M@Rqw literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/provider.tf b/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/provider.tf new file mode 100644 index 000000000..4933d29f8 --- /dev/null +++ b/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-366-secrets_manager_successful_rotation_check" + ComplianceStatus = "Green" + } + } +} diff --git a/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/rds.tf b/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/rds.tf new file mode 100644 index 000000000..35f0f63de --- /dev/null +++ b/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/rds.tf @@ -0,0 +1,21 @@ +resource "aws_db_subnet_group" "this" { + name = "db-subnet-group-366-green" + subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id] +} + +resource "aws_db_instance" "this" { + identifier = "db-instance-366-green" + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t2.micro" + allocated_storage = 10 + storage_type = "gp2" + db_name = "database366green" + username = "adminaccount" + password = random_password.this.result + skip_final_snapshot = true + db_subnet_group_name = aws_db_subnet_group.this.name + vpc_security_group_ids = [aws_security_group.this.id] + publicly_accessible = true +} + diff --git a/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/secretsmanager.tf b/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/secretsmanager.tf new file mode 100644 index 000000000..6691331a3 --- /dev/null +++ b/terraform/ecc-aws-366-secrets_manager_successful_rotation_check/green/secretsmanager.tf @@ -0,0 +1,40 @@ +resource "random_password" "this" { + length = 12 + special = true + override_special = "!#$%*()-_=+[]{}:?" +} + +resource "aws_secretsmanager_secret" "this" { + name = "366_secret_greeen" + + depends_on = [aws_db_instance.this, aws_lambda_function.this] +} + +resource "aws_secretsmanager_secret_version" "this" { + secret_id = aws_secretsmanager_secret.this.id + secret_string = <m7YFb^gUKLELbez@hO9SCgp6gvSSGo$O?QTf7{*w#ucK^PvSfy_+>DZ~ zWQ)k2eTc*$Ww}{~G9;9`?(@8RKF{+xpWiv>&3XMjXcUM;7yy71z=N=mt5rYwyGURF z@Q?riAwUxF#o^s<;QsIo_Hz&N_V-gGg#B*M4S=j46yOlY2@d4}*f>@}0Pyd&>4^7- z!UcYg);>+Li8WnqII=S{R$lBst^E<&g|Qtp>t~8Tt($h4Eg*gWO5Gl+5jF2>vp*tW z%pe|?i54#sqWG-KJFLo;XB*A@rqVnA$m4sjmQDAp4@|_nY9gMf

  • *U4NihEJXB zTHWlJc&$Q$Ptq-Ax4Y?m3Yq8P)Yg860iOx8$YWFEroL{>J8vy9U`E!LTi$s)SrfD@#^EJ$1&Oaf4cp2#7ccP6G@d)0e!{LluaR`-2EiRqfRyL>h-IJicJ+ z6DxG#$)d^|sCoCrqH{{v>T!Y|1w&T{XLrty2N_acz6ggG4Ldhcu^kF+30@|q z)q>L1Vz&$Ggcr+%ITU9Z2LdJ(JCn}xmaMj%HPda*f{PmrS%;`3?CU`mjV}@%Fago_ zlwXCq3%rE{w%2J|dCZC`vMj;+8j4rCjj~@tSDg1@JprWZ+VQ2O($0m!Eq*^j;X3(c zAI!Vh>&qC9Js8v&zsnPySdxJ8Nx5^dDddu9h5+wGc)8E2y=`ce{|^ANLJ*&Bf_2)mHY*3`PHfR*TTV z7RA6gR<8H;%~yFj{(q>Jz0NH#^zO4Rb2`|((`{Jo?_OECfo5tmI`Z^}9E6of&uS+f zf}fj9os6cnH%lSK=f8-qPBNL~<$JvbBcbbgsuxk`HEJF%x!kWU%}qMIZrW({&Dl6{ z5wdSx=Q%)ad`yVqVZcr$(|EOFS+aQ5kG47ObY!TWi-tHvax#EfuIW>Esudw3e$133>cP3HOaA#*VbNi zU>lfPY+jyuC<1xc zZ9#V~a1j!UtVxx}Ijg7g=F6wSPUfiGYr0ok>GA!h4z1PUd8XHVggA(XP+YDa$-YRI z_jxRutnepF0p4@9fvN3%|CPmE0Ru){cCrR9E3X9DwxQ+KQUeIN?niP*(!TZfmWtD%2S3`XIsjq~6 zn>C^NxE14{AkGpupyuJ_P1)V-C5BJXeKe@Bb8tw}Ztv?V| z$#$dRW~6n&H>c(1m(T3<${4=rJdoOF#oxN?CDv$0@x<=5Be;eN4HB@1-AdsL`Yt+c z+ni!EZxoE4**lHcB;J-6+XmG?e&S6^rGOoEJw;?0Je~=T^oHEvNHByUHj$E;Ov~F3 zy&!Etx6~iS{?v@EFB}|~ITY5C9WaV%=P{CUNk<$C8GYk3-OnOHsz6x#dlF9iM8S)3 z{nbNV7Q^$u0Y|J@_0LdZxsGe=gd*mOTBO*oyF0iGa%x#lW~GNhj%TBgu(&8ch3nW& zcB7p$)70eJL!!bncxJB%v2^RpV$dZH!R~TB=3RnO$kiC&M5OPwxu+{r z%?a2K+ap^|bE#obJDJ}MOYARS(KvK@`$&al zsF5+Ql$yAd`!Z@`N-n8cxo7T5xl|5*nA0?8<}Y~X+;h);?!D)EK0UwldoXBmkP-j@ zfB;m_Bp!o38a?$62mtH?0RTI%1Y#(ae40$~rxG2{_>+SSgNf(DZn~7+vzKXGq+hM_ z1l%vc9Wx7K(A$lW&Cr;E)ZM>5ZnxRluh;5zQr&77xcKM@W?^O`Vg$E8X3~5$% zmId$A(@YqTG4>B&*clcS|NXFD^}*DPA1|na-73Th7bJx%H?YqUi1@(Y zLNn5p%=IU1VqLFBWhYNasvpOGIeufz+(0q+Nh?RGIo5KQ>VoZ~%b^Lpp*J(pSmBW> z#+qU!W@0(D#+d&CUsv5xd+v^@Oz|_y(BZNlnyv`Zom$TM3?s+L`%w`X)_yRXR;sbA zu$(_D+v5Oy+p{NDoPf)~mLp)rxrhB4f1NW~SPGxLWc57?cdUl6F7SarTY9P+@~(Lq zgCCqW=!#t{-_G`S`rkvy38;8D8s-^*(cp`4@yE`4hr0Km}!d0H`QCvtfxyFVLzc!=PL$rv#@wP z9oEMa!|jR-5klmR^pO+f7t9q91pLq(X+(*E)%)?ECHLTt=E&2BUc@^o8Hc!t!4?O@dZfh9KG0W#k$8!Z1^uZR%Ob` z9`B4#ZBxbtiJeB#&xJbMDyI&gkEOrlR;;#ewl#MVAZ+q6_l7N&81tN_=| z?JQcGwu3GS+!TtOn2bJ`kwNRB3jrLv$!im2H8xZ1ZO8n2V}o2@zXRXy2iaeH-*gvF zGA^el3-vpKrskRKj1^1iI9$(W^X|wP)9@QF302gp+|DGM?oI0LPgA3s9tSsGbGOAY z-=IP5I(LXKLgSV=03atqBRG^CF2Vv$r0qaKyjfLo&lTWAsl7+>HZuGz$3emi<0-RS zJHfRT3xRY*p?-oTodJM~JDj~g; zEP~x-ig{lkb`LZNa!Cz|ag|zXIr_gG?LEo+uOrM`F8T;%du{y-~S7yb$!G=udwGj#qK73UKfVE|8OY@%x!sb=Rn9~)Fo zrDqo`NA!aSNUM!*B{C`7p=HQ+)9E>AERGbj%PmsMCR?TJqVikM7P@r+P7Vsv>6hY# zE2?`Xr8ynWnu=_h-gmrcX?#dN%ezF4d|T;Ai`J~pY9G~Ny5~F3kgM5w4?T3nbSguj zCMV~~K2`grOuKjvmJFwqLe|+Moh0*)tuwZa-Vb4}jpb=c&hyn4y@O{+K%^UMWZYS~ zn8kh-q7foiyrt3OXjr(;@LRkY_w@Ccrg6!2hHV*H)n8qWH-q51mK>;QuHh_a6^?A+ z6FUY?eH9?;#*Q?1sdT5bYYpqx+X>>2)oS^iHXi)qr_MD~lFue7i|ZHVt`_8BOY@+2 znZrg4NAqK|W{-LA-#!1?0egP0T`SQ%Xzl~w3yS)<<|{4HWR&d;-@uRK3|bp2R^(T MR+H#NO77f#2QvMw7XSbN literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/provider.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/provider.tf new file mode 100644 index 000000000..72c4cdbaf --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/s3.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/s3.tf new file mode 100644 index 000000000..b3976bf0f --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/s3.tf @@ -0,0 +1,33 @@ +resource "aws_s3_bucket" "this" { + bucket = "406-bucket-${random_integer.this.result}-green" + force_destroy = true + +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_object" "this" { + bucket = "406-bucket-green" + key = "my-certs.zip" + source = "${path.module}/my-certs.zip" + etag = filemd5("${path.module}/my-certs.zip") + + depends_on = [aws_s3_bucket.this] +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/variables.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/vpc.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/vpc.tf new file mode 100644 index 000000000..e4e48a52b --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/green/vpc.tf @@ -0,0 +1,49 @@ +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "406_vpc_green" + } +} + +resource "aws_subnet" "this" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" + map_public_ip_on_launch = "true" +} + +resource "aws_security_group" "this" { + name = "406_security_group_green" + vpc_id = aws_vpc.this.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [aws_vpc.this.cidr_block] + } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_route_table" "this" { + vpc_id = aws_vpc.this.id + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.this.id + } +} + +resource "aws_route_table_association" "this" { + subnet_id = aws_subnet.this.id + route_table_id = aws_route_table.this.id +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/iam/406-policy.json b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/iam/406-policy.json new file mode 100644 index 000000000..522082dfd --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/iam/406-policy.json @@ -0,0 +1,14 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:ListClusters", + "elasticmapreduce:DescribeCluster" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/emr.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/emr.tf new file mode 100644 index 000000000..da298a38b --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/emr.tf @@ -0,0 +1,31 @@ +resource "aws_emr_cluster" "this" { + name = "406_emr_cluster_red" + release_label = "emr-5.33.0" + applications = ["Spark"] + termination_protection = false + keep_job_flow_alive_when_no_steps = true + ebs_root_volume_size = 10 + + ec2_attributes { + subnet_id = aws_subnet.this.id + emr_managed_master_security_group = aws_security_group.this.id + emr_managed_slave_security_group = aws_security_group.this.id + instance_profile = aws_iam_instance_profile.this.arn + } + + master_instance_group { + name = "406_master_instance_group_red" + instance_type = "m4.large" + instance_count = 1 + } + + core_instance_group { + name = "406_core_instance_group_red" + instance_count = 1 + instance_type = "m4.large" + } + + service_role = aws_iam_role.emr_service_role.arn + + depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this] +} diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/iam.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/iam.tf new file mode 100644 index 000000000..58cc8d70e --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red/iam.tf @@ -0,0 +1,52 @@ +resource "aws_iam_role" "emr_service_role" { + name = "406_emr_service_role_red" + assume_role_policy = data.aws_iam_policy_document.this.json +} + +resource "aws_iam_role_policy_attachment" "emr_service_role" { + role = aws_iam_role.emr_service_role.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole" +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["elasticmapreduce.amazonaws.com"] + } + + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "emr_ec2_instance_profile" { + name = "406_emr_profile_role_red" + + assume_role_policy = <&al zsF5+Ql$yAd`!Z@`N-n8cxo7T5xl|5*nA0?8<}Y~X+;h);?!D)EK0UwldoXBmkP-j@ zfB;m_Bp!o38a?$62mtH?0RTI%1Y#(ae40$~rxG2{_>+SSgNf(DZn~7+vzKXGq+hM_ z1l%vc9Wx7K(A$lW&Cr;E)ZM>5ZnxRluh;5zQr&77xcKM@W?^O`Vg$E8X3~5$% zmId$A(@YqTG4>B&*clcS|NXFD^}*DPA1|na-73Th7bJx%H?YqUi1@(Y zLNn5p%=IU1VqLFBWhYNasvpOGIeufz+(0q+Nh?RGIo5KQ>VoZ~%b^Lpp*J(pSmBW> z#+qU!W@0(D#+d&CUsv5xd+v^@Oz|_y(BZNlnyv`Zom$TM3?s+L`%w`X)_yRXR;sbA zu$(_D+v5Oy+p{NDoPf)~mLp)rxrhB4f1NW~SPGxLWc57?cdUl6F7SarTY9P+@~(Lq zgCCqW=!#t{-_G`S`rkvy38;8D8s-^*(cp`4@yE`4hr0Km}!d0H`QCvtfxyFVLzc!=PL$rv#@wP z9oEMa!|jR-5klmR^pO+f7t9q91pLq(X+(*E)%)?ECHLTt=E&2BUc@^o8Hc!t!4?O@dZfh9KG0W#k$8!Z1^uZR%Ob` z9`B4#ZBxbtiJeB#&xJbMDyI&gkEOrlR;;#ewl#MVAZ+q6_l7N&81tN_=| z?JQcGwu3GS+!TtOn2bJ`kwNRB3jrLv$!im2H8xZ1ZO8n2V}o2@zXRXy2iaeH-*gvF zGA^el3-vpKrskRKj1^1iI9$(W^X|wP)9@QF302gp+|DGM?oI0LPgA3s9tSsGbGOAY z-=IP5I(LXKLgSV=03atqBRG^CF2Vv$r0qaKyjfLo&lTWAsl7+>HZuGz$3emi<0-RS zJHfRT3xRY*p?-oTodJM~JDj~g; zEP~x-ig{lkb`LZNa!Cz|ag|zXIr_gG?LEo+uOrM`F8T;%du{y-~S7yb$!G=udwGj#qK73UKfVE|8OY@%x!sb=Rn9~)Fo zrDqo`NA!aSNUM!*B{C`7p=HQ+)9E>AERGbj%PmsMCR?TJqVikM7P@r+P7Vsv>6hY# zE2?`Xr8ynWnu=_h-gmrcX?#dN%ezF4d|T;Ai`J~pY9G~Ny5~F3kgM5w4?T3nbSguj zCMV~~K2`grOuKjvmJFwqLe|+Moh0*)tuwZa-Vb4}jpb=c&hyn4y@O{+K%^UMWZYS~ zn8kh-q7foiyrt3OXjr(;@LRkY_w@Ccrg6!2hHV*H)n8qWH-q51mK>;QuHh_a6^?A+ z6FUY?eH9?;#*Q?1sdT5bYYpqx+X>>2)oS^iHXi)qr_MD~lFue7i|ZHVt`_8BOY@+2 znZrg4NAqK|W{-LA-#!1?0egP0T`SQ%Xzl~w3yS)<<|{4HWR&d;-@uRK3|bp2R^(T MR+H#NO77f#2QvMw7XSbN literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/provider.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/provider.tf new file mode 100644 index 000000000..d4621d3a7 --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled" + ComplianceStatus = "Red1" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/terraform.tfvars b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/variables.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/vpc.tf b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/vpc.tf new file mode 100644 index 000000000..1a88aae81 --- /dev/null +++ b/terraform/ecc-aws-406-emr_at_rest_and_in_transit_encryption_enabled/red1/vpc.tf @@ -0,0 +1,49 @@ +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "406_vpc_red1" + } +} + +resource "aws_subnet" "this" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" + map_public_ip_on_launch = "true" +} + +resource "aws_security_group" "this" { + name = "406_security_group_red1" + vpc_id = aws_vpc.this.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [aws_vpc.this.cidr_block] + } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_route_table" "this" { + vpc_id = aws_vpc.this.id + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.this.id + } +} + +resource "aws_route_table_association" "this" { + subnet_id = aws_subnet.this.id + route_table_id = aws_route_table.this.id +} \ No newline at end of file diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/nlb.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/nlb.tf new file mode 100644 index 000000000..691bb8867 --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/nlb.tf @@ -0,0 +1,12 @@ +resource "aws_lb" "this" { + name = "410-nlb-green" + internal = false + load_balancer_type = "network" + subnets = [aws_subnet.this.id, aws_subnet.this1.id] + enable_deletion_protection = false +} + +resource "aws_vpc_endpoint_service" "this" { + acceptance_required = true + network_load_balancer_arns = [aws_lb.this.arn] +} diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/provider.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/provider.tf new file mode 100644 index 000000000..8f6a9e079 --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-410-vpc_endpoint_manual_acceptance" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/terraform.tfvars b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/variables.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/vpc.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/vpc.tf new file mode 100644 index 000000000..a622af16f --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/green/vpc.tf @@ -0,0 +1,20 @@ +resource "aws_vpc" "this" { + cidr_block = "192.168.0.0/16" +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_subnet" "this" { + vpc_id = aws_vpc.this.id + cidr_block = "192.168.0.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "this1" { + vpc_id = aws_vpc.this.id + cidr_block = "192.168.1.0/24" + availability_zone = "us-east-1b" +} + diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/iam/410-policy.json b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/iam/410-policy.json new file mode 100644 index 000000000..541d6506b --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/iam/410-policy.json @@ -0,0 +1,13 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:DescribeVpcEndpointServiceConfigurations" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/nlb.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/nlb.tf new file mode 100644 index 000000000..cdb12e4d9 --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/nlb.tf @@ -0,0 +1,12 @@ +resource "aws_lb" "this" { + name = "410-nlb-red" + internal = false + load_balancer_type = "network" + subnets = [aws_subnet.this.id, aws_subnet.this1.id] + enable_deletion_protection = false +} + +resource "aws_vpc_endpoint_service" "this" { + acceptance_required = false + network_load_balancer_arns = [aws_lb.this.arn] +} diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/provider.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/provider.tf new file mode 100644 index 000000000..f31c9f3b2 --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-410-vpc_endpoint_manual_acceptance" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/terraform.tfvars b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/variables.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/vpc.tf b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/vpc.tf new file mode 100644 index 000000000..a622af16f --- /dev/null +++ b/terraform/ecc-aws-410-vpc_endpoint_manual_acceptance/red/vpc.tf @@ -0,0 +1,20 @@ +resource "aws_vpc" "this" { + cidr_block = "192.168.0.0/16" +} + +resource "aws_internet_gateway" "this" { + vpc_id = aws_vpc.this.id +} + +resource "aws_subnet" "this" { + vpc_id = aws_vpc.this.id + cidr_block = "192.168.0.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "this1" { + vpc_id = aws_vpc.this.id + cidr_block = "192.168.1.0/24" + availability_zone = "us-east-1b" +} + diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/green/elasticache.tf b/terraform/ecc-aws-412-elasticache_no_default_ports/green/elasticache.tf new file mode 100644 index 000000000..0c857fbae --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/green/elasticache.tf @@ -0,0 +1,8 @@ +resource "aws_elasticache_cluster" "redis" { + cluster_id = "c7n-412-elasticache-redis-cluster-green" + engine = "redis" + engine_version = "5.0.6" + node_type = "cache.t2.micro" + num_cache_nodes = 1 + port = 6666 +} diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/green/provider.tf b/terraform/ecc-aws-412-elasticache_no_default_ports/green/provider.tf new file mode 100644 index 000000000..60498d838 --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-412-elasticache_no_default_ports" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/green/terraform.tfvars b/terraform/ecc-aws-412-elasticache_no_default_ports/green/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/green/variables.tf b/terraform/ecc-aws-412-elasticache_no_default_ports/green/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/iam/412-policy.json b/terraform/ecc-aws-412-elasticache_no_default_ports/iam/412-policy.json new file mode 100644 index 000000000..308fe3350 --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/iam/412-policy.json @@ -0,0 +1,14 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "elasticache:DescribeCacheClusters", + "tag:GetResources" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/red/elasticache.tf b/terraform/ecc-aws-412-elasticache_no_default_ports/red/elasticache.tf new file mode 100644 index 000000000..82e46697c --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/red/elasticache.tf @@ -0,0 +1,8 @@ +resource "aws_elasticache_cluster" "memcached" { + cluster_id = "c7n-412-elasticache-memcached-cluster-red" + engine = "memcached" + engine_version = "1.5.16" + node_type = "cache.t2.micro" + num_cache_nodes = 1 + port = 11211 +} diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/red/provider.tf b/terraform/ecc-aws-412-elasticache_no_default_ports/red/provider.tf new file mode 100644 index 000000000..730dbd62c --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/red/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-412-elasticache_no_default_ports" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/red/terraform.tfvars b/terraform/ecc-aws-412-elasticache_no_default_ports/red/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-412-elasticache_no_default_ports/red/variables.tf b/terraform/ecc-aws-412-elasticache_no_default_ports/red/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-412-elasticache_no_default_ports/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/elasticache.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/elasticache.tf new file mode 100644 index 000000000..1fb2af11f --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/elasticache.tf @@ -0,0 +1,15 @@ +resource "aws_elasticache_subnet_group" "this" { + name = "c7n-417-elasticache-subnet-green" + subnet_ids = [aws_subnet.this.id, aws_subnet.this1.id] +} + +resource "aws_elasticache_cluster" "redis" { + cluster_id = "c7n-417-elasticache-redis-cluster-green" + engine = "redis" + node_type = "cache.t2.micro" + num_cache_nodes = 1 + port = 6379 + subnet_group_name = "c7n-417-elasticache-subnet-green" + + depends_on = [aws_elasticache_subnet_group.this] +} diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/provider.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/provider.tf new file mode 100644 index 000000000..ef3ec2548 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-417-elasticache_not_using_default_vpc" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/terraform.tfvars b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/terraform.tfvars new file mode 100644 index 000000000..7512f8569 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "default" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/variables.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/vpc.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/vpc.tf new file mode 100644 index 000000000..df36b828d --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/green/vpc.tf @@ -0,0 +1,16 @@ +resource "aws_vpc" "this" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "this" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.0.0/24" + availability_zone = "us-east-1a" +} + +resource "aws_subnet" "this1" { + vpc_id = aws_vpc.this.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1b" +} + diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/iam/417-policy.json b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/iam/417-policy.json new file mode 100644 index 000000000..2739c2443 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/iam/417-policy.json @@ -0,0 +1,16 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "tag:GetResources", + "ec2:DescribeVpcs", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheSubnetGroups" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/elasticache.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/elasticache.tf new file mode 100644 index 000000000..c78df3182 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/elasticache.tf @@ -0,0 +1,7 @@ +resource "aws_elasticache_cluster" "redis" { + cluster_id = "c7n-417-elasticache-redis-cluster-red" + engine = "redis" + node_type = "cache.t2.micro" + num_cache_nodes = 1 + port = 6379 +} diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/provider.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/provider.tf new file mode 100644 index 000000000..1b4ce385c --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-417-elasticache_not_using_default_vpc" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/terraform.tfvars b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/terraform.tfvars new file mode 100644 index 000000000..7512f8569 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "default" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/variables.tf b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-417-elasticache_not_using_default_vpc/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/provider.tf b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/provider.tf new file mode 100644 index 000000000..e677274fe --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-422-rds_aurora_cluster_logging_enabled" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/rds.tf b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/rds.tf new file mode 100644 index 000000000..a80e78d76 --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/rds.tf @@ -0,0 +1,57 @@ +resource "random_password" "this" { + length = 12 + special = true + override_special = "!#$%*()-_=+[]{}:?" +} + +resource "aws_rds_cluster" "this" { + cluster_identifier = "aurora-cluster-422-green" + engine = "aurora-mysql" + engine_version = "5.7.mysql_aurora.2.11.3" + database_name = "green422" + master_username = "root" + master_password = random_password.this.result + apply_immediately = true + skip_final_snapshot = true + db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id + enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"] +} + +resource "aws_rds_cluster_parameter_group" "this" { + name = "cluster-parameter-group-422-green" + family = "aurora-mysql5.7" + + parameter { + name = "general_log" + value = "1" + } + parameter { + name = "slow_query_log" + value = "1" + } + + parameter { + name = "log_output" + value = "FILE" + } +} + +resource "aws_rds_cluster_instance" "this" { + identifier = "database-422-green" + cluster_identifier = aws_rds_cluster.this.id + engine = aws_rds_cluster.this.engine + engine_version = aws_rds_cluster.this.engine_version + instance_class = "db.t2.small" + apply_immediately = true + db_parameter_group_name = aws_db_parameter_group.this.id +} + +resource "aws_db_parameter_group" "this" { + name = "parameter-group-422-green" + family = "aurora-mysql5.7" + + parameter { + name = "log_output" + value = "FILE" + } +} diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/variables.tf b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/iam/422-policy.json b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/iam/422-policy.json new file mode 100644 index 000000000..6c122226a --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/iam/422-policy.json @@ -0,0 +1,13 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusters" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/provider.tf b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/provider.tf new file mode 100644 index 000000000..41f831559 --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-422-rds_aurora_cluster_logging_enabled" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/rds.tf b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/rds.tf new file mode 100644 index 000000000..cd0273a95 --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/rds.tf @@ -0,0 +1,53 @@ +resource "random_password" "this" { + length = 12 + special = true + override_special = "!#$%*()-_=+[]{}:?" +} + +resource "aws_rds_cluster" "this" { + cluster_identifier = "aurora-cluster-422-red" + engine = "aurora-mysql" + engine_version = "5.7.mysql_aurora.2.11.3" + database_name = "red422" + master_username = "root" + master_password = random_password.this.result + apply_immediately = true + skip_final_snapshot = true + db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id + enabled_cloudwatch_logs_exports = ["audit", "slowquery"] +} + +resource "aws_rds_cluster_parameter_group" "this" { + name = "cluster-parameter-group-422-red" + family = "aurora-mysql5.7" + + parameter { + name = "general_log" + value = "1" + } + + parameter { + name = "log_output" + value = "FILE" + } +} + +resource "aws_rds_cluster_instance" "this" { + identifier = "database-422-red" + cluster_identifier = aws_rds_cluster.this.id + engine = aws_rds_cluster.this.engine + engine_version = aws_rds_cluster.this.engine_version + instance_class = "db.t2.small" + apply_immediately = true + db_parameter_group_name = aws_db_parameter_group.this.id +} + +resource "aws_db_parameter_group" "this" { + name = "parameter-group-422-red" + family = "aurora-mysql5.7" + + parameter { + name = "general_log" + value = "1" + } +} diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/variables.tf b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-422-rds_aurora_cluster_logging_enabled/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/iam.tf b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/iam.tf new file mode 100644 index 000000000..889e95806 --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/iam.tf @@ -0,0 +1,27 @@ +resource "aws_accessanalyzer_analyzer" "this" { + analyzer_name = "accessanalyzer-426-green" + depends_on = [aws_s3_bucket_acl.this] +} + +resource "aws_s3_bucket" "this" { + bucket = "426-bucket-${random_integer.this.result}-green" +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/provider.tf b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/provider.tf new file mode 100644 index 000000000..5d60604e1 --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/terraform.tfvars b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/variables.tf b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/iam/426-policy.json b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/iam/426-policy.json new file mode 100644 index 000000000..02e7dd432 --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/iam/426-policy.json @@ -0,0 +1,14 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "access-analyzer:ListAnalyzers", + "access-analyzer:ListFindings", + "iam:ListAccountAliases" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/iam.tf b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/iam.tf new file mode 100644 index 000000000..fbda87be7 --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/iam.tf @@ -0,0 +1,52 @@ +resource "aws_accessanalyzer_analyzer" "this" { + analyzer_name = "accessanalyzer-426-red" + depends_on = [aws_s3_bucket_acl.this] +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + principals { + type = "AWS" + identifiers = [aws_accessanalyzer_analyzer.this.arn] + } + + actions = [ + "s3:GetObject", + "s3:ListBucket" + ] + + resources = [ + aws_s3_bucket.this.arn, + "${aws_s3_bucket.this.arn}/*", + ] + } +} + +resource "aws_s3_bucket" "this" { + bucket = "426-bucket-${random_integer.this.result}-red" + force_destroy= true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/provider.tf b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/provider.tf new file mode 100644 index 000000000..8e3e8efe0 --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/terraform.tfvars b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/variables.tf b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-426-iam_access_analyzer_findings_are_reviewed_and_resolved/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/beanstalk.tf b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/beanstalk.tf new file mode 100644 index 000000000..3fd207c89 --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/beanstalk.tf @@ -0,0 +1,91 @@ +resource "aws_elastic_beanstalk_application" "this" { + name = "441-beanstalk-application-green" +} + +resource "aws_elastic_beanstalk_environment" "this" { + name = "441-beanstalk-environment-green" + application = aws_elastic_beanstalk_application.this.name + solution_stack_name = "64bit Amazon Linux 2 v3.3.13 running Python 3.8" + tier = "WebServer" + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = "aws-elasticbeanstalk-ec2-role" + } + setting { + namespace = "aws:elasticbeanstalk:environment" + name = "LoadBalancerType" + value = "application" + } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "InstanceType" + value = "t2.micro" + } + setting { + namespace = "aws:elbv2:loadbalancer" + name = "AccessLogsS3Bucket" + value = "${aws_s3_bucket.this.id}" + } + setting { + namespace = "aws:elbv2:loadbalancer" + name = "AccessLogsS3Enabled" + value = "true" + } + + depends_on = [aws_s3_bucket_policy.this] +} + +resource "aws_s3_bucket" "this" { + bucket = "441-bucket-${random_integer.this.result}-green" + force_destroy = true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_public_access_block" "this" { + bucket = aws_s3_bucket.this.id + + block_public_acls = false + block_public_policy = false + ignore_public_acls = false + restrict_public_buckets = false +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json + + depends_on = [aws_s3_bucket_public_access_block.this ] +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/*"] + } +} + diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/provider.tf b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/provider.tf new file mode 100644 index 000000000..1a8f6a087 --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-441-elastic_beanstalk_access_logs_enabled" + ComplianceStatus = "Green" + } + } +} diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/terraform.tfvars b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/variables.tf b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/variables.tf new file mode 100644 index 000000000..c8b410c24 --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/iam/441-policy.json b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/iam/441-policy.json new file mode 100644 index 000000000..1337917df --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/iam/441-policy.json @@ -0,0 +1,18 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:ListAllMyBuckets", + "elasticbeanstalk:DescribeEnvironments", + "elasticbeanstalk:DescribeConfigurationSettings", + "s3:GetBucketLocation", + "elasticbeanstalk:ListTagsForResource" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/beanstalk.tf b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/beanstalk.tf new file mode 100644 index 000000000..2f5c51331 --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/beanstalk.tf @@ -0,0 +1,25 @@ +resource "aws_elastic_beanstalk_application" "this" { + name = "441-beanstalk-application-red" +} + +resource "aws_elastic_beanstalk_environment" "this" { + name = "441-beanstalk-environment-red" + application = aws_elastic_beanstalk_application.this.name + solution_stack_name = "64bit Amazon Linux 2 v3.3.13 running Python 3.8" + tier = "WebServer" + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = "aws-elasticbeanstalk-ec2-role" + } + setting { + namespace = "aws:elasticbeanstalk:environment" + name = "LoadBalancerType" + value = "application" + } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "InstanceType" + value = "t2.micro" + } +} diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/provider.tf b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/provider.tf new file mode 100644 index 000000000..4aa5a8a4e --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-441-elastic_beanstalk_access_logs_enabled" + ComplianceStatus = "Red" + } + } +} diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/terraform.tfvars b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/variables.tf b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-441-elastic_beanstalk_access_logs_enabled/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/beanstalk.tf b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/beanstalk.tf new file mode 100644 index 000000000..dd5ed66ba --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/beanstalk.tf @@ -0,0 +1,32 @@ +resource "aws_elastic_beanstalk_application" "this" { + name = "443-beanstalk-application-green" + description = "tf-test-desc" +} + +resource "aws_elastic_beanstalk_environment" "this" { + name = "443-beanstalk-environment-green" + application = aws_elastic_beanstalk_application.this.name + solution_stack_name = "64bit Amazon Linux 2 v3.3.13 running Python 3.8" + tier = "WebServer" + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = "aws-elasticbeanstalk-ec2-role" + } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "InstanceType" + value = "t2.micro" + } + setting { + namespace = "aws:elasticbeanstalk:sns:topics" + name = "Notification Protocol" + value = "email" + } + setting { + namespace = "aws:elasticbeanstalk:sns:topics" + name = "Notification Endpoint" + value = var.test-email + } +} + diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/provider.tf b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/provider.tf new file mode 100644 index 000000000..465601a61 --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-443-elastic_beanstalk_notifications_enabled" + ComplianceStatus = "Green" + } + } +} diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/terraform.tfvars b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/terraform.tfvars new file mode 100644 index 000000000..6c710d189 --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/terraform.tfvars @@ -0,0 +1,3 @@ +profile = "c7n" +default-region = "us-east-1" +test-email = "example@gmail.com" diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/variables.tf b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/variables.tf new file mode 100644 index 000000000..af00dddf6 --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/green/variables.tf @@ -0,0 +1,14 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} + +variable "test-email" { + type = string + description = "Email to send alarms" +} diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/iam/443-policy.json b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/iam/443-policy.json new file mode 100644 index 000000000..bbd1d8d4d --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/iam/443-policy.json @@ -0,0 +1,19 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "elasticbeanstalk:DescribeEnvironments", + "sns:GetTopicAttributes", + "sns:ListTopics", + "s3:ListBucket", + "elasticbeanstalk:DescribeConfigurationSettings", + "s3:GetBucketLocation" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/beanstalk.tf b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/beanstalk.tf new file mode 100644 index 000000000..da6f365ae --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/beanstalk.tf @@ -0,0 +1,21 @@ +resource "aws_elastic_beanstalk_application" "this" { + name = "443-beanstalk-application-red" +} + +resource "aws_elastic_beanstalk_environment" "this" { + name = "443-beanstalk-environment-red" + application = aws_elastic_beanstalk_application.this.name + solution_stack_name = "64bit Amazon Linux 2 v3.3.13 running Python 3.8" + tier = "WebServer" + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = "aws-elasticbeanstalk-ec2-role" + } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "InstanceType" + value = "t2.micro" + } +} + diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/provider.tf b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/provider.tf new file mode 100644 index 000000000..87da72f28 --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-443-elastic_beanstalk_notifications_enabled" + ComplianceStatus = "Red" + } + } +} diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/terraform.tfvars b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/variables.tf b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-443-elastic_beanstalk_notifications_enabled/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/beanstalk.tf b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/beanstalk.tf new file mode 100644 index 000000000..3cb77f2de --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/beanstalk.tf @@ -0,0 +1,42 @@ +resource "aws_elastic_beanstalk_application" "this" { + name = "446-beanstalk-application-green" +} + +resource "aws_elastic_beanstalk_environment" "this" { + name = "446-beanstalk-environment-green" + application = aws_elastic_beanstalk_application.this.name + solution_stack_name = "64bit Amazon Linux 2 v3.3.13 running Python 3.8" + tier = "WebServer" + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = "aws-elasticbeanstalk-ec2-role" + } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "InstanceType" + value = "t2.micro" + } + setting { + namespace = "aws:elasticbeanstalk:managedactions" + name = "ManagedActionsEnabled" + value = "true" + } + setting { + namespace = "aws:elasticbeanstalk:managedactions" + name = "PreferredStartTime" + value = "Tue:09:00" + } + setting { + namespace = "aws:elasticbeanstalk:managedactions" + name = "ServiceRoleForManagedUpdates" + value = "AWSServiceRoleForElasticBeanstalkManagedUpdates" + } + + setting { + namespace = "aws:elasticbeanstalk:managedactions:platformupdate" + name = "UpdateLevel" + value = "minor" + } +} + diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/provider.tf b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/provider.tf new file mode 100644 index 000000000..0538afb0c --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-446-elastic_beanstalk_managed_platform_updates" + ComplianceStatus = "Green" + } + } +} diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/terraform.tfvars b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/terraform.tfvars new file mode 100644 index 000000000..e1e2d2fa8 --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/variables.tf b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/variables.tf new file mode 100644 index 000000000..c8b410c24 --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/iam/446-policy.json b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/iam/446-policy.json new file mode 100644 index 000000000..42de485ca --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/iam/446-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "elasticbeanstalk:DescribeEnvironments", + "elasticbeanstalk:DescribeConfigurationSettings", + "elasticbeanstalk:ListTagsForResource" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/beanstalk.tf b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/beanstalk.tf new file mode 100644 index 000000000..506383113 --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/beanstalk.tf @@ -0,0 +1,21 @@ +resource "aws_elastic_beanstalk_application" "this" { + name = "446-beanstalk-application-red" +} + +resource "aws_elastic_beanstalk_environment" "this" { + name = "446-beanstalk-environment-red" + application = aws_elastic_beanstalk_application.this.name + solution_stack_name = "64bit Amazon Linux 2 v3.3.13 running Python 3.8" + tier = "WebServer" + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = "aws-elasticbeanstalk-ec2-role" + } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "InstanceType" + value = "t2.micro" + } +} + diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/provider.tf b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/provider.tf new file mode 100644 index 000000000..da7bea3c8 --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws"{ + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-446-elastic_beanstalk_managed_platform_updates" + ComplianceStatus = "Red" + } + } +} diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/terraform.tfvars b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/variables.tf b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-446-elastic_beanstalk_managed_platform_updates/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/provider.tf b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/provider.tf new file mode 100644 index 000000000..df77a1f73 --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-450-sqs_dead_letter_queue_enabled" + ComplianceStatus = "Green" + } + } +} diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/sqs.tf b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/sqs.tf new file mode 100644 index 000000000..bdf59ec55 --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/sqs.tf @@ -0,0 +1,21 @@ +resource "aws_sqs_queue" "this" { + name = "450_sqs_green" + + redrive_policy = jsonencode({ + deadLetterTargetArn = aws_sqs_queue.this2.arn + maxReceiveCount = 4 + }) +} + +resource "aws_sqs_queue" "this2" { + name = "450_sqs_green1" +} + +resource "aws_sqs_queue_redrive_allow_policy" "this" { + queue_url = aws_sqs_queue.this2.id + + redrive_allow_policy = jsonencode({ + redrivePermission = "byQueue", + sourceQueueArns = [aws_sqs_queue.this.arn] + }) +} diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/terraform.tfvars b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/variables.tf b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/iam/450-policy.json b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/iam/450-policy.json new file mode 100644 index 000000000..46bea7146 --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/iam/450-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "sqs:ListQueues", + "tag:GetResources", + "sqs:GetQueueAttributes" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/provider.tf b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/provider.tf new file mode 100644 index 000000000..031bd91c3 --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + default_tags { + tags = { + CustodianRule = "ecc-aws-450-sqs_dead_letter_queue_enabled" + ComplianceStatus = "Red" + } + } +} diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/sqs.tf b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/sqs.tf new file mode 100644 index 000000000..fd41a6867 --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/sqs.tf @@ -0,0 +1,7 @@ +resource "aws_sqs_queue" "this" { + name = "450_sqs_red" + delay_seconds = 90 + max_message_size = 2048 + message_retention_seconds = 86400 + receive_wait_time_seconds = 10 +} \ No newline at end of file diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/terraform.tfvars b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/variables.tf b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-450-sqs_dead_letter_queue_enabled/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/cloudtrail.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/cloudtrail.tf new file mode 100644 index 000000000..61acf5c51 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/cloudtrail.tf @@ -0,0 +1,17 @@ +resource "aws_cloudtrail" "this" { + name = "cloudtrail-523-green" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = true + enable_log_file_validation = true + kms_key_id = aws_kms_key.this.arn + + event_selector { + read_write_type = "All" + include_management_events = true + } + depends_on = [ + aws_s3_bucket_acl.this + ] +} + diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/kms.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/kms.tf new file mode 100644 index 000000000..987023e47 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/kms.tf @@ -0,0 +1,57 @@ +data "aws_caller_identity" "this" {} + +resource "aws_kms_key" "this" { + description = "Key to encrypt and decrypt" + key_usage = "ENCRYPT_DECRYPT" + policy = data.aws_iam_policy_document.kms.json + deletion_window_in_days = 7 + is_enabled = true + enable_key_rotation = true +} + +resource "aws_kms_alias" "this" { + name = "alias/523-green" + target_key_id = aws_kms_key.this.key_id +} + +data "aws_iam_policy_document" "kms" { + statement { + sid = "Allow root" + effect = "Allow" + principals { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root", + ] + } + actions = [ + "kms:*", + ] + resources = [ + "*", + ] + } + statement { + sid = "Allow CloudTrail to encrypt logs" + effect = "Allow" + principals { + type = "Service" + identifiers = [ + "cloudtrail.amazonaws.com", + ] + } + actions = [ + "kms:GenerateDataKey*", + ] + resources = [ + "*", + ] + condition { + test = "StringLike" + variable = "kms:EncryptionContext:aws:cloudtrail:arn" + values = [ + "arn:aws:cloudtrail:*:${data.aws_caller_identity.this.account_id}:trail/*" + ] + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/provider.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/provider.tf new file mode 100644 index 000000000..22da00dad --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodiaRule = "ecc-aws-523-cloudtrail_security_trail_enabled" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/s3.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/s3.tf new file mode 100644 index 000000000..24086960c --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/s3.tf @@ -0,0 +1,90 @@ +resource "aws_s3_bucket" "this" { + bucket = "523-bucket-${random_integer.this.result}-green" + force_destroy = true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "this" { + bucket = aws_s3_bucket.this.bucket + + rule { + apply_server_side_encryption_by_default { + kms_master_key_id = aws_kms_key.this.arn + sse_algorithm = "aws:kms" + } + } +} + + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-green" + ] + } + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-green" + ] + } + } +} diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/terraform.tfvars b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/variables.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/cloudtrail.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/cloudtrail.tf new file mode 100644 index 000000000..c8b439609 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/cloudtrail.tf @@ -0,0 +1,19 @@ +resource "aws_cloudtrail" "this" { + name = "cloudtrail-523-green1" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = true + enable_log_file_validation = true + kms_key_id = aws_kms_key.this.arn + + advanced_event_selector { + field_selector { + field = "eventCategory" + equals = ["Management"] + } + } + depends_on = [ + aws_s3_bucket_acl.this + ] +} + diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/kms.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/kms.tf new file mode 100644 index 000000000..569848078 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/kms.tf @@ -0,0 +1,57 @@ +data "aws_caller_identity" "this" {} + +resource "aws_kms_key" "this" { + description = "Key to encrypt and decrypt" + key_usage = "ENCRYPT_DECRYPT" + policy = data.aws_iam_policy_document.kms.json + deletion_window_in_days = 7 + is_enabled = true + enable_key_rotation = true +} + +resource "aws_kms_alias" "this" { + name = "alias/523-green1" + target_key_id = aws_kms_key.this.key_id +} + +data "aws_iam_policy_document" "kms" { + statement { + sid = "Allow root" + effect = "Allow" + principals { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root", + ] + } + actions = [ + "kms:*", + ] + resources = [ + "*", + ] + } + statement { + sid = "Allow CloudTrail to encrypt logs" + effect = "Allow" + principals { + type = "Service" + identifiers = [ + "cloudtrail.amazonaws.com", + ] + } + actions = [ + "kms:GenerateDataKey*", + ] + resources = [ + "*", + ] + condition { + test = "StringLike" + variable = "kms:EncryptionContext:aws:cloudtrail:arn" + values = [ + "arn:aws:cloudtrail:*:${data.aws_caller_identity.this.account_id}:trail/*" + ] + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/provider.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/provider.tf new file mode 100644 index 000000000..78ea3cdfe --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodiaRule = "ecc-aws-523-cloudtrail_security_trail_enabled" + ComplianceStatus = "Green1" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/s3.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/s3.tf new file mode 100644 index 000000000..720aff35a --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/s3.tf @@ -0,0 +1,89 @@ +resource "aws_s3_bucket" "this" { + bucket = "523-bucket-${random_integer.this.result}-green1" + force_destroy = true +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "this" { + bucket = aws_s3_bucket.this.bucket + + rule { + apply_server_side_encryption_by_default { + kms_master_key_id = aws_kms_key.this.arn + sse_algorithm = "aws:kms" + } + } +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-green1" + ] + } + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-green1" + ] + } + } +} diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/terraform.tfvars b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/variables.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/green1/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/iam/523-policy.json b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/iam/523-policy.json new file mode 100644 index 000000000..64f7d8cbf --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/iam/523-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:ListAccountAliases", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus" + ], + "Resource": "*" + } + ] +} diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/cloudtrail.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/cloudtrail.tf new file mode 100644 index 000000000..b23344284 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/cloudtrail.tf @@ -0,0 +1,17 @@ +resource "aws_cloudtrail" "this" { + name = "cloudtrail-523-red" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = true + enable_log_file_validation = true + + event_selector { + read_write_type = "All" + include_management_events = true + exclude_management_event_sources = ["kms.amazonaws.com"] + } + depends_on = [ + aws_s3_bucket_acl.this + ] +} + diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/provider.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/provider.tf new file mode 100644 index 000000000..963a394a3 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodiaRule = "ecc-aws-523-cloudtrail_security_trail_enabled" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/s3.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/s3.tf new file mode 100644 index 000000000..7c9861b7e --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/s3.tf @@ -0,0 +1,80 @@ +data "aws_caller_identity" "this" {} + +resource "aws_s3_bucket" "this" { + bucket = "523-bucket-${random_integer.this.result}-red" + force_destroy = true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-red" + ] + } + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-red" + ] + } + } +} diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/terraform.tfvars b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/variables.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/cloudtrail.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/cloudtrail.tf new file mode 100644 index 000000000..788440bb3 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/cloudtrail.tf @@ -0,0 +1,22 @@ +resource "aws_cloudtrail" "this" { + name = "cloudtrail-523-red1" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = true + is_multi_region_trail = true + enable_log_file_validation = true + + advanced_event_selector { + field_selector { + field = "eventCategory" + equals = ["Management"] + } + field_selector { + field = "eventSource" + not_equals = ["rdsdata.amazonaws.com"] + } + } + depends_on = [ + aws_s3_bucket_acl.this + ] +} + diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/provider.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/provider.tf new file mode 100644 index 000000000..42b5ca449 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodiaRule = "ecc-aws-523-cloudtrail_security_trail_enabled" + ComplianceStatus = "Red1" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/s3.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/s3.tf new file mode 100644 index 000000000..87bbd2a0a --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/s3.tf @@ -0,0 +1,81 @@ +data "aws_caller_identity" "this" {} + + +resource "aws_s3_bucket" "this" { + bucket = "523-bucket-${random_integer.this.result}-red1" + force_destroy = true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-red1" + ] + } + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-red1" + ] + } + } +} diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/terraform.tfvars b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/variables.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red1/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/cloudtrail.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/cloudtrail.tf new file mode 100644 index 000000000..191f80269 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/cloudtrail.tf @@ -0,0 +1,18 @@ +resource "aws_cloudtrail" "this" { + name = "cloudtrail-523-red2" + s3_bucket_name = aws_s3_bucket.this.id + include_global_service_events = false + is_multi_region_trail = false + enable_log_file_validation = true + + advanced_event_selector { + field_selector { + field = "eventCategory" + equals = ["Management"] + } + } + depends_on = [ + aws_s3_bucket_acl.this + ] +} + diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/provider.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/provider.tf new file mode 100644 index 000000000..686d50522 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodiaRule = "ecc-aws-523-cloudtrail_security_trail_enabled" + ComplianceStatus = "Red2" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/s3.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/s3.tf new file mode 100644 index 000000000..2ff7e7992 --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/s3.tf @@ -0,0 +1,81 @@ +data "aws_caller_identity" "this" {} + + +resource "aws_s3_bucket" "this" { + bucket = "523-bucket-${random_integer.this.result}-red2" + force_destroy = true +} + +resource "random_integer" "this" { + min = 1 + max = 10000000 +} + +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.this.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_acl" "this" { + depends_on = [aws_s3_bucket_ownership_controls.this] + + bucket = aws_s3_bucket.this.id + acl = "private" +} + +resource "aws_s3_bucket_policy" "this" { + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.this.json +} + +data "aws_iam_policy_document" "this" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:GetBucketAcl"] + resources = [aws_s3_bucket.this.arn] + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-red2" + ] + } + } + + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + + actions = ["s3:PutObject"] + resources = ["${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.this.account_id}/*"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + + values = [ + "bucket-owner-full-control" + ] + } + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [ + "arn:aws:cloudtrail:${var.default-region}:${data.aws_caller_identity.this.account_id}:trail/cloudtrail-523-red2" + ] + } + } +} diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/terraform.tfvars b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/variables.tf b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/variables.tf new file mode 100644 index 000000000..948c49afd --- /dev/null +++ b/terraform/ecc-aws-523-cloudtrail_security_trail_enabled/red2/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf new file mode 100644 index 000000000..cb31072f9 --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf @@ -0,0 +1,18 @@ +resource "aws_kinesis_video_stream" "this" { + name = "528_kinesis_stream_green" + data_retention_in_hours = 1 + media_type = "video/h264" + kms_key_id = aws_kms_key.this.id +} + +resource "aws_kms_key" "this" { + description = "528_kms_key_green" + key_usage = "ENCRYPT_DECRYPT" + deletion_window_in_days = 7 + is_enabled = true +} + +resource "aws_kms_alias" "this" { + name = "alias/k-528" + target_key_id = aws_kms_key.this.key_id +} \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf new file mode 100644 index 000000000..23b71fa52 --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk" + ComplianceStatus = "Green" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json new file mode 100644 index 000000000..07922c10f --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "kinesisvideo:ListStreams", + "tag:GetResources", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf new file mode 100644 index 000000000..65e1edc46 --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf @@ -0,0 +1,5 @@ +resource "aws_kinesis_video_stream" "this" { + name = "528_kinesis_stream_red" + data_retention_in_hours = 1 + media_type = "video/h264" +} diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf new file mode 100644 index 000000000..e84421734 --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4" + } + } +} + +provider "aws" { + profile = var.profile + region = var.default-region + + default_tags { + tags = { + CustodianRule = "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk" + ComplianceStatus = "Red" + } + } +} \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars new file mode 100644 index 000000000..368bc468f --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars @@ -0,0 +1,2 @@ +profile = "c7n" +default-region = "us-east-1" \ No newline at end of file diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf new file mode 100644 index 000000000..09e482677 --- /dev/null +++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf @@ -0,0 +1,9 @@ +variable "default-region" { + type = string + description = "Default region for resources will be created" +} + +variable "profile" { + type = string + description = "Profile name configured before running apply" +} \ No newline at end of file diff --git a/terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/cloudwatch.tf b/terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/cloudwatch.tf new file mode 100644 index 000000000..2f5d49dff --- /dev/null +++ b/terraform/ecc-aws-541-workspaces_cloudwatch_integration/green/cloudwatch.tf @@ -0,0 +1,21 @@ +resource "aws_cloudwatch_event_rule" "this" { + name = "541_cloudwatch_rule_green" + + + event_pattern = <@dC7VOm7yV=49wOm|HOF#acKoN z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-678-lambda_code_signing_enabled/green/lambda.tf b/terraform/ecc-aws-678-lambda_code_signing_enabled/green/lambda.tf new file mode 100644 index 000000000..934636512 --- /dev/null +++ b/terraform/ecc-aws-678-lambda_code_signing_enabled/green/lambda.tf @@ -0,0 +1,52 @@ +resource "aws_iam_role" "this" { + name = "678_role_green" + + assume_role_policy = <@dC7VOm7yV=49wOm|HOF#acKoN z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM literal 0 HcmV?d00001 diff --git a/terraform/ecc-aws-678-lambda_code_signing_enabled/red/lambda.tf b/terraform/ecc-aws-678-lambda_code_signing_enabled/red/lambda.tf new file mode 100644 index 000000000..6ad7261d5 --- /dev/null +++ b/terraform/ecc-aws-678-lambda_code_signing_enabled/red/lambda.tf @@ -0,0 +1,51 @@ +resource "aws_iam_role" "this" { + name = "678_role_red" + + assume_role_policy = <